Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues.

Published byEmma Sherman Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Issues."— Presentation transcript:

1 Security Issues

2 Without. a. secure. OS,. achieving. security
Without a secure OS, achieving security on mobile devices is almost impossible Learned lessons: Memory protection of processes Protected kernel rings File access control Authentication of principles to resources Differentiated user and process privileges Sandboxes for untrusted code Biometric authentication

3 Lack of Security Model Does not differentiate trusted local code from untrusted code downloaded from the Internet. So, there is no access control!! WML Script is not type-safe. Scripts can be scheduled to be pushed to the client device without the user’s knowledge Does not prevent access to persistent storage Possible attacks: Theft or damage of personal information Abusing user’s authentication information Maliciously offloading money saved on smart cards

4 Bluetooth Security (contn)
Bluetooth provides security between any two Bluetooth devices for user protection and secrecy mutual and unidirectional authentication encrypts data between two devices Session key generation configurable encryption key length keys can be changed at any time during a connection Authorization (whether device X is allowed to have access service Y) Trusted Device: The device has been previously authenticated, a link key is stored and the device is marked as “trusted” in the Device Database.

5 This is also an untrusted device.
Untrusted Device: The device has been previously authenticated, link key is stored but the device is not marked as “trusted” in the Device Database This is also an untrusted device. automatic output power adaptation to reduce the range exactly to requirement, makes the system extremely difficult to eavesdrop Unknown Device: No security information is available for this device.

6 New Security risk M-Commerce
Abuse of cooperative nature of ad-hoc networks: An adversary that compromises one node can disseminate false routing information. Malicious domains: A single malicious domain can compromise devices by downloading malicious code Roaming: domains Users roam among non-trustworthy

7 New Security risk M-Commerce
Launching attacks from mobile devices With mobility, it is difficult to identify attackers Loss or theft of device More private information than desktop computers Security keys might have been saved on the device Access to corporate systems Bluetooth provides security at the lower layers only: a stolen device can still be trusted

8 New Security risk M-Commerce
Problems with Wireless Transport Layer Security (WTLS) protocol Security Classes: No certificates Server only certificate (Most Common) Server and client Certificates Re-establishing connection without re-authentication Requests can be redirected to malicious sites

9 Monitoring user’s private information Offline telemarketing
Who is going to read the “legal jargon” Value added services based on location awareness (Location-Based Services) 80

Download ppt "Security Issues."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Mobile Commerce Infrastructure, Applications, Payment &Security

Mobile Commerce Infrastructure, Applications, Payment &Security
Software Security & Privacy Risks in Mobile E-Commerce Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols.

Software Security & Privacy Risks in Mobile E-Commerce Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
Securing Information Systems

Securing Information Systems
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google