Secure Ad-Hoc mBusiness: Enhancing WindowsCE Security

  • Florina Alménarez
  • Daniel Díaz
  • Andrés Marín
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3184)


Nowadays we can perform business transactions with remote servers interconnected to Internet using our personal devices. These transactions can also be possible without any infrastructure in pure ad-hoc networks. In both cases, interacting parts are often unknown, therefore, they require some mechanism to establish ad-hoc trust relationships and perform secure transactions. Operating systems for mobile platforms support secure communication and authentication, but this support is based on hierarchical PKI. For wireless communications, they use the (in)secure protocol WEP. This paper presents a WCE security enhanced architecture allowing secure transactions, mutual authentication, and access control based on dynamic management of the trusted certificate list. We have successfully implemented our own CSP to support the new certificate management and data ciphering.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Visa, MasterCard: Secure electronic transaction SET (1999)Google Scholar
  2. 2.
    Kent, S.: Privacy enhancement for internet electronic mail (1993)Google Scholar
  3. 3.
    Dawson, E., Lopez, J., Montenegro, J.A., Okamoto, E.: BAAI: biometric authentication and authorization infrastructure. In: IEEE International Conference on Information Technology (ITRE 2003), IEEE Press, Los Alamitos (2003)Google Scholar
  4. 4.
    Marsh, S.P.: Formalising Trust as a Computational Concept. PhD thesis, University of Stirling (1994)Google Scholar
  5. 5.
    Ricci, L., McGinnes, L.: Embedded system security - designing secure system with windows CE. Embedded Computer System, 1–33 (2003)Google Scholar
  6. 6.
    K., C., et al.: Progress report on the penetration analysis of windows CE (2001) Google Scholar
  7. 7.
    Leeuw, J.D.: Pocket PC 2003 personal certificate import utility (2004)Google Scholar
  8. 8.
    Ash, M., Dasgupta, M.: Security features in windows CE .NET (2003)Google Scholar
  9. 9.
    Corporation, M.: Embedded operating system development (2002)Google Scholar
  10. 10.
    Fratto, M.: Tutorial: Wireless security. Network Computing (2001)Google Scholar
  11. 11.
    OASIS: extensible access control markup language, XACML (2003)Google Scholar
  12. 12.
    Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)Google Scholar
  13. 13.
    Almenárez, F., Marín, A., Campo, C., García, C.: Managing ad-hoc trust relationships in pervasive environments. In: Proceedings of the Workshop on Security and Privacy in Pervasive Computing SPPC (2004),
  14. 14.
    Shafer, G.: A mathematical Theory of Evidence. Princeton University Press, Princeton (1976)MATHGoogle Scholar
  15. 15.
    Jøsang, A.: The consensus operator for combinig beliefs. Artificial Intelligence Journal 141/1-2, 157–170 (2002)CrossRefGoogle Scholar
  16. 16.
    Jøsang, A., Daniel, M., Vannoorenberghe, P.: Strategies for combining conflicting dogmatic beliefs. In: The proceedings of the 6th International Conference on Information Fusion (2003)Google Scholar
  17. 17.
    Jøsang, A.: An algebra for assessing trust in certification chains. In: Proceedings of the Network and Distributed Systems Security (NDSS 1999) Symposium, The Internet Society, San Diego (1999)Google Scholar
  18. 18.
    Campo, C., Marín, A., García, A., Díaz, I., Breuer, P., Delgado, C., García, C.: JCCM: flexible certificates for smartcards with java card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 34. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Almenárez, F., Campo, C.: SPDP: a secure service discovery protocol for ad-hoc networks. In: Workshop on Next Generation Networks - EUNICE (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Florina Alménarez
    • 1
  • Daniel Díaz
    • 1
  • Andrés Marín
    • 1
  1. 1.Telematic Engineering DepartmentCarlos III University of MadridLeganés, MadridSpain

Personalised recommendations