CRITICAL REVIEW: SECURITY ISSUES IN MOBILE
NETWORKS
Leung, A., Sheng, Y., Cruickshank, H. (2007) The security challenges f...
BODY
The methodology used in these two papers is different but they had the same result.
Zdarsky, F., Robitzsch, S., Banch...
Availability is also stressed as making that accessible when ever they are needed. The use of
network access control must ...
CONCLUSION
The two papers have clearly and fully established security threats and were able to
streamline it down to mobil...
Upcoming SlideShare
Loading in …5
×

Comparative review dele

239 views

Published on

Published in: Lifestyle, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
239
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Comparative review dele

  1. 1. CRITICAL REVIEW: SECURITY ISSUES IN MOBILE NETWORKS Leung, A., Sheng, Y., Cruickshank, H. (2007) The security challenges for mobile ubiquitous services. Information Security Technical Report 12(3) pp 162-171 Zdarsky, F., Robitzsch, S., Banchs, A. (2010) Security analysis of wireless mesh backhauls for mobile networks. Journal of network and computer applications. pp 1-11 INTRODUCTION Security issues in mobile networks is bleeding and have rampaged every sector of life, starting from homes extending into businesses, internets, banks and even into the mobile network world. It is discovered that as technology advances so also theft and hacking increases geometrically. There are so many cases of data loss, stolen credit cards, bank frauds, spam messages, hacking, and virus attacks due to porous security platforms developed. These challenges occur at the user's ends, on the core networks and at the providers end. It is observed that enterprise users now use mobile devices to execute functions which are previously performed from their desktops making the network to be more complex. In order to effectively protect business and non business assets, measures has to be implemented and adopted considering the fact that it must not affect quality and efficient delivery of services to users on the network. Therefore the above has generated an urgent need to focus on providing more comprehensive security solutions especially in mobile networks because they are more vulnerable to attacks and threats. This paper comparatively reviews threat analysis and identifies the appropriate security measures and requirements and subsequently devised good security solutions.
  2. 2. BODY The methodology used in these two papers is different but they had the same result. Zdarsky, F., Robitzsch, S., Banchs, A. (2010) evaluated the analysis for security threats which has greatly helped to identify potential risks and attacks on mobile network. He further examined the highest ranking of security threats, analyzing where there could be major threats on the network. He made his analysis by comparing the impact of a threat placing it side by side with the likelihood of the threat so as to know the level of the risk under wireless mesh and management links especially when there is physical attack or when faults are exploited during threat implementation of the network. On the other hand Leung, A., Sheng, Y., Cruickshank, H. (2007) examined threat analysis using a different approach and method by using a pictorial diagram of a man called Jose who was moving from one end to another and still doing all of his activities in a wireless environment e.g. from watching TV to using mobile phone, and contacting service provider, taking a train using his laptop getting to the café and so on. Emphasizing that as Mr. Jose moves from one node to the other which makes him open to threat which could be from the user, provider or the network. From the stated analysis these two authors identifies the various security threat on the networks as threat to user, threat to providers, and as threat to data transport, threat to network mesh and management control. These various threats are critically looked into and narrowed down as spoofing, framing, malware, active and passive threats. Based on the threat analysis discussed above the two papers agree on the basic requirements for proficient security solution e.g. they mentioned providing confidentiality, integrity, authenticity, non repudiation, availability, and privacy. Confidentiality is the assurance that information or data is confined only to the authorized users on the network. Integrity is the case when data is complete and sufficiently perfect and accurate for its purpose. While authenticity establishes that information is genuine and has not been tampered with or forged, a typical example when violated is masquerading. Authentication process is in the three forms namely identification, verification and authentication which are the resources of a network. The non repudiation basically gives protection against false involvement in an action.
  3. 3. Availability is also stressed as making that accessible when ever they are needed. The use of network access control must be deployed to make sure the unauthorized users are not allowed to access the network while the authorized users are granted the access. Furthermore, Leung, A. et. al. (2007) examined security threats from three dimensions e.g. user, network and service provider. He highlighted the various ways by which a user can be subjected to security threats e.g. spoofing, information disclosure, profiling, framing, malware, information overloading, configuration complexity, security parameters. He mentioned a key point of how a network could be opened to security threats e.g. passive and active threats. Passive threat is a threat where a party that is unauthorized gains access to data and he does not change its content i.e. eavesdropping and traffic analysis while active threat is when attackers make changes to data, messages modifications, denial of services. However the approach of Zdarsky, F. et. al. (2010) identifies security threat in three ways, under management and control, data transport, network entities. He emphasized passive and active traffic analysis; he said security threat can emerge as a result of faulty softwares thereby creating avenues for network attackers. He also mentioned that the attackers could have classical software having sophisticated conglomerate. In order to provide lasting security solutions to the aforementioned security threats Leung, A. et. al. (2007) emphasized on two main clues which are by developing trusted computing and integration of IPSec with AAA (Authentication, Authority and Account) and hierarchical mobile IPv6 on the mobile network. Trusted computing is achieved by incorporating a trusted hardware functionality that would provide a trusted platform module. IPSec is fundamentally secures information traffics on the core network while AAA is used to authenticate mobile signal nodes. IPSec is a layer protocol that ensures via sending and receiving of cryptographically data packets with modifications. In the other paper "Zdarsky, F. et. al. (2010)" he stressed the need to avoid a state without authorization, control signaling, and also to avoid single points of failure.
  4. 4. CONCLUSION The two papers have clearly and fully established security threats and were able to streamline it down to mobile networks using different methodology emphasizing that they are more vulnerable to security attacks on the ad hoc network. They both highlighted the various security challenges and issues under mobile network in a diverse form and subsequently provided possible solutions to avert mobile networks breakdown as a result of security threats and attacks. Most importantly Leung, A. et. al. (2007) was able to deliver a descriptive methodology. He gave a strong and deep technical analysis of security threat and he provided concrete technical solutions which could give a long lasting solution to security attacks and also left some open issues on security threats while Zdarsky, F. et. al. (2010) was just writing on the surface although he dwelled too much in analyzing security threats but he did not provide a silver bullet answer to security solutions which is a key under this topic. However the two papers are recommendable, personally I will look at Leung, A. et. al. (2007) as an experienced expatriate in security issues especially in mobile networks while Zdarsky, F. et. al. (2010) could be a senior apprentice in mobile network security matters judging by the content of their respective papers.

×