In this paper, we describe Mobile CoWPI, a deployable, end-to-end secure mobile group messaging application with proofs of security. Mobile CoWPI allows dynamic groups of users to participate in, join, and leave private, authenticated conversations without requiring the participants to be simultaneously online or maintain reliable network connectivity. We identify the limitations of mobile messaging and how they affect conversational integrity and deniability. We define strong models of these security properties, prove that Mobile CoWPI satisfies these properties, and argue that no protocol that satisfies these properties can be more scalable than Mobile CoWPI. We also describe an implementation of Mobile CoWPI and show through experiments that it is suitable for use in real-world messaging conditions.
more »
« less
A tale of three datasets: characterizing mobile broadband access in the U.S.
Needed improvements to mobile broadband deployment require more accurate mapping of mobile coverage, especially in rural and tribal areas.
more »
« less
- Award ID(s):
- 1831698
- PAR ID:
- 10377796
- Date Published:
- Journal Name:
- Communications of the ACM
- Volume:
- 65
- Issue:
- 3
- ISSN:
- 0001-0782
- Page Range / eLocation ID:
- 67 to 74
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The security threats to mobile applications are growing explosively. Mobile apps flaws and security defects open doors for hackers to break in and access sensitive information. Defensive requirements analysis should be an integral part of secure mobile SDLC. Developers need to consider the information confidentiality and data integrity, to verify the security early in the development lifecycle rather than fixing the security holes after attacking and data leaks take place. Early eliminating known security vulnerabilities will help developers increase the security of apps and reduce the likelihood of exploitation. However, many software developers lack the necessary security knowledge and skills at the development stage, and that's why Secure Mobile Software Development education is very necessary for mobile software engineers. In this paper, we propose a guided security requirement analysis based on OWASP Mobile Top ten security risk recommendations for Android mobile software development and its traceability of the developmental controls in SDLC. Building secure apps immune to the OWASP Mobile Top ten risks would be an effective approach to provide very useful mobile security guidelines.more » « less
-
Emerging cyber physical system (CPS) are expected to enhance the overall performance of the networked systems to provide reliable services and applications to their users. However, massive number of connectivities in CPS bring security vulnerabilities and the mobility adds more complexity for securing the mobile CPS. Any mobile CPS can be represented as a graph with connectivity as well as with interactions among a group of mobile CPS nodes that plays a major role as a medium for the propagation of wrong/right information, and influence its members in the mobile CPS. This problem has wide spread applications in viral information disseminating in mobile CPS, where a malicious mobile CPS node may wish to spread the rumor via the most influential individuals in mobile CPS. In this paper, we design, develop and evaluate a machine learning approach that is based on a set theoretic approach for optimizing the influence in mobile CPS. This problem has applications in civilian and military systems.more » « less
-
Modern mobile users commonly use multiple heterogeneous mobile devices, including smartphones, tablets, and wearables. Enabling these devices to seamlessly share their computational, network, and sensing resources has great potential benefit. Sharing resources across collocated mobile devices creates mobile device clouds (MDCs), commonly used to optimize application performance and to enable novel applications. However, enabling heterogeneous mobile devices to share their resources presents a number of difficulties, including the need to coordinate and steer the execution of devices with dissimilar network interfaces, application programming models, and system architectures. In this paper, we describe a solution that systematically empowers heterogeneous mobile devices to seamlessly, reliably, and efficiently share their resources. We present a programming model and runtime support for heterogeneous mobile device-to-device resource sharing. Our solution comprises a declarative domain-specific language for device-to-device cooperation, supported by a powerful runtime infrastructure. we evaluated our solution by conducting a controlled user study and running performance/energy efficiency benchmarks. The evaluation results indicate that our solution can become a practical tool for enhancing the capabilities of modern mobile applications by leveraging the resources of nearby mobile devices.more » « less
-
The majority of malicious mobile attacks take advantage of vulnerabilities in mobile software (applications), such as sensitive data leakage, unsecured sensitive data storage, data transmission, and many others. Most of these vulnerabilities can be detected by analyzing the mobile software. In this paper, we describe a tainted dataflow approach to detect mobile software security vulnerability, particularly, SQL Injection.more » « less