FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:   || 2 | 3 |

«Mobile device security Kevin Curran*, Vivian Maynes and Declan Harkin Faculty of Computing and Engineering, University of Ulster, Northern Ireland, ...»

-- [ Page 1 ] --

Int. J. Information and Computer Security, Vol. 7, No. 1, 2015 1

Mobile device security

Kevin Curran*, Vivian Maynes and

Declan Harkin

Faculty of Computing and Engineering,

University of Ulster,

Northern Ireland, UK

Email: kj.curran@ulster.ac.uk

Email: Maynes-v@email.ulster.ac.uk

Email: declanharkin@gmail.com

*Corresponding author

Abstract: None of the early internet designers has ever foreseen the

pervasiveness of its involvement in everyday life. That is why we have so many security and privacy issues today. The landscape is moving all the time with new smartphones hitting the market and new features being rolled out almost weekly. The standard desktop operating system is quickly being overtaken by computing on mobile devices however many of us are unaware of the security vulnerabilities on mobile devices. This paper highlights the security mechanisms deployed to make mobile devices safe for use. Such mechanisms include the choice of mobile device by the user, encryption, authentication, remote wipe capabilities, lost phone hotline, firewalls, utilisation of third party software, intrusion prevention software, anti-virus software and finally Bluetooth.

Keywords: security; mobile security; mobile; network security; malware.

Reference to this paper should be made as follows: Curran, K., Maynes, V. and Harkin, D. (2015) ‘Mobile device security’, Int. J. Information and Computer Security, Vol. 7, No. 1, pp.1–13.

Biographical notes: Kevin Curran holds a BSc (Hons), PhD, SMIEEE, FBCS CITP, SMACM and FHEA. He is a Reader in Computer Science and Group Leader for the Ambient Intelligence Research Group. He has made significant contributions to advancing the knowledge of computer networking evidenced by over 800 published works. He is a regular contributor to BBC radio and TV news in the UK and quoted in trade and consumer IT magazines on a regular basis. He is an IEEE Technical Expert for Security and a member of the EPSRC Peer Review College.

Vivian Maynes is a graduate in Computer Science of the University of Ulster.

She is currently working in the information technology industry with research interests including distributed systems, network security and internet technologies.

Declan Harkin is a graduate in Computer Science of the University of Ulster.

He is currently working in industry. His research interests include security and programming languages.

Copyright © 2015 Inderscience Enterprises Ltd.

2 K. Curran et al.

1 Introduction Most people do not take time to consider privacy on their mobile devices. It is a fact that only 50% of people put a lock code on their phone therefore any stolen phone can allow thieves to also burrow into their online accounts (Information Week, 2011). Most people store access codes in their e-mail account. A thief would easily siphon off passwords from that. Accessing your online bank account or PayPal can allow a thief to transfer money or buy an online anonymous currency like BitCoin and you will never see that money again. For the first time in our history, banks and other financial institutions are beginning to offload the blame for an account being hacked onto the customer. They are claiming that customers should have had greater protection mechanism in place. Securing your actual communications is a different matter. If you have a lot to lose by being snooped upon like a drug dealer or a spy then it is important. If you are the other 90% of the population then it can be harder to see the need for secure communications – especially voice communications. There is more of a need for secure messaging. Say you wish to talk movies with your friend and he is working and also using a corporate phone or iPad, then having a secure password protected app or program can simply prevent problems with his/her boss. It would also be important for people having affairs. There are smartphone messaging apps out there on the app market like SafeSlinger which claim to prevent even the NSA snooping.

No one mobile OS is inherently more secure than another. They each have strengths and quite often the more popular one can be more secure but due to popularity, that is where most hacker attacks are aimed. Basically it is a numbers game. But I will say at this time that Android needs to improve its app security. Apple has an easier time as they have a more stringent entry test to getting an app into their app store. Google by default allow most people to post an app to the store but they are trying to become better at identifying rogue apps. One could also say Windows phone is secure as most of the popular leading apps were either written by Microsoft or paid third parties! BlackBerry before its demise due to the BlackBerry messenger app was considered an excellent secure messaging system. We do know however that there is a global private key and we have to simply assume that the NSA know this key so no message anymore can be considered safe. In fact, BlackBerry themselves however in their BlackBerry solution technical overview document advise users to ‘consider pin messages as scrambled, not encrypted’.

If you are paranoid, then do not use e-mail services such as yahoo, Gmail or Hotmail.

In all likelihood the NSA have sent national security letters to each of those providers and got the keys (or more likely, installed wire taps upstream of their data centres and are recording all the traffic to later decrypt quite easily…..) There are products such as sold by Go-Trust Technology Inc. who sell and Android App which uses a hardware secure element embedded in a microSD to safeguard sensitive information by encrypting SMS text messages, photos, videos, data files and contacts. Hardware encryption can be effective. No real details have been released but there is every chance that a hardware-based solution like this can be quite secure. It is still recommended to select a proper VPN and/or TOR over this system however. It is not recommended to jailbreak a phone as it may leave that phone more vulnerable to attack. A jailbroken phone will not Mobile device security 3 quite often get the necessary updates to protect it against new vulnerabilities.

Downloading random apps is always a risk. Security suites on mobile phones are still limited. The proper assessment of their capabilities has not really been carried out. It is well known that phones have been compromised whilst a leading mobile ‘security suite’ has been loaded on the phone. Easiest way to protect is to simply install the leading well know apps and to steer clear of ‘recent uploads’. A time stamp is important as most malware on phones is discovered but the first people to download it are the ones compromised.

What follows is an outline of security mechanisms deployed to make mobile devices safe for use.

2 Mobile device security

A mobile device is a piece of equipment that can come in different forms. The data these devices hold could be photos or document files containing sensitive material (e.g., bank details, personal photos, credit card numbers even home address) (Fling, 2009;

Holzer and Ondrus, 2009). The ranges of mobile devices that are available include mobile computers, personal digital assistants/enterprise digital assistants, pagers, personal navigation devices (PNDs), mobile phones and portable media players. More than half the global population now use a mobile phone (ITU, 2008). The advanced features of mobile devices that have made them so attractive to the end user include: internet web browsing, e-mailing, Bluetooth, wireless communication, digitising notes, file sharing and mobile field management capabilities. As mobile devices advance in terms of technology the security risk also increases (Chickowski, 2009). It is evident that the corporate organisations that fabricate the mobile device are not incorporating the correct security mechanisms within the equipment to minimise security risk (Hegarty et al., 2010; Wasserman, 2010; Jacobs, 2011).

There is different ways you can protect a mobile device, from placing it in your pocket to using encryption software. All of these devices have some type of security that restricts foreign bodies from obtaining their information. Data protection is crucial in today’s world of technology. Even with the advancements in mobile devices such as card readers, chip and pin, and online payment security, data is still never 100% secure. Most or all mobile devices have the ability to enable a four-to-eight digit PIN in order to use the device. When the device is switched off onto standby, the pin security is enabled. So when you try to access the device again you will be a prompt for a pin request. If someone stole or came across your device and they seen that it was pin protected they probably would not try and hack it for the data but wipe it and sell it for a quick pound.

Figure 1 presents breach statistics for 2008 on portable devices (Lingfen et al., 2010).

Here we can see that more than 32% of data breaches were the result of a lost or stolen laptop, mobile phone, or other portable media device while only 14% of data breaches were the result of a hacking event. It may seem therefore that the actual problem lies with regards to data security…. outside the firewall.

4 K. Curran et al.

Figure 1 Incidents by breach type (see online version for colours)

The starting point for protection for devices as mobile phones would be to introduce IT policies. This is a written agreement with the users of the devices and statement what can and cannot be used on them. Some examples of policies are acceptable use, password, backup, network access, incident response, remote access, virtual private network (VPN), guest access, wireless, third party connection, network security and encryption policies (ITU, 2008). BlackBerry mobiles are bound to some of these. They are pushed to their handhelds over the air during wireless activation. Through these policies employers can set their own security needs like passwords, timeouts on the device and have read only parameters; only permitting voice calls on locked handhelds for instance. They can even deactivate the Bluetooth and control how the data is encrypted. There also can be application policies. Letting the employer control third party applications and which resources they can access. All policy settings are synchronised and assigned to the BlackBerry smartphone over-the-air. As a result, BlackBerry Enterprise Server administrators who need to facilitate large deployments can easily change IT policies on a corporate level without requiring users to cradle their BlackBerry smartphones. This policy ensures that administrators can control each BlackBerry smartphone, An IT policies has digital signatures to ensure that only the designated BlackBerry Enterprise Server can send updates to a BlackBerry smartphone. When sending information through a wireless connection on the BlackBerry, the information is routed through BlackBerry’s RIM infrastructure. The information is encrypted with either AES or 3DES and the keys are only known to the handheld or the BES. BES decrypts the information the sends it to the messaging server like Microsoft exchanged or Qmail which runs on Linux operating system. There are other types of encryption available like IPSec tunnelling to VPN and Wi-Fi data encryption using WPA/WPA2 and WEP keys. These methods are to stop people eavesdropping on messages during transfer (B’far, 2005; Burns, 2008).

Mobile device security 5 The Symbian platform uses several algorithms, including data encryption standard (DES), 3DES, Rivest’s Cipher 2 (RC2) 64 block cipher. The Symbian device will determine how the information should be encrypted and will furthermore select the required encrypted channel, if it wishes to send data. It will then use its built in functions to encrypt to the proper format for transfer. But the information on the device will not remain encrypted unless third party encryption software is installed and configured to do so. To protect data on Symbian devices they introduced a program called Symbian-signed. This is where software publishers could digitally sign applications that had been tested by Symbian. There are three different levels: Open-signed which is used for limited or internal use, Express-signed where it is self tested and certified-signed, this version is independently tested. These use the digital signatures to tie the software to publisher identities. Express and certified must use publisher Ids issued by TC trustCenter. The ‘for Symbian OS’ logo is awarded to applications that are Symbian Signed. Symbian Signed promotes best practice in the design of applications and content to run on Symbian OS-based phones. Symbian Signed is endorsed and supported by network operators, handset manufacturers and developers (Chickowski, 2009).

Windows-based devices are managed using Microsoft’s System Centre Mobile Device Manager (SCMDM) 2008 on Windows Mobile 6.1 operating system. Just like the BlackBerry, this server is capable of over the air device activity for, policy enforcement, Software installation and monitoring/reporting. To create an account for WM6.1 the client will have to enter his or hers e-mail address and a unique PIN number. The device uses secure socket layer (SSL) to connect to the server. This gateway authenticates the user and completes the interacting with the management server. These SCMDM server functions can be distributed for instance using a separate Microsoft CA to issue device certificates. Once the device and the gateway are configured to each other they are protected by an auto-configured IPSec, ‘mobile VPN’ tunnel. SCMDM installs and enforces IT-defined active directory group policies. Once connected the device can be monitored centrally and up dated through SCMDM. If a mobile device is never lost or stolen, the SCMDM can be used to remotely wipe the device next time it connects to the enterprise network. A mobile device with WM6.1 installed can use 3G or WI-FI connectivity to automatically reconnect to the SCMDM from their mobile VPN tunnel (Dumaresq and Villenueve, 2010).

Google Android is a multi-tasking system. Each application runs in its own process.

Pages:   || 2 | 3 |

Similar works:

«SAS Global Forum 2007 Planning, Development and Support Paper 128-2007 Finding Your Mistakes Before They Find You: A Quality Approach For SAS Programmers Rick M. Mitchell, Westat, Rockville, MD ABSTRACT High quality work is critical to the success of a SAS programmer. While we are all human and undoubtedly may make a rare slip from time to time, one minor programming discrepancy can damage a SAS programmer's credibility if it is discovered by the client rather than through internal review. A...»

«A Guide to Independent Work in Music 2013-2014 By Noriko Manabe Assistant Professor and Departmental Representative, Music nmanabe@princeton.edu 1 Table of Contents Overview of Music as a Field of Study Independent Work in Music Musicology Composition Musicology Thesis with Performance Component Timeline for 2013-2014 Junior Year Junior Seminar Second Junior Paper Senior Thesis The Process of Writing an Independent Work Project Brainstorming Exploring the field Establishing a plan Drafting...»

«Khmer Ceramics 2 From the dust jacket: Amongst the wealth of ceramic ware from South-East Asia, the ceramics of the Khmer empire of Angkor are probably the least wellknown, just as this aspect of the art and culture of that great civilization is also the least explored. In this important contribution to the growing body of literature on the ceramics of the region, the author presents the first comprehensive study of Khmer ceramics to be published. The study examines the background, influences,...»

«St Mary’s Church North Mymms Magazine Lord w The Included in this issue Open Church Sunday 23 June  Some words of thanks  Tell us what you think  Welham Green Balloon Day  50p July-August 2013 www.stmarysnorthmymms.org.uk Parish Diary for July– August 2013 Mon 1 9.30am Team Eucharist at St John’s Lemsford 2.00pm Art workshop 7.00pm Art workshop Tues 2 3.00pm Bible Discussion Group Fri 5 10.00am – 12noon Pramsters Sat 6 1.00pm Wedding of Alice Davy and Ashley Wade Sun 7 Sixth...»

«GLOBAL CARRIERS BHD FINANCIAL REPORTING STATEMENT FOR THE FOURTH QUARTER ENDED 31 DECEMBER 2013 NOTES TO THE FINANCIAL STATEMENTS (A) Notes Required Under FRS 134 Basis of Preparation (a) The same policies and methods are practised by Global Carriers Bhd (“GCB” or the “Company”) in this interim Financial Statement as compared with the annual Financial Statement for the year ended 31 December 2012. This interim financial report has been prepared in accordance with FRS134 Interim...»

«C:/3B2WIN/temp files/illt039_S100.3d[x] Wednesday, 31st January 2007 19:39:24 The Four Strands Paul Nation Department of Linguistics, Victoria University of Wellington, Wellington, New Zealand The activities in a language course can be classified into the four strands of meaningfocused input, meaning-focused output, language-focused learning and fluency development. In a well designed course there should be an even balance of these strands with roughly equal amounts of time given to each...»

«Freshwater and Tourism in the Mediterranean Author Lucia De Stefano (luciads@wwf.es) June 2004 For further information contact WWF Mediterranean Programme Via Po 25/C 00198 Rome, Italy Phone: +39 06 84497227 Fax: +39 06 8413866 www.panda.org/mediterranean Front cover photos Lac Tonga, Ramsar site in the El Kala National Park, Algeria © WWF-Mediterranean / M. Gunther New construction along the Mediterranean coast, Turkey © WWF-Mediterranean / M. Gunther Index Summary 1 Overview of impacts of...»

«VOYAGE AU CAMBODGE Du 17 juillet au 14 août 2007 Préparation du voyage : Nous n’avons trouvé aucun compte rendu de voyage rédigé en Français. Sur www.travellingbirder.com, 13 rapports étaient consultables.Le site www.wcs.org/international/asia/cambodia/cambodia_eco-tourism est très intéressant. Il présente de façon détaillée les principaux spots du pays ainsi que les principales espèces que l’on peut y voir. On peut également lire un article très complet sur le Lac Tonlé...»

«The communication complexity of threshold gates Noam Nisan November 2, 1994 Abstract We prove upper bounds on the randomized communication complexity of evaluating a threshold gate (with arbitrary weights). For linear threshold gates this is done in the usual 2 party communication model, and for degree-d threshold gates this is done in the multiparty model. We then use these upper bounds together with known lower bounds for communication complexity in order to give very easy proofs for lower...»

«Participatory Budgeting in a CompetitiveAuthoritarian Regime: A Case Study (Maputo, Mozambique) William R Nylen Cadernos IESE N.o 13E “Cadernos IESE” Edição do Conselho Científico do IESE A Colecção “Cadernos IESE” publica artigos de investigadores permanentes e associados do IESE no quadro geral dos projectos de investigação do Instituto. Esta colecção substitui as anteriores Colecções de Working Papers e Discussion Papers do IESE, que foram descontinuadas a partir de 2010....»

«VISION FINANCIAL STRATEGIES Version: 1.0 Date prepared: Thursday, 14 July 2016 1|Page It is important that you read this Financial Services and Credit Guide (FSCG). It contains information that will help you decide whether to use any of the financial services offered by us, as described in this guide, including:  who we are and how we can be contacted  the advice and services we provide  information about our licensee Charter Financial Planning Limited (Charter)  our fees and how...»

«31st March 2013 © Dr Simon Barnard 2013 Synsam Glaucoma and ocular hypertension assessment of the disc and RNFL Dr Simon Barnard PhD FCOptom FAAO DipCLP DipClinOptom DipTh(IP) Contents Glaucoma and ocular hypertension -assessment of the disc and RNFL What’s important for Norwegian optometrists What are the glaucomas? Epidemiology Diagnosis of glaucoma and OHT Anterior segment assessment Optic nerve head and retinal nerve fibre layer assessment Quantitative Evaluations of the Optic Nerve Head...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.