Dr. N. Asokan
(Nokia Research Center, Finland)
will give the following lectures
(No registration fee required. However, if you wish to attend the lectures,
please drop an email to conti@math.unipd.it with subject "Asokan lectures")
Lecture 1 (1,5+1 hours)
Title: A Perspective on the Evolution of Mobile Platform Security Architectures
Day: July 3, 2012
Time: 10.00 am - 12.30 pm
Location: Math Department, Via Trieste 63, Padova - Room 1AD100
Abstract: In the past few years, there has been a dramatic increase in the popularity of the category of mobile phones commonly known as "smartphones". Consequently there is increased interest in the security and privacy research community in "smarpthone security". All dominant smartphone platforms, or more generally, mobile phone application platforms, incorporate platform security architectures that are widely deployed. In this lecture I will briefly explain the reasons why mobile platform security schemes have seens such widespread deployment and go on to discuss and compare some of them in more detail. Based on this analysis I will point out some open problems and possible future directions.
The second part of the talk will present On-board Credentials systems.
Lecture 2 (1,5 hours)
Title: The Case for Usable Mobile Security
Day: July 4, 2012
Time: 10.00 am - 11.30 am
Location: Math Department, Via Trieste 63, Padova - Room 1C150
Abstract: In this lecture, I will make the case for usable mobile security by outlining why usable security in mobile devices is important and why it is hard to achieve. I will use the problem of secure device pairing as a case study to illustrate how the research and standardization community attempted to address a problem where usability and security were both important. I will then describe a number of current problems in mobile devices that need usable and secure solutions. Finally, I will discuss the characteristics of mobile devices that can actually help in designin usable solutions to mobile security problems.
Lecture 3 (1 hour)
Title: Context Profiling in Mobile Devices
Day: July 5, 2012
Time: 10.30 am - 11.30 am
Location: Math Department, Via Trieste 63, Padova - Room 2BC60
Abstract: Configuring access control policies in mobile devices can be quite tedious and unintuitive for users. Software designers attempt to address this problem by setting up default policy configurations. But such global defaults may not be sensible for all users. Modern smartphones are capable of sensing a variety of information about the surrounding environment like Bluetooth devices, WiFi access points, temperature, ambient light, sound and location coordinates. My colleagues and I wanted to see if profiling this type of contextual information can be used to infer the familiarity and safety of a context and aid in access control decisions. I will describe a context profiling framework we developed and its use in an example application, device lock, where the locking timeout and unlocking method are dynamically decided based on the perceived safety of current context. I will also discuss how we used datasets from a large scale smartphone data collection campaign to select parameters for the context profiling framework and describe a prototype implementation on a smartphone platform. I will conclude the talk by discussing a number of loose ends and open issues.