Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Security Issues in Mobile Computing

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 62

Security Issues in Mobile

Computing
INTRODUCTION

• Today, all the computers of the world are interconnected through internet.

• The fundamental premise of mobile computing is that the information will


be accessed from outside of the organization.

• Wireless media works on the principle of broadcast, information is


radiated to everyone within the radio wave range thus increasing the
security threats.
ATTACKS
Components of Information Security
• Information security is synonymous with secrecy. The art of keeping a message secret was to encrypt the message and thus

hide it from others getting to know of it.

• Confidentiality,Integrity,Availability,non-repudiation,authorization,trust and accounting(CIANATA)

• Confidentiality: Information is kept secret (through encryption) so that unauthorized persons cannot get at the information.
Components of Information Security

• Integrity: Keeping the information intact(to maintain the information in such a way it doesn’t get damaged).

• Availability: system will be available to its legitimate(accepted by the protocol) users.

• Non-repudiation: It is the property by which the identity of both sender and receiver of the message can be

identified and verified.

• Authorization: It is the property by which the user’s properties can be associated to the information access.

• Trust : It is the property of expectation, confidence and belief over time.

• Accounting: It is the property of calculating the fee for a service rendered.


SECURITY TECHNIQUES AND ALGORITHMS

• Encryption algorithms are divided into two main groups:

• Symmetric key encryption and Public key encryption

• Symmetric key encryption: the key used for decryption is the same as the key for
encryption. Sometimes the algorithm used for encryption and decryption is the
same.

• Public Key Algorithms: The key used for decryption is different from the key used
for encryption.
Stream Ciphering & Block Ciphering
• Stream Cipher : A bit or a byte is taken at a time and encrypted.

This algorithm looks at the input plaintext as a stream of bits and

encrypts them one bit (or byte) at a time as the stream progresses.

The length of the plaintext and the key size will be same.

WiFi uses stream cipher.

• Block Cipher: One block of plaintext is taken as a whole and used to produce a ciphertext
block of equal length.

Majority of cryptosystems use block cipher.


Symmetric Key Cryptography

• Same key is used for both encryption and decryption.

• Conventional or classical algorithm.

• In this type of encryption, the key is secret and known only to the encrypting &
decrypting. Therefore it is also known as a secret key algorithm.

• Also known as shared key cryptography.

• Unauthorized recipients of the cipher who know the algorithm but do not have
correct key cannot derive the original data algorithmically.
• In a symmetric key cryptography , there are four components:

1) DES( Data Encryption Standard) – consists of 64bits of which 56 bits are randomly generated and

used directly by the algorithm. The other 8 bits are used for error detection and not for encryption.

2)3DES – DES is used 3 times in succession with different keys. This increases the key size resulting in

higher security.

3)AES – Advances Encryption Standard

4)Skipjack/FORTEZZA : This is a token-based symmetric algorithm used by defense personnel in the US.
PUBLIC KEY CRYPTOGRAPHY

• Two different keys - one for encryption and a different key for decryption.

• The encryption key and the decryption key together form a key pair.

• One of these keys from the key pair is made public and the other one kept
private or secret. That is why this algorithm is called public key cryptosystem.

• Six Components: Plaintext, Ciphertext, Encryption algorithm, Decryption


algorithm, Public key, private key.
• There are three public key cryptosystems most widely used and they are Diffie Hellman, RSA and
Elliptic carve.
• DIFFIE HELLMAN
• A and B – two parties, p and g prime numbers (g must be less than p)
• Step I : P=13 and g=3
• Step II : A chooses a random number SA. This number is kept secret as a private key with A. (5)
• Step III : B chooses a random number SB. This number is kept secret as a private key with B.(7)
• Step IV : (g ^ SA)mod p=(3^5)mod 13 = 243 mod 13 =9. So A public key:9 and A private key:5
• Step V : (g ^ SB)mod p=(3^7) mod 13 = 2187 mod 13 = 3. So B public key:3 and B private key:7
• Step VI : Public keys of A and B are exchanged ie., A send the public key 9 to B & B send the 3 to
A.
• Step VII : KA=(3^5) mod 13=243 mod 13=9
• Step VIII : KB = (9^7) mod 13 = 4782969 mod 13=9
RSA
• Select two prime no's. Suppose P = 53 and Q = 59.
• Now First part of the Public key : n = P*Q = 3127.
• We also need a small exponent say e :
• But e Must be an integer. Not be a factor of n. ie., 1 < e < Φ(n)

• Generating Private Key :


