SlideShare a Scribd company logo

Mobile security in Cyber Security

Download as PPTX, PDF
Geo Marian
Geo Marian

The intention of this slide is to cover all the basics in Mobile Security in Cyber and Information Security (Network and Communication Security)

Technology
1 of 20
MOBILE - SECURITY Cyber and Information Security (Network and Communication Security) Geo S. Mariyan (Master in Computer Science) University of Mumbai.
Introduction • Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security. • Mobile security / Mobile phone security has become increasingly important in mobile computing. • It is of particular concern as it relates to the security of personal and business information now stored on smart phones. • Rapid advances in low-power computing, communications, and storage technologies continue to broaden the horizons of mobile devices, such as cell phones and personal digital assistants (PDAs).
Security Issue: MobileVirus • A cell-phone virus is basically the same thing as a computer virus. An unwanted executable file that "infects" a device and then copies itself to other devices. 1. A computer virus or worm spreads through e-mail attachments and Internet downloads. 2. A cell-phone virus or worm spreads via Internet downloads, MMS attachments and Bluetooth transfers. • Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. • Standard operating systems and Bluetooth technology will enable cell phone viruses to spread either through SMS or by sending Bluetooth requests when cell phones are physically close enough.
SPREADING OF VIRUS Phones that can only make and receive calls are not at risk. Only smart phones with a Bluetooth connection and data capabilities can receive a cell-phone virus. These viruses spread primarily in three ways: 1. Internet download - The user downloads an infected file to the phone by way of a PC or the phone's own Internet connection.
2. Bluetooth wireless connection - The user receives a virus via Bluetooth when the phone is in discoverable mode, meaning it can be seen by other Bluetooth-enabled phones. 3. Multimedia Messaging Service - The virus is an attachment to an MMS text message
CURRENT STATUS OF MOBILE MALWARE • Mobile malware is malicious software that targets mobile phones or wireless- enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. • As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware. • Malicious software ("malware") that is designed specifically to target a mobile device system, such as a tablet or smartphone to damage or disrupt the device. • Most mobile malware is designed to disable a mobile device, allow a malicious user to remotely control the device or to steal personal information stored on the device.
Virus might access and/or delete all of the contact information and calendar entries in your phone. It might send an infected MMS message to every number in your phone book. The top three areas of concern for mobile users are receiving inappropriate content, fraudulent increases in phone bills and loss of important information stored on the handset. THREATS OF MOBILE PHONE VIRUS
Mobile Payment Application Security. • Mobile payment applications need a secure mechanism to protect the credit card information of the users. • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, in an electronic communication. • Credit and debit card payment and online fraud are highly profitable criminal activities that are increasingly dominated by card-not-present transactions.
Mobile Database Application (MDA) • A mobile database is a part of a replica of the central database • The user make modifications of the mobile database at first • Synchronization occurs between the server and the mobile device to ensure the data are the same • In order to complete the synchronization, a publication is needed. A publication is the meta-data package of information about which data is replicated. • With the publication, the database server can synchronize with the mobile database correctly. The publication can only be accessed by the users after they are authenticated.
Information Risks • The mobile device may be stolen by malicious attacker. Then the attacker may try to access the data stored in the device. • The sensitive data transferred through the network may be intercepted by the malicious attacker. • The users who have no accounts of mobile applications may try to access the server without permissions. Or they may try to log in with others’ accounts to obtain the personal information of them. • The malicious users of the mobile applications may try to modify the data in the server even if they are not granted with sufficient permissions or they may try to access the data which are not allowed them to obtain.
Methods to Ensure Security and Privacy in Mobile Applications a) Secure Network Connection b) Encrypted Local Data c) User Authentication d) Grant Minimum Sufficient Permissions e) Separate User Accounts f) Applications Provided Security Mechanisms
Secure Network Connection • Network Security is the process of taking physical and software preventative measures to protect underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computer • In order to ensure that the sensitive data transferred through the network will not be obtained by malicious attacker, we can choose a secure network connection. • We can make use of https instead of http because all the traffic are encrypted so that the data can be protected.
Encrypted Local Data • Because the mobile device may be lost or stolen, so it is also necessary to take some mechanisms to ensure that the data in the device are also safe. • Therefore, we can encrypt the data in the mobile device.
User Authentication • User authentication is a process that allows a device to verify the identify of someone who connects to a network resource. There are many technologies currently available to a network administrator to authenticate users. • If the mobile application is a mobile database application, then it means that the user must be authenticated by the database server. • Only after they are authenticated then they can access the publication to synchronize the mobile database with the database server. • And also, user should also be authenticated at the Web Server to protect them from accessing the Web Server just by the same URL.
Grant Sufficient Minimum Permissions Analysis • The users should be granted with sufficient minimum permissions to ensure the security and privacy in mobile applications. • For example, the user who can only view the data should not be granted with the write permission because they may try to make modifications as their wishes.
Separate User Accounts • Sometimes we may provide a user with two accounts in order to ensure the security and privacy in the mobile applications. • For example, a user can view all the data but only modify part of them. Therefore, we can design two accounts. • The first one is a read-only account and it can view all the data. While the other one is a read-write account but it can only view and modify part of the data.
Application Provided Security & Privacy Mechanism • The mobile application can provide other security and privacy mechanisms. • For example, the application may encrypt and sign the data before they enter into the secure communication link. • Another example is that the user can only access a replica of the main table of the central database so that even if they successfully attack the replica through the mobile application, the data in the central database can still be protected.
Conclusion • The best way to protect yourself from cell-phone viruses is the same way you protect yourself from computer viruses: Never open anything if you don't know what it is. The following aspects are the basic points to ensure security and privacy in mobile applications: 1. Secure Network Connection 2. Encryption of Sensitive Data 3. User Authentication Almost all the applications need to pay attention to the above-mentioned points so that they can protect the sensitive data. Here are some steps you can take to decrease your chances of installing a virus:  Turn off Bluetooth discoverable mode. Set your phone to "hidden" so other phones can't detect it and send it the virus.  Check security updates to learn about file names you should keep an eye out for.  Security sites with detailed virus information include: F-Secure, McAfee & Symantec
Reference • Wikipedia • Network Security: Charlie Kaufman, Radia Perlman, Mike Speciner, Prentice Hall, 2nd Edition (2002) • Mobile Security and Privacy: By Man Ho Au, Raymond Choo
Mobile security in Cyber Security

Recommended

Mobile security
Mobile securityMobile security
Mobile security
Naveen Kumar
 
Mobile security
Mobile security Mobile security
Mobile security
Himmatsingh Rajpurohit
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
preetpatel72
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 

Recommended

Mobile security
Mobile securityMobile security
Mobile security
Naveen Kumar
 
Mobile security
Mobile security Mobile security
Mobile security
Himmatsingh Rajpurohit
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
preetpatel72
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
Manish Gupta
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
Pushkar Pashupat
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
Quick Heal Technologies Ltd.
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell Phones
Faizan Shaikh
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Mobile device security
Mobile device securityMobile device security
Mobile device security
Lisa Herrera
 
Ppt
PptPpt
Ppt
Geetu Khanna
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
PranjalShah18
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
Vishwadeep Badgujar
 
Mobile security
Mobile securityMobile security
Mobile security
Mphasis
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
IGZ Software house
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
Xavier Mertens
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
электронное портфолио
электронное портфолиоэлектронное портфолио
электронное портфолио
allacol
 
Introducción a la lógica proposicional
Introducción a la lógica proposicionalIntroducción a la lógica proposicional
Introducción a la lógica proposicional
Jesus García Asensio
 

More Related Content

What's hot

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 

What's hot (20)

Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
Web security
Web securityWeb security
Web security
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell Phones
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Mobile device security
Mobile device securityMobile device security
Mobile device security
 
Ppt
PptPpt
Ppt
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Information security
Information securityInformation security
Information security
 

Viewers also liked

электронное портфолио
электронное портфолиоэлектронное портфолио
электронное портфолио
allacol
 
les-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysqlles-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysql
Yassine Sabek
 

Viewers also liked (13)

электронное портфолио
электронное портфолиоэлектронное портфолио
электронное портфолио
 
Introducción a la lógica proposicional
Introducción a la lógica proposicionalIntroducción a la lógica proposicional
Introducción a la lógica proposicional
 
Compiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statementsCompiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statements
 
Proyecto 11
Proyecto 11Proyecto 11
Proyecto 11
 
les-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysqlles-moteurs-de-stockage-de-mysql
les-moteurs-de-stockage-de-mysql
 
ถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาค
ถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาคถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาค
ถ้าคุณชอบถ่ายรูปเราขอท้า! ถ่ายรูปข้ามภาค
 
Etica Pública y Transparencia
Etica Pública y TransparenciaEtica Pública y Transparencia
Etica Pública y Transparencia
 
Laboratorio aperto, Cesena, Casa Bufalini
Laboratorio aperto, Cesena, Casa BufaliniLaboratorio aperto, Cesena, Casa Bufalini
Laboratorio aperto, Cesena, Casa Bufalini
 
Laboratorio aperto, Ferrara, Teatro Verdi
Laboratorio aperto, Ferrara, Teatro VerdiLaboratorio aperto, Ferrara, Teatro Verdi
Laboratorio aperto, Ferrara, Teatro Verdi
 
Agenda urbana nel POR FESR, Regione Emilia Romagna
Agenda urbana nel POR FESR, Regione Emilia RomagnaAgenda urbana nel POR FESR, Regione Emilia Romagna
Agenda urbana nel POR FESR, Regione Emilia Romagna
 
Wheelster hoverboard riding techniques
Wheelster hoverboard riding techniquesWheelster hoverboard riding techniques
Wheelster hoverboard riding techniques
 
La città zero gare, Brescia, Felice Scalvini
La città zero gare, Brescia, Felice ScalviniLa città zero gare, Brescia, Felice Scalvini
La città zero gare, Brescia, Felice Scalvini
 
Presentation shoes xxi century 4
Presentation shoes xxi century 4Presentation shoes xxi century 4
Presentation shoes xxi century 4
 

Similar to Mobile security in Cyber Security

Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
pdevang
 
CTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David TurahiCTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David Turahi
Commonwealth Telecommunications Organisation
 

Similar to Mobile security in Cyber Security (20)

Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
 
CTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David TurahiCTO Cybersecurity Forum 2013 David Turahi
CTO Cybersecurity Forum 2013 David Turahi
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
3Nov Challanges to Inernal Security.pptx
3Nov Challanges to Inernal Security.pptx3Nov Challanges to Inernal Security.pptx
3Nov Challanges to Inernal Security.pptx
 
cyber security
cyber security cyber security
cyber security
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Unit 2.design computing architecture 2.1
Unit 2.design computing architecture 2.1Unit 2.design computing architecture 2.1
Unit 2.design computing architecture 2.1
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Mobile security in Cyber Security

  • 1. MOBILE - SECURITY Cyber and Information Security (Network and Communication Security) Geo S. Mariyan (Master in Computer Science) University of Mumbai.
  • 2. Introduction • Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security. • Mobile security / Mobile phone security has become increasingly important in mobile computing. • It is of particular concern as it relates to the security of personal and business information now stored on smart phones. • Rapid advances in low-power computing, communications, and storage technologies continue to broaden the horizons of mobile devices, such as cell phones and personal digital assistants (PDAs).
  • 3. Security Issue: MobileVirus • A cell-phone virus is basically the same thing as a computer virus. An unwanted executable file that "infects" a device and then copies itself to other devices. 1. A computer virus or worm spreads through e-mail attachments and Internet downloads. 2. A cell-phone virus or worm spreads via Internet downloads, MMS attachments and Bluetooth transfers. • Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. • Standard operating systems and Bluetooth technology will enable cell phone viruses to spread either through SMS or by sending Bluetooth requests when cell phones are physically close enough.
  • 4. SPREADING OF VIRUS Phones that can only make and receive calls are not at risk. Only smart phones with a Bluetooth connection and data capabilities can receive a cell-phone virus. These viruses spread primarily in three ways: 1. Internet download - The user downloads an infected file to the phone by way of a PC or the phone's own Internet connection.
  • 5. 2. Bluetooth wireless connection - The user receives a virus via Bluetooth when the phone is in discoverable mode, meaning it can be seen by other Bluetooth-enabled phones. 3. Multimedia Messaging Service - The virus is an attachment to an MMS text message
  • 6. CURRENT STATUS OF MOBILE MALWARE • Mobile malware is malicious software that targets mobile phones or wireless- enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. • As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware. • Malicious software ("malware") that is designed specifically to target a mobile device system, such as a tablet or smartphone to damage or disrupt the device. • Most mobile malware is designed to disable a mobile device, allow a malicious user to remotely control the device or to steal personal information stored on the device.
  • 7. Virus might access and/or delete all of the contact information and calendar entries in your phone. It might send an infected MMS message to every number in your phone book. The top three areas of concern for mobile users are receiving inappropriate content, fraudulent increases in phone bills and loss of important information stored on the handset. THREATS OF MOBILE PHONE VIRUS
  • 8. Mobile Payment Application Security. • Mobile payment applications need a secure mechanism to protect the credit card information of the users. • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, in an electronic communication. • Credit and debit card payment and online fraud are highly profitable criminal activities that are increasingly dominated by card-not-present transactions.
  • 9. Mobile Database Application (MDA) • A mobile database is a part of a replica of the central database • The user make modifications of the mobile database at first • Synchronization occurs between the server and the mobile device to ensure the data are the same • In order to complete the synchronization, a publication is needed. A publication is the meta-data package of information about which data is replicated. • With the publication, the database server can synchronize with the mobile database correctly. The publication can only be accessed by the users after they are authenticated.
  • 10. Information Risks • The mobile device may be stolen by malicious attacker. Then the attacker may try to access the data stored in the device. • The sensitive data transferred through the network may be intercepted by the malicious attacker. • The users who have no accounts of mobile applications may try to access the server without permissions. Or they may try to log in with others’ accounts to obtain the personal information of them. • The malicious users of the mobile applications may try to modify the data in the server even if they are not granted with sufficient permissions or they may try to access the data which are not allowed them to obtain.
  • 11. Methods to Ensure Security and Privacy in Mobile Applications a) Secure Network Connection b) Encrypted Local Data c) User Authentication d) Grant Minimum Sufficient Permissions e) Separate User Accounts f) Applications Provided Security Mechanisms
  • 12. Secure Network Connection • Network Security is the process of taking physical and software preventative measures to protect underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computer • In order to ensure that the sensitive data transferred through the network will not be obtained by malicious attacker, we can choose a secure network connection. • We can make use of https instead of http because all the traffic are encrypted so that the data can be protected.
  • 13. Encrypted Local Data • Because the mobile device may be lost or stolen, so it is also necessary to take some mechanisms to ensure that the data in the device are also safe. • Therefore, we can encrypt the data in the mobile device.
  • 14. User Authentication • User authentication is a process that allows a device to verify the identify of someone who connects to a network resource. There are many technologies currently available to a network administrator to authenticate users. • If the mobile application is a mobile database application, then it means that the user must be authenticated by the database server. • Only after they are authenticated then they can access the publication to synchronize the mobile database with the database server. • And also, user should also be authenticated at the Web Server to protect them from accessing the Web Server just by the same URL.
  • 15. Grant Sufficient Minimum Permissions Analysis • The users should be granted with sufficient minimum permissions to ensure the security and privacy in mobile applications. • For example, the user who can only view the data should not be granted with the write permission because they may try to make modifications as their wishes.
  • 16. Separate User Accounts • Sometimes we may provide a user with two accounts in order to ensure the security and privacy in the mobile applications. • For example, a user can view all the data but only modify part of them. Therefore, we can design two accounts. • The first one is a read-only account and it can view all the data. While the other one is a read-write account but it can only view and modify part of the data.
  • 17. Application Provided Security & Privacy Mechanism • The mobile application can provide other security and privacy mechanisms. • For example, the application may encrypt and sign the data before they enter into the secure communication link. • Another example is that the user can only access a replica of the main table of the central database so that even if they successfully attack the replica through the mobile application, the data in the central database can still be protected.
  • 18. Conclusion • The best way to protect yourself from cell-phone viruses is the same way you protect yourself from computer viruses: Never open anything if you don't know what it is. The following aspects are the basic points to ensure security and privacy in mobile applications: 1. Secure Network Connection 2. Encryption of Sensitive Data 3. User Authentication Almost all the applications need to pay attention to the above-mentioned points so that they can protect the sensitive data. Here are some steps you can take to decrease your chances of installing a virus:  Turn off Bluetooth discoverable mode. Set your phone to "hidden" so other phones can't detect it and send it the virus.  Check security updates to learn about file names you should keep an eye out for.  Security sites with detailed virus information include: F-Secure, McAfee & Symantec
  • 19. Reference • Wikipedia • Network Security: Charlie Kaufman, Radia Perlman, Mike Speciner, Prentice Hall, 2nd Edition (2002) • Mobile Security and Privacy: By Man Ho Au, Raymond Choo

Editor's Notes

  1. Card-not-present  fraud involves the unauthorised use of credit or debit data (the card number, security code and expiry date) to purchase products and services in a non-face-to-face setting, such as via e-commerce websites.