An Overview of Mobile Security

Similar documents
Chapter 9. Firewalls

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

COMPUTER NETWORK SECURITY

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

INFORMATION SESSION. MS Software Engineering, specialization in Cybersecurity

CYBERSECURITY: Scholarship and Job Opportunities

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Certified Ethical Hacker (CEH)

Course Outline (version 2)

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Opening Doors to Cyber and Homeland Security Careers

NETWORK THREATS DEMAN

North Dakota State University Fargo, ND Ph.D. in Software Engineering Emphasis area: Security Requirements Engineering

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

CCNA Cybersecurity Operations 1.1 Scope and Sequence

All-in one security for large and medium-sized businesses.

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

A Review Paper on Network Security Attacks and Defences

CCNA Cybersecurity Operations. Program Overview

Most Common Security Threats (cont.)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015

Unified Communications Phase 2 Presentation to IT Services Users Group

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Matt Walker s All in One Course for the CEH Exam. Course Outline. Matt Walker s All in One Course for the CEH Exam.

Instructor: Eric Rettke Phone: (every few days)

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Building the IA Workforce

Barbara Ciaramitaro, lead professor of IT and cyber security at Walsh College in Troy

Network Security and Cryptography. 2 September Marking Scheme

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

68 Insider Threat Red Flags

The GenCyber Program. By Chris Ralph

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

Information Security Controls Policy

Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE

BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY

COMPUTER FORENSICS (CFRS)

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Building Partnerships to meet. Global Security Challenges. Dr. Taylor Eighmy August 14, 2018

Cyber Attacks & Breaches It s not if, it s When

CYBERSECURITY RISK LOWERING CHECKLIST

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Viruses and Malicious Code: A Community Defense Perspective

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Chapter 4. Network Security. Part I

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

Network Security and Cryptography. December Sample Exam Marking Scheme

Collaboration on Cybersecurity program between California University and Shippensburg University

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Ethical Hacking and Prevention

Digital Forensics. Graduate Certificate

Troubleshooting and Cyber Protection Josh Wheeler

Building Resilience in a Digital Enterprise

Standard Course Outline IS 656 Information Systems Security and Assurance

The Eight Components of a Strong Cyber Security Defense System

TestBraindump. Latest test braindump, braindump actual test

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

CENTRAL AUTHENTICATION USING RADIUS AND 802.1X

EXPERIENCES WITH DEVELOPING A COMPUTER SECURITY INFORMATION ASSURANCE CURRICULUM *

Discover Viterbi: Computer Science, Cyber Security & Informatics Programs. Viterbi School of Engineering University of Southern California Fall 2017

CSE 565 Computer Security Fall 2018

CyberP3i Course Module Series

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Computer Science & IT

MSU IT Update. Rob McCurdy Chief Information Officer

Education Network Security

CIS 700/002 : Special Topics : Protection Mechanisms & Secure Design Principles

Copyright 2006 Prentice-Hall. All rights reserved. 1

Security Audit What Why

Security+ SY0-501 Study Guide Table of Contents

Chapter 10: Security and Ethical Challenges of E-Business

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

University of Wisconsin-Stout Menomonie, WI

Cyber Defense & Network Assurance (CyberDNA) Center. Professor Ehab Al Shaer, Director of CyberDNA Center UNC Charlotte

Pearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.

Meeting the Cyber Security Workforce Demand By Drew Hamilton Mississippi State University

Training UNIFIED SECURITY. Signature based packet analysis

Syllabus: The syllabus is broadly structured as follows:

ClearPath OS 2200 System LAN Security Overview. White paper

Top 10 Considerations for Securing Private Clouds

Cybersecurity Workshop: Critical Cybersecurity Education & Professional Development

Justification: IT/COMP 421 is now IT421. Adjustments made so both CS and IT majors have equivalent prereqs. Corrects error in course justification.

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

UTCS Scholarships for Service

A Taxonomy and a Knowledge Portal for Cybersecurity

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

716 West Ave Austin, TX USA

Chapter 11: Networks

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Transcription:

An Overview of Mobile Security Dr. Fan Wu Professor, Department of Computer Science, College of Business and Information Science (CBIS) Director, Center of Information Assurance Education (CIAE) Interim Director, Office of Undergraduate Research Tuskegee University CAE Tech Talk National Centers of Academic Excellence November 16, 2017

Established in 1881 by the prominent educator Booker T. Washington, Tuskegee University (TU) is ranked among the Nation s best educational institutions by US News & World Report. Tuskegee University has distinctive strengths in the sciences, architecture, business, engineering, health, and other professions, all structured on solid foundations in the liberal arts.

