SlideShare a Scribd company logo

Mobile security in Cyber Security

Download as PPTX, PDF
Geo Marian
Geo Marian

The intention of this slide is to cover all the basics in Mobile Security in Cyber and Information Security (Network and Communication Security)

Technology
1 of 20
MOBILE - SECURITY Cyber and Information Security (Network and Communication Security) Geo S. Mariyan (Master in Computer Science) University of Mumbai.
Introduction • Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security. • Mobile security / Mobile phone security has become increasingly important in mobile computing. • It is of particular concern as it relates to the security of personal and business information now stored on smart phones. • Rapid advances in low-power computing, communications, and storage technologies continue to broaden the horizons of mobile devices, such as cell phones and personal digital assistants (PDAs).
Security Issue: MobileVirus • A cell-phone virus is basically the same thing as a computer virus. An unwanted executable file that "infects" a device and then copies itself to other devices. 1. A computer virus or worm spreads through e-mail attachments and Internet downloads. 2. A cell-phone virus or worm spreads via Internet downloads, MMS attachments and Bluetooth transfers. • Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. • Standard operating systems and Bluetooth technology will enable cell phone viruses to spread either through SMS or by sending Bluetooth requests when cell phones are physically close enough.
SPREADING OF VIRUS Phones that can only make and receive calls are not at risk. Only smart phones with a Bluetooth connection and data capabilities can receive a cell-phone virus. These viruses spread primarily in three ways: 1. Internet download - The user downloads an infected file to the phone by way of a PC or the phone's own Internet connection.
2. Bluetooth wireless connection - The user receives a virus via Bluetooth when the phone is in discoverable mode, meaning it can be seen by other Bluetooth-enabled phones. 3. Multimedia Messaging Service - The virus is an attachment to an MMS text message
CURRENT STATUS OF MOBILE MALWARE • Mobile malware is malicious software that targets mobile phones or wireless- enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. • As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware. • Malicious software ("malware") that is designed specifically to target a mobile device system, such as a tablet or smartphone to damage or disrupt the device. • Most mobile malware is designed to disable a mobile device, allow a malicious user to remotely control the device or to steal personal information stored on the device.
Virus might access and/or delete all of the contact information and calendar entries in your phone. It might send an infected MMS message to every number in your phone book. The top three areas of concern for mobile users are receiving inappropriate content, fraudulent increases in phone bills and loss of important information stored on the handset. THREATS OF MOBILE PHONE VIRUS
Mobile Payment Application Security. • Mobile payment applications need a secure mechanism to protect the credit card information of the users. • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, in an electronic communication. • Credit and debit card payment and online fraud are highly profitable criminal activities that are increasingly dominated by card-not-present transactions.
Mobile Database Application (MDA) • A mobile database is a part of a replica of the central database • The user make modifications of the mobile database at first • Synchronization occurs between the server and the mobile device to ensure the data are the same • In order to complete the synchronization, a publication is needed. A publication is the meta-data package of information about which data is replicated. • With the publication, the database server can synchronize with the mobile database correctly. The publication can only be accessed by the users after they are authenticated.
Information Risks • The mobile device may be stolen by malicious attacker. Then the attacker may try to access the data stored in the device. • The sensitive data transferred through the network may be intercepted by the malicious attacker. • The users who have no accounts of mobile applications may try to access the server without permissions. Or they may try to log in with others’ accounts to obtain the personal information of them. • The malicious users of the mobile applications may try to modify the data in the server even if they are not granted with sufficient permissions or they may try to access the data which are not allowed them to obtain.
Methods to Ensure Security and Privacy in Mobile Applications a) Secure Network Connection b) Encrypted Local Data c) User Authentication d) Grant Minimum Sufficient Permissions e) Separate User Accounts f) Applications Provided Security Mechanisms
Secure Network Connection • Network Security is the process of taking physical and software preventative measures to protect underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computer • In order to ensure that the sensitive data transferred through the network will not be obtained by malicious attacker, we can choose a secure network connection. • We can make use of https instead of http because all the traffic are encrypted so that the data can be protected.
Encrypted Local Data • Because the mobile device may be lost or stolen, so it is also necessary to take some mechanisms to ensure that the data in the device are also safe. • Therefore, we can encrypt the data in the mobile device.
User Authentication • User authentication is a process that allows a device to verify the identify of someone who connects to a network resource. There are many technologies currently available to a network administrator to authenticate users. • If the mobile application is a mobile database application, then it means that the user must be authenticated by the database server. • Only after they are authenticated then they can access the publication to synchronize the mobile database with the database server. • And also, user should also be authenticated at the Web Server to protect them from accessing the Web Server just by the same URL.
Grant Sufficient Minimum Permissions Analysis • The users should be granted with sufficient minimum permissions to ensure the security and privacy in mobile applications. • For example, the user who can only view the data should not be granted with the write permission because they may try to make modifications as their wishes.
Separate User Accounts • Sometimes we may provide a user with two accounts in order to ensure the security and privacy in the mobile applications. • For example, a user can view all the data but only modify part of them. Therefore, we can design two accounts. • The first one is a read-only account and it can view all the data. While the other one is a read-write account but it can only view and modify part of the data.
Application Provided Security & Privacy Mechanism • The mobile application can provide other security and privacy mechanisms. • For example, the application may encrypt and sign the data before they enter into the secure communication link. • Another example is that the user can only access a replica of the main table of the central database so that even if they successfully attack the replica through the mobile application, the data in the central database can still be protected.
Conclusion • The best way to protect yourself from cell-phone viruses is the same way you protect yourself from computer viruses: Never open anything if you don't know what it is. The following aspects are the basic points to ensure security and privacy in mobile applications: 1. Secure Network Connection 2. Encryption of Sensitive Data 3. User Authentication Almost all the applications need to pay attention to the above-mentioned points so that they can protect the sensitive data. Here are some steps you can take to decrease your chances of installing a virus:  Turn off Bluetooth discoverable mode. Set your phone to "hidden" so other phones can't detect it and send it the virus.  Check security updates to learn about file names you should keep an eye out for.  Security sites with detailed virus information include: F-Secure, McAfee & Symantec
Reference • Wikipedia • Network Security: Charlie Kaufman, Radia Perlman, Mike Speciner, Prentice Hall, 2nd Edition (2002) • Mobile Security and Privacy: By Man Ho Au, Raymond Choo
Mobile security in Cyber Security

Recommended

Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Mobile security
Mobile security Mobile security
Mobile security
Himmatsingh Rajpurohit
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
Pushkar Pashupat
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
Manish Gupta
 
Mobile security
Mobile securityMobile security
Mobile security
Naveen Kumar
 

Recommended

Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Mobile security
Mobile security Mobile security
Mobile security
Himmatsingh Rajpurohit
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
Pushkar Pashupat
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
Manish Gupta
 
Mobile security
Mobile securityMobile security
Mobile security
Naveen Kumar
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
preetpatel72
 
Mobile security
Mobile securityMobile security
Mobile security
Mphasis
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell Phones
Faizan Shaikh
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
Rubal Sagwal
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
Spyware
SpywareSpyware
Spyware
Kardan university, kabul , Afghanistan
 
System security
System securitySystem security
System security
sommerville-videos
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Dipesh Waghela
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Mobile security
Mobile securityMobile security
Mobile security
CyberoamAcademy
 
электронное портфолио
электронное портфолиоэлектронное портфолио
электронное портфолио
allacol
 
Introducción a la lógica proposicional
Introducción a la lógica proposicionalIntroducción a la lógica proposicional
Introducción a la lógica proposicional
Jesus García Asensio
 

More Related Content

What's hot

What's hot (20)

Mobile security
Mobile securityMobile security
Mobile security
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
 
Mobile security
Mobile securityMobile security
Mobile security
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell Phones
 
Security threats
Security threatsSecurity threats
Security threats
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Spyware
SpywareSpyware
Spyware
 
System security
System securitySystem security
System security
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Social engineering
Social engineering Social engineering
Social engineering
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Network security
Network securityNetwork security
Network security
 
Mobile security
Mobile securityMobile security
Mobile security
 

Viewers also liked

электронное портфолио
электронное портфолиоэлектронное портфолио
электронное портфолио
allacol
 
les-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysqlles-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysql
Yassine Sabek
 

Viewers also liked (13)

электронное портфолио
электронное портфолиоэлектронное портфолио
электронное портфолио
 
Introducción a la lógica proposicional
Introducción a la lógica proposicionalIntroducción a la lógica proposicional
Introducción a la lógica proposicional
 
Compiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statementsCompiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statements
 
Proyecto 11
Proyecto 11Proyecto 11
Proyecto 11
 
les-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysqlles-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysql
 
ถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาค
ถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาคถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาค
ถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาค
 
Etica Pública y Transparencia
Etica Pública y TransparenciaEtica Pública y Transparencia
Etica Pública y Transparencia
 
Laboratorio aperto, Cesena, Casa Bufalini
Laboratorio aperto, Cesena, Casa BufaliniLaboratorio aperto, Cesena, Casa Bufalini
Laboratorio aperto, Cesena, Casa Bufalini
 
Laboratorio aperto, Ferrara, Teatro Verdi
Laboratorio aperto, Ferrara, Teatro VerdiLaboratorio aperto, Ferrara, Teatro Verdi
Laboratorio aperto, Ferrara, Teatro Verdi
 
Agenda urbana nel POR FESR, Regione Emilia Romagna
Agenda urbana nel POR FESR, Regione Emilia RomagnaAgenda urbana nel POR FESR, Regione Emilia Romagna
Agenda urbana nel POR FESR, Regione Emilia Romagna
 
Wheelster hoverboard riding techniques
Wheelster hoverboard riding techniquesWheelster hoverboard riding techniques
Wheelster hoverboard riding techniques
 
La città zero gare, Brescia, Felice Scalvini
La città zero gare, Brescia, Felice ScalviniLa città zero gare, Brescia, Felice Scalvini
La città zero gare, Brescia, Felice Scalvini
 
Presentation shoes xxi century 4
Presentation shoes xxi century 4Presentation shoes xxi century 4
Presentation shoes xxi century 4
 

Similar to Mobile security in Cyber Security

Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
pdevang
 
CTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David TurahiCTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David Turahi
Commonwealth Telecommunications Organisation
 

Similar to Mobile security in Cyber Security (20)

Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
 
CTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David TurahiCTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David Turahi
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
3Nov Challanges to Inernal Security.pptx
3Nov Challanges to Inernal Security.pptx3Nov Challanges to Inernal Security.pptx
3Nov Challanges to Inernal Security.pptx
 
cyber security
cyber security cyber security
cyber security
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Unit 2.design computing architecture 2.1
Unit 2.design computing architecture 2.1Unit 2.design computing architecture 2.1
Unit 2.design computing architecture 2.1
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Mobile security in Cyber Security

  • 1. MOBILE - SECURITY Cyber and Information Security (Network and Communication Security) Geo S. Mariyan (Master in Computer Science) University of Mumbai.
  • 2. Introduction • Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security. • Mobile security / Mobile phone security has become increasingly important in mobile computing. • It is of particular concern as it relates to the security of personal and business information now stored on smart phones. • Rapid advances in low-power computing, communications, and storage technologies continue to broaden the horizons of mobile devices, such as cell phones and personal digital assistants (PDAs).
  • 3. Security Issue: MobileVirus • A cell-phone virus is basically the same thing as a computer virus. An unwanted executable file that "infects" a device and then copies itself to other devices. 1. A computer virus or worm spreads through e-mail attachments and Internet downloads. 2. A cell-phone virus or worm spreads via Internet downloads, MMS attachments and Bluetooth transfers. • Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. • Standard operating systems and Bluetooth technology will enable cell phone viruses to spread either through SMS or by sending Bluetooth requests when cell phones are physically close enough.
  • 4. SPREADING OF VIRUS Phones that can only make and receive calls are not at risk. Only smart phones with a Bluetooth connection and data capabilities can receive a cell-phone virus. These viruses spread primarily in three ways: 1. Internet download - The user downloads an infected file to the phone by way of a PC or the phone's own Internet connection.
  • 5. 2. Bluetooth wireless connection - The user receives a virus via Bluetooth when the phone is in discoverable mode, meaning it can be seen by other Bluetooth-enabled phones. 3. Multimedia Messaging Service - The virus is an attachment to an MMS text message
  • 6. CURRENT STATUS OF MOBILE MALWARE • Mobile malware is malicious software that targets mobile phones or wireless- enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. • As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware. • Malicious software ("malware") that is designed specifically to target a mobile device system, such as a tablet or smartphone to damage or disrupt the device. • Most mobile malware is designed to disable a mobile device, allow a malicious user to remotely control the device or to steal personal information stored on the device.
  • 7. Virus might access and/or delete all of the contact information and calendar entries in your phone. It might send an infected MMS message to every number in your phone book. The top three areas of concern for mobile users are receiving inappropriate content, fraudulent increases in phone bills and loss of important information stored on the handset. THREATS OF MOBILE PHONE VIRUS
  • 8. Mobile Payment Application Security. • Mobile payment applications need a secure mechanism to protect the credit card information of the users. • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, in an electronic communication. • Credit and debit card payment and online fraud are highly profitable criminal activities that are increasingly dominated by card-not-present transactions.
  • 9. Mobile Database Application (MDA) • A mobile database is a part of a replica of the central database • The user make modifications of the mobile database at first • Synchronization occurs between the server and the mobile device to ensure the data are the same • In order to complete the synchronization, a publication is needed. A publication is the meta-data package of information about which data is replicated. • With the publication, the database server can synchronize with the mobile database correctly. The publication can only be accessed by the users after they are authenticated.
  • 10. Information Risks • The mobile device may be stolen by malicious attacker. Then the attacker may try to access the data stored in the device. • The sensitive data transferred through the network may be intercepted by the malicious attacker. • The users who have no accounts of mobile applications may try to access the server without permissions. Or they may try to log in with others’ accounts to obtain the personal information of them. • The malicious users of the mobile applications may try to modify the data in the server even if they are not granted with sufficient permissions or they may try to access the data which are not allowed them to obtain.
  • 11. Methods to Ensure Security and Privacy in Mobile Applications a) Secure Network Connection b) Encrypted Local Data c) User Authentication d) Grant Minimum Sufficient Permissions e) Separate User Accounts f) Applications Provided Security Mechanisms
  • 12. Secure Network Connection • Network Security is the process of taking physical and software preventative measures to protect underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computer • In order to ensure that the sensitive data transferred through the network will not be obtained by malicious attacker, we can choose a secure network connection. • We can make use of https instead of http because all the traffic are encrypted so that the data can be protected.
  • 13. Encrypted Local Data • Because the mobile device may be lost or stolen, so it is also necessary to take some mechanisms to ensure that the data in the device are also safe. • Therefore, we can encrypt the data in the mobile device.
  • 14. User Authentication • User authentication is a process that allows a device to verify the identify of someone who connects to a network resource. There are many technologies currently available to a network administrator to authenticate users. • If the mobile application is a mobile database application, then it means that the user must be authenticated by the database server. • Only after they are authenticated then they can access the publication to synchronize the mobile database with the database server. • And also, user should also be authenticated at the Web Server to protect them from accessing the Web Server just by the same URL.
  • 15. Grant Sufficient Minimum Permissions Analysis • The users should be granted with sufficient minimum permissions to ensure the security and privacy in mobile applications. • For example, the user who can only view the data should not be granted with the write permission because they may try to make modifications as their wishes.
  • 16. Separate User Accounts • Sometimes we may provide a user with two accounts in order to ensure the security and privacy in the mobile applications. • For example, a user can view all the data but only modify part of them. Therefore, we can design two accounts. • The first one is a read-only account and it can view all the data. While the other one is a read-write account but it can only view and modify part of the data.
  • 17. Application Provided Security & Privacy Mechanism • The mobile application can provide other security and privacy mechanisms. • For example, the application may encrypt and sign the data before they enter into the secure communication link. • Another example is that the user can only access a replica of the main table of the central database so that even if they successfully attack the replica through the mobile application, the data in the central database can still be protected.
  • 18. Conclusion • The best way to protect yourself from cell-phone viruses is the same way you protect yourself from computer viruses: Never open anything if you don't know what it is. The following aspects are the basic points to ensure security and privacy in mobile applications: 1. Secure Network Connection 2. Encryption of Sensitive Data 3. User Authentication Almost all the applications need to pay attention to the above-mentioned points so that they can protect the sensitive data. Here are some steps you can take to decrease your chances of installing a virus:  Turn off Bluetooth discoverable mode. Set your phone to "hidden" so other phones can't detect it and send it the virus.  Check security updates to learn about file names you should keep an eye out for.  Security sites with detailed virus information include: F-Secure, McAfee & Symantec
  • 19. Reference • Wikipedia • Network Security: Charlie Kaufman, Radia Perlman, Mike Speciner, Prentice Hall, 2nd Edition (2002) • Mobile Security and Privacy: By Man Ho Au, Raymond Choo

Editor's Notes

  1. Card-not-present  fraud involves the unauthorised use of credit or debit data (the card number, security code and expiry date) to purchase products and services in a non-face-to-face setting, such as via e-commerce websites.