Professional Documents
Culture Documents
ABSTRACT
Mobile Computing utilizing Wireless Networking technology though becoming increasingly popular but at the same time it has introduced the security issues. Todays mobile workforce increasingly demands convenient and secure access to the Internet using mobile devices (such as notebook and handheld PCs) and access the personalized or enterprise data with Wi-Fi and other mobile connectivity solutions. A security enabled mobile database application helps a mobile worker to gain safe network access in areas where it is traditionally hard to deploy wired networks. It also enables such services as wireless access for enterprise Data, file and database synchronization, and convenient network access to corporate resources on the intranet. However, as users find it easier than ever to connect to, synchronize with, and download corporate data, the need for device security becomes crucial. Therefore the network security becomes increasingly more vital for a successful mobile data base application.
Keywords: Mobile computing, Mobile database, Wireless Security, WEP, WPA, WPA2, 802.11i, 802.11X, WIMAX.
I. INTRODUCTION
In the mobile wireless computing domain, massive number of low powered computing machines query databases over the wireless communication channels [17]. Mobile clients will often be disconnected for prolonged periods of time and frequently relocate between different cells and connect to different data servers at different times. The term mobile database [19] does not necessarily mean that the database itself is mobile. Actually there exist a centralized and distributed mobile database architecture where some data is present at the central server and other data is present at mobile nodes [20]. In a distributed architecture there is a possibility of nodes being disconnected, and thus unavailable to answer a request at
*M.Tech (IIIT-Bh), Student Convener INNS, India **M.Tech-Intern, CVRCE, BBSR, India
45
all times. The mobile computing environment no longer requires users to uphold a fixed and universally known position in the network and enables unrestricted mobility of the users. Mobility and portability will create an entire new class of applications and possibly new threats combining mobile database computing and network securities [18]. A mobile computing system can thus be viewed as a dynamic type of distributed system where links between the nodes in the network change dynamically.Fig-1. In Mobile domain Network transactions need privacy, integrity and non-repudiation. Wireless Local Area Network (WLAN) allows workers to access the resources without being tethered to their desk. The convenience have forced the vendors to produce compatible Hardware at a reasonable price with standards such as the Institute of Electrical and Electronics Engineers Inc.s (IEEEs) 802.11x.How ever the convenience of WLAN also introduces security issues that do not exist in the wired world. WLANs introduce security risks that must be understood and mitigated otherwise WLANs can compromise overall network security by allowing following attack scenarios. 1. Vulnerable WLANs provide attackers with the ability to passively obtain the confidential network data and leave no trace of attack. 2. Vulnerable WLANs protected by firewall and considered to be trusted networks may provide a backdoor in to the network.3. Vulnerable WLANs could serve as Launching pad for attacks on unrelated networks. WLANs
provide convenient cover as identifying the attacker is very difficult. There are three major types of security standards in Wireless LAN i.e. WEP, WPA and WPA2. In this paper we have explained the structure of WEP, WPA and WPA2 as first and second and third wireless LAN security protocols and discussed all their versions, problems and improvements for a successful mobile database application. We have discussed various types of attacks on Wireless networks which affects the mobile database significantly. Then we have explained the structure of Wireless MAN protocol i.e. WIMAX and discussed its versions, problems and enhancements. This paper addresses the security implications of Wireless LANs (WLANs) for mobile applications, and makes recommendations regarding some available, security solutions and tools. Finally we make a comparison among WEP, WPA, WPA2 and WIMAX as all wireless security protocols which can be efficiently employed for successful mobile Computing applications.
46
Figure1 The Mobile database architecture stations and possibly on multiple data sets depending upon the movement of the mobile unit.[24] Chrysanthis[25] considers mobile transactions a special type of multi database transaction, and introduces the additional notions of reporting and co-transactions. The mobile transactions into clusters to solve an issue of maintaining consistency in a global multi data base. [23] The overall security of the Mobile database application is achieved by ensuring: 1. Security for the mobile device 2. Security for the central computer 3. Security for the communication link 4. Security for application specific issues. [26] We can distinguish the following types of threats: Threats from any user with access to the communication link. Threats from a read-only user of the application. Threats from an author user of the application .We consider a set of specific threats/attacks for the Mobile database application and discuss how each threat is faced by our approach [27][28]:
Eavesdropping
In https all traffic is encrypted and hence, the confidentiality of the packet contents is protected.
47
Network attack
The mobile database admits the client application to work while the mobile device is disconnected. The mobile device has to enable its network connection only during the synchronization operation of the mobile database. However, even during the short period that the portable device uses its network connection it can become the target of malicious software.
The Encryption technology is realized to have an impact on the size of the data on which it operates. Ciphers encrypt blocks of text in a database gives the outputs in fixed block sizes and essentially require the input data to match this output size or it will be padded to have best effects. Thus, encryption operations on smaller data items increases the size of the stored data in database table and cause you to resize database columns. Encryption also transforms character data into meaningless binary data, and mostly encrypted data must be translated into character-type data. If Base 64 type of encoding is used encrypted data can be transformed from binary into characters but increases the data size by approximately one third. Moreover, encrypting information in indexed fields. Look-ups and searches in large databases because computationally its very infeasible to decrypt every time in case of field searches.
III. ENCRYPTING THE DATA BASE WITH THE REAL SECURITY ISSUES
Encryption provides security and privacy but it affects the data and the database which can indirectly or directly imply to the degradation in the performance. But an educated and properly planned tradeoff can eventually increase its over all performance if careful attention is given at the time of design and planning.
48
manage, but the more critical key security becomes. The keys are generally stored as a restricted database table or file. But, administrator level of security privileges should be there in order to protect the system. Therefore situation specific address protection should be employed. Most successful encryptions are performed either within the database, if the DBMS supports the encryption features or outside the DBMS, where encryption processing and key storage is off loaded to centralized Encryption Servers. Depending on the algorithms used for encryption and their implementations, it is important to understand what algorithms it uses, the performance and strength of those algorithms, and how optimally and flexibly the data is being selected top encrypt. Encryption data is likely to be stored in a database table inside the database, protected by native DBMS access controls. Therefore, It creates security vulnerability because the encrypted text is not separated from the means to decrypt it. Again, this solution does not provide adequate tracking or monitoring of suspicious activities. For those types of applications, some general guidelines are DES is insecure, 3DES is slow and any symmetric ciphers should use 128-bit keys at a minimum.
Firstly, it helps in removing the computational overhead of cryptography from the DBMS or application servers. Secondly, it allows separation of encrypted data from encryption keys. The keys in this architecture is an essential part and never leave the encryption server. Access control and the Encryption Server monitoring plays a vital role in maintaining the security.
49
encryption algorithm and returns the encrypted result. Applications that depend on indexes built on encrypted data make the process slower. For better performance issues, the data has to be so encrypted that it is not indexed. Incase of indexed data encryptions helps the search value before performing the search. That gives a significance focus on changing the search procedure and the access rights for the encryption. Encryption keys are based on pseudo random number generation. Thus the DBMS generated random numbers should be clearly understood so as their usage.
to make multiple requests for cryptographic operations. The focus of hardening the Encryption Server against intrusion so that if anyone gained access to sensitive data in the database, they would find this text encrypted. Moreover, Encryption keys are stored in hardware, separately from the encrypted text and End-to-end encryption is applied between the client and Encryption Server. Encrypted information is simply injected into the database.
50
WEP (Wired Equivalent Privacy) WPA (Wi-Fi Protected Access) WPA2/802.11i (Wi-Fi Protection Access, Version 2). Each of these protocols has two generations named as personal and enterprise template.
data is not modified during transmission a CRC-32 checksum is used for this purpose. WEP security issues can be summarized in four main points: Web Key Recovery Unauthorized decryption and violation of data Integrity Poor key management Access Point association
51
and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPAs TKIP.
Figure 4 WEP encryption Algorithm (Recipient Side) There are some other implementations of WEP that all of them are non-standard fixes and implemented by some companies. We will explain 3 of them here:
7.1 WEP2
This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits. It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks. After it became clear that the overall WEP algorithm was deficient however (and not just the IV and key sizes)
52
forced on standard computers in hours to minutes, using freely available software. WEP reuses initialization vectors. A variety of available cryptanalytic methods can decrypt data without knowing the encryption key. WEP allows an attacker to undetectably modify a message without knowing the encryption key. Key management is lack and updating is poor. Problem in the RC-4 algorithm. Easy forging of authentication messages. The enhancement in WEP is found by using improved data encryption (TKIP), User authentication (Use EAP Method) and Integrity (Michael Method).Now we try to explain the WPA structure and discuss about problems and improvements on it.