• We need to calculate Φ(n) :
• Such that Φ(n) = (P-1)(Q-1)
• so, Φ(n) = 3016
• Now calculate Private Key, d :
• d = (k*Φ(n) + 1) / e for some integer k
• For k = 2, value of d is 2011.
• Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)
Example:
• Now we will encrypt “HI” :

• Convert letters to numbers : H = 8 and I = 9


• Thus Encrypted Data c = 89e mod n.
• Thus our Encrypted Data comes out to be 1394

• Now we will decrypt 1394 :


• Decrypted Data = cd mod n.
• Thus our Encrypted Data comes out to be 89
• 8 = H and I = 9 i.e. "HI".
HASHING ALGORITHMS
• A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length.
• Values returned by a hash function are called message digest or simply hash values.
• Design of Hashing Algorithms
• At the heart of a hashing is a mathematical function that operates on
two fixed-size blocks of data to create a hash code. This hash function
forms the part of the hashing algorithm.

• The size of each data block varies depending on the algorithm.


Typically the block sizes are from 128 bits to 512 bits. The following
illustration demonstrates hash function −
• Hashing algorithm involves rounds of above hash function like a block cipher. Each round takes an input of a
fixed size, typically a combination of the most recent message block and the output of the last round.

• This process is repeated for as many rounds as are required to hash the entire message. Schematic of
hashing algorithm is depicted in the following illustration −

Since, the hash value of first message block becomes an input to the second hash operation, output of which
alters the result of the third operation, and so on. This effect, known as an avalanche effect of hashing.
Popular Hash Functions

Message Digest (MD)

• MD5 was most popular and widely used hash function for quite some years.

• The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was adopted as Internet
Standard RFC 1321. It is a 128-bit hash function.

• MD5 digests have been widely used in the software world to provide assurance about integrity of
transferred file. For example, file servers often provide a pre-computed MD5 checksum for the
files, so that a user can compare the checksum of the downloaded file to it.
Secure Hash Function (SHA)
• Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though from same family, there are structurally different.

• The original version is SHA-0, a 160-bit hash function, was published by the National Institute of Standards and Technology (NIST) in 1993. It

had few weaknesses and did not become very popular. Later in 1995, SHA-1 was designed to correct alleged weaknesses of SHA-0.

• SHA-1 is the most widely used of the existing SHA hash functions. It is employed in several widely used applications and protocols including

Secure Socket Layer (SSL) security.

• In 2005, a method was found for uncovering collisions for SHA-1 within practical time frame making long-term employability of SHA-1.

• SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and SHA-512 depending up on number of bits in their hash value.

No successful attacks have yet been reported on SHA-2 hash function.

• Though SHA-2 is a strong hash function. Though significantly different, its basic design is still follows design of SHA-1. Hence, NIST called for

new competitive hash function designs.

• In October 2012, the NIST chose the Keccak algorithm as the new SHA-3 standard. Keccak offers many benefits, such as efficient

performance and good resistance for attacks.


SECURITY PROTOCOLS
• Secured Socket Layer(SSL)
• Transport Layer Security(TLS)
• Wireless Transport Layer Security(WTLS)
• Multifactor Security
• Digital Watermark
• Key Recovery
Secured Socket Layer(SSL)
• Secure Socket Layer (SSL) provides security to the data that is transferred
between web browser and server. SSL encrypts the link between a web
server and a browser which ensures that all data passed between them
remain private and free from attack.

• Secure Socket Layer Protocols:


• SSL record protocol
• Handshake protocol
• Change-cipher spec protocol
• Alert protocol
SSL Protocol Stack:
SSL Record Protocol:
• SSL Record provides two services to SSL connection.

• Confidentiality

• Message Integrity

• In the SSL Record Protocol application data is divided into fragments. The fragment is compressed and then encrypted
MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest)
is appended. After that encryption of the data is done and in last SSL header is appended to the data.
Handshake Protocol:
• Handshake Protocol is used to establish sessions. This protocol allows the client and server to authenticate each other by

sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.

• Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite and protocol

version are exchanged for security purposes.

• Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the Server-hello-end

packet.

• Phase-3: In this phase, Client replies to the server by sending his certificate and Client-exchange-key.

• Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
Change-cipher Protocol:
• This protocol uses the SSL record protocol. Unless Handshake Protocol
is completed, the SSL record Output will be in a pending state. After
the handshake protocol, the Pending state is converted into the
current state.
• Change-cipher protocol consists of a single message which is 1 byte in
length and can have only one value. This protocol’s purpose is to
cause the pending state to be copied into the current state.
Alert Protocol:
• This protocol is used to convey SSL-related alerts to the peer entity. Each message in this protocol contains 2
bytes.

