Advertisement

Do You Trust Your Phone?

  • Aniello Castiglione
  • Roberto De Prisco
  • Alfredo De Santis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5692)

Abstract

Despite the promising start, Electronic Commerce has not taken off mostly because of security issues with the communication infrastructures that are popping up threateningly undermining the perceived trustworthiness in Electronic Commerce.

Some Internet security issues, like malware, phishing, pharming are well known to the Internet community. Such issues are being, however, transferred to the telephone networks thanks to the symbiotic relation between the two worlds. Such an interconnection is becoming so pervasive that we can really start thinking about a unique network, which, in this paper, we refer to as the Interphonet.

The main goal of this paper is to analyze some of the Internet security issues that are being transferred to the Interphonet and also to identify new security issues of the Interphonet. In particular we will discuss about mobile phones malware and identity theft, phishing with SMS, telephone pharming, untraceability of phone calls that use VoIP and Caller ID spoofing. We will also briefly discuss about countermeasures.

Keywords

VoIP security SMS security identity theft mobile malware telephone phishing telephone pharming untraceability caller ID spoofing SMS spoofing NGN 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bocan, V., Cretu, V.: Security and Denial of Service Threats in GSM Networks. Periodica Politechnica, Transactions on Automatic Control and Computer Science 49(63) (2004) ISSN 1224-600XGoogle Scholar
  2. 2.
    Enck, W., Traynor, P., McDaniel, P., La Porta, T.: Exploiting Open Functionality in SMS-Capable Cellular Networks. In: Proc. of CCS 2005, Alexandria, VA, USA, November 2005, pp. 7–11 (2005)Google Scholar
  3. 3.
    Kim, S.h., Leem, C.S.: Security Threats and Their Countermeasures of Mobile Portable Computing Devices in Ubiquitous Computing Environments. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3483, pp. 79–85. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Lawton, G.: E-mail Authentication Is Here, but Has It Arrived Yet? IEEE Computer 38(11), 17–19 (2005)CrossRefGoogle Scholar
  5. 5.
    Peersman, G., Cvetkovic, S., Griffiths, P., Spear, H.: The Global System for Mobile Communications Short Message Service. IEEE Personal Communications, 15–23 (2000)Google Scholar
  6. 6.
    Salam, A.F., Rao, H.R., Pegels, C.C.: Consumer-Perceived Risk in E-Commerce Transactions. Comm. of the ACM 46(12), 325–331 (2003)CrossRefGoogle Scholar
  7. 7.
    Fujii, H., Shigematsu, N., Kurokawa, H., Nakagawa, T.: Telelogin: a Two-factor Two-path Authentication Technique Using Caller ID, NTT Information Sharing Platform Laboratories, NTT Technical Review, Vol. 6(8) (August 2008), https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr200808le3.html
  8. 8.
    Thompson, R.: Why Spyware Poses Multiple Threats to Security? Communications of the ACM 48(8), 41–43 (2005)CrossRefGoogle Scholar
  9. 9.
    Palmieri, F., Fiore, U.: Providing True End-to-End Security in Converged Voice Over IP Infrastructures. Journal of Computer & Security (in press) (January 2009), http://dx.doi.org/10.1016/j.cose.2009.01.004
  10. 10.
    3rd Generation Partnership Project, Technical realization of the Short Message Service (SMS), Rel. 5.1.0, 3GPP Technical Specific Group Terminals (2001)Google Scholar
  11. 11.
    Internet Protocol Telephony and Voice Over the Internet Protocol, Security Technical Implementation Guide, Defense Information Systems Agency (DISA) for the U.S. Department of Defense (DOD), Version 2, Rel. 2 (April 2006), http://iase.disa.mil/stigs/stig/VoIP-STIG-V2R2.pdf
  12. 12.
    Griffin, S.E., Rackley, C.C.: Vishing. In: Proc. of the ACM InfoSecCD ’08: Proceedings of the 5th annual conference on Information Security Curriculum Development, pp. 33–35 (2008)Google Scholar
  13. 13.
    Caller ID spoofing with PHP and asterisk (last updated 14 February 2006), http://www.nata2.org/2006/02/14/caller-id-spoofing-with-php-and-asterisk/
  14. 14.
    The definitive resource on Caller ID spoofing (last updated, 20 February 2009), http://www.calleridspoofing.info/
  15. 15.
    Running your own GSM network, 25th Chaos Communication Congress (last updated, 29 December 2008), http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html
  16. 16.
    SMS phishing, Computer Crime Research Center, September 04 (2006), http://www.crime-research.org/news/04.09.2006/2221/
  17. 17.
    SMiShing: SMs phISHING, Wikipedia, the free encyclopedia (last updated, 1 May 2009), http://en.wikipedia.org/wiki/SMiShing
  18. 18.
    Castiglione, A., Cattaneo, G., De Santis, A., Petagna, F., Ferraro Petrillo, U.: SPEECH: Secure Personal End-to-End Communication with Handheld. In: Proc. of ISSE 2006, Securing Electronic Business Processes (Information Security Solutions Europe), October 2006, pp. 287–297. Vieweg Verlag (2006)Google Scholar
  19. 19.
    Harauz, J., Kaufman, L.M.: A New Era of Presidential Security: The President and His BlackBerry. IEEE Security & Privacy 7(2), 67–70 (2009)CrossRefGoogle Scholar
  20. 20.
    Jailbreak (iPhone), Wikipedia, the free encyclopedia (last updated 29 April 2009), http://en.wikipedia.org/wiki/Jailbreak_(iPhone)Google Scholar
  21. 21.
    Castiglione, A., Cattaneo, G., Cembalo, M., De Santis, A., Petagna, F., Ferraro Petrillo, U.: An Extensible Framework for Efficient Secure SMS”. Technical Report - University of SalernoGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Aniello Castiglione
    • 1
  • Roberto De Prisco
    • 1
  • Alfredo De Santis
    • 1
  1. 1.Dipartimento di Informatica ed Applicazioni “R. M. Capocelli”Università di SalernoFiscianoItaly

Personalised recommendations