Object Synchronization and Security for Mobile Communications Devices
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
The main objective of this master’s thesis project was to investigate and find solutions to the problem of how to combine the SyncML synchronisation specification with object security and thus protection of personal information, such as contacts and calendar entries in mobile devices.
SyncML is a new synchronisation specification agreed upon by major device developers (Ericsson, Palm, Motorola, etc.) and the major synchronisation server developers (Starfish, Puma, fusionOne, etc.). It is independent of transport (HTTP, WSP, or OBEX) platform, operating system, and application and simplifies synchronisation of personal information between dissimilar SyncML supportive devices.
SyncML compliant devices are fully capable of synchronising information with a third party operated Internet based server and a desktop computer. This allows us to access, up-date and maintain information independent of Intranets or geographical position. However, synchronising and storing confidential personal information on an third party operated Internet based server entails weaknesses in our personal information security. Even if transport and storage security are used, how secure is the server where this information is stored since this server has the highest probability of being attacked. Can we really trust that an employee or other person with valid appropriated administrators access to the storage facility with the appropriate knowledge, working together with the third party server operator, won’t try to access our stored information? To prevent this, the personal information’s confidentiality must be guaranteed before the information leaves the device.
When synchronising and exchanging personal information, the information is often marked according to a specific format. The three de-facto standard PIM formats are: (1) vCard (contact information), (2) vCalendar, and (3) iCalendar (calendar and scheduling information). These formats divide the personal information into properties. Each property is assigned to contain a small piece of the personal information entry (e.g. a telephone number, an e-mail address, the time when the calendar event begins, etc.).
Furthermore to preserve the interoperability between different devices given by SyncML, authorised recipients must automatically be able to reverse the encryption process and decrypt the encrypted property value. Therefore general cryptographic formats are used (e.g. CMS, PGP and the newly developed XML Encryption). They add information needed by the recipients (e.g. algorithm used, padding method used on the plain text, etc.), encrypt the plaintext into cipher text, and decrypt the cipher text into plain text given the correct key.
Place, publisher, year, edition, pages
2001. , 65 p.
3G, middleware, front-end, operator-hosted, strategy, convergence, XML, hybrid thickness client application, SyncML, Wireless OS, UMTS, GPRS, EPOC, Symbian, value added services
IdentifiersURN: urn:nbn:se:kth:diva-93276OAI: oai:DiVA.org:kth-93276DiVA: diva2:515503
Subject / course
Master of Science in Engineering - Electrical Engineering
2001-09-20, room 8517, Forum, Isafjordsgatan 39, Kista, 10:30 (English)
Maguire Jr., Gerald Q., professorHedin, Johan
Maguire Jr., Gerald Q., professor