• The level is further classified into two parts:


• Warning (level = 1):
• This Alert has no impact on the connection between sender and receiver.
• Some of them are:
• Bad certificate: When the received certificate is corrupt.
• No certificate: When an appropriate certificate is not available.
• Certificate expired: When a certificate has expired.
• Certificate unknown: When some other unspecified issue arose in processing the certificate, rendering it
unacceptable.
• Close notify: It notifies that the sender will no longer send any messages in the connection.
• Fatal Error (level = 2):

• This Alert breaks the connection between sender and receiver. The connection will be stopped,
cannot be resumed but can be restarted. Some of them are :

• Handshake failure: When the sender is unable to negotiate an acceptable set of security parameters
given the options available.
• Decompression failure: When the decompression function receives improper input.
• Illegal parameters: When a field is out of range or inconsistent with other fields.
• Bad record MAC: When an incorrect MAC was received.
• Unexpected message: When an inappropriate message is received.

• The second byte in the Alert protocol describes the error.


TRANSPORT LAYER SECURITY(TLS)
• Transport Layer Security, or TLS, is a widely adopted security protocol
designed to facilitate privacy and data security for communications
over the Internet. A primary use case of TLS is encrypting the
communication between web applications and servers, such as web
browsers loading a website. TLS can also be used to encrypt other
communications such as email, messaging, and voice over IP (VoIP).
• TLS evolved from a previous encryption protocol called Secure Sockets
Layer (SSL)
What does TLS do?

• There are three main components to what the TLS protocol


accomplishes: Encryption, Authentication, and Integrity.

Encryption: hides the data being transferred from third parties.


Authentication: ensures that the parties exchanging information are
who they claim to be.
Integrity: verifies that the data has not been forged or tampered with.
How does TLS work?
• For a website or application to use TLS, it must have a TLS certificate
installed on its origin server (the certificate is also known as an "SSL
certificate“
• A TLS certificate is issued by a certificate authority to the person or
business that owns a domain. The certificate contains important
information about who owns the domain, along with the server's
public key, both of which are important for validating the server's
identity.
How does TLS work?
• A TLS connection is initiated using a sequence known as the TLS handshake. When
a user navigates to a website that uses TLS, the TLS handshake begins between the
user's device (also known as the client device) and the web server.

• During the TLS handshake, the user's device and the web server:

• Specify which version of TLS (TLS 1.0, 1.2, 1.3, etc.) they will use
• Decide on which cipher suites (see below) they will use
• Authenticate the identity of the server using the server's TLS certificate
• Generate session keys for encrypting messages between them after the handshake
is complete.
How does TLS work?
• The TLS handshake establishes a cipher suite for each communication
session. The cipher suite is a set of algorithms that specifies details
such as which shared encryption keys, or session keys, will be used for
that particular session. TLS is able to set the matching session keys
over an unencrypted channel thanks to a technology known as public
key cryptography.
• The handshake also handles authentication, which usually consists of
the server proving its identity to the client. This is done using public
keys. Public keys are encryption keys that use one-way encryption,
meaning that anyone with the public key can unscramble the data
encrypted with the server's private key to ensure its authenticity, but
only the original sender can encrypt data with the private key. The
server's public key is part of its TLS certificate.
How does TLS work?
• Once data is encrypted and authenticated, it is then signed with a
message authentication code (MAC). The recipient can then verify the
MAC to ensure the integrity of the data. This is kind of like the
tamper-proof foil found on a bottle of aspirin; the consumer knows no
one has tampered with their medicine because the foil is intact when
they purchase it.
PUBLIC KEY INFRASTRUCTURE
• Public key infrastructure or PKI is the governing body behind issuing
digital certificates. It helps to protect confidential data and gives
unique identities to users and systems. Thus, it ensures security in
communications.

