SlideShare a Scribd company logo

Authentication service security

G
G Prachi

The document discusses several topics related to security for mobile devices and networks. It addresses two main components of mobile security: device security and network security. It then examines specific issues like cryptographic security using cryptographically generated addresses, LDAP security, RAS security, and various attacks on mobile devices like theft, viruses, phishing variants (mishing, vishing, smishing), and hacking of Bluetooth. Prevention and protection techniques are also proposed for many of these threats.

Technology
1 of 19
Authentication Service Security • Two components of security in mobile computing- 1. Security of Devices 2. Security in Networks • Some eminent attacks are discussed 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 1
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 2
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 3
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 4
Cryptographic security for mobile devices • CGA- cryptographically generated address. • 64 bit address generated by hashing owner’s public key address. • Corresponding private key is used to assert address ownership by signing the messages sent. • Mainly deployed on palm-held devices. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 5
LDAP security for hand-held mobile computing devices • Light weight version of Directory Access Protocol (DAP). • Does not contain security features in its initial version. • Software protocol used to locate individuals, organisations, other resources such as files and devices on the network. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 6
• Directories tell where an entity reside in a network. • LDAP directory structure- 1. Root directory 2. Countries which it branches out to 3. Organizations which it branches out to 4. Organizational units 5. Individual units • An LDAP server is called Directory Systems Agent (DSA). 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 7
RAS security for mobile devices • RAS- Remote Access Service • For protecting the business-sensitive data that may reside on employee’s mobile devices. • Divided into three areas- 1. Security of the RAS server 2. Security of the RAS client 3. Security of data transmission • Additional means- 1. Personal firewalls 2. Strong authentication 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 8
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 9
Attacks on mobile phones/cell phones • Mobile phone theft • Mobile viruses • Mishing • Vishing • Smishing • Hacking bluetooth 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 10
Mobile phone theft • Transformed from being a luxury to a bare necessity. • Ensure to note the following details about your cell phone and preserve it in a safe place- 1. Your phone number. 2. The make and the model. 3. Color and appearance details. 4. PIN and/or security lock code. 5. IMEI number. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 11
• The International Mobile Equipment Identity(IMEI). -Unique to every GSM,WCDMA cell phone. -15-digit number. -Can be obtained by dialing *#06# -Used by the GSM network to identify all valid device and therefore can be used to stop a stolen phone from accessing the network in that country. • Add a security mark. • Install anti-theft software on your phone. Factors- • Enough target terminals. • Enough functionality. • Enough connectivity. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 12
Mobile viruses • Similar to computer virus that targets mobile phone data or applications. • In total 40 mobile virus families. • First virus identified in 2004 “cabir”. • Spread through two dominant ways- 1. Bluetooth virus 2. MMS virus Protection- • Download from a trusted source. • Download and install antivirus software. • Turn bluetooth OFF/ put in non-discoverable mode when not in use. • If phone IR enabled then allow it to receive incoming beams only from trusted sources. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 13
Mishing • Mobile phone and phishing. • These attacks are attempted using mobile phone technology. • M-commerce. • More vulnerable if you use mobile phone for - purchasing goods/services banking 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 14
Vishing • Voice and phishing • Criminal practice of using social engineering over the telephone to gain access to personal and financial information. • When the victim answers the call an automated recorded message is played which instructs the victim to call one phone number. • Spoofed caller ID 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 15
Smishing 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 16 • SMS phishing • Uses cell phone to deliver a lure message to get the victim reveal his PI. Prevention- • Do not reply to such text messages. • Avoid calling on any phone numbers mentioned. • Never click on the hotlink received. • Use SMS blocker application.
Hacking bluetooth • Open wireless technology standard used for communication between fixed and/or mobile devices. • Short-range wireless communication. • Uses 2.4 Ghz frequency range. • Bluetooth 1.0- max speed 1 Mbps. • Bluetooth 2.0- max speed 3 Mbps. • Broadcasts “I’m here, and I’m able to connect.” 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 17
Bluetooth hacking tools 1. BlueScanner- Searches for bluetooth enabled devices and extract as much information as possible after connecting with the target. 2. BlueSniff- GUI based utility for finding discoverable and hidden blutooth-enabled devices. 3. BlueBugger- Exploits the vulnerability of the device and access the images, phonebook, messages and other personal information(PI). 4. BlueSnarfer- If bluetooth of a device is swithched ON, then it maks it possible to connect to phone without alerting the owner and gains access to restricted portions of the stored data. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 18
Bluetooth-specific attacks 1. Bluejacking- Sending unsolicited messages over bluetooth to bluetooth-enabled devices within 10 metres radius. 2. Bluesnarfing- Unauthorized access of information through a bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and users can copy pictures and videos. 3. Bluebugging- Attacker remotely accesses a user’s phone and use its features without user’s attention. Initially only listen to the conversation, then can initiate phone calls, send and read SMS, and connect to the internet. 4. Car Whisperer- Attacker send audio to and receive audio from a bluetooth-enabled car stereo. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 19

Recommended

IP Security
IP SecurityIP Security
IP Security
Dr.Florence Dayana
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
Joe Christensen
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Mobile IP
Mobile IPMobile IP
Mobile IP
Mukesh Chinta
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 

Recommended

IP Security
IP SecurityIP Security
IP Security
Dr.Florence Dayana
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
Joe Christensen
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Mobile IP
Mobile IPMobile IP
Mobile IP
Mukesh Chinta
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Topic: ISDN (Integrated Services Digital Network)
Topic: ISDN (Integrated Services Digital Network)Topic: ISDN (Integrated Services Digital Network)
Topic: ISDN (Integrated Services Digital Network)
Dr Rajiv Srivastava
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
Naveen Sihag
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
Ramya Nellutla
 
Architecture of Mobile Computing
Architecture of Mobile ComputingArchitecture of Mobile Computing
Architecture of Mobile Computing
JAINIK PATEL
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
IOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxIOT PROTOCOLS.pptx
IOT PROTOCOLS.pptx
DRREC
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networks
Piyush Mittal
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Wireless application protocol ppt
Wireless application protocol pptWireless application protocol ppt
Wireless application protocol ppt
OECLIB Odisha Electronics Control Library
 
Chapter 15
Chapter 15Chapter 15
Chapter 15
Ali Broumandnia
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and material
SDMCET DHARWAD
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
Wireless sensor network and its application
Wireless sensor network and its applicationWireless sensor network and its application
Wireless sensor network and its application
Roma Vyas
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
Moon Technolabs Pvt. Ltd.
 
itmsday1.pptx
itmsday1.pptxitmsday1.pptx
itmsday1.pptx
santoshmohanthy2
 

More Related Content

What's hot

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Topic: ISDN (Integrated Services Digital Network)
Topic: ISDN (Integrated Services Digital Network)Topic: ISDN (Integrated Services Digital Network)
Topic: ISDN (Integrated Services Digital Network)
Dr Rajiv Srivastava
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
Naveen Sihag
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
Ramya Nellutla
 
Architecture of Mobile Computing
Architecture of Mobile ComputingArchitecture of Mobile Computing
Architecture of Mobile Computing
JAINIK PATEL
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
IOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxIOT PROTOCOLS.pptx
IOT PROTOCOLS.pptx
DRREC
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networks
Piyush Mittal
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Wireless application protocol ppt
Wireless application protocol pptWireless application protocol ppt
Wireless application protocol ppt
OECLIB Odisha Electronics Control Library
 
Chapter 15
Chapter 15Chapter 15
Chapter 15
Ali Broumandnia
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and material
SDMCET DHARWAD
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
Wireless sensor network and its application
Wireless sensor network and its applicationWireless sensor network and its application
Wireless sensor network and its application
Roma Vyas
 

What's hot (20)

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Topic: ISDN (Integrated Services Digital Network)
Topic: ISDN (Integrated Services Digital Network)Topic: ISDN (Integrated Services Digital Network)
Topic: ISDN (Integrated Services Digital Network)
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Architecture of Mobile Computing
Architecture of Mobile ComputingArchitecture of Mobile Computing
Architecture of Mobile Computing
 
Network security
Network securityNetwork security
Network security
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
IOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxIOT PROTOCOLS.pptx
IOT PROTOCOLS.pptx
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networks
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
S/MIME
S/MIMES/MIME
S/MIME
 
Wireless application protocol ppt
Wireless application protocol pptWireless application protocol ppt
Wireless application protocol ppt
 
Chapter 15
Chapter 15Chapter 15
Chapter 15
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and material
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Wireless sensor network and its application
Wireless sensor network and its applicationWireless sensor network and its application
Wireless sensor network and its application
 

Similar to Authentication service security

Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
Moon Technolabs Pvt. Ltd.
 
itmsday1.pptx
itmsday1.pptxitmsday1.pptx
itmsday1.pptx
santoshmohanthy2
 
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesSecurity threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devices
IJNSA Journal
 
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-report
ROHIT SAGAR
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
Having Fun With RFID
Having Fun With RFIDHaving Fun With RFID
Having Fun With RFID
Fathi Kamil Mohad Zainuddin
 
Communication security 2021
Communication security 2021Communication security 2021
Communication security 2021
MuhammadusmanRana10
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
A Survey on Communication for Smartphone
A Survey on Communication for SmartphoneA Survey on Communication for Smartphone
A Survey on Communication for Smartphone
Editor IJMTER
 
Bluejacking
BluejackingBluejacking
Bluejacking
Komal Singh
 
38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)
IAESIJEECS
 
L017326972
L017326972L017326972
L017326972
IOSR Journals
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
iosrjce
 
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET Journal
 
Cybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptxCybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptx
VivekanandaGN1
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
Priyanka Aash
 
Bluetooth
BluetoothBluetooth
Bluetooth
aimenriyadh
 
Ijarcet vol-2-issue-2-342-346
Ijarcet vol-2-issue-2-342-346Ijarcet vol-2-issue-2-342-346
Ijarcet vol-2-issue-2-342-346
Editor IJARCET
 
2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacement2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacement
TELKOMNIKA JOURNAL
 

Similar to Authentication service security (20)

Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
itmsday1.pptx
itmsday1.pptxitmsday1.pptx
itmsday1.pptx
 
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesSecurity threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devices
 
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-report
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
Having Fun With RFID
Having Fun With RFIDHaving Fun With RFID
Having Fun With RFID
 
Communication security 2021
Communication security 2021Communication security 2021
Communication security 2021
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
A Survey on Communication for Smartphone
A Survey on Communication for SmartphoneA Survey on Communication for Smartphone
A Survey on Communication for Smartphone
 
Bluejacking
BluejackingBluejacking
Bluejacking
 
38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)38 9145 it nfc secured offline password storage (edit lafi)
38 9145 it nfc secured offline password storage (edit lafi)
 
L017326972
L017326972L017326972
L017326972
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
 
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
 
Cybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptxCybercrime Mobile and Wireless Devices.pptx
Cybercrime Mobile and Wireless Devices.pptx
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Ijarcet vol-2-issue-2-342-346
Ijarcet vol-2-issue-2-342-346Ijarcet vol-2-issue-2-342-346
Ijarcet vol-2-issue-2-342-346
 
2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacement2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacement
 

More from G Prachi

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
G Prachi
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
G Prachi
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
G Prachi
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
G Prachi
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
G Prachi
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
G Prachi
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
G Prachi
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
G Prachi
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
G Prachi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Administering security
Administering securityAdministering security
Administering security
G Prachi
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
G Prachi
 
Program security
Program securityProgram security
Program security
G Prachi
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
G Prachi
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
G Prachi
 

More from G Prachi (20)

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Administering security
Administering securityAdministering security
Administering security
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Program security
Program securityProgram security
Program security
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
 

Recently uploaded

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 

Recently uploaded (20)

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 

Authentication service security

  • 1. Authentication Service Security • Two components of security in mobile computing- 1. Security of Devices 2. Security in Networks • Some eminent attacks are discussed 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 1
  • 5. Cryptographic security for mobile devices • CGA- cryptographically generated address. • 64 bit address generated by hashing owner’s public key address. • Corresponding private key is used to assert address ownership by signing the messages sent. • Mainly deployed on palm-held devices. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 5
  • 6. LDAP security for hand-held mobile computing devices • Light weight version of Directory Access Protocol (DAP). • Does not contain security features in its initial version. • Software protocol used to locate individuals, organisations, other resources such as files and devices on the network. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 6
  • 7. • Directories tell where an entity reside in a network. • LDAP directory structure- 1. Root directory 2. Countries which it branches out to 3. Organizations which it branches out to 4. Organizational units 5. Individual units • An LDAP server is called Directory Systems Agent (DSA). 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 7
  • 8. RAS security for mobile devices • RAS- Remote Access Service • For protecting the business-sensitive data that may reside on employee’s mobile devices. • Divided into three areas- 1. Security of the RAS server 2. Security of the RAS client 3. Security of data transmission • Additional means- 1. Personal firewalls 2. Strong authentication 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 8
  • 10. Attacks on mobile phones/cell phones • Mobile phone theft • Mobile viruses • Mishing • Vishing • Smishing • Hacking bluetooth 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 10
  • 11. Mobile phone theft • Transformed from being a luxury to a bare necessity. • Ensure to note the following details about your cell phone and preserve it in a safe place- 1. Your phone number. 2. The make and the model. 3. Color and appearance details. 4. PIN and/or security lock code. 5. IMEI number. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 11
  • 12. • The International Mobile Equipment Identity(IMEI). -Unique to every GSM,WCDMA cell phone. -15-digit number. -Can be obtained by dialing *#06# -Used by the GSM network to identify all valid device and therefore can be used to stop a stolen phone from accessing the network in that country. • Add a security mark. • Install anti-theft software on your phone. Factors- • Enough target terminals. • Enough functionality. • Enough connectivity. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 12
  • 13. Mobile viruses • Similar to computer virus that targets mobile phone data or applications. • In total 40 mobile virus families. • First virus identified in 2004 “cabir”. • Spread through two dominant ways- 1. Bluetooth virus 2. MMS virus Protection- • Download from a trusted source. • Download and install antivirus software. • Turn bluetooth OFF/ put in non-discoverable mode when not in use. • If phone IR enabled then allow it to receive incoming beams only from trusted sources. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 13
  • 14. Mishing • Mobile phone and phishing. • These attacks are attempted using mobile phone technology. • M-commerce. • More vulnerable if you use mobile phone for - purchasing goods/services banking 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 14
  • 15. Vishing • Voice and phishing • Criminal practice of using social engineering over the telephone to gain access to personal and financial information. • When the victim answers the call an automated recorded message is played which instructs the victim to call one phone number. • Spoofed caller ID 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 15
  • 16. Smishing 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 16 • SMS phishing • Uses cell phone to deliver a lure message to get the victim reveal his PI. Prevention- • Do not reply to such text messages. • Avoid calling on any phone numbers mentioned. • Never click on the hotlink received. • Use SMS blocker application.
  • 17. Hacking bluetooth • Open wireless technology standard used for communication between fixed and/or mobile devices. • Short-range wireless communication. • Uses 2.4 Ghz frequency range. • Bluetooth 1.0- max speed 1 Mbps. • Bluetooth 2.0- max speed 3 Mbps. • Broadcasts “I’m here, and I’m able to connect.” 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 17
  • 18. Bluetooth hacking tools 1. BlueScanner- Searches for bluetooth enabled devices and extract as much information as possible after connecting with the target. 2. BlueSniff- GUI based utility for finding discoverable and hidden blutooth-enabled devices. 3. BlueBugger- Exploits the vulnerability of the device and access the images, phonebook, messages and other personal information(PI). 4. BlueSnarfer- If bluetooth of a device is swithched ON, then it maks it possible to connect to phone without alerting the owner and gains access to restricted portions of the stored data. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 18
  • 19. Bluetooth-specific attacks 1. Bluejacking- Sending unsolicited messages over bluetooth to bluetooth-enabled devices within 10 metres radius. 2. Bluesnarfing- Unauthorized access of information through a bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and users can copy pictures and videos. 3. Bluebugging- Attacker remotely accesses a user’s phone and use its features without user’s attention. Initially only listen to the conversation, then can initiate phone calls, send and read SMS, and connect to the internet. 4. Car Whisperer- Attacker send audio to and receive audio from a bluetooth-enabled car stereo. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 19