Change search
ReferencesLink to record
Permanent link

Direct link
Security Services for Mobile Applications
KTH, School of Information and Communication Technology (ICT).
2012 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

In today's era of technology, information can revolve the whole world within seconds via Internet. Devices such as smartphones, tablets and smart applications running on them enable users to access information anytime and anywhere over the air network. Ubiquitous nature of smartphones stimulates the growth of applications development, especially for small scale devices. Protection and security of sensitive mobile applications and their resources against threats are new emerging challenges for mobile application developers. Even competitive enterprise application development organizations lack comprehensive security services for small scale devices. Ultimately unpredictable threats become active anytime and can easily hamper the whole infrastructure within short time frame.

In future enterprise applications, to protect entities and overall access of back-end secure infrastructure and services secure and easy to deploy strong authentication and authorization services will play a key role. Complexity of security risks in wireless networks is changing the ways of protection mechanisms for mobile applications. Achieving security balance with convenience becomes a challenging task for application developers. Due to complex blurred picture of an attack in an enterprise applications development, usually the developers don't pay attention against the mitigation of such threats at the initial phase of application development. Due to this, weaknesses appear in latter stages that make an application system vulnerable. Conventionally it is a common practice by application developers to rely on username/password authentication mechanism, and even more secure way that is considered to be a One Time Password (OTP) or complex passphrase schemes. These schemes have a number of limitations and drawbacks regarding today’s diverse wireless environments.

In this research we used Public Key Infrastructure (PKI) certificate-based strong authentication scheme for small scale devices which is a significant step-up from simple username/password, OTP and location-based authentication schemes. Leading standards which we followed FIPS 201 Personal Identity Verification standard and FIPS 196 Strong Authentication Protocol scheme. Our solution is based on secure smart microSD card that can be used for providing high level of security for mobile enterprise applications. Also other considerable security services included confidentiality of exchanged transaction messages between applications and back-end application provider server, integrity of transaction messages, and non-repudiation services.

Place, publisher, year, edition, pages
2012. , 81 p.
Trita-ICT-EX, 2012:242
Keyword [en]
Mobile Applications Security, Authentication, microSD, Secure Element
National Category
Engineering and Technology
URN: urn:nbn:se:kth:diva-116762OAI: diva2:600768
Educational program
Master of Science - Information and Communication Systems Security
Available from: 2013-04-03 Created: 2013-01-25 Last updated: 2013-04-03Bibliographically approved

Open Access in DiVA

fulltext(3653 kB)477 downloads
File information
File name FULLTEXT01.pdfFile size 3653 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 477 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 201 hits
ReferencesLink to record
Permanent link

Direct link