Samson Gejibo
ABSTRACT
Wireless network infrastructures, notably cellular networks, are becoming a vital element for exchanging electronic data in low income countries. Several key sectors are already leveraging on cellular networks: mobile financial transactions have already gained an enormous success, and the health care sector is also aiming to tackle outstanding challenges like providing basic health care services to remote communities, by using cheap mobile devices. So far, more than ten mobile based health care services are deployed in low-income countries. Among those, mobile data collection is the one used to replace traditional paper form based data collection with electronic digital forms by the use of Mobile Data Collection Systems (MDCS). However, although such systems are often used to collect sensitive health-related data, critical issues like security and privacy of personal data have not been systematically addressed. Particularly, very little has been done to protect data while stored on the phone. This paper focuses on low budget mobile phones with low hardware and software specification, and proposes adequate secure solutions for data storage protection. Our secure storage scheme is flexible enough to be integrated in existing mobile client applications. The solution has been extensively tested and integrated into a production MDCS. For this work, we collaborated with the open-source mobile data collection project, openXdata.
- 3rd generation mobile telecommunications(3G). http://en.wikipedia.org/wiki/3G. Online, Accessed December 2011.Google Scholar
- CommCareHQ. http://www.commcarehq.org. Online, Accessed November 2011.Google Scholar
- T. Egeberg. Storage of sensitive data in a Java enabled cell phone. Master's thesis, Høgskolen i Gjøvik, 2006.Google Scholar
- Enhanced Data Rates for GSM Evolution(EDGE). http://en.wikipedia.org/wiki/Enhanced_Data_Rates_for_GSM_Evolution. Online, Accessed December 2011.Google Scholar
- Episurveyor. http://www.episurveyor.org/. Online, Accessed March 2011.Google Scholar
- S. Gejibo, K. A. Mughal, F. Mancini, J. Klungsøyrg, and R. B. Valvik. Challenges in implementing end-to-end secure protocol for java ME-based mobile data collection in low-budget settings. In ESSoS, Lecture Notes in Computer Science, pages 38--45. Springer, 2012. Google ScholarDigital Library
- W. Itani and A. Kayssi. J2ME application-layer end-to-end security for m-commerce. Journal of Network and Computer Applications, 27(1):13--32, January 2004. Google ScholarDigital Library
- B. Kaliski. RFC 2898 - PKCS #5: Password-based cryptography specification. http://www.ietf.org/rfc/rfc2898.txt, 2000. Online, Accessed April 2011. Google ScholarDigital Library
- J. Klungsøyr, T. Tylleskar, B. MacLeod, P. Bagyenda, W. Chen, and P. Wakholi. OMEVAC - open mobile electronic vaccine trials, an interdisciplinary project to improve quality of vaccine trials in low resource settings. In Proceedings of M4D '08 - The 1st International Conference on Mobile Communication Technology for Development, pages 36--44. Karlstad University Studies, 2008.Google Scholar
- T. Legion Of the Bouncy Castle. http://www.bouncycastle.org/. Online, Accessed March 2011.Google Scholar
- F. Mancini, K. Mughal, S. Gejibo, and J. Klungsoyr. Adding security to mobile data collection. In Healthcom 2011 - 13th IEEE International Conference on e-Health Networking Applications and Services, pages 86--89, june 2011.Google Scholar
- Nokia 2330c classic. http://www.developer.nokia.com/Devices/Device_specifications/2330_classic. Online, Accessed September 2011.Google Scholar
- Nokia Data Gathering. http://projects.developer.nokia.com/ndg. Online, Accessed November 2011.Google Scholar
- Nokia, Nokia Data Gatherings(NDG). https://github.com/nokiadatagathering/ndg-mobile-client. Online, Accessed September 2011.Google Scholar
- openXdata. http://www.openxdata.org. Online, Accessed March 2011.Google Scholar
- Oracle. Java ME reference. http://www.oracle.com/technetwork/java/javame/index.html. Online, Accessed March 2011.Google Scholar
- Oracle Inc. Security and Trust Services API for J2ME(SATSA). http://java.sun.com/products/satsa/. Online, Accessed March 2011.Google Scholar
- OWASP. Mobile Security Project. https://www.owasp.org/index.php/OWASP_Mobile_Security_Project. Online, Accessed March 2012.Google Scholar
- S. M. A. Shah, N. Gul, H. F. Ahmad, and R. Bahsoon. Secure storage and communication in J2ME based lightweight multi-agent systems. Proceedings of KES-AMSTA'08 - the 2nd KES International conference on Agent and multi-agent systems: technologies and applications, Incheon, Korea, pages 887--896. Google ScholarDigital Library
- T. Egeberg. Storage of sensitive data in a Java enabled cell phone. http://egebergweb.com/tommy/masterfiler/masteroppgave2.pdf. Master Thesis, Accessed on March 2012.Google Scholar
- C. Z. G. N. W. unit based multilingual comparative analysis of text corpora. http://speechlab.tmit.bme.hu/publikaciok/. Online, Accessed January 2012.Google Scholar
- Vision Mobile. Global Smartphone Penetration. http://www.visionmobile.com/. Online, Accessed August 2012.Google Scholar
- Vital Wave Consulting. mHealth for Development: The Opportunity of Mobile Technology for Healthcare in the Developing World. Washington, D.C. and Berkshire, UK: UN Foundation-Vodafone Foundation Partnership, February 2009.Google Scholar
- B. Whitaker. Problems with mobile security #1. http://www.masabi.com/2007/07/13/problems-with-mobile-security-1/, July 2007. Online, Accessed March 2011.Google Scholar
Index Terms
- Secure data storage for mobile data collection systems
Recommendations
Mobile Data Collection Frameworks: A Survey
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big DataMobile phones equipped with powerful sensors have become ubiquitous in recent years. Mobile sensing applications present an unprecedented opportunity to collect and analyze information from mobile devices. Much of the work in mobile sensing has been ...
Secure Mobile Data Collection Systems for Low-Budget Settings
ARES '12: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and SecurityLack of infrastructures in health care and transportation, combined with the demand for low cost health services and shortage of medical professionals, are some of the known causes for loss of life in low income countries. Mobile Health (a.k.a. mHealth) ...
Challenges in implementing an end-to-end secure protocol for java ME-Based mobile data collection in low-budget settings
ESSoS'12: Proceedings of the 4th international conference on Engineering Secure Software and SystemsMobile devices are having a profound impact on how services can be delivered and how information can be shared. Sensitive information collected in remote communities can be relayed to local health care centers and from there to the decision makers who ...
Comments