60 likes | 129 Views
Secure Delivery of Conditional Access Applications to Mobile Receivers By Eimear Gallery and Allan Tomlinson 6th March 2005.
E N D
Secure Delivery of Conditional Access Applications to Mobile Receivers By Eimear Gallery and Allan Tomlinson 6th March 2005 E. Gallery, A. Tomlinson, “Secure Delivery of Conditional Access Applications to Mobile Receivers”, in Trusted Computing, C. J. Mitchell (ed.), pp. 195-238, IEE, 2005. Presented by: Fei Liu
Summary • Introduced two protocols (public key protocol and secret key protocol) that are designed to allow mobile device to securely download conditional access applications • described how the protocols may be mapped onto specified trusted computing architectures or other platform to ensure the confidentiality and integrity protection of the application stored and while executing on the mobile device. • Clear security analyze process.
AppreciativeComment Security analyze • Define the basic security requirement : Secure download -The confidentiality and integrity of the application must be protected as it is transported from the service provider to the host platform. Secure execution - The confidentiality and integrity of the application must be protected as it is stored and executed on the host platform • Try to list all of the possible security threats and the mechanism can be used to defense the threats. • Exam the protocol by the possible security threats has been listed. A clear and general approach, can be used in many security analyze cases
Appreciative Comment • Describe the protocols in general terms to give the basic understand of the protocols • Mapping the protocols to specific architectures to give some more practical sense From general description to specific architectures mapping
Critical Comment Over Claimed The Author Claims: “Through the careful development of two fundamental secure download protocols, we have met our first major objective in ensuring that the confidentiality and integrity of the application is protected as it is transported from the service provider to the host platform.” Can we claim this statement only by theoretical analyze and approve?
Discussion If we are designing a protocol for secure delivery applications to mobile device: What security threats that relate with availability we can think about?