Abstract
Despite the promising start, Electronic Commerce has not taken off mostly because of security issues with the communication infrastructures that are popping up threateningly undermining the perceived trustworthiness in Electronic Commerce.
Some Internet security issues, like malware, phishing, pharming are well known to the Internet community. Such issues are being, however, transferred to the telephone networks thanks to the symbiotic relation between the two worlds. Such an interconnection is becoming so pervasive that we can really start thinking about a unique network, which, in this paper, we refer to as the Interphonet.
The main goal of this paper is to analyze some of the Internet security issues that are being transferred to the Interphonet and also to identify new security issues of the Interphonet. In particular we will discuss about mobile phones malware and identity theft, phishing with SMS, telephone pharming, untraceability of phone calls that use VoIP and Caller ID spoofing. We will also briefly discuss about countermeasures.
This work has been partially supported under the project “Framework for Advanced Secure Transactions - Definizione di un’architettura di riferimento per la realizzazione di sistemi di micropagamenti”, developed in collaboration with Telepark S.r.l. and funded by Regione Campania (Italy), in the framework of the POR Campania 2000/2006 Misura 3.17.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bocan, V., Cretu, V.: Security and Denial of Service Threats in GSM Networks. Periodica Politechnica, Transactions on Automatic Control and Computer Science 49(63) (2004) ISSN 1224-600X
Enck, W., Traynor, P., McDaniel, P., La Porta, T.: Exploiting Open Functionality in SMS-Capable Cellular Networks. In: Proc. of CCS 2005, Alexandria, VA, USA, November 2005, pp. 7–11 (2005)
Kim, S.h., Leem, C.S.: Security Threats and Their Countermeasures of Mobile Portable Computing Devices in Ubiquitous Computing Environments. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3483, pp. 79–85. Springer, Heidelberg (2005)
Lawton, G.: E-mail Authentication Is Here, but Has It Arrived Yet? IEEE Computer 38(11), 17–19 (2005)
Peersman, G., Cvetkovic, S., Griffiths, P., Spear, H.: The Global System for Mobile Communications Short Message Service. IEEE Personal Communications, 15–23 (2000)
Salam, A.F., Rao, H.R., Pegels, C.C.: Consumer-Perceived Risk in E-Commerce Transactions. Comm. of the ACM 46(12), 325–331 (2003)
Fujii, H., Shigematsu, N., Kurokawa, H., Nakagawa, T.: Telelogin: a Two-factor Two-path Authentication Technique Using Caller ID, NTT Information Sharing Platform Laboratories, NTT Technical Review, Vol. 6(8) (August 2008), https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr200808le3.html
Thompson, R.: Why Spyware Poses Multiple Threats to Security? Communications of the ACM 48(8), 41–43 (2005)
Palmieri, F., Fiore, U.: Providing True End-to-End Security in Converged Voice Over IP Infrastructures. Journal of Computer & Security (in press) (January 2009), http://dx.doi.org/10.1016/j.cose.2009.01.004
3rd Generation Partnership Project, Technical realization of the Short Message Service (SMS), Rel. 5.1.0, 3GPP Technical Specific Group Terminals (2001)
Internet Protocol Telephony and Voice Over the Internet Protocol, Security Technical Implementation Guide, Defense Information Systems Agency (DISA) for the U.S. Department of Defense (DOD), Version 2, Rel. 2 (April 2006), http://iase.disa.mil/stigs/stig/VoIP-STIG-V2R2.pdf
Griffin, S.E., Rackley, C.C.: Vishing. In: Proc. of the ACM InfoSecCD ’08: Proceedings of the 5th annual conference on Information Security Curriculum Development, pp. 33–35 (2008)
Caller ID spoofing with PHP and asterisk (last updated 14 February 2006), http://www.nata2.org/2006/02/14/caller-id-spoofing-with-php-and-asterisk/
The definitive resource on Caller ID spoofing (last updated, 20 February 2009), http://www.calleridspoofing.info/
Running your own GSM network, 25th Chaos Communication Congress (last updated, 29 December 2008), http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html
SMS phishing, Computer Crime Research Center, September 04 (2006), http://www.crime-research.org/news/04.09.2006/2221/
SMiShing: SMs phISHING, Wikipedia, the free encyclopedia (last updated, 1 May 2009), http://en.wikipedia.org/wiki/SMiShing
Castiglione, A., Cattaneo, G., De Santis, A., Petagna, F., Ferraro Petrillo, U.: SPEECH: Secure Personal End-to-End Communication with Handheld. In: Proc. of ISSE 2006, Securing Electronic Business Processes (Information Security Solutions Europe), October 2006, pp. 287–297. Vieweg Verlag (2006)
Harauz, J., Kaufman, L.M.: A New Era of Presidential Security: The President and His BlackBerry. IEEE Security & Privacy 7(2), 67–70 (2009)
Jailbreak (iPhone), Wikipedia, the free encyclopedia (last updated 29 April 2009), http://en.wikipedia.org/wiki/Jailbreak_(iPhone)
Castiglione, A., Cattaneo, G., Cembalo, M., De Santis, A., Petagna, F., Ferraro Petrillo, U.: An Extensible Framework for Efficient Secure SMS”. Technical Report - University of Salerno
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Castiglione, A., De Prisco, R., De Santis, A. (2009). Do You Trust Your Phone?. In: Di Noia, T., Buccafurri, F. (eds) E-Commerce and Web Technologies. EC-Web 2009. Lecture Notes in Computer Science, vol 5692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03964-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-03964-5_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03963-8
Online ISBN: 978-3-642-03964-5
eBook Packages: Computer ScienceComputer Science (R0)