Abstract
Cell phones are assuming an increasing role in personal computing tasks, but cell phone security has not evolved in parallel with this new role. In the class of systems that leverage cell phones to facilitate access to remote services, compromising a phone may provide the means to compromise or abuse the remote services. To make matters concrete, SoonR, a representative off-the-shelf product is used to examine this class of systems from a security point of view. This paper identifies the shortcomings of existing solutions, and explores avenues to increase security without compromising usability. The usability of two proposed techniques is evaluated by means of a user study.
The contribution of this paper is a set of guidelines for improving the design of security solutions for remote access systems. Rather than proposing a one-size-fits-all solution, this work enables end-users to manage the tradeoff between security assurances and the corresponding overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hamilton, A.: Banking Goes Mobile. TIME Magazine (2007), http://www.time.com/time/business/article/0,8599,1605781,00.html
Tiwari, R., Buse, S., Herstatt, C.: Mobile Services in Banking Sector: The Role of Innovative Business Solutions in Generating Competitive Advantage. In: International Research Conference on Quality, Innovation and Knowledge Management, New Delhi, pp. 886–894 (2007)
SoonR: SoonR - In Touch Now, The Company, http://www.soonr.com
Kallender, P.: Toshiba Software will Remotely Control PCs by Cell Phone. Computer World (2005), http://www.computerworld.com/softwaretopics/software/story/0,10801,99012,10800.html
Kageyama, Y.: Cell Phone Takes Security to New Heights. The Associated Press (2006)
UN News Center: Number of cell phone subscribers to hit 4 billion this year, http://www.un.org/apps/news/story.asp?NewsID=28251&Cr=Telecommunication&Cr1
Roduner, C., Langheinrich, M., Floerkemeier, C., Schwarzentrub, B.: Operating Appliances with Mobile Phones - Strengths and Limits of a Universal Interaction Device. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 198–215. Springer, Heidelberg (2007)
SoonR-Privacy-Officer: Privacy Policy (2007), http://www.soonr.com/web/front/security.jsp
Enrico, R., Wetzstein, S., Schmidt, A.: A Framework for Mobile Interactions with the Physical World. In: Proceedings of the Wireless Personal Multimedia Communication Conference (WPMC 2005), Aalborg, Denmark (2005)
RSA SecurID. http://www.rsa.com/node.aspx?id=1156
Security token. Wikipedia, http://en.wikipedia.org/wiki/Security_token
Di Pietro, R., Me, G., Strangio, M.A.: A two-factor mobile authentication scheme for secure financial transactions. In: International Conference on Mobile Business, pp. 28–34 (2005)
Naor, M., Shamir, A.: Visual Cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995)
IP blue Software Solutions, http://www.ipblue.com/
VTGO API - Programmer’s Reference Guide, http://www.ipblue.com/documents/VTGO-API-Programmers-Reference.pdf
SkypeIn - your personal number. Skype, http://www.skype.com/allfeatures/onlinenumber/
Van Meggelen, J., Smith, J., Madsen, L.: Asterisk: The Future of Telephony. O’Reilly Media, Inc., Sebastopol (2005)
idefisk, softphone, http://www.asteriskguru.com/idefisk/
Flesner, A.: AutoIt v3: Your Quick Guide O’Reilly Media (2007)
Speech API SDK, Microsoft, http://www.microsoft.com/speech/techinfo/apioverview/
Openwave: Openwave Phone Simulator, http://developer.openwave.com/dvl/tools_and_sdk/phone_simulator/
Kallender, P.: Toshiba software will remotely control PCs by cell phone. COMPUTER WORLD Today’s top stories (2005), http://www.computerworld.com/softwaretopics/software/story/0,10801,99012,10800.html
Makoto Su, N., Sakane, Y., Tsukamoto, M., Nishio, S.: Remote PC GUI Operations via Constricted Mobile Interfaces. In: 8th Intl. Conf. on Mobile Computing and Networking, pp. 251–262. ACM Press, Atlanta (2002)
Oprea, A., Balfanz, D., Durfee, G., Smetters, D.: Securing a remote terminal application with a mobile trusted device. In: 20th Conf. on Computer Security Applications, pp. 438–447 (2004)
Jammalamadaka, R.C., van der Horst, T.W., Sharad, M., Seamons, K.E., Venkasubramanian, N.: Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine. In: 22nd Conference on Computer Security Applications, pp. 57–66 (2006)
Tsai, P., Lei, C., Wang, W.: A Remote Control Scheme for Ubiquitous Personal Computing. In: IEEE International Conference on Networking, Sensing & Control, Taipei, Taiwan (2004)
Ateniese, G., Blundo, C., De Santis, A., Stinson, D.R.: Visual Cryptography for General Access Structures. Information and Computation 129, 86–106 (1996)
Naor, M., Pinkas, B.: Visual Authentication and Identification. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 322–336. Springer, Heidelberg (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sabzevar, A.P., Sousa, J.P. (2009). Secure Mobile Phone Access to Remote Personal Computers: A Case Study. In: Cordeiro, J., Shishkov, B., Ranchordas, A., Helfert, M. (eds) Software and Data Technologies. ICSOFT 2008. Communications in Computer and Information Science, vol 47. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05201-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-05201-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05200-2
Online ISBN: 978-3-642-05201-9
eBook Packages: Computer ScienceComputer Science (R0)