Tuskegee University Established a Center of Academic Excellence in IAE (Information Assurance Education) in Computer Science Department, College of Business and Information Science (CBIS) Initially Designated by NSA, DHS April 2012 Re-Designated by NSA, DHS April 2017 The CAE-CDE at TU serves as organizing body to offer resources and assistance for faculty, students, and community in conducting teaching, research, and other activities in Information Assurance. https://www.tuskegee.edu/about-us/centers-of-excellence/ciae

Funding to support Cyber Security Research NSF-Scholarship for Service Program (SFS) - Capacity Building Track - Scholarship Track DHS -Scientific Leadership Awards (SLA) Improve and expand undergraduate curriculum in IA. Foster the Master in Information Systems and Security Management (ISSM).

Computer Science Department established MS- ISSM (Information Systems and Security Management)- Started Fall 2014 MS-ISSM program is an interdisciplinary program offered under a cooperative arrangement with various departments including Accounting, Economics, Finance; Management, and Computer Science. The ISSM curriculum is unique in the sense that it integrates both the business and computer science disciplines into a coherent area of study.

Mobile Security is a hot topic in Information Security area now a days. Developed and offered new course: Mobile Security (Both Graduate and Undergraduate Levels) in the semester of SP 2013, SP 2014, FA 2016, SP 2017, and FA 2017. This course is one of the important courses for the National Center of Information Assurance (CIAE) at Tuskegee University. Mobile Security related research work has been funded by: National Science Foundation (NSF)* 2012-2016 Department of Homeland Security (DHS) 2012-2018 * Collaborative Project with University of Tennessee at Chattanooga, PI: Dr. Li Yang

Topic 1: Introduction to Mobile Computing Topic 2: Android Overview, Sensors and Networks Topic 3: Mobile Security Basics Topic 4: Mobile OS Security Model Comparison Topic 5: Threats and vulnerabilities in mobile application Topic 6: Secure development in mobile computing Topic 7: Using cryptography in mobile computing Topic 8: Secure communication of mobile devices Topic 9: Security Policy and Governance Topic 10: Mobile cloud computing future of mobile computing

Mobile computing is a generic term describing one's ability to use technology while moving. A connection ties the mobile device to centrally located information and/or application software. This is usually done through portable and wireless communication devices.

Some examples.. Computer Science wearable computers laptops with wireless LAN or wireless WAN technology Personal Digital Assistants (PDAs)

The main advantage-they are mobile!

The main concern with mobile computing is security. Hacking is very prevalent with mobile computing. Mobile computers are the most vulnerable to such attacks.

Mobile devices are flourishing and their diversity is growing. Mobile devices are often used precisely where they re most vulnerable in public places like airplanes, lobbies, taxis, etc. But only a few are secured against the potential hazards of security attacks. This leads to data loss; probing or downloading of data by unauthorized persons. Hence, mobile security is the need of today!

Physical risk: Theft or loss. Unauthorized access risk: Login or network access by an unauthorized person or computer Operating system or application risk. Mobile data storage device risk. Network risk: Computing and communication devices can be accessed through the networks to which they are connected without detection. Viruses, worms, and other malware can enter a computer or through other networks

Authentication Data Encryption Firewall Intrusion Prevention System

Authentication verifies that users or systems are who they claim to be, based on identity (e.g., username) and credentials (e.g., password). Most highly publicized breaches are attributed to weak authentication - from unlocked laptops to wireless networks with cracked passwords. Many embarrassing incidents could be avoided by providing vigorous authentication to mobile devices and their networks.

Data encryption refers to Mathematical calculations and algorithmic schemes that transform plaintext into cyphertext. Cyphertext - non-readable to unauthorized parties. The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt(decode) the data. This transforms it to the original plaintext version.

A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is drained by the filters, it is not allowed through.

Firewalls use one or more of three methods : Packet filtering - Packets are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from other mobile device is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - It compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is compared. If the comparison yields a reasonable match, the information is allowed through. Otherwise discarded.

A network security device that monitors network for malicious or unwanted behavior. It can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.

Malicious logic 5556 5554 This work has been supported by an NSF funded collaborative project with UTC.

Victim 5554 infected by Mobile Trojan 5554 sends a short MSG to 5556

Receiver of Victim replies to 5554 Nothing happened at Victim 5554

Mobile Malware Defense use a "ContentObserver" to listen to any actions on the internal database of Android.

Questions? Computer Science Thank you! Contact: Dr. Fan Wu fwu@tuskegee.edu 334-727-8362 www.tuskegee.edu/wuf

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback