Mobile Security – The Time is Now : By: Sneha Endait (MKSSS’S Cummins College of Engineering) Mobile Security – The Time is Now Introduction to Mobile Computing : Introduction to Mobile Computing Mobile computing is a generic term describing one's ability to use technology while moving.
A connection ties the mobile device to centrally located information and/or application software.
This is usually done through portable and wireless communication devices. Slide 3: Personal Digital Assistants (PDAs) wearable computers Some examples.. laptops with wireless LAN or wireless WAN technology Advantages of mobile computing : Advantages of mobile computing The main advantage-they are mobile! Drawbacks : Drawbacks The main concern with mobile computing is security.
Hacking is very prevalent with mobile computing.
Mobile computers are the most vulnerable to such attacks. Need for mobile security : Need for mobile security Mobile devices are flourishing and their diversity is growing.
Mobile devices are often used precisely where they’re most vulnerable – in public places like airplanes, lobbies, taxis, etc. Need for mobile security : Need for mobile security But only a few are secured against the potential hazards of security attacks.
This leads to data loss; probing or downloading of data by unauthorized persons.
Hence, mobile security is the need of today! Types of Threats : Types of Threats Physical risk: Theft or loss.
Unauthorized access risk: Login or network access by an unauthorized person or computer
Operating system or application risk.
Mobile data storage device risk. Types of Threats : Types of Threats Network risk: Computing and communication devices can be accessed through the networks to which they are connected without detection.
Viruses, worms, and other malware can enter a computer or through other networks Control Measures : Control Measures Authentication
Intrusion Prevention System Authentication : Authentication Authentication verifies that users or systems are who they claim to be, based on identity (e.g., username) and credentials (e.g., password).
Most highly publicized breaches are attributed to weak authentication - from unlocked laptops to wireless networks with cracked passwords.
Many embarrassing incidents could be avoided by providing vigorous authentication to mobile devices and their networks. Data Encryption : Data Encryption Data encryption refers to
Mathematical calculations and algorithmic schemes that transform plaintext into cyphertext.
Cyphertext - non-readable to unauthorized parties.
The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt(decode) the data.
This transforms it to the original plaintext version. Firewall : Firewall A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system.
If an incoming packet of information is drained by the filters, it is not allowed through. Firewalls : Firewalls Firewalls use one or more of three methods :
Packet filtering - Packets are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
Proxy service - Information from other mobile device is retrieved by the firewall and then sent to the requesting system and vice versa.
Stateful inspection - It compares certain key parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is compared .
If the comparison yields a reasonable match, the information is allowed through. Otherwise discarded. Intrusion Prevention System : Intrusion Prevention System A network security device that monitors network for malicious or unwanted behavior.
It can react, in real-time, to block or prevent those activities.
Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks .
When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. And then tear of security concern is sure to go.. : And then tear of security concern is sure to go.. Conclusion : Conclusion