An Overview of Mobile Security

Transcription

1 An Overview of Mobile Security Dr. Fan Wu Professor, Department of Computer Science, College of Business and Information Science (CBIS) Director, Center of Information Assurance Education (CIAE) Interim Director, Office of Undergraduate Research Tuskegee University CAE Tech Talk National Centers of Academic Excellence November 16, 2017

2

3 Established in 1881 by the prominent educator Booker T. Washington, Tuskegee University (TU) is ranked among the Nation s best educational institutions by US News & World Report. Tuskegee University has distinctive strengths in the sciences, architecture, business, engineering, health, and other professions, all structured on solid foundations in the liberal arts.

4 Tuskegee University Established a Center of Academic Excellence in IAE (Information Assurance Education) in Computer Science Department, College of Business and Information Science (CBIS) Initially Designated by NSA, DHS April 2012 Re-Designated by NSA, DHS April 2017 The CAE-CDE at TU serves as organizing body to offer resources and assistance for faculty, students, and community in conducting teaching, research, and other activities in Information Assurance.

5 Funding to support Cyber Security Research NSF-Scholarship for Service Program (SFS) - Capacity Building Track - Scholarship Track DHS -Scientific Leadership Awards (SLA) Improve and expand undergraduate curriculum in IA. Foster the Master in Information Systems and Security Management (ISSM).

6 Computer Science Department established MS- ISSM (Information Systems and Security Management)- Started Fall 2014 MS-ISSM program is an interdisciplinary program offered under a cooperative arrangement with various departments including Accounting, Economics, Finance; Management, and Computer Science. The ISSM curriculum is unique in the sense that it integrates both the business and computer science disciplines into a coherent area of study.

7 Mobile Security is a hot topic in Information Security area now a days. Developed and offered new course: Mobile Security (Both Graduate and Undergraduate Levels) in the semester of SP 2013, SP 2014, FA 2016, SP 2017, and FA This course is one of the important courses for the National Center of Information Assurance (CIAE) at Tuskegee University. Mobile Security related research work has been funded by: National Science Foundation (NSF)* Department of Homeland Security (DHS) * Collaborative Project with University of Tennessee at Chattanooga, PI: Dr. Li Yang

8 Topic 1: Introduction to Mobile Computing Topic 2: Android Overview, Sensors and Networks Topic 3: Mobile Security Basics Topic 4: Mobile OS Security Model Comparison Topic 5: Threats and vulnerabilities in mobile application Topic 6: Secure development in mobile computing Topic 7: Using cryptography in mobile computing Topic 8: Secure communication of mobile devices Topic 9: Security Policy and Governance Topic 10: Mobile cloud computing future of mobile computing

9 Mobile computing is a generic term describing one's ability to use technology while moving. A connection ties the mobile device to centrally located information and/or application software. This is usually done through portable and wireless communication devices.

10 Some examples.. Computer Science wearable computers laptops with wireless LAN or wireless WAN technology Personal Digital Assistants (PDAs)

11 The main advantage-they are mobile!

12 The main concern with mobile computing is security. Hacking is very prevalent with mobile computing. Mobile computers are the most vulnerable to such attacks.

13 Mobile devices are flourishing and their diversity is growing. Mobile devices are often used precisely where they re most vulnerable in public places like airplanes, lobbies, taxis, etc. But only a few are secured against the potential hazards of security attacks. This leads to data loss; probing or downloading of data by unauthorized persons. Hence, mobile security is the need of today!

14 Physical risk: Theft or loss. Unauthorized access risk: Login or network access by an unauthorized person or computer Operating system or application risk. Mobile data storage device risk. Network risk: Computing and communication devices can be accessed through the networks to which they are connected without detection. Viruses, worms, and other malware can enter a computer or through other networks

15 Authentication Data Encryption Firewall Intrusion Prevention System

16 Authentication verifies that users or systems are who they claim to be, based on identity (e.g., username) and credentials (e.g., password). Most highly publicized breaches are attributed to weak authentication - from unlocked laptops to wireless networks with cracked passwords. Many embarrassing incidents could be avoided by providing vigorous authentication to mobile devices and their networks.

17 Data encryption refers to Mathematical calculations and algorithmic schemes that transform plaintext into cyphertext. Cyphertext - non-readable to unauthorized parties. The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt(decode) the data. This transforms it to the original plaintext version.

18 A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is drained by the filters, it is not allowed through.

19 Firewalls use one or more of three methods : Packet filtering - Packets are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from other mobile device is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - It compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is compared. If the comparison yields a reasonable match, the information is allowed through. Otherwise discarded.

20 A network security device that monitors network for malicious or unwanted behavior. It can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.

21

22 Malicious logic This work has been supported by an NSF funded collaborative project with UTC.

23 Victim 5554 infected by Mobile Trojan 5554 sends a short MSG to 5556

24 Receiver of Victim replies to 5554 Nothing happened at Victim 5554

25 Mobile Malware Defense use a "ContentObserver" to listen to any actions on the internal database of Android.

26 Questions? Computer Science Thank you! Contact: Dr. Fan Wu