Tore E. Jønvik

Strong authentication with mobile phone as security token

The protection of digital identities is getting more and more crucial. The usage of passwords for authentication is no longer sufficient and stronger authentication schemes are necessary. Strong authentication solutions using two identification factors require often an additional device, which could be inconvenient for the user and costly for the service providers. To avoid the usage of additional device, the mobile phone is adopted as security token. This paper provides a study of the various ways the mobile phone can be used as an authentication token towards service providers on the Internet. It starts with discussing the need for a strong authentication scheme, and the motivation for using the mobile phone to improve on several aspects of the current authentication processes. Thereafter, the general architecture for authentication with mobile phones is presented. Several different authentication solutions using the mobile phone as authentication token are then described, where the solutions vary in complexity, strength and user-friendliness. The paper ends with an evaluation of the different solutions, and a discussion of the most probable attacks. A classification of the solutions is also provided, according to defined criteria.

Name resolution in mobile ad-hoc networks

Common user applications (including web browsing and e-mail) cannot run in mobile ad-hoc networks (MANETs) before a method for name resolution is in place. While the Domain Name System (DNS) works well on the fixed Internet, it represents a centralized approach to name resolution, which is not suitable for MANETs. This article demonstrates that most existing reactive routing protocols do not have sufficient capabilities to support bandwidth-efficient name resolution. We propose a scheme to improve this deficiency of existing reactive routing protocols. We also investigate the trade-off between using fully distributed name servers and partially distributed name brokers (or name databases). We also propose a framework for name resolution in MANETs. Based on this framework, we finally suggest a complete solution to name resolution, which interoperates with DNS and multicast DNS (mDNS).

Simple Strong Authentication for Internet Applications Using Mobile Phones

This paper describes thoroughly an authentication solution that is adequately strong, user-friendly and cost efficient. The idea is to use the mobile phone and its SIM (subscriber identity module) as an authentication token in the authentication of the user for all Internet applications. The proposed solution is generic and offers authentication for any Internet applications on any devices connected to any networks. It is combining several standard strong authentication schemes like ISIM, generic bootstrapping architecture (GBA) with the innovative SIM strong authentication mechanisms.

Service discovery and name resolution architectures for on-demand MANETs

Discovery of services and other named resources is expected to be a crucial feature for the usability of mobile ad-hoc networks (MANETs). In this paper, we propose a mechanism for simple service discovery that reuses name resolvers and name server software used for name resolution. To enhance service availability, one may introduce service coordinators, which store information about services residing on surrounding nodes. Thus, furthermore we propose to use the service discovery mechanism also for messaging between the coordinators and their surroundings. This paper demonstrates that the service location architecture must be designed and tuned to fit well with the underlying routing protocol, especially in on-demand MANETs where reactive routing protocols are being used Finally, we discuss heuristic rules for how to adapt the service discovery architecture to underlying networking characteristics, such as routing.

Authentication in a Multi-access IMS Environment

The standard ISIM-based authentication mechanism of IMS is only intended for mobile phones and cannot be used for fixed IMS clients on stationary devices without SIM cards. This paper presents the authentication schemes dedicated for fixed IMS clients. Such schemes are necessary in order to extend the usage of IMS to fixed environments. Authentication solutions for other applications than the IMS client are also described. These applications are assumed to be located on the same stationary device as the IMS client, and might for example be browsers, contact lists and email clients. Finally, a single-sign-on mechanism is proposed. It is designed to simplify the authentication process without compromising the security.

The device management service

This paper presents a novel service, which is aiming at assisting the end-user in the management of his electronic devices. Nowadays the user is confronted with several different communications devices as, for example, a plain-old telephone, a mobile telephone, a cordless telephone, and a PC or a workstation which acts as a multimedia terminal. All these devices are autonomous and function independently of each other and without any coordination. In fact they are even not aware of the presence of other devices. As the owner the user is required to handle them all and does not always succeed since as a human being he cannot perform many tasks at the same time. This paper describes in detail the functions of the Device Management Service (DMS) with use cases. Each use case is examined carefully with several implementation alternatives. The technologies required for each alternative are also identified.

NETp1-09: Enhancing Internet Service Security Using GSM SIM Authentication

This paper describes thoroughly a service called SIM strong authentication which is aiming to provide strong and user-friendly authentication to the Internet Web services. The idea is to extend the usage of the current SIM authentication used in GSM to Internet Web services. The idea of making the mobile phone and its SIM card a universal authentication token is compelling since the mobile phone is definitely the most used device nowadays and the GSM network is currently the largest mobile network and is ubiquitous in much of the world. This service is available anywhere and can support any Internet services. It is ideal for services like Internet Banking, eAdministration or enterprise internal Web pages. The SIM strong authentication service is both user-friendly and cost efficient, with a low deployment threshold.

Extending VHE with the device unifying service

The virtual home environment is a powerful concept that enables personal service environment (PSE) portability across network boundaries and between terminals. The device unifying service (DUS) presented in this paper extends the VHE concept by allowing the usage of multiple devices simultaneously and the possibility of adding, removing or changing devices both on the fly or according to predefined profiles.. The user will be able to specify several different personal service environments, professional office environments, private home environments, travelling environments etc., and to select the most appropriate environment for a given time and according to his changing roles. This paper presents the concept of the device unifying service, which will take care of the management, coordination and configuration of all the devices that the user has at his disposal. A discussion regarding the system architecture is given, suggesting the best solution for where to locate this function. In addition, this paper discusses the technologies, emerging and existing, that are required for implementing the device unifying service.

Ad-hoc formation of Bluetooth piconet and IP allocation in PAN

This article proposes the Simple Internet Access Procedure (SINAP), which enables IP communication in a Bluetooth piconet where one or more devices may have Internet access. Alternatives for allocation of IP addresses are also discussed. The piconet consists of Bluetooth enabled computing devices, such as laptops, which may have Internet connections over Ethernet, WLAN, or GSM/UMTS. It is formed according to an automatic piconet formation procedure. The procedure provides topology information, which makes it is possible to deploy IP directly on the L2CAP protocol without the need for any adaptation layer.

Personalised IMS client widget

Current IMS development follows the path of improving the IMS clients and client frameworks. This paper points out the shortcomings of this path for deployment in a mobile-fixed convergent multi-access IMS environment. Instead of continuing the development on IMS client frameworks, an alternative path forward using IMS client widgets is proposed as a novel concept. It involves a thin-client solution where most of the IMS features are implemented in the network. The IMS client widget solution allows for open development of flexible, customizable and personalized IMS clients, which is totally lacking with current technology and solutions. Finally, a prototype implementation of the IMS widget concept is presented.