CRITICAL REVIEW: SECURITY ISSUES IN MOBILE
Leung, A., Sheng, Y., Cruickshank, H. (2007) The security challenges for mobile ubiquitous
services. Information Security Technical Report 12(3) pp 162-171
Zdarsky, F., Robitzsch, S., Banchs, A. (2010) Security analysis of wireless mesh backhauls for mobile
networks. Journal of network and computer applications. pp 1-11
Security issues in mobile networks is bleeding and have rampaged every sector of life,
starting from homes extending into businesses, internets, banks and even into the mobile
network world. It is discovered that as technology advances so also theft and hacking increases
geometrically. There are so many cases of data loss, stolen credit cards, bank frauds, spam
messages, hacking, and virus attacks due to porous security platforms developed. These
challenges occur at the user's ends, on the core networks and at the providers end. It is
observed that enterprise users now use mobile devices to execute functions which are
previously performed from their desktops making the network to be more complex. In order to
effectively protect business and non business assets, measures has to be implemented and
adopted considering the fact that it must not affect quality and efficient delivery of services to
users on the network. Therefore the above has generated an urgent need to focus on providing
more comprehensive security solutions especially in mobile networks because they are more
vulnerable to attacks and threats. This paper comparatively reviews threat analysis and
identifies the appropriate security measures and requirements and subsequently devised good
The methodology used in these two papers is different but they had the same result.
Zdarsky, F., Robitzsch, S., Banchs, A. (2010) evaluated the analysis for security threats which has
greatly helped to identify potential risks and attacks on mobile network. He further examined
the highest ranking of security threats, analyzing where there could be major threats on the
network. He made his analysis by comparing the impact of a threat placing it side by side with
the likelihood of the threat so as to know the level of the risk under wireless mesh and
management links especially when there is physical attack or when faults are exploited during
threat implementation of the network. On the other hand Leung, A., Sheng, Y., Cruickshank, H.
(2007) examined threat analysis using a different approach and method by using a pictorial
diagram of a man called Jose who was moving from one end to another and still doing all of his
activities in a wireless environment e.g. from watching TV to using mobile phone, and
contacting service provider, taking a train using his laptop getting to the café and so on.
Emphasizing that as Mr. Jose moves from one node to the other which makes him open to
threat which could be from the user, provider or the network. From the stated analysis these
two authors identifies the various security threat on the networks as threat to user, threat to
providers, and as threat to data transport, threat to network mesh and management control.
These various threats are critically looked into and narrowed down as spoofing, framing,
malware, active and passive threats.
Based on the threat analysis discussed above the two papers agree on the basic
requirements for proficient security solution e.g. they mentioned providing confidentiality,
integrity, authenticity, non repudiation, availability, and privacy. Confidentiality is the assurance
that information or data is confined only to the authorized users on the network. Integrity is the
case when data is complete and sufficiently perfect and accurate for its purpose. While
authenticity establishes that information is genuine and has not been tampered with or forged,
a typical example when violated is masquerading. Authentication process is in the three forms
namely identification, verification and authentication which are the resources of a network. The
non repudiation basically gives protection against false involvement in an action.
Availability is also stressed as making that accessible when ever they are needed. The use of
network access control must be deployed to make sure the unauthorized users are not allowed
to access the network while the authorized users are granted the access.
Furthermore, Leung, A. et. al. (2007) examined security threats from three dimensions
e.g. user, network and service provider. He highlighted the various ways by which a user can be
subjected to security threats e.g. spoofing, information disclosure, profiling, framing, malware,
information overloading, configuration complexity, security parameters. He mentioned a key
point of how a network could be opened to security threats e.g. passive and active threats.
Passive threat is a threat where a party that is unauthorized gains access to data and he does
not change its content i.e. eavesdropping and traffic analysis while active threat is when
attackers make changes to data, messages modifications, denial of services. However the
approach of Zdarsky, F. et. al. (2010) identifies security threat in three ways, under
management and control, data transport, network entities. He emphasized passive and active
traffic analysis; he said security threat can emerge as a result of faulty softwares thereby
creating avenues for network attackers. He also mentioned that the attackers could have
classical software having sophisticated conglomerate.
In order to provide lasting security solutions to the aforementioned security threats
Leung, A. et. al. (2007) emphasized on two main clues which are by developing trusted
computing and integration of IPSec with AAA (Authentication, Authority and Account) and
hierarchical mobile IPv6 on the mobile network. Trusted computing is achieved by
incorporating a trusted hardware functionality that would provide a trusted platform module.
IPSec is fundamentally secures information traffics on the core network while AAA is used to
authenticate mobile signal nodes. IPSec is a layer protocol that ensures via sending and
receiving of cryptographically data packets with modifications. In the other paper "Zdarsky, F.
et. al. (2010)" he stressed the need to avoid a state without authorization, control signaling,
and also to avoid single points of failure.
The two papers have clearly and fully established security threats and were able to
streamline it down to mobile networks using different methodology emphasizing that they are
more vulnerable to security attacks on the ad hoc network. They both highlighted the various
security challenges and issues under mobile network in a diverse form and subsequently
provided possible solutions to avert mobile networks breakdown as a result of security threats
and attacks. Most importantly Leung, A. et. al. (2007) was able to deliver a descriptive
methodology. He gave a strong and deep technical analysis of security threat and he provided
concrete technical solutions which could give a long lasting solution to security attacks and also
left some open issues on security threats while Zdarsky, F. et. al. (2010) was just writing on the
surface although he dwelled too much in analyzing security threats but he did not provide a
silver bullet answer to security solutions which is a key under this topic. However the two
papers are recommendable, personally I will look at Leung, A. et. al. (2007) as an experienced
expatriate in security issues especially in mobile networks while Zdarsky, F. et. al. (2010) could
be a senior apprentice in mobile network security matters judging by the content of their