the AP already possess this key, WPA provides mutual authentication, and the key is never transmitted over the air. 2. Enterprise WPA or Commercial that the authentication is made by an authentication server 802.1x, generating an excellent control and security in the users traffic of the wireless network. This WPA uses 802.1X+EAP for authentication, but again replaces WEP with the more advanced TKIP encryption. No preshared key is used here, but you will need a RADIUS server. And you get all the other benefits 802.1X+EAP provides, including integration with the Windows login process and support for EAP-TLS and PEAP authentication methods. The main reason why WPA generated after WEP is that the WPA allows a more complex data encryption on the TKIP protocol (Temporal Key Integrity Protocol) and assisted by MIC (Message Integrity Check) also, which function is to avoid attacks of bit-flipping type easily applied to WEP by using a hashing technique. WPA was developed expressly to increase the level of security for new wireless LANs, and manage existing solutions with software or firmware updates. This solution targets all known WEP vulnerabilities and is forward compatible with the upcoming 802.11i standard. This is a robust security solution with the following features: Implements 802.1X EAP (Extended Authentication Protocol) based
53
authentication to enforce mutual authentication. Applies Temporal Key Integrity Protocol (TKIP) on existing RC4 WEP to impose strong data encryption for key management Enhanced Message Integrity (using Michael Message Integrity Check) Referring to the Fig.3 and Fig.4 the whole picture of WEP processes in sender and receiver sides can be seen, now we draw a whole picture of WPA process Fig. 4. TKIP uses the same WEPs RC4 Technique, but making a hash before the increasing of the algorithm RC4. A duplication of the initialization vector is made. One copy is sent to the next step, and the other is hashed (mixed) with the base key.
X. WPA IMPROVEMENTS
In the comparison between TKIP and WEP there are four improvements in Encryption algorithm of WPA that added to WEP: 1. A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries. 2. A new IV sequencing discipline, to remove replay attacks from the attackers arsenal. 3. A per-packet key mixing function, to decorrelate the public IVs from weak keys. 4. A rekeying mechanism, to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.
Figure 5 WPA En.cryption Algorithm (TKIP) After performing the hashing, the result generates the key to the package that is going to join the first copy of the initialization vector, occurring the increment of the algorithm RC4. After that, theres the generation of a sequential key with an XOR from the text that you wish to cryptograph, generating then the cryptography text. Finally, the message is ready for send. It is encryption and decryption will performed by inverting the process.
54
The Michael verification predicate reruns the tagging function over the message and returns the result of a bit-wise compare of this locally computed tag and the tag received with the message. The security level of a MIC is usually measured in bits. If the security level of a MIC is s bits, then, by definition, the time required for an attacker to construct a forgery is, on s+1 average, after about 2 packet.
Key Mixing
As you saw in Fig.1 and Fig.2 WEP constructs a per-packet RC4 key by
concatenating a base key and the packet IV. The new per-packet key that called the TKIP key mixing function substitutes a temporal key for the WEP base key and constructs the WEP per-packet key in a novel fashion. Temporal keys are so named because they have a fixed lifetime and are replaced frequently. The mixing function operates in two phases: Phase 1 eliminates the same key from use by all links: Phase 2 combines the 802 MAC addresses of the local wireless interface and the temporal key by iteratively XORing each of their bytes to index into an S-box, to produce an intermediate key. Stirring the local MAC address into the temporal key in this way causes different stations and access points to generate different intermediate keys, even if they begin from the same temporal keya situation common in ad hoc deployments. This construction forces the stream of generated per-packet encryption keys to differ at every station, satisfying the first design goal. The Phase 1 intermediate key must be computed only when the temporal key is updated,so most implementations cache its value as a performance optimization. Phase 2 de-correlates the public IV from known the per packet key: Phase 2 uses a tiny cipher to encrypt the packet sequence number under the intermediate key, producing a 128bit per-packet key. Actuality, the first 3 bytes of Phase 2 output are exactly mach to the WEP IV, and the last 13 to the WEP base key, as existing WEP hardware expects to concatenate a base key to an IV to form the per-packet key. This design accomplishes the second mixing
55
function design goal, by making it difficult for a rival to be connected to IVs and perpacket keys.
