Secure Identification in Social Wireless Networks

Description of unit

The Secure Systems Group at Swedish Institute of Computer Science (SICS) is performing applied security research in close co-operation with our industry partners such as Ericsson, SonyEricsson, Saab SDS and TeliaSonera. The research is conducted within applied cryptography, authentication methods and secure computing.

Background

Social networks are well established on the Internet and moving into the mobile space by incorporating mobile features such as geo-location, short messaging, multimedia message among others. Trends indicate that mobile social networks would rapidly adopt new wireless features such as upcoming direct-mode and proximity services that assume some sort close physical presence and human interaction. However, social networks users have been affected due to serious security and privacy deficiencies. Such incidents shouldn’t happen in mobile social networks since mobile networks/handsets are known to be trusted by users and so should continue being. This project addresses how to improve existing and upcoming mobile key exchange mechanisms to secure social networking interactions (secure identification). In particular, the project addresses privacy preserving identification based on novel key exchange methods for direct (peer to peer) wireless key exchange between mobile terminals.

This thesis project is done in co-operation with SonyEricsson Mobile Communications in Lund.

Objective

The objective of this thesis project is to investigate secure identification and federation methods that combine existing identification infrastructures such as Open ID and subscriber identification through USIM in direct wireless mode operations (WLAN, Bluetooth etc.).

  • Identification of requirements on security critical functions/mechanisms for security association establishment, identification based on a selected set of mobile social networking use cases
  • Detailed design and analysis of the mechanism and protocols for credential provision, security association establishment and anonymous identification (privacy preserving).
  • Verify the chosen provisioning and identification schemes through implementation in a prototype system.

Hence, the project includes

  • Elements of theoretical studies
  • Software development and verification
  • Report

Competence

We are looking for two bright MSc students with demonstrated interest in mobile security who has fulfilled the course requirements. Good secure system knowledge and good programming skills in C/C++ is a requirements, as is good spoken and written English.

Applications should include a brief personal letter, CV, and recent grades. In your application, make sure to give examples of previous programming or other projects that you consider relevant for the position. Candidates are encouraged to send in their application as soon as possible. Suitable applicants will be interviewed as applications are received.

Expected start time

Summer or Fall 2010

Location

Lund

Contact

Christian Gehrmann, chrisg@sics.se

SICS
Ideon Science Park
Building Beta 2 3v
Scheelevägen 17
SE-223 70 Lund