Yazar "Buk, Onur" seçeneğine göre listele

Listeleniyor 1 - 2 / 2
  • Küçük Resim Yok
    Öğe
    Design of a Secure Key Management System for SIM Cards: SIM-GAYS
    (IEEE, 2020) Kose, Busra Ozdenizci; Cevikbas, Cem; Mantar, Haci Ali; Buk, Onur; Coskun, Vedat
    Today, the increasing security needs of mobile applications and service providers make SIM (Subscriber Identity Module) cards an important candidate for providing desired secure operating infrastructure. Mobile services require a secure communication design for data storage and transmission to minimize the security risks between the smartphone user and service provider. The aim of this study is to present the design of the centralized SIM based key management framework, called SIMGAYS. The proposed SIM-GAYS framework aims to centralize and facilitate cryptographic operations of diverse applications provided by various service providers and also maintain a centralized OTP generation and validation services on SIM cards. With the help of GSM capabilities of MNOs, the proposed SIM-GAYS framework fulfills the need for a centralized secure key management on SIM card that can be used by all security-sensitive service applications installed on the SIM card as well as on the Smartphone. This comprehensive key management system on SIM cards will allow embedding new value added services and support for the development of mobile ecosystem.
  • Küçük Resim Yok
    Öğe
    Protecting Mobile Service User Identity by Adding Additional Security Layer
    (2021) Erdemir, Utku; Coşkun, Vedat; Buk, Onur; Mantar, Hacı Ali; Köse, Büşra Özdenizci
    Today, various common identity systems (e.g. Facebook Login, Google Connect, Apple ID) are used to improve operational efficiency for service providers and provide an easier authentication method in web or mobile services for users. Almost all common identity systems focus on delivering seamless user experience while proving user identity securely to the service provider. In particular, the use of common identity systems with a high security level is becoming a more important requirement on smartphones. In this context, MNOs (Mobile Network Operators) are considered as an important actor in providing common identity services, as they have strong GSM capabilities. Currently, it is possible to see many identity management solutions -based on OpenID Connect and Mobile Connect standards- from MNOs which are used for authentication in mobile applications of service providers. However, existing solutions generally does not provide very high level of assurance in the asserted digital identity. With advancements in value-added mobile services and increasing security requirements; there is a need for common identity systems that provide higher levels of assurance (i.e., particularly LoA4), strong authentication and non-repudiation services for service providers and users. This study presents the development and implementation of a multi-factor authentication method for mobile services based on Mobile Connect and OpenID Connect standards. The designed model includes the usage of three identity -knowledge, ownership, biometric- factors of user in order to access sensitive mobile services on the smartphone. The system development and testing studies were systematically presented based on the functional requirements. The realization and deployment of the proposed model by MNOs could play an important role in the development of mobile services that require a high level of assurance in the future.