performing a dictionary attack against WPAPSK networks. This weakness was based on the pair wise master key (PMK) that is derived from the concatenation of the passphrase, SSID, length of the SSID and nonces (a number or bit string used only once in each session). The result string is hashed 4,096 times to generate a 256-bit value and then combine with nonce values. The required information for generate and verify this key (per session) is broadcast with normal traffic and is really obtainable; the challenge then becomes the reconstruction of the original values. He explains that the pair wise transient key (PTK) is a keyed-HMAC function based on the PMK; by capturing the four-way authentication handshake, the attacker has the data required subjecting the passphrase to a dictionary attack. Finally he found that a key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.[10] For confirmation, in late 2004, Takehiro Takahashi, then a student at Georgia Tech, released WPA Cracker and Josh Wright, a network engineer and wellknown security lecturer, released cowpatty around the same time. Both tools are written for Linux systems and perform a brute-force dictionary attack against WPA-PSK networks in an attempt to determine the shared passphrase. Both require the user to supply a dictionary file and a dump file that contains the WPA-PSK four-way handshake. Both function similarly; however, cowpatty contains an automatic parser while WPA Cracker requires the user to perform a manual string extraction. Additionally, cowpatty has optimized the HMAC-SHA1 function and is
56
somewhat faster. Each tool uses the PBKDF2 algorithm that governs PSK hashing to attack and determine the passphrase. Neither is extremely fast or effective against larger passphrases, though, as each must perform 4,096 HMAC-SHA1 related to the values as described in the Moskowitz paper. [11]
Encryption Standard. AES is an extremely well documented international encryption algorithm free of royalty or patent, with extensive public review. WPA2, like WPA, supports two modes of security, sometimes referred to as home user and corporate. In home user mode a pre-shared secret is used, much like WEP or WAP. Access points and clients are all manually configured to use the same secret of up to 64 ASCII characters, such as this_is_our_ secret_password. An actual 256-bit randomly generated number may also be used, but this is difficult to enter manually into client configurations. The corporate security is based on 802.1X, the EAP authentication framework (including RADIUS), one of several EAP types (such as EAP-TLS, which provides a much stronger authentication system), and secure key distribution. Home user security introduces the same security problems present in WEP and WPA-PSK. Here we explain corporate security. In security algorithm of 802.11i providing key enabler for secure and flexible wireless networks, allowing for client authentication, wireless network authentication, key distribution and the preauthentication necessary for roaming. In using 802.1X in conjunction with 802.11i, it is strongly suggested to use EAP as a framework for authentication, and use an EAP type for the actual authentication that provides the optimal balance between cost, manageability and risk mitigation. Most often an 802.1X setup uses EAP-TLS for authentication between the wireless client (supplicant) and the access point
57
(authenticator). In theory, several options may replace EAP-TLS, but in practice this is rare In 802.1X, no such port exists until the client connects and associates to the wireless access point. This immediately poses a problem, since beacon packets and probe request/ response packets cannot be protected or authenticated. Fortunately, access to this data is not very useful for attackers, other than for potentially causing denial-of-service attacks, and for identifying wireless clients and access points by their hardware MAC addresses. An 802.1X wireless setup consists of three main components: Supplicant (the wireless client). Authenticator (the access point). Authentication server (usually a RADIUS server). The supplicant initially connects to the authenticator, as it would to a WEP- or WPA protected network. Once this connection is established, the supplicant has in effect a network link to the authenticator (access point). The supplicant can then use this link to authenticate and gain further network access. The supplicant and authenticator first negotiate capabilities These consist of three items:1.The pair wise cipher suite, used to encrypt unicast (point-to-point) traffic.2.The group cipher suite, used to encrypt multicast and broadcast (point-to-multiple points) traffic.3.The use of either a pre-shared key (PSK, or home user security, using a shared secret) or 802.1X authentication. So, the main problem of WPA as a pair wise solved by divided the type of security to three categories witch just in one of them
use pair wise and in two other use group cipher and pre-shared key.
XIV. WIMAX
WiMax (Worldwide Interoperability for Microwave Access) is a telecommunications protocol that provides fixed and fully mobile internet access. The current WiMax revision provides up to 40 Mbit[13][14]with the IEEE 802.16m update expected offer up to 1 Gbit/ s fixed speeds. The name WiMax was created by the WiMax Forum, which was formed in June 2001 to promote conformity and interoperability of the standard. The forum describes WiMax [15] as a standardsbased technology enabling the delivery of last mile wireless broadband access as an alternative to cable and DSL.[16].
58
The WiMax Forum has proposed an architecture that defines how a WiMax network can be connected with an IP based core network, which is typically chosen by operators that serve as Internet Service Providers (ISP); Nevertheless the WiMax BS provide seamless integration capabilities with other types of architectures as with packet switched Mobile Networks. The WiMax forum proposal defines a number of components, plus some of the interconnections (or reference points) between these, labeled R1 to R5 and R8: SS/MS: the Subscriber Station/Mobile Station ASN: the Access Service Network.BS: Base station, part of the ASN ASN-GW: the ASN Gateway, part of the ASN CSN: the Connectivity Service Network HA: Home Agent, part of the CSN AAA: Authentication, Authorization and Accounting Server, part of the CSN NAP: a Network Access Provider NSP: a Network Service Provider It is important to note that the functional architecture can be designed into various hardware configurations rather than fixed configurations. For example, the architecture is flexible enough to allow remote/mobile stations of varying scale and functionality and Base Stations of varying size - e.g. femto, pico, and mini BS as well as macros.
Figure 7 WiMax Architecture The primary differences are under the hood. For one, WiMax was designed from the ground up to provide quality of service (QoS) in order to ensure a reliable minimum data rate and availability. To provide QoS, WiMax certified equipment is designed to implement a scheduling algorithm to ensure each subscriber station competes for access only once. From that point forward, the base station provides a time slot that is allocated to each unique subscriber station. This schedule-based solution is far different from that of Wi-Fi, which uses a contention-based media access control scheme where all subscriber stations compete for the same base stations attention on a random, interruptdriven basis. This is one reason bandwidth
59
varies so much with range from the base station in Wi-Fi implementations: subscribers closer to the base station can simply be heard better, and pre-empt those at more distant ranges. WiMax still suffers from bandwidth degradation over extended ranges, but not nearly as significantly. The inclusion of QoS makes applications such as voice-over-IP (VoIP) much easier to implement, because a relatively constant bandwidth and QoS can be assumed at any given range.
XV. CONCLUSIONS
In this paper the security effect and issues of mobile computing with different WLAN models are discussed. Security enabled Database management and transaction management is always been a great issues of database from the early days of the database. But at that time Security issues like location based fixed node working in a wired environment and in wireless are becoming more complex then ever. A mobile computing system can thus be viewed as a dynamic type of distributed system where links between the nodes in the network change dynamically. At the first Phase of the analysis, we explain the structure of WEP in sender and receiver side and describe all steps verbally and cryptographic message integrity code or MIC, new IV sequencing discipline, perpacket key mixing function and rekeying mechanism then make a whole diagram for WPA encryption and decryption. Finally, explain about the major problem on WPA that happed in the PSK part of algorithm. Thirdly, we discuss about third generation of wireless security protocol as WPA2/802.11i and define two type of this security as home user and corporate. Then we explain the improvement that has done in this protocol for solve the WPA major problem. This is done by categorize the security to three groups and use group cipher and pre-shared key. Then we explain the WiMax and marked a totally survey on wireless security protocols and try to design a whole diagram of security protocols and completely discuss on weaknesses and improvements of them so that those can be applied for a secure mobile database application.
60
Lastly, we conclude that the old ACID property becoming quite rigid phenomenon for secure database transactions in mobile environment. A transaction must be distributed and each traction must be having some save point at their concern Mobile Switching Centers to keep it continue from one Base Stations to other or from Base Station of one Mobile Switching Centers to others in order to preserve the security and integrity of the transaction. So there are lot of scopes to make things work in ideal and economic manner.
[6] Hani Ragab Hassan, Yacine Challal, Enhanced WEP: An efficient solution to WEP threats, IEEE 2005 [7] Halil Ibrahim BULBUL, Ihsan BATMAZ, Mesut OZEL, Comparison of WEP (Wired Equivalent Privacy) Mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) Security Protocols; e-Forensics January 2008, Adelaide ,Australia. [8] Arunesh Mishra, William, A. Arbaugh, An Initial Security Analysis of The IEEE 802.1X Standard, University of Meryland, 2002 [9] Vebjrn Moen, Havard Raddum, Kjell J. Hole; Weaknesses in the Temporal Key Hash of WPA ; Mobile Computing and Communications Review,2005 [10] John L. MacMichael ; Auditing WiFi Protected Access (WPA) PreShared Key Mode; Linux Journal, 2005 [11] Bhagyavati, Wayne C. Summers, Anthony DeJoie;Wireless Security Techniques: An Overview; InfoSec Conference, September 2004 [12] Yoshiaki Hori , Kouichi Sakurai ;Security Analysis of MIS Protocol on Wireless LAN comparison with IEEE802.11i ;Mobility Conference , October 2006, Thailand
XVI. REFERENCES
[1] Arash Habibi Lashkari, F. Towhidi, R. S. Hoseini, Wired Equivalent Privacy(WEP), ICFCC Kuala Lumpur Conference, 2009 [2] Arash Habibi Lashkari, Masood Mansoori, Amir Seyed Danesh;, Wired Equivalent Privacy(WEP) versus Wi-fi Protected Access, ICCDA Singapore Conference, 2009 [3] Donggang Liu, P. N., Security for Wireless Sensor Networks, Springer., November, 2006 [4] Garcia, R. H. a. M., AN ANALYSIS OF WIRELESS SECURITY, CCSC: South Central Conference. 2006 [5] Kempf, J., Wireless Internet Security: Architecture and Protocols ,Cambridge University Press. October, 2008
61
[13] Mobile WiMAX Speed Test Results in Perth, Australia - 1 to 37 Mbps, 12mbps Average. http:// forums.whirlpool.net.au forumreplies.cMm t=1418240. Retrieved 2010-04-14. [14] Speeding Up WiMax, Today the initial WiMax system is designed to provide 30 to 40 megabit per second data rates.. http:// w w w. i t b u s i n e s s e d g e . c o m / c m / community/features/interviews/ blog/ speeding-up-wimax/?cs=40726. Retrieved 2010-04-17. [15] Facts About WiMAX And Why Is It The Future of Wireless Broadband [16] IEEE 802.16 WirelessMAN Standard: Myths and Facts. ieee802.org.http: www.ieee802.org/ 16/docs/06/C80216-06_007r1.pdf. Retrieved 2008-03-12. [17] T. Imielinski and B.R. Badrinath, Aug. 1992 Querying in Highly Mobile and Distributed Environments, Proc. 18th Intl Conf. Very Large Data Bases, Vancouver, B.C., Canada. [18] D. Barbara. Jan/Feb 1999 Mobile Computing and Databases A Survey. IEEE Transactions on Knowledge and Data Engineering, Vol. 11, No. 1, pp. 108-117. [19] D. Barbara., Jan/Feb 1999, Mobile Computing and Databases A Survey. IEEE Transactions on
Knowledge and Data Engineering, Vol. 11, No. 1, pp. 108-117.. [20] P. Sistla, O. Wolfson, S. Chamberlain and S. Dao., 1997 Modeling and Querying Moving Objects. Proceedings of the International Conference on Data Engineering, Birmingham, UK. pp. 422-432. [21] A. Helal and M. Eich. 1995, Supporting mobile transaction processing in database systems. Technical Report RCSE-95-003, University of Texas at Arlington. [22] T. Ozsu and P. Valduriez., 1999, Principles of Distributed Database Systems. Prentice Hall, 2 edition. [23] M. Dunham, A. Helal, and S. Balakrishnan., 1997, A mobile transaction model that captures both the data and movement behavior. Mobile Networks and Applications. [24] Transactions in mobile information systems Frank Sommers, 2003 [25] P. Chrysanthis, 1993, Transaction processing in mobile computing environments. Proceedings of IEEE Workshop on Advances in Parallel and Distributed Systems. [26] Guy Bernard, Jalel Ben-Othman, Luc Bouganim, Gerome Canals, Sophie Chabri-don, Bruno Defude, Jean Ferrie, Stephane Gancarski, Rachid Guerraoui, Pas-cal Molli, Philippe Pucheral, Claudia Roncancio, Patricia
62
Serrano-Alvarado, and Patrick Valduriez. Mobile databases: a selection of open issues and research direc-tions. SIGMOD Record, 33(2):7883, 2004 [27] Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu. Hippo-cratic databases. In 28th Intl Conf. on Very Large Databases (VLDB), HongKong, 2002 [28] Benjamin Halpert. Mobile device security. In InfoSecCD 04:
Proceedings of the 1 st annual conference on Information security curriculum development, pages 99 101, New York, NY, USA, 2004. ACM Press. [29] Sushil Jajodia. Database security and privacy. ACM Comput. Surv., 28(1):129 131, 1996. [30] Sumit Jeloka. Oracle Database Security Guide. Oracle Corp., Redwood City, CA, USA, February 2005. B14266-01.