submit Opinions CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Journal of ICT Standardization

Editor-in-Chief: Anand R. Prasad, NEC, Japan

Associate Editor: Sivabalan Arumugam, NEC India

ISSN: 2245-800X (Print Version),

ISSN: 2246-0853 (Online Version)
Vol: 5   Issue: 1

Published In:   July 2017

Publication Frequency: Triannual

Search Available Volume and Issue for Journal of ICT Standardization

Journal Description        Read Full Articles        Editorial Board        Subscription        Indexed       Opinions

Towards Trusted Location Specific Information for Cloud Servers

doi: 10.13052/jicts2245-800X.511
Leo Hippeläinen and Ian Oliver

Nokia Bell Labs, Finland

Abstract: [+]    |    Download File [ 902KB ]   |    Read Article Online

Abstract: Every physical datacenter is located somewhere on the globe. It is subject to the local legislation, including data protection related laws. A cloud service can be delivered from a set of datacenters in several locations. Responsibilities of the service provider include ensuring that legal and agreed constraints are respected also by its subcontractors, for example, those providing cloud computing resources. Several countries have data protection legislation that restrict sharing copies of sensitive data to locations that do not have compliant legislation. This paper presents ideas to dependably detect location specific information, like the legislation properties, of the current physical host server executing a service.

Keywords: Datacenter design, Trusted cloud geolocation, Data sovereignty, Privacy, Confidentiality, Data integrity, Data protection.

Stealthy SS7 Attacks

doi: 10.13052/jicts2245-800X.512
Sergey Puzankov

Positive Technologies, Russia

Abstract: [+]    |    Download File [ 984KB ]   |    Read Article Online

Abstract: As we can see, most mobile operators defend their SS7 perimeter by reconfiguring network equipment and implementing SMS Home Routing solutions. This is the right way to withstand basic SS7 attacks, but it is not enough to protect the network. Our research and security audit practice proves that there are possibilities to perform SS7 attacks that bypass this kind of security mechanisms. Moreover, real attacks tend to be more stealthy and difficult to detect at an early stage. That is why we reckon mobile operators should engage continuous security monitoring of external SS7 connections supported by upto- date vulnerability base. In this talk, I will describe the most interesting attacks on SS7 networks that have never been published before.

Keywords: SS7, Security, Location tracking, SMS interception.

Diameter Security: An Auditor's Viewpoint

doi: 10.13052/jicts2245-800X.513
Sergey Mashukov

Positive Technologies, Russia

Abstract: [+]    |    Download File [ 1862KB ]   |    Read Article Online

Abstract: In this paper we share our experience in conducting security audits for several different mobile network operators and discuss the difficulties encountered in the process. We also describe successful attacks performed by us on Diameter equipment in these environments. Some of these attacks have not been published previously.

Keywords: Diameter, Security, 4G.

Privacy Enhanced Fast Mutual Authentication in 5G Network Using Identity Based Encryption

doi: 10.13052/jicts2245-800X.514
Mohsin Khan and Valtteri Niemi

Department of Computer Science, P.O. Box 68 (Gustaf H¨allstr¨omin katu 2b), FI-00014 University of Helsinki, Finland

Abstract: [+]    |    Download File [ 1167KB ]   |    Read Article Online

Abstract: Subscription privacy of a user has been a historical concern with all the previous generation mobile networks, namely, GSM, UMTS, and LTE. While a little improvement have been achieved in securing the privacy of the long-term identity of a subscriber, the so called IMSI catchers are still in existence even in the LTE and advanced LTE networks. Proposals have been published to tackle this problem in 5G based on pseudonyms, and different public-key technologies. This paper looks into the problem of concealing long-term identity of a subscriber and presents a protocol based on identity based encryption (IBE) to tackle it. The proposed solution can be extended to a mutual authentication and key agreement protocol between a serving network (SN) and a user equipment (UE). We name the protocol PEFMA (privacy enhanced fast mutual authentication). The SN does not need to connect with the home network (HN) on every PEFMA run. In PEFMA, both the user equipment (UE) and the SN has public keys. A UE sends the IMSI after encrypting it using the SN’s public key. Since both the UE and SN have public keys, PEFMA can run without contacting the HN. A qualitative comparison of different techniques show that our solution is

Keywords: competitive for securing the long-term identity privacy of a user in the 5G network.

Auditable De-anonymization in V2X Communication

doi: 10.13052/jicts2245-800X.515
Masoud Naderpour1, Tommi Meskanen1, Andrew Paverd2 and Valtteri Niemi1

1Department of Computer Science, University of Helsinki, Finland
2Department of Computer Science, Aalto University, Finland

Abstract: [+]    |    Download File [ 1452KB ]   |    Read Article Online

Abstract: Intelligent transportation systems are on their way toward wide deployment. Vehicle to everything (V2X) communication, as an enabler for safer and more convenient transportation, has attracted growing attention from industry and academia. However, security and privacy concerns of such communication must be addressed before it can be widely adopted. In this paper we analyze the security and privacy requirements of V2X communication. Specifically, we focus on lawful identity resolution (i.e., de-anonymization) in V2X communication, and consider recent regulatory changes in this area. Based on this, we define an expanded set of technical requirements for identity resolution in V2X communication. We then propose a solution for the problem statement where the involved parties may be dishonest but not colluding.

Keywords: De-anonymization, Auditability, V2X, Security Credential Management System (SCMS).

Cybersecurity Business Models for IoT-Mobile Device Management Services in Futures Digital Hospitals

doi: 10.13052/jicts2245-800X.516
Julius Francis Gomes1, Marika Iivari1, Petri Ahokangas1, Lauri Isotalo2 and Riikka Niemelä3

1Martti Ahtisaari Institute of Global Business & Economics, Oulu Business School, University of Oulu, Finland
2Elisa Corporation, Finland
3MedicalMountains AG, Tuttlingen, Germany

Abstract: [+]    |    Download File [ 1104KB ]   |    Read Article Online

Abstract: Hospitals as critical infrastructures has been historically dependent on various types of devices and equipment that are being revolutionized with digitalized solutions. The digitalization of conventional healthcare equipment is added with the new inclusion of numerous new devices for data collection, analysis, communication, and so on. All in all, the futures digital hospitals in 5G will be exponentially more data-dependent and digital-intensive. For that, this paper looks to theorize how the security scenario in a futures digital hospital would look like, and what relevant business possibilities could emerge for cybersecurity providers in the healthcare context. In this paper, we open up discussions on business possibilities relevant to Internet of Things-mobile device management for critical infrastructures such as future digital hospital. We apply business models as a conceptual lens to analyze how cybersecurity business could evolve for 5G enabled IoT-Mobile device management providers as a cybersecurity vendor.

Keywords: Internet of Things, Mobile Device Management, Business Model, Digital Hospital, 5G Security, Cybersecurity.

River Publishers: Journal of ICT Standardization