SlideShare a Scribd company logo

Security models of modern mobile systems

D
Divya Raval

Describes about various security issues in modern mobile systems

Technology
1 of 43
BY DIVYA RAVAL Security Models of Modern Mobile Systems
What is Mobile Security? Mobile security is the protection of smart phones, tablets, laptops and other portable computing devices and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security.
Need of Mobile Security?  As Smartphones are becoming storage units for personal information through use of various social networking applications, personal organizers and e-mail clients.  So, smartphones are becoming primary target of attackers.  Mobile threats are endangering safety of individuals, companies and if measures are not taken, then the cybercrime can have impact on the security of the whole society.
Smartphone OS Market Share
Nielsen Report Smartphone operating system share
Security Challenges for Mobile Device Users  Insecure Data Storage.  Physical Security.  Mobile browsing.  Multiple User Logging.  Client side injection.  Improper session handling.  Weak Authentication and Brute Force Attack.
Mobile Threats and Vulnerabilities Mobile Threats 1. Physical threats - Bluetooth. - Lost or Stolen Mobile Devices.
2. Application based Threats -Spyware. - Malware. - Vulnerable Application. - Privacy Threats.
3. Network based threats -Denial of Service Attack (DoS). - Network Exploits. - Mobile Network Services. - Wi-Fi Sniffing.
4. Web based threats - Drive by downloads. - Browser Exploits. - Phishing Scams.
Mobile Vulnerabilities • Trojan horse. • Botnet. • Worm. • Rootkit.
ANDROID SECURITY MODEL
Introduction to Android  It is a open source software platform and operating system for mobile devices.  Based on Linux kernel.  Developed by Google and later the Open Handset Alliance.  Allows writing managed code in Java Language.  Android has its own virtual machine i.e DVM(Dalvik Virtual Machine),which is used for executing the android application.  Google purchased the initial developer of the software, android incorporated in 2005.
Android Architecture
Android Security Model
Application Permission  There are four permissions levels and they are as follows:  Normal (not a dangerous one and considered as an application-level permission).  Dangerous (a more risky permission could access, without the asking the user to confirm; a sensitive data or damaging functions).  Signature (a permission can be granted only to other packages that are signed with the same signature).  Signature-or-system (a special type of signature permission that's existing to manipulate with the legacy permissions).
Android Security Mechanism 1. Sandboxing Mechanism. 2. Application Permission Mechanism.
Improvements in the Existing Security Model Practically, there are a number of issues in such a model:- 1)The user must grant all of the required permissions in order to install the application, 2) Once the permissions are granted; there is no method of restricting an application to use the granted permissions, 3) There is no way of restricting access to the resources based on dynamic constraints as the permission model is based on install-time check only, 4) Granted permissions can only be revoked by uninstalling the application.
Proposed Framework for Android Security 1. Kirin:-install-time certification mechanism – that allows the mobile device to enforce a list of predefined security requirements prior to installation process of an application. 2. SCanDroid: Android to perform information flow analysis on applications in order to understand the flow of information from one component to another component.
Android Malware 1. Android.Pjapps / Android.Geinimi (January/February, 2010) 2. AndroidOS.FakePlayer (August, 2010) 3. Android.Root Cager (February, 2011) 4. Android.Bg Serv (March, 2011) 5. Acnetdoor. 6. Kemoge Malware.
Example of Malicious Application Malicious content delivery scenario for Android
Example of Malicious Application(cont’d) Example malicious application of android
 First Version of Android.  The focus of Android beta is testing incorporating usability.  Android beta will generally have many more problems on speed and performance.  First full version of android.  Released on September 23, 2008.  Wi-Fi and Bluetooth support.  Quite slow in operating.  copy and paste feature in the web browser is not present.
 Released on April 30, 2009.  Added auto-rotation option.  Copy and Paste feature added in the web browser.  Increased speed and performance but not upto required level.  Released on September 15, 2009.  Voice search and Search box were added.  Faster OS boot times and fast web browsing experience.  Typing is quite slower.  Released on October 26, 2009.  Bluetooth 2.1 support.  Improved typing speed on virtual keyboard, with smarter dictionary.  no Adobe flash media support.
 Released on May 20, 2010.  Support for Adobe Flash 10.1  Improved Application launcher with better browser  No internet calling.  Released on December 6, 2010.  Updated User Interface with high efficiency and speed  Internet calling  One touch word selection and copy/paste.  New keyboard for faster word input.  More successful version of Android than previous versions.  not supports multi-core processors.  Released on February 22, 2011.  Support for multi-core processors  Ability to encrypt all user data.  This version of android is only available for tablets.
 Released on November 14, 2011.  Virtual button in the UI.  A new typeface family for the UI, Roboto.  Ability to shut down apps that are using data in the background.  Released on June 27, 2012.  Latest version of Android.  Smoother user interface.
 Android Kitkat  Released on April 14,2014  Bug fixes.  Security enhancements.  Android Lollipop  Released on December 2,2014.  Speed improvement.  Battery consumption improvement.  Multiple SIM cards support.  Quick settings shortcuts to join Wi-Fi networks or control Bluetooth devices.
 Android Marshmallow  Fingerprint Authentication support.  Better battery life with "deep sleep".  Permissions dashboard.  Android Pay.  MIDI support.  Google now improvements.
iOS SECURITY MODEL
Introduction to iOS  iOS is the Operating System that run on Apple devices like iPhone, iPod, iPad & Apple TV.  Provides multi tasking.  Only allows to run Apple signed applications.  New features & Bug fixes with every release.  Current version is iOS 9.
iOS Security Model Two different views of iOS security model are presented. The first model stands on four pillars that are mentioned in and are as follows:  Device Security.  Data Security.  Network Security.  Application Security.
 Keychain Services.  CFNetwork.  The Certificate, Key, and Trust Services API.  Randomization Services.
 The second perspective discuss the security as a set of different techniques to ensure the security.  ASLR.  Code Signing.  Sandboxing.  Data Encryption.
iOS Malware  Aurora Feint (July, 2008)  Storm8 (November, 2009)  IPhoneOS.Ikee Worm (November, 2009)  iPhoneOS.Ikee.B (November, 2009)  KeyRaider (August 2015)  XcodeGhost (September 2015)  Youmi Ad SDK (October 2015)
Security Comparison of iOS 8 and iOS 9 1) Stronger passcodes 2) Two factor Authentication
Windows Phone Security Model
Introduction to Windows:  Microsoft’s new Mobile OS -Successor to the Windows Phone.  Based on Windows CE kernel.  Released on November 8,2010.  Supports 25 Languages.  Offers a new User Interface with its “metro” login.
Windows Phone Security Model
Which is safest: Android, iOS or Windows Phone?  iOS is the safest out of the box  Second place goes to Windows Phone: very robust and with excellent backup options, but still needs some work.  Android falls to third place, as it forces you to make more decisions and has a less consistent security landscape, with manufacturers adding their own security customizations.
Mobile security best practices 1. User Authentication. 2. Update Your Mobile OS with Security Patches. 3. Regularly Backup Your Mobile Device. 4. Utilize Encryption. 5. Enable Remote Data Wipe as an Option.
Mobile security best practices(cont’d) 6. Disable Wi-Fi and Bluetooth When Not Needed. 7. Don't Fall for Phishing Schemes. 8. Avoid All Jailbreaks. 9. Add a Mobile Security App. 10. Communicate Your Mobile Security Best Practices.
Conclusion • Modern Operating Systems come with a strong security background but there is nothing more important than the safety of the user’s data. • In these days there are a lot of known vulnerabilities in these operating systems, applications, internet browsers and specific teams and developers working on issues trying to fix known problems. • However, there is the weakest point at this security and that point is always the user of the current device.
Thank You!!

Recommended

Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 

Recommended

Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Mobile operating system
Mobile operating systemMobile operating system
Mobile operating systemSUDARSHAN TIWARI
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorialLokesh Agrawal
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating Systemrenoy reji
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Mobile computing
Mobile computingMobile computing
Mobile computingMohit Sharma
 
Mobile security
Mobile security Mobile security
Mobile security Himmatsingh Rajpurohit
 
Mobile security
Mobile securityMobile security
Mobile securityMphasis
 
Mobile application testing
Mobile application testingMobile application testing
Mobile application testingTharindra Jayamaha
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsSomanath Kavalase
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Mobile computing
Mobile computingMobile computing
Mobile computingTapesh Chalisgaonkar
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockInside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockiChinaStock
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 

More Related Content

What's hot

Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorialLokesh Agrawal
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating Systemrenoy reji
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Mobile security
Mobile securityMobile security
Mobile securityMphasis
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsSomanath Kavalase
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 

What's hot (20)

Mobile security
Mobile securityMobile security
Mobile security
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
Mobile operating system
Mobile operating systemMobile operating system
Mobile operating system
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorial
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Android Operating System
Android Operating SystemAndroid Operating System
Android Operating System
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 
Mobile security
Mobile security Mobile security
Mobile security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile application testing
Mobile application testingMobile application testing
Mobile application testing
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & security
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 

Viewers also liked

Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockInside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockiChinaStock
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013Graeme Wood
 
The effects of Social Networking upon society
The effects of Social Networking upon societyThe effects of Social Networking upon society
The effects of Social Networking upon societyBishrul Haq
 
Teaching methods
Teaching methodsTeaching methods
Teaching methodscami20003
 
Lo teaching techniques
Lo teaching techniquesLo teaching techniques
Lo teaching techniquesolympia
 
Implementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And LearningImplementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And Learninggellynn
 
Modern approach in teaching
Modern approach in teachingModern approach in teaching
Modern approach in teachingArlene Chu
 
Online teaching techniques
Online teaching techniquesOnline teaching techniques
Online teaching techniquesJuliana Antunes
 
It strategie-security-first
It strategie-security-firstIt strategie-security-first
It strategie-security-firstRalph Belfiore
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CloudIDSummit
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to SelinuxAtul Jha
 
Rahmenbedingungen mobile security
Rahmenbedingungen mobile securityRahmenbedingungen mobile security
Rahmenbedingungen mobile securityPeter Teufl
 
Impact Of IT on Society.
Impact Of IT on Society.Impact Of IT on Society.
Impact Of IT on Society.Monica Khatri
 
Tradition vs. Innovation
Tradition vs. InnovationTradition vs. Innovation
Tradition vs. Innovationmontagues
 
Bootkits: past, present & future
Bootkits: past, present & futureBootkits: past, present & future
Bootkits: past, present & futureAlex Matrosov
 
Security models
Security models Security models
Security models LJ PROJECTS
 

Viewers also liked (20)

Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockInside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013
 
The effects of Social Networking upon society
The effects of Social Networking upon societyThe effects of Social Networking upon society
The effects of Social Networking upon society
 
Teaching methods
Teaching methodsTeaching methods
Teaching methods
 
Android Security
Android SecurityAndroid Security
Android Security
 
Lo teaching techniques
Lo teaching techniquesLo teaching techniques
Lo teaching techniques
 
Implementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And LearningImplementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And Learning
 
Modern approach in teaching
Modern approach in teachingModern approach in teaching
Modern approach in teaching
 
Online teaching techniques
Online teaching techniquesOnline teaching techniques
Online teaching techniques
 
1 system security
1 system security1 system security
1 system security
 
It strategie-security-first
It strategie-security-firstIt strategie-security-first
It strategie-security-first
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
 
Rbac
RbacRbac
Rbac
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to Selinux
 
Rahmenbedingungen mobile security
Rahmenbedingungen mobile securityRahmenbedingungen mobile security
Rahmenbedingungen mobile security
 
Impact Of IT on Society.
Impact Of IT on Society.Impact Of IT on Society.
Impact Of IT on Society.
 
Tradition vs. Innovation
Tradition vs. InnovationTradition vs. Innovation
Tradition vs. Innovation
 
Bootkits: past, present & future
Bootkits: past, present & futureBootkits: past, present & future
Bootkits: past, present & future
 
Security models
Security models Security models
Security models
 

Similar to Security models of modern mobile systems

Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Write a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment iWrite a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment ilorindajamieson
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Android and its applications
Android and its applicationsAndroid and its applications
Android and its applicationsSoba Arjun
 
Android os ark 2 (2) copy
Android os ark 2 (2) copyAndroid os ark 2 (2) copy
Android os ark 2 (2) copyAnandRk4
 
Mobile Application Development with Android
Mobile Application Development with AndroidMobile Application Development with Android
Mobile Application Development with AndroidIJAAS Team
 
Introduction to Android
Introduction to Android Introduction to Android
Introduction to Android dipali badgujar
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Android Vs Iphone
Android Vs IphoneAndroid Vs Iphone
Android Vs IphoneLucy Nader
 
Android vs iOS security
Android vs iOS securityAndroid vs iOS security
Android vs iOS securitySumanth Veera
 
Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1Zulkar Naim
 

Similar to Security models of modern mobile systems (20)

Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
 
Write a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment iWrite a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment i
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Android
AndroidAndroid
Android
 
Android and its applications
Android and its applicationsAndroid and its applications
Android and its applications
 
Android security
Android securityAndroid security
Android security
 
Android report
Android reportAndroid report
Android report
 
Android os ark 2 (2) copy
Android os ark 2 (2) copyAndroid os ark 2 (2) copy
Android os ark 2 (2) copy
 
Mobile Application Development with Android
Mobile Application Development with AndroidMobile Application Development with Android
Mobile Application Development with Android
 
Introduction to Android
Introduction to Android Introduction to Android
Introduction to Android
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphones
 
A017360104
A017360104A017360104
A017360104
 
Mobile testing
Mobile testingMobile testing
Mobile testing
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Android Vs Iphone
Android Vs IphoneAndroid Vs Iphone
Android Vs Iphone
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
Android vs iOS security
Android vs iOS securityAndroid vs iOS security
Android vs iOS security
 
Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Security models of modern mobile systems

  • 1. BY DIVYA RAVAL Security Models of Modern Mobile Systems
  • 2. What is Mobile Security? Mobile security is the protection of smart phones, tablets, laptops and other portable computing devices and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security.
  • 3. Need of Mobile Security?  As Smartphones are becoming storage units for personal information through use of various social networking applications, personal organizers and e-mail clients.  So, smartphones are becoming primary target of attackers.  Mobile threats are endangering safety of individuals, companies and if measures are not taken, then the cybercrime can have impact on the security of the whole society.
  • 5. Nielsen Report Smartphone operating system share
  • 6. Security Challenges for Mobile Device Users  Insecure Data Storage.  Physical Security.  Mobile browsing.  Multiple User Logging.  Client side injection.  Improper session handling.  Weak Authentication and Brute Force Attack.
  • 7. Mobile Threats and Vulnerabilities Mobile Threats 1. Physical threats - Bluetooth. - Lost or Stolen Mobile Devices.
  • 8. 2. Application based Threats -Spyware. - Malware. - Vulnerable Application. - Privacy Threats.
  • 9. 3. Network based threats -Denial of Service Attack (DoS). - Network Exploits. - Mobile Network Services. - Wi-Fi Sniffing.
  • 10. 4. Web based threats - Drive by downloads. - Browser Exploits. - Phishing Scams.
  • 11. Mobile Vulnerabilities • Trojan horse. • Botnet. • Worm. • Rootkit.
  • 13. Introduction to Android  It is a open source software platform and operating system for mobile devices.  Based on Linux kernel.  Developed by Google and later the Open Handset Alliance.  Allows writing managed code in Java Language.  Android has its own virtual machine i.e DVM(Dalvik Virtual Machine),which is used for executing the android application.  Google purchased the initial developer of the software, android incorporated in 2005.
  • 16. Application Permission  There are four permissions levels and they are as follows:  Normal (not a dangerous one and considered as an application-level permission).  Dangerous (a more risky permission could access, without the asking the user to confirm; a sensitive data or damaging functions).  Signature (a permission can be granted only to other packages that are signed with the same signature).  Signature-or-system (a special type of signature permission that's existing to manipulate with the legacy permissions).
  • 17. Android Security Mechanism 1. Sandboxing Mechanism. 2. Application Permission Mechanism.
  • 18. Improvements in the Existing Security Model Practically, there are a number of issues in such a model:- 1)The user must grant all of the required permissions in order to install the application, 2) Once the permissions are granted; there is no method of restricting an application to use the granted permissions, 3) There is no way of restricting access to the resources based on dynamic constraints as the permission model is based on install-time check only, 4) Granted permissions can only be revoked by uninstalling the application.
  • 19. Proposed Framework for Android Security 1. Kirin:-install-time certification mechanism – that allows the mobile device to enforce a list of predefined security requirements prior to installation process of an application. 2. SCanDroid: Android to perform information flow analysis on applications in order to understand the flow of information from one component to another component.
  • 20. Android Malware 1. Android.Pjapps / Android.Geinimi (January/February, 2010) 2. AndroidOS.FakePlayer (August, 2010) 3. Android.Root Cager (February, 2011) 4. Android.Bg Serv (March, 2011) 5. Acnetdoor. 6. Kemoge Malware.
  • 21. Example of Malicious Application Malicious content delivery scenario for Android
  • 22. Example of Malicious Application(cont’d) Example malicious application of android
  • 23.  First Version of Android.  The focus of Android beta is testing incorporating usability.  Android beta will generally have many more problems on speed and performance.  First full version of android.  Released on September 23, 2008.  Wi-Fi and Bluetooth support.  Quite slow in operating.  copy and paste feature in the web browser is not present.
  • 24.  Released on April 30, 2009.  Added auto-rotation option.  Copy and Paste feature added in the web browser.  Increased speed and performance but not upto required level.  Released on September 15, 2009.  Voice search and Search box were added.  Faster OS boot times and fast web browsing experience.  Typing is quite slower.  Released on October 26, 2009.  Bluetooth 2.1 support.  Improved typing speed on virtual keyboard, with smarter dictionary.  no Adobe flash media support.
  • 25.  Released on May 20, 2010.  Support for Adobe Flash 10.1  Improved Application launcher with better browser  No internet calling.  Released on December 6, 2010.  Updated User Interface with high efficiency and speed  Internet calling  One touch word selection and copy/paste.  New keyboard for faster word input.  More successful version of Android than previous versions.  not supports multi-core processors.  Released on February 22, 2011.  Support for multi-core processors  Ability to encrypt all user data.  This version of android is only available for tablets.
  • 26.  Released on November 14, 2011.  Virtual button in the UI.  A new typeface family for the UI, Roboto.  Ability to shut down apps that are using data in the background.  Released on June 27, 2012.  Latest version of Android.  Smoother user interface.
  • 27.  Android Kitkat  Released on April 14,2014  Bug fixes.  Security enhancements.  Android Lollipop  Released on December 2,2014.  Speed improvement.  Battery consumption improvement.  Multiple SIM cards support.  Quick settings shortcuts to join Wi-Fi networks or control Bluetooth devices.
  • 28.  Android Marshmallow  Fingerprint Authentication support.  Better battery life with "deep sleep".  Permissions dashboard.  Android Pay.  MIDI support.  Google now improvements.
  • 30. Introduction to iOS  iOS is the Operating System that run on Apple devices like iPhone, iPod, iPad & Apple TV.  Provides multi tasking.  Only allows to run Apple signed applications.  New features & Bug fixes with every release.  Current version is iOS 9.
  • 31. iOS Security Model Two different views of iOS security model are presented. The first model stands on four pillars that are mentioned in and are as follows:  Device Security.  Data Security.  Network Security.  Application Security.
  • 32.  Keychain Services.  CFNetwork.  The Certificate, Key, and Trust Services API.  Randomization Services.
  • 33.  The second perspective discuss the security as a set of different techniques to ensure the security.  ASLR.  Code Signing.  Sandboxing.  Data Encryption.
  • 34. iOS Malware  Aurora Feint (July, 2008)  Storm8 (November, 2009)  IPhoneOS.Ikee Worm (November, 2009)  iPhoneOS.Ikee.B (November, 2009)  KeyRaider (August 2015)  XcodeGhost (September 2015)  Youmi Ad SDK (October 2015)
  • 35. Security Comparison of iOS 8 and iOS 9 1) Stronger passcodes 2) Two factor Authentication
  • 37. Introduction to Windows:  Microsoft’s new Mobile OS -Successor to the Windows Phone.  Based on Windows CE kernel.  Released on November 8,2010.  Supports 25 Languages.  Offers a new User Interface with its “metro” login.
  • 39. Which is safest: Android, iOS or Windows Phone?  iOS is the safest out of the box  Second place goes to Windows Phone: very robust and with excellent backup options, but still needs some work.  Android falls to third place, as it forces you to make more decisions and has a less consistent security landscape, with manufacturers adding their own security customizations.
  • 40. Mobile security best practices 1. User Authentication. 2. Update Your Mobile OS with Security Patches. 3. Regularly Backup Your Mobile Device. 4. Utilize Encryption. 5. Enable Remote Data Wipe as an Option.
  • 41. Mobile security best practices(cont’d) 6. Disable Wi-Fi and Bluetooth When Not Needed. 7. Don't Fall for Phishing Schemes. 8. Avoid All Jailbreaks. 9. Add a Mobile Security App. 10. Communicate Your Mobile Security Best Practices.
  • 42. Conclusion • Modern Operating Systems come with a strong security background but there is nothing more important than the safety of the user’s data. • In these days there are a lot of known vulnerabilities in these operating systems, applications, internet browsers and specific teams and developers working on issues trying to fix known problems. • However, there is the weakest point at this security and that point is always the user of the current device.