Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers

Research Article

A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications

Download
625 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-04434-2_3,
        author={Stephen Badan and Julien Probst and Markus Jaton and Damien Vionnet and Jean-Fr\^{e}d\^{e}ric Wagen and G\^{e}rald Litzistorf},
        title={A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={5},
        keywords={mobile security smartphone rich client client-server secure framework authentication transient authentication theft detection},
        doi={10.1007/978-3-642-04434-2_3}
    }
    
  • Stephen Badan
    Julien Probst
    Markus Jaton
    Damien Vionnet
    Jean-Frédéric Wagen
    Gérald Litzistorf
    Year: 2012
    A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-04434-2_3
Stephen Badan1, Julien Probst1, Markus Jaton1,*, Damien Vionnet2, Jean-Frédéric Wagen2,*, Gérald Litzistorf3,*
  • 1: University of Applied Sciences of Western Switzerland - HES-SO, HES-SO / HEIG-VD
  • 2: HES-SO / EIA-FR
  • 3: HES-SO / HES-GE
*Contact email: markus.jaton@heig-vd.ch, jean-frederic.wagen@hefr.ch, gerald.litzistorf@hesge.ch

Abstract

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.