05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.
-
date post
22-Dec-2015 -
Category
Documents
-
view
217 -
download
1
Transcript of 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.
![Page 1: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/1.jpg)
05-05-2005 Sujeeth Narayan 1
Smartphones Security
CS 691
Sujeeth Narayan
![Page 2: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/2.jpg)
05-05-2005 Sujeeth Narayan 2
Agenda
Part 1 - Introduction to Smartphones
Part 2 - Security Issues
Part 3 - Unified Framework
Part 4 - New Authentication Method
Part 5 - Conclusion
![Page 3: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/3.jpg)
05-05-2005 Sujeeth Narayan 3
Motivation
• A developing Technology Industry
• Security is unstable in Mobile phones
• Easy to Test
![Page 4: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/4.jpg)
05-05-2005 Sujeeth Narayan 4
Part 1: Introduction to Smartphones
![Page 5: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/5.jpg)
05-05-2005 Sujeeth Narayan 5
What are Smartphones?
Includes :
•Vocal Communications – GSM,GPRS•Web Browsing•eMail•Organizer Functions•Multimedia Capabilities
•Media Player•Audio, Video Recorder•Camera
![Page 6: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/6.jpg)
05-05-2005 Sujeeth Narayan 6
Smartphones Internals
Capabilities : •Personal Information Management
•Synchronize using protocols such as ActiveSync, IntelliSync
•Connect using Bluetooth, IrDA or GPRS
Operating Systems :•Windows Mobile TM - Audiovox SMT 5600
•Symbian (Linux) – Motorola A760
![Page 7: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/7.jpg)
05-05-2005 Sujeeth Narayan 7
OS Architecture
![Page 8: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/8.jpg)
05-05-2005 Sujeeth Narayan 8
•Based on Operating System – Bugs , Security Holes
•Data Security – PIN exists but not applied for data
Risks related to Inherent Characteristics
![Page 9: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/9.jpg)
05-05-2005 Sujeeth Narayan 9
Risks related to Users
Mobile usage Survey by Pointsec Mobile Technologies
•Ease to synchronize data with Personal Computer
•Not Enough Data Security
![Page 10: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/10.jpg)
05-05-2005 Sujeeth Narayan 10
Risks related to Networks
Bluetooth :•Short range wireless connections•Has Security specification but not used many users.•Setting Bluetooth Service in Discoverable Mode
Possible Attacks: •BTBrowser scans for nearby Bluetooth devices and Browses Directories
•Buffer overflows attacks in some response messages
•Bluejacking : •Putting a message in place of ones device name•Sending with a pairing request•With a prompting message, the victim presses a key •Victim would be allow attacker to access files
![Page 11: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/11.jpg)
05-05-2005 Sujeeth Narayan 11
Risks related to Networks
GPRS (General Packet Radio Service) :
•Works on Radio waves •Work with Internet connectivity
Possible Attacks:
•Attacks from Internet – eMails, Messenger Messages•Compromised backbone of GGSN – Gateway GPRS Support Node
![Page 12: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/12.jpg)
05-05-2005 Sujeeth Narayan 12
Enterprises Security Policy
Banning use of Personal Smartphones• Unrealistic • Impossible to physically control
Should Define:• Synchronization • Use of devices in public places (Deactivate Bluetooth)• Information Exchange between Device and Enterprise System
![Page 13: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/13.jpg)
05-05-2005 Sujeeth Narayan 13
USF - Unified Security Framework
Driven by:
NIST – National Institute of Standard and TechnologyCSRC – Computer Security Resource Center
Published on June 2004 http://csrc.nist.gov/mobilesecurity/Publications/PP-UNIsecFramework-fin.pdf
![Page 14: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/14.jpg)
05-05-2005 Sujeeth Narayan 14
• User Authentication – •The first line of defense for an unattended, lost, or stolen device.• Multiple modes of authentication increase the work factor for
an attacker.
• Content Encryption – • The second line of defense for protecting sensitive information.
• Policy Controls – •Policy rules, enforced for all programs regardless of associated privileges, protect critical components from modification, and limit access to security-related information.
USF- Addresses Issues
![Page 15: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/15.jpg)
05-05-2005 Sujeeth Narayan 15
Part 4: New Authentication Method
![Page 16: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/16.jpg)
05-05-2005 Sujeeth Narayan 16
Picture Password :A Visual Login Technique for Mobile Devices
http://csrc.nist.gov/publications/nistir/nistir-7030.pdf
Wayne Jansen, Serban Gavrila, Vlad Korolev, Rick Ayers, Ryan Swanstrom
![Page 17: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/17.jpg)
05-05-2005 Sujeeth Narayan 17
Method: Extracting the selection of Images
•Matrix Formation of Images•Associated value for each image•Generate equivalent Password
Extracting the characteristics of Image ???
![Page 18: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/18.jpg)
05-05-2005 Sujeeth Narayan 18
Part 5: Conclusion
![Page 19: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/19.jpg)
05-05-2005 Sujeeth Narayan 19
• Smartphones are complex in Architecture and Design
• Network protocols are complex to implement
• Technology is growing and possibly more weaknesses discovered
• Organizations should consider these devices in policy making
Conclusion
![Page 20: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/20.jpg)
05-05-2005 Sujeeth Narayan 20
References
http://csrc.nist.gov/mobiledevices/projects.html
http://www.wirelessdev.net
http://www.smartphonethoughts.com
http://www.AirScanner.com -Mobile Firewall and Antivirus
http://www.PointSec.com - Mobile Security Software
![Page 21: 05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.](https://reader035.fdocuments.us/reader035/viewer/2022081516/56649d795503460f94a5c4ef/html5/thumbnails/21.jpg)
05-05-2005 Sujeeth Narayan 21
Questions ??