Robert John Askwith, B. Se. (Hons. )

Robert John Askwith, B. Se. (Hons. )

An Architecture for User Privacy in Mobile Networks Robert John Askwith, B. Se. (Hons. ) A thesissubmitted in partial fulfillment of the requirementsof Liverpool John Moores University for the degree Doctor of Philosophy School of Computing and Mathematical Sciences October 2000 Acknowledgments I would first of all like to expressgreatest thanks to my principal supervisorMadiid Merabti. Tbroughoutthe period of this researchhis advice, encouragementand all round harassmenthas enabledmy progress.I would also like to thank my second supervisorQi Shi for being patient enoughto examinetechnical details with a fine toothcomb.Also, thanksto my third supervisorKeith Whiteleyfor supportin the early stagesof the project. I would like to thank all my colleaguesin the departmentof Computing and MathematicalSciences for continuedsupport, especially those fellow researcherswho madeit more fun than it would otherwisehave been, Damien Gregory, David Gresty, Tom Berry, Ewan Smith. The funding for this projectwas providedby LiverpoolJohn MooresUniversity to whom I am most grateful. Away from the office I would like to thank all those friends and family who have sufferedmy inability to avoid technical discussion.It was my father who initially persuadedme to pursuean academiccareer - like fatherlike son,thanks Dad. The list of friends is too long but special mention is required of SatinderDharewal, John Clearyand SimonTruss. Finally I must thank my wife, Sarah,whose seeminglyendless sacrifice made the climb considerablyeasier and the motivation more meaningful. I have a sneaking suspicionSarah may be the most pleasedout of all to seethis pagein print. ii Abstract During the 1990's the use of electroniccommunications became a part of everyday life throughthe explosionof both mobile telephonyand Internetuse. The next decade promises further rapid development,with multimedia mobile networking and the convergenceof existing networks. These developmentshave not been without impediment,concern over privacy being importantamongst these. Privacy in a mobile environmentinvolves the protectionof messagecontent, identification and location, aswell as serviceuse behaviour. In addition,a userrequires this protectionagainst not only partiesoutside the networkbut alsofrom the partiesoperating the networkitself. In this thesiswe have addressedthe securityand privacy requirementswithin mobile networks. A survey of existing literature shows that these requirementsare not currently satisfied.In responseto this we presentthe developmentof an architecture, the Mobile Network Privacy Architecture(MNPA). The MNPA proposestwo novel physical componentsand two new protocols to perform important network tasks, namely location update and secure billing for services.The two new physical componentsare the PrivacyRouting Capability(PRC), and the PrivacyToken Issuing Authority (PTIA). The PRC facilitates network anonymityby enablinguntraceable messagetransport between any two hosts. The PTIA is a third party authority that facilitates privacy-enhancedprotocols through the issuing of privacy tokens to the networkof eachuser. Our analysisand evaluationof the architectureshows that the MNPA protocolsand componentsmeet the requirementsfor achievingprivacy. The analysisfocuses on potential attackson the system,including those of collusion betweenparties. This leadsus to examinethe most pressingassumption, that of trust betweenthe user and the variouscomponents, which must be satisfiedin orderto complementthe technical measuresin place. Prototypingexperiments are discussedand it is shown how the abovesystem can be implemented.Finally we presenta seriesof proposalsfor further researchwork that have beenraised by this work, suchas user interfacesfor privacy, dataaccess for law enforcementand the preventionof denial of serviceattacks within the MNPA. iii Table of Figures Figure 2.1. The Cellular Concept 20 ............................................................. Figure 2.2. Wireless Network Architecture 22 .................................................. Figure 4.1. Mobile Network Privacy Architecture (MNPA) 70 .............................. Hosts Using PRC 77 Figure 4.2. Example Route of a MessageBetween Two the ....... 4.3. Example Configuration Six PTIA Elements 84 Figure of .............................. Figure 6.1. Communications Within Prototype MNPA 122 the .............................. iv Table of Contents CHAPTER 1: INTRODUCTION 1 ....................................................................... 1.1 DISTRIBUTEDSYST'EMS 2 .................................................................................. 1.2 MOBILENETWORKING 4 ................................................................................... 1.3 COMPUTERSECURITY 6 .................................................................................... 1.4 PRivAcy 7 ........................................................................................................ 1.5 THESISAIMS 8 .................................................................................................. 1.6 NOVELASPECTS OF THISWORK 10 ................................................................. 1.7 SUMMARY 12 ................................................................................................... 1.8 THESISSTRUCTURE 14 ..................................................................................... CHAPTER 2: BACKGROUND 15 ........................................................................ 2.1 COMPUTERNETWORKS BASICS 15 .................... .. ..... .... ... ................................. 2.2 M013ILECOMMUNICATIONS 17 ............................................ .... ........................ 2.2.1First SecondGeneration Systems 18 and ................................................. ZZ2 Third GenerationSystems Beyond 18 and ............................................... 2.2.3 MobilelWireless Networking Concepts 19 ................................................ 2.3 COMPUTER COMMUNICATIONSECURITY 23 AND ............................................. 2.3.1 Security Basics 23 ... .. .. .............................................................................. 2.3.2 Computer Security 24 ............................................................................... 2.3.3 Cryptography 27 ....................................................................................... 2.3.4 Network Security 35 ................................................................................. 2.3.5 Electronic CommerceSecurity 37 ............................................................ 2.4 USERPRIVACY 38 ............................................................................................ 2.4.1 "at is Privacy 39 anyway?..................................................................... 2.4.2 Privacy Enhancing Technologies 41 ........................................................ 2.4.3 The Legal Political Landscape 43 and ..................................................... 2.5 SUMMARY 45 ................................................................................................... CHAPTER 3: SECURITY AND PRIVACY REQUIREMENTS IN MOBILE COMMUNICATIONS 46 ....................................................................................... 3.1 SYSTEMSECURITY: THE SERVICEPROVIDERS PERSPECTIVE 46 ....................... 3.1.1 Authentication Users 47 of ....................................................................... 3.1.2 Encryption Network Traffic 48 of ............................................................. 3.1.3 Equipment Security 49 .............................................................................. 3.2 USERPRivAcy: THE USERSPERSPECTIVE 50 ................................................... 3.2.1 Anonymity, Pseudonymity and Different Levels of Privacy Protection50 3.2.2 Protectionfrom External Attacks 52 ........................................................ 3.2.3 Protectionfrom the Network 52 ............................................................... 3.2.4 Law Enforcement Privacy Negotiation 53 and ......................................... 3.3 ExisTTNGSOLUTIONS 55 ................................................................................... 3.3.1 Privacy in General Networks 55 .............................................................. 3.3.2 Privacy in Mobile Communications 56 .................................................... 3.4 SUMMARY 64 ................................................................................................... CHAPTER 4: THE MOBILE NETWORKS PRIVACY ARCHITECTURE66 4.1 THE ARCHITECTURE 66 .................................................................................... 4.1.1 Assumptions 66 ......................................................................................... 4.1.2 Architecture Overview 69 ......................................................................... 4.1.3 Mobility Management 71 .......................................................................... 4.1.4 Accounting 73 ........................................................................................... 4.1.5 Private Communications 73 ..................................................................... 4.2 PRIVACY ROUTING CAPABILITY (PRC) 74 ....................................................... 4.2.1 Overview 75 .............................................................................................. 4.2.2 Detailed Operation 76 .............................................................................. 4.3

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    173 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us