Skip to main content

Secure Ad-Hoc mBusiness: Enhancing WindowsCE Security

  • Conference paper
Trust and Privacy in Digital Business (TrustBus 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3184))


Nowadays we can perform business transactions with remote servers interconnected to Internet using our personal devices. These transactions can also be possible without any infrastructure in pure ad-hoc networks. In both cases, interacting parts are often unknown, therefore, they require some mechanism to establish ad-hoc trust relationships and perform secure transactions. Operating systems for mobile platforms support secure communication and authentication, but this support is based on hierarchical PKI. For wireless communications, they use the (in)secure protocol WEP. This paper presents a WCE security enhanced architecture allowing secure transactions, mutual authentication, and access control based on dynamic management of the trusted certificate list. We have successfully implemented our own CSP to support the new certificate management and data ciphering.

Thanks to UBISEC (IST STREP 506926) and EVERYWARE (MCyT N°2003-08995-C02-01) projects.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Visa, MasterCard: Secure electronic transaction SET (1999)

    Google Scholar 

  2. Kent, S.: Privacy enhancement for internet electronic mail (1993)

    Google Scholar 

  3. Dawson, E., Lopez, J., Montenegro, J.A., Okamoto, E.: BAAI: biometric authentication and authorization infrastructure. In: IEEE International Conference on Information Technology (ITRE 2003), IEEE Press, Los Alamitos (2003)

    Google Scholar 

  4. Marsh, S.P.: Formalising Trust as a Computational Concept. PhD thesis, University of Stirling (1994)

    Google Scholar 

  5. Ricci, L., McGinnes, L.: Embedded system security - designing secure system with windows CE. Embedded Computer System, 1–33 (2003)

    Google Scholar 

  6. K., C., et al.: Progress report on the penetration analysis of windows CE (2001)

    Google Scholar 

  7. Leeuw, J.D.: Pocket PC 2003 personal certificate import utility (2004)

    Google Scholar 

  8. Ash, M., Dasgupta, M.: Security features in windows CE .NET (2003)

    Google Scholar 

  9. Corporation, M.: Embedded operating system development (2002)

    Google Scholar 

  10. Fratto, M.: Tutorial: Wireless security. Network Computing (2001)

    Google Scholar 

  11. OASIS: extensible access control markup language, XACML (2003)

    Google Scholar 

  12. Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)

    Google Scholar 

  13. Almenárez, F., Marín, A., Campo, C., García, C.: Managing ad-hoc trust relationships in pervasive environments. In: Proceedings of the Workshop on Security and Privacy in Pervasive Computing SPPC (2004),

  14. Shafer, G.: A mathematical Theory of Evidence. Princeton University Press, Princeton (1976)

    MATH  Google Scholar 

  15. Jøsang, A.: The consensus operator for combinig beliefs. Artificial Intelligence Journal 141/1-2, 157–170 (2002)

    Article  Google Scholar 

  16. Jøsang, A., Daniel, M., Vannoorenberghe, P.: Strategies for combining conflicting dogmatic beliefs. In: The proceedings of the 6th International Conference on Information Fusion (2003)

    Google Scholar 

  17. Jøsang, A.: An algebra for assessing trust in certification chains. In: Proceedings of the Network and Distributed Systems Security (NDSS 1999) Symposium, The Internet Society, San Diego (1999)

    Google Scholar 

  18. Campo, C., Marín, A., García, A., Díaz, I., Breuer, P., Delgado, C., García, C.: JCCM: flexible certificates for smartcards with java card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 34. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  19. Almenárez, F., Campo, C.: SPDP: a secure service discovery protocol for ad-hoc networks. In: Workshop on Next Generation Networks - EUNICE (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alménarez, F., Díaz, D., Marín, A. (2004). Secure Ad-Hoc mBusiness: Enhancing WindowsCE Security. In: Katsikas, S., Lopez, J., Pernul, G. (eds) Trust and Privacy in Digital Business. TrustBus 2004. Lecture Notes in Computer Science, vol 3184. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22919-3

  • Online ISBN: 978-3-540-30079-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics