Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 6: Security in Mobile Computing - Coggle Diagram
Chapter 6: Security in Mobile Computing
Device Security
Impact on users
People using mobile devices like never before
Banking, shopping, email, social networking, etc.
Impact on security
Sensitive data is stored and accessed on mobile devices.
Economic incentives for attackers have increased.
Mobile devices make attractive targets:
Wireless communication vulnerabilities.
Storage of personal information like email, contacts, and photos.
Portability makes them prone to loss or theft.
Built-in billing systems for SMS/MMS and in-app purchases.
Near field communications (NFC) enable contactless payments.
Location privacy concerns arise with mobile device usage.
Mobile Malware
Malicious software generates threats to computers and data.
Mobile devices are a breeding ground for malware.
Malware can harvest personally identifiable data and spread unsolicited advertisements.
Personally identifiable information includes
email addresses
MAC addresses
IMEI numbers
IMSI numbers
Bluetooth addresses
phone numbers
Access to this information should be treated sensitively to avoid compromising privacy and tracking.
Best practices to avoid malware:
Install applications only from reputable sources like iOS App Store, Google Play, or Windows Store.
Avoid installing apps from third-party websites or APK installers.
Ensure installed apps are from official publishers.
Be cautious about granting excessive permissions to applications.
Beware of unofficial publishers to prevent your data from passing through third-party servers.
Wireless Connection Security
Wireless network communication is broadcasted.
Anyone with a receiving device can monitor incoming and outgoing traffic within the communication range.
Security and privacy issues in wireless networks are more critical compared to wired networks.
Securing WiFi connection
WiFi is prevalent today.
Improper WiFi configuration can compromise security.
Most WiFi networks are auto-configured.
Malicious individuals can masquerade as legitimate networks.
Securing Wireless Network (WiFi):
Avoid open and unencrypted WiFi connections.
Use stronger WPA encryption for WiFi networks.
Be cautious when using public WiFi; malicious parties may harvest data.
Use a VPN service when possible for added security.
Connect only to websites with secure HTTPS connections (TLS/SSL).
Avoid accessing sensitive applications like banking over public WiFi.
Beware of "evil twin" WiFi attacks where attackers set up fake networks to steal data.
Security Issues in Wireless Network: Bluetooth
Bluetooth: Protocol for short-distance wireless data exchange.
Forms Personal Area Network (PAN) around user devices.
Used for data transfer, communication, and speaker extension.
Bluetooth Security Threats:
Eavesdropping Attack:
Attacker connects dummy devices to intercept communication between victims.
Victims are unaware and communicate with attacker devices.
MAC Address Spoofing Attack:
Attacker clones victim's MAC address to masquerade as the victim.
Enables theft of data sent to the victim.
Denial-of-Service Attack (DoS):
Prevents victims from communicating with each other.
"Big NAK" attack involves sending negative acknowledgments to disrupt communication.
Blue-Snarfing:
Unauthorized access to a Bluetooth device.
Attacker can alter calendar, phonebook, and multimedia files.
Authentication & Authorization
Access control
Authentication
I. Determines the identity of the user
II. Allow legitimate user to use device or application
III. Require prove of authentication (password, unlock pattern, facial recognition)
Authorization
I. Second-level access control
II. Determine what the user can do or cannot do
Password Authentication:
Drawbacks:
Weakest form of access control.
Vulnerable to lazy user passwords and brute force attacks.
Requires administrative controls for effectiveness:
Minimum length/complexity.
Password aging.
Limit failed attempts.
Advantages:
Cheapest, easiest form of authentication.
Works well with most applications.
Biometric Authentication:
Utilizes the body as the key for access control.
Improves complexity of access control systems.
Analyzes unique physiological or behavioral characteristics.
Physiological-based traits: Fingerprint, Face, Iris, Retina.
Behavioral-based traits: Speech.
Advantages:
Traits cannot be forgotten or misplaced.
Difficult to forge.
Requires only the person to be present.
Difficult to crack
Authentication: Pattern Lock:
Swipe path of length 4–9 on a 3 x 3 grid.
Easy to use, suitable for mobile devices.
Offers a large number of possible patterns.
Drawbacks include the visibility of the pattern on the screen.
:Comparison of Authentication Methods:
Biometrics
Strong security, harder to use, harder implementation, works on phones.
Pattern Lock
Weak security, easy to use, easy implementation, works on phones.
Password
Weak security, easy to use, easy implementation, works on phones.