28-11-2009, 07:58 PM
PKI Implementation in Mobile Environment
Area : Information security
In current mobile systems, some applications to some extent already use public key techniques and an underlying public key infrastructure (PKI) to provide end-to-end security, and such use is widely expected to grow. This project provides a step by step implementation of the security techniques and the entities that are involved in a PKI and describes how they are used in current mobile systems. Short Message Service has become a mass communication tool and has been broadly used in mobile applications like M-Commerce. The mobility, ubiquity and low cost of SMS messages make it become a very attractive bearer for mobile business applications. With the use of secure SMS technology, enterprises can let their employee access to the corporate resources anytime and anywhere in the world, within seconds of submission. The SMS has become a bearer for the e-commercial and e-governmental services such as electronic bank. The security issue of the SMS has often been considered as a crucial barrier to its application in many fields that need strong authentication and confidentiality. In this project, the main aim is to develop a PKI based solution for making mobile business applications satisfy the security requirements.
The aim of our work is to develop a PKI-based open framework for SMS service, which provides an end-to-end secure communication. Currently, most of the mobile phone do not offer any specific security features on SMS. By implementing PKI in SMS architecture, the problem such as eavesdropping, tampering, and impersonation can be overwhelmed. The secret end-to-end encryption will ensure the message to be read by the right person only. Personal or corporate private and confidential message can be retained. Public Key Infrastructure (PKI) is a proven solution for normal secure Internet communication encryption; it should be implementing on mobile SMS.
PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA