Security Concern Related to Mobile Computing, Middleware and Gateway required for mobile Computing, Making Existing Application Mobile Enable , mobile technology
2. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Index
⢠Security Concerns Related to Mobile Computing
⢠Guidelines for Mobile Computing Security
⢠What is Middleware?
⢠What is Gateway ?
⢠Making Existing Application MobileâEnabled
3. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Security Concerns Related to Mobile
Computing
⢠Confidentiality: This is used to prevent unauthorized users from
gaining access to any particular user's critical and confidential
information.
⢠Integrity: This is used to ensure that any type of unauthorized
modification, destruction or creation of information cannot be done.
⢠Availability: The availability is used to ensure that authorized users get
the required access whenever they need it.
⢠Legitimate: This is used to ensure that only authorized, and legitimate
users have access to the services.
⢠Accountability: Accountability is used to ensure that the users will be
responsible for their security-related activities by arranging the users and
their activities in a linked form.
4. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Security Concerns Related to Mobile Computing
6. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Wireless Security Issues
Denial of Service (DOS) attacks
The denial of services or DOS attacks is one of the most common attacks of all
kinds of networks and especially in a wireless network. It prevents users from
using network services because the attacker sends a large amount of unnecessary
data or connection requests to the communication server. It causes a slow network,
and therefore the users cannot get benefitted from using its service.
Traffic Analysis
Traffic analysis is used to identify and monitor communication between users. In
this process, the service provider listens the traffic flowing in the wireless channel
to access the private information of users affected by the attacker.
Eavesdropping
It specifies that the attacker can log on to the wireless network and access sensitive
data if the wireless network was not secure enough. This can also be done if the
information is not encrypted.
7. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Session Interception and Messages Modification
It specifies that the attacker can intercept the session and modify
the transmitted data in this session. This scenario is called "man in
the middle." It inserts the attacker's host between the sender and
receiver host.
Spoofing
In this security issue, the attacker impersonates him as an
authorized account of another user and tries to access the sensitive
data and unauthorized services.
Captured and Retransmitted Messages
In this security issue, the attacker can get some of the network
services by getting unauthorized access. After capturing the
message, he/she can reply to it with some modifications to the same
destination
Wireless Security Issues
9. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Wireless Security
10. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Device Security Issues
⢠Push Attacks
In the push attack, the attacker creates a malicious code at the user's
mobile device by hacking it and then he/she may spread it to affect
other elements of the network.
⢠Pull Attacks
The pull attack is a type of attack where the attacker controls the
device and handles it in his/her way. He can decide which emails
they want to receive. In this attack, the user can decide about the
obtained data by the device itself.
⢠Forced De-authentication
In this security issue, the attackers convince the mobile end-point or
the mobile user to drop its connection and re-connection to get a new
signal. Within this process, they insert their device between the
mobile device and the network and steal the information or do the
fraud.
11. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Device Security Issues
⢠Multi-protocol Communication
The multi-protocol communication provides the ability of many
mobile devices to operate using multiple protocols. For example, A
cellular provider's network protocol. Most of the protocols have
some security loopholes, which help the attacker to exploit this
weakness and access to the device.
⢠Mobility
This security issue may occur because of the mobility of the users
and the mobile devices. You may face these security threats due to a
user's location, so you must replicate the user profiles at different
locations to allow roaming via different places without any concern
regarding access to personal and sensitive data in any place and at
any time. This repetition of sensitive data on different sites can
increase seethe chances of security threats.
12. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
⢠Disconnections
These types of security issues occur when mobile devices go to
different places. It occurs in the form of frequent disconnections
caused by external parties resulting in the handoff.
Device Security Issues
13. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Personnel security issues or insider attacks
How to handle security issues?
ďThe company should hire qualified personnel.
ďYou should install security hardware and software.
ďYou should ensure that the data stored in the mobile devices are
encrypted and audited.
ďEducate the users on proper mobile computing ethics and security
issues.
ďYou must ensure that the mobile devices are configured with a power-
on authentication to prevent unauthorized access if lost or stolen.
ďYou must ensure that anti-virus software is installed on mobile devices.
ďMake sure that the firewall client is installed on mobile devices.
ďMake your mobile devices encrypted with a strong password.
ďEncrypt your data stored in the secondary storage devices such as
Memory Sticks, Data card, removable USB etc.
ďEnsure that the Bluetooth, Wi-Fi, etc. enabled mobile devices are turned
off when you are not using them.
ďMake periodic backups of your mobile devices on a data server.
14. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Guidelines for Mobile Computing Security
1. Encryption: Mobile devices that do store sensitive data can be protected by
means of encryption systems. Automatic encryption/decryption systems exist, but
are less secure than systems which require the user to enter a password at the
beginning of every session. Both Android and Apple iOS devices can be set up to
utilize encryption capabilities.
2. External Identification: End users should label their mobile devices
with their name and telephone contact information so lost devices can be returned
to them, even after their battery has gone dead.
3. Limiting Data Storage: One of the best ways to prevent the
compromise or loss of sensitive data is not to store it on a mobile device. Such
data can be stored in the cloud or accessed from a proprietary server. Naturally,
means of access must be thoroughly secured, or there is no advantage to be gained
from keeping sensitive data off a mobile device.
15. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
4. Lost Device Locator and Data Eraser
Systems: Depending on the mobile device and its operating systems,
there are various technologies that enable end users to locate a lost device
(even if it's just between the couch cushions). Failing that, there are ways to
remotely erase sensitive data. Encourage end users to enroll their devices in a
good system, and to learn how to use it.
5. Passwords and Timeouts: End users should set a password and a
relatively brief timer to shut down and lock their mobile devices when left idle
for even a few minutes. Passwords and timeouts preventâor at least delayâ
unauthorized users from gaining access to sensitive data not only on lost or
stolen devices, but also on devices left unattended in homes and offices.
6. Trusted Sources: Mobile devices can add software from a variety of
sources, but end users should rely only on trusted sources, such as the Apple
iTunes Store, Google Play, or the Amazon App Store for Android. Other
sources are less likely to thoroughly search for and prevent software
contaminated by viruses or other malware.
Guidelines for Mobile Computing Security
16. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
What is Middleware?
Middleware is Software that provides a link
between separate software applications. It is a layer
that lies between the operating system and
applications.
17. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Use of Middleware:
⢠Provide interaction with another service or
application.
⢠Filter data to make them friendly usable.
⢠Make an application independent from network
services.
⢠Make an application reliable and always
available.
⢠Add complementary attributes like semantics.
18. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Types of Middleware
1. Communication Middleware : Communication Middleware is used
to connect one application with another application. For Example
connecting one application with another application using telnet.
2. Message Oriented Middleware: It supports the receiving and
sending of messages over distributed applications. It enables
applications to be disbursed over various platforms. It makes the
process of creating software applications across many operating
systems. It makes network protocols less complicated. It holds many
advantages over middleware alternatives and is one of the most
widely used types of middleware.
3. Object Oriented Middleware : Object Oriented Middleware is also
known as an object request broker. It provides the facility to send
objects and request services via an object oriented system. In short,
it manages the communication between objects.
19. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
4. Remote Procedure Call (RPC) Middleware : It provides the
facility to calls procedures on remote systems and is used to perform
synchronous or asynchronous interactions between applications or
systems. It is usually utilized within a software application.
5. Database Middleware: It provides direct access to databases
and direct interaction with databases, There are many database
gateways and connectivity options and you simply have to see what
will best work for your necessary solution. This is the most general
and commonly known type of middleware. This includes SQL
database software.
6. Transaction Middleware :This type of middleware includes
applications like transaction processing monitors. It also encompasses
web application servers, These types of middleware are becoming
more and more common today.
Types of Middleware
20. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
7. Embedded Middleware : This type of middleware allows the
facility of communication and integration of services with an
interface of software or firmware. It acts as a liaison between
embedded applications and the real time operating system.
7. Content-Centric Middleware: This type of middleware
allows you to abstract specific content without worry of how it is
obtained. This is done through a simple provide / consume
abstraction. It is similar to publish / subscribe middleware, which
is another type of this software that is often used as a part of web
based applications.
Types of Middleware
21. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Middleware
22. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
What is Gateway ?
Gateways are required when the networks
between the device and the middleware having
different set of protocol.
For Example: an IVR (Interactive Voice
Response) Gateway is used to interface voice
with a computer. WAP Gateway is used to
access internet on mobile phones
25. MT Unit 2-Design Mobile Computing
Architecture ~Swapnali Pawar
Making Existing Application MobileâEnabled
There are many applications that are now being used within the intranet
or the corporate network. These application need to be made ubiquitous
and mobile computing capable. There are many ways by which this can
be achieved:
⢠Enhance existing application take the current application.
Enhance the application to support mobile computing.
⢠Rent an application from an ASP, there are many organizations
who develop ubiquitous application and rent the same at a fee.
⢠Write a new application, develop a new application to meet the
new business requirement of the mobile computing.
⢠Buy a packaged solution, there are many companies who are
offering packaged solutions for various business areas starting from
manufacturing to sales and marketing. Buy and install one.
⢠Bridge the gap through middleware, use different middleware
techniques to facelift and mobile computing enable the existing
application.