Advertisement

Mobile Networks and Applications

, Volume 8, Issue 2, pp 159–175 | Cite as

Distributed PIN Verification Scheme for Improving Security of Mobile Devices

  • Jian Tang
  • Vagan Terziyan
  • Jari Veijalainen
Article

Abstract

The main driving force for the rapid acceptance rate of small sized mobile devices is the capability to perform e-commerce transactions at any time and at any place, especially while on the move. There are, however, also weaknesses of this type of e-commerce, often called mobile e-commerce, or m-commerce. Due to their small size and easy portability mobile devices can easily be lost or stolen. Whereas the economic values and privacy threats protected with Personal Identification Numbers (PIN) are not particularly high for normal voice-enabled mobile phones, this is not true any more when phones have developed to Personal Trusted Devices (PTDs). Still, PINs are used also in this new context for authorization and identification purposes. PINs are currently used both for protection of the devices and for authentication, as well as authorization of the users. It is commonly recognized that not many techniques of storing the PINs into the memory of the device or on the SIM card are safe. Even less sophisticated thieves might uncover the PIN inside the stolen mobile devices and for sophisticated thieves uncovering the PIN stored “safely” might be possible. In this paper we propose a new scheme to cope with the problem of uncovering the PIN that reduces the risks of m-commerce. The basic idea is that instead of storing the entire PIN digits (or some hash value) in the mobile device, we store part of the PIN in a remote machine in the network. The PIN verification then involves both the mobile device and the remote machine, which must verify their respective parts of the PIN. Also, the improvements of the security over the existing schemes are shown using a probabilistic model. In the best case, where the probability of discovering the PIN irrespective of the storage scheme is negligible in relation to directly uncovering it, the increase in security is over 1000%.

mobile device security probability uncover risks measure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    T. Brooks and M. Davis, Are your phone bills fraud free?, Security Management 38(4) (1994) 67–68.Google Scholar
  2. [2]
    A. Devine and S. Holmqvist, Mobile Internet content providers and their business models, Masters Thesis, Stockholm Kungl Tekniska Högskolan (January 2001) http: //www.japaninc.net/online/sc/master/_thesis/_as1.pdfGoogle Scholar
  3. [3]
    A.K. Gosh and T.M. Swaminatha, Software security and privacy risks in mobile e-commerce, Communications of the ACM 44(2) (2001) 51–57.Google Scholar
  4. [4]
    B. Humphreys, PIN code hackers rip off Moscow, The St. Petersburg Times 511 (October 22, 1999) http://www.sptimes.ru/ archive/times/511/pin.htmGoogle Scholar
  5. [5]
    Mobile telephone crime, United Kingdom, Parliamentary Office of Science and Technology, Science in Parliament 52(6) (1995) 27–30.Google Scholar
  6. [6]
    Nokia 9210 Communicator, http: //www.nokia.comGoogle Scholar
  7. [7]
    S. Philippsohn, Trends in cybercrime ‐ An overview of current financial crimes on the Internet, Computers & Security 20 (2001) 53–69.Google Scholar
  8. [8]
    R. Pond1, J. Podd, J. Bunnell and Henderson, Word association computer passwords: The effect of formulation techniques on recall and guessing rates, Computers & Security 19(7) (2000) 645–656.Google Scholar
  9. [9]
    Radiccio, http: //www.radicchio.orgGoogle Scholar
  10. [10]
    R.G. Smith, Preventing mobile telephone crime, in: Communications Research Forum, Melbourne (1996) http://www.aic.gov.au/conferences/other/smith.htmlGoogle Scholar
  11. [11]
    Sonera Smartrust, http: //www.smarttrust.comGoogle Scholar
  12. [12]
    D.V. Thanh, Security issues in mobile commerce, in: Proceedings of the First International Conference on Electronic Commerce and Web Technologies (EC-Web 2000), London (2000) pp. 412–425.Google Scholar
  13. [13]
    The Biometric Industry report (December 2000) http://www.biometrics-today.com/report.htmGoogle Scholar
  14. [14]
    A. Turner, Internet contributes to increase in identity theft, Fairfax IT (September 1, 2000) http://www.it.fairfax.com.au/breaking/20000901/A41152-2000Sep1.html#topGoogle Scholar
  15. [15]
    J. Veijalainen, Transactions in Mobile Electronic Commerce, Lecture Notes in Computer Science, Vol. 1773 (Springer, 1999) pp. 208–229.Google Scholar

Copyright information

© Kluwer Academic Publishers 2003

Authors and Affiliations

  • Jian Tang
    • 1
  • Vagan Terziyan
    • 2
  • Jari Veijalainen
    • 3
  1. 1.Department of Computer ScienceMemorial University of NewfoundlandSt. John's, NewfoundlandCanada
  2. 2.Department of Mathematical Information TechnologyUniversity of JyväskyläJyväskyläFinland
  3. 3.Department of Computer Science and Information SystemsUniversity of JyväskyläJyväskyläFinland

Personalised recommendations