Security Issues.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

Mobile Commerce Infrastructure, Applications, Payment &Security
Software Security & Privacy Risks in Mobile E-Commerce Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
SSH Secure Login Connections over the Internet
Securing Information Systems
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Dynamic Firewalls and Service Deployment Models for Grid Environments Gian Luca Volpato, Christian Grimm RRZN – Leibniz Universität Hannover Cracow Grid.
Wireless Security: Protect yourself when you’re mobile.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Applied cryptography Project 2. 2CSE539 Applied Cryptography A demo Chat server registration Please enter a login name : > Alice Please enter the.
Operating Systems Security
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Wireless and Mobile Security
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Information Systems Design and Development Security Precautions Computing Science.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Understand User Authentication LESSON 2.1A Security Fundamentals.
Basharat Institute of Higher Education
Setting and Upload Products
Virtual Private Network
Microsoft Windows NT 4.0 Authentication Protocols
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Secure Sockets Layer (SSL)
HARDENING CLIENT COMPUTERS
CMSC 414 Computer and Network Security Lecture 15
Module 8: Securing Network Traffic by Using IPSec and Certificates
COEN 350 Network Security Introduction.
Virtual Private Networks (VPN)
How to Check if a site's connection is secure ?
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Security of a Local Area Network
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Mobile Commerce CMSC 466/666 UMBC.
Mobile Commerce Infrastructure, Applications, Payment &Security
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
INFORMATION SYSTEMS SECURITY and CONTROL
Security.
Mobile Commerce CMSC 466/666 UMBC.
Securing Windows 7 Lesson 10.
Module 8: Securing Network Traffic by Using IPSec and Certificates
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Unit 8 Network Security.
Designing IIS Security (IIS – Internet Information Service)
Module 4 System and Application Security
1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.
Securing web applications Externally
Presentation transcript:

Security Issues

Without. a. secure. OS,. achieving. security Without a secure OS, achieving security on mobile devices is almost impossible Learned lessons: Memory protection of processes Protected kernel rings File access control Authentication of principles to resources Differentiated user and process privileges Sandboxes for untrusted code Biometric authentication

Lack of Security Model Does not differentiate trusted local code from untrusted code downloaded from the Internet. So, there is no access control!! WML Script is not type-safe. Scripts can be scheduled to be pushed to the client device without the user’s knowledge Does not prevent access to persistent storage Possible attacks: Theft or damage of personal information Abusing user’s authentication information Maliciously offloading money saved on smart cards

Bluetooth Security (contn) Bluetooth provides security between any two Bluetooth devices for user protection and secrecy mutual and unidirectional authentication encrypts data between two devices Session key generation configurable encryption key length keys can be changed at any time during a connection Authorization (whether device X is allowed to have access service Y) Trusted Device: The device has been previously authenticated, a link key is stored and the device is marked as “trusted” in the Device Database.

This is also an untrusted device. Untrusted Device: The device has been previously authenticated, link key is stored but the device is not marked as “trusted” in the Device Database This is also an untrusted device. automatic output power adaptation to reduce the range exactly to requirement, makes the system extremely difficult to eavesdrop Unknown Device: No security information is available for this device.

New Security risk M-Commerce Abuse of cooperative nature of ad-hoc networks: An adversary that compromises one node can disseminate false routing information. Malicious domains: A single malicious domain can compromise devices by downloading malicious code Roaming: domains Users roam among non-trustworthy

New Security risk M-Commerce Launching attacks from mobile devices With mobility, it is difficult to identify attackers Loss or theft of device More private information than desktop computers Security keys might have been saved on the device Access to corporate systems Bluetooth provides security at the lower layers only: a stolen device can still be trusted

New Security risk M-Commerce Problems with Wireless Transport Layer Security (WTLS) protocol Security Classes: No certificates Server only certificate (Most Common) Server and client Certificates Re-establishing connection without re-authentication Requests can be redirected to malicious sites

Monitoring user’s private information Offline telemarketing Who is going to read the “legal jargon” Value added services based on location awareness (Location-Based Services) 80

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.