• The public key infrastructure uses a pair of keys: the public key and
the private key to achieve security. The public keys are prone to
attacks and thus an intact infrastructure is needed to maintain them.
PUBLIC KEY INFRASTRUCTURE
• Managing Keys in the Cryptosystem:
• The security of a cryptosystem relies on its keys. Thus, it is important
that we have a solid key management system in place. The 3 main
areas of key management are as follows:

• A cryptographic key is a piece of data that must be managed by


secure administration.
• It involves managing the key life cycle which is as follows:
• Public key management further requires:
• Keeping the private key secret: Only the owner of a private key is
authorized to use a private key. It should thus remain out of reach of
any other person.
• Assuring the public key: Public keys are in the open domain and can
be publicly accessed. When this extent of public accessibility, it
becomes hard to know if a key is correct and what it will be used for.
The purpose of a public key must be explicitly defined.
• PKI or public key infrastructure aims at achieving the assurance of
public key.
• Public Key Infrastructure:
• Public key infrastructure affirms the usage of a public key. PKI identifies a
public key along with its purpose. It usually consists of the following
components:

• A digital certificate also called a public key certificate


• Private Key tokens
• Registration authority
• Certification authority
• CMS or Certification management system
Working on a PKI:
• PKI and Encryption: The root of PKI involves the use of cryptography and encryption techniques.
Both symmetric and asymmetric encryption uses a public key. The challenge here is – “how do
you know that the public key belongs to the right person or to the person you think it belongs
to?”. There is always a risk of MITM(Man in the middle). This issue is resolved by a PKI using
digital certificates. It gives identities to keys in order to make the verification of owners easy and
accurate.
• Public Key Certificate or Digital Certificate: Digital certificates are issued to people and electronic
systems to uniquely identify them in the digital world. Here are a few noteworthy things about a
digital certificate. Digital certificates are also called X.509 certificates. This is because they are
based on the ITU standard X.509.
• The Certification Authority (CA) stores the public key of a user along with other information
about the client in the digital certificate. The information is signed and a digital signature is also
included in the certificate.
• The affirmation for the public key then thus be retrieved by validating the signature using the
public key of the Certification Authority.
• Certifying Authorities: A CA issues and verifies certificates. This authority makes sure that the
information in a certificate is real and correct and it also digitally signs the certificate. A CA or
Certifying Authority performs these basic roles:
• Generates the key pairs – This key pair generated by the CA can be either independent or in
collaboration with the client.
• Issuing of the digital certificates – When the client successfully provides the right details about his
identity, the CA issues a certificate to the client. Then CA further signs this certificate digitally so that
no changes can be made to the information.
• Publishing of certificates – The CA publishes the certificates so that the users can find them. They can
do this by either publishing them in an electronic telephone directory or by sending them out to other
people.
• Verification of certificate – CA gives a public key that helps in verifying if the access attempt is
authorized or not.
• Revocation – In case of suspicious behavior of a client or loss of trust in them, the CA has the power to
revoke the digital certificate.
• Classes of a Digital Certificate:
• A digital certificate can be divided into four broad categories. These
are :

• Class 1: These can be obtained by only providing the email address.


• Class 2: These need more personal information.
• Class 3: This first checks the identity of the person making a request.
• Class 4: They are used by organizations and governments.
• Process of creation of certificate:
• The creation of a certificate takes place as follows:

• Private and public keys are created.


• CA requests identifying attributes of the owner of a private key.
• Public key and attributes are encoded into a CSR or Certificate Signing
Request.
• Key owner signs that CSR to prove the possession of a private key.
• CA signs the certificate after validation.
Challenges that a PKI Solves:

• PKI owes its popularity to the various problems its solves. Some use
cases of PKI are:

• Securing web browsers and communicating networks by SSL/TLS


certifications.
• Maintaining Access Rights over Intranets and VPNs.
• Data Encryption
• Digitally Signed Software
• Wi-fi Access Without Passwords
The two industries that are using PKI for IoT devices:

• Auto Manufacturers: Cars these days have features like GPS, call for
services, assistants, etc. These require communication paths where a lot
of data is passed. Making these connections secure is very important to
avoid malicious parties hacking into the cars. This is where PKI comes in.
• Medical device Manufacturers: Devices like surgical robots require high
security. Also, FDA mandates that any next-generation medical device
must be updatable so that bugs can be removed and security issues can
be dealt with. PKI is used to issues certificates to such devices.
Disadvantages of PKI:

• Speed: Since PKI uses super complex algorithms to create a secure key
pair. So it eventually slows down the process and data transfer.

• Private Key Compromise: Even though PKI can’t be hacked very easily
but a private key can be hacked by a professional hacker, since PKI
uses Public and Private key to encrypt and decrypt data so with user’s
private key in hand and public key which is easily available the
information can be decrypted easily.
Network Security Model
• A Network Security Model exhibits how the security service has
been designed over the network to prevent the opponent from causing
a threat to the confidentiality or authenticity of the information that is
being transmitted through the network.
• In this section, we will be discussing the general ‘network security
model’ where we will study how messages are shared between the
sender and receiver securely over the network. And we will also
discuss the ‘network access security model’ which is designed to
secure your system from unwanted access through the network
• For a message to be sent or receive there must be a sender and a
receiver. Both the sender and receiver must also be mutually agreeing
to the sharing of the message. Now, the transmission of a message
from sender to receiver needs a medium i.e. Information channel
which is an Internet service.
• A logical route is defined through the network (Internet), from sender
to the receiver and using the communication protocols both the
sender and the receiver established communication.
• Well, we are concerned about the security of the message over the network
when the message has some confidential or authentic information which has a
threat from an opponent present at the information channel. Any security
service would have the three components discussed below:

• 1. Transformation of the information which has to be sent to the receiver. So,


that any opponent present at the information channel is unable to read the
message. This indicates the encryption of the message.

• It also includes the addition of code during the transformation of the


information which will be used in verifying the identity of the authentic receiver.
• 2. Sharing of the secret information between sender and receiver of
which the opponent must not any clue. Yes, we are talking of the
encryption key which is used during the encryption of the message at
the sender’s end and also during the decryption of message at
receiver’s end.
• 3. There must be a trusted third party which should take the
responsibility of distributing the secret information (key) to both the
communicating parties and also prevent it from any opponent.
• The network security model presents the two communicating parties
sender and receiver who mutually agrees to exchange the
information. The sender has information to share with the receiver.

• But sender cannot send the message on the information cannel in the
readable form as it will have a threat of being attacked by the
opponent. So, before sending the message through the information
channel, it should be transformed into an unreadable format.
DESIGNING A SECURITY MODEL
• Secret information is used while transforming the message which will
also be required when the message will be retransformed at the
recipient side. That’s why a trusted third party is required which
would take the responsibility of distributing this secret information to
both the parties involved in communication.

• So, considering this general model of network security, one must


consider the following four tasks while designing the security model.
• 1. To transform a readable message at the sender side into an
unreadable format, an appropriate algorithm should be designed such
that it should be difficult for an opponent to crack that security
algorithm.
• 2. Next, the network security model designer is concerned about the
generation of the secret information which is known as a key.
• This secret information is used in conjunction with the security
algorithm in order to transform the message.
• 3. Now, the secret information is required at both the ends, sender’s end
and receiver’s end. At sender’s end, it is used to encrypt or transform the
message into unreadable form and at the receiver’s end, it is used to
decrypt or retransform the message into readable form.
• So, there must be a trusted third party which will distribute the secret
information to both sender and receiver. While designing the network
security model designer must also concentrate on developing the
methods to distribute the key to the sender and receiver.
• An appropriate methodology must be used to deliver the secret
information to the communicating parties without the interference of the
opponent.
• It is also taken care that the communication protocols that are used
by the communicating parties should be supporting the security
algorithm and the secret key in order to achieve the security service.

• Till now we have discussed the security of the information or message


over the network. Now, we will discuss the network access security
model which is designed to secure the information system which can
be accessed by the attacker through the network.
Attackers fall into two categories:

• 1. Hacker: The one who is only interested in penetrating into your


system. They do not cause any harm to your system they only get
satisfied by getting access to your system.

• 2. Intruders: These attackers intend to do damage to your system or


try to obtain the information from the system which can be used to
attain financial gain.
• The attacker can place a logical program on your system through the
network which can affect the software on your system. This leads to
two kinds of risks:

• a. Information threat: This kind of threats modifies data on the user’s


behalf to which actually user should not access. Like enabling some
crucial permission in the system.

• b. Service threat: This kind of threat disables the user from accessing
data on the system.
• These kinds of threats can be introduced by launching worms and viruses and
may more like this on your system. Attack with worms and viruses are the
software attack that can be introduced to your system through the internet.

• The network security model to secure your system is shown in the figure below:
• There are two ways to secure your system from attacker of which the first is to introduce the
gatekeeper function. Introducing gatekeeper function means introducing login-id and passwords
which would keep away the unwanted access.

• In case the unwanted user gets access to the system the second way to secure your system is
introducing internal control which would detect the unwanted user trying to access the system by
analyzing system activities. This second method we call as antivirus which we install on our
system to prevent the unwanted user from accessing your computer system through the internet.
• So, this is all about the network security model. We have discussed two network security model. One, securing your information over the
network during information transmission. Second, securing your information system which can be accessed by the hacker through the
network or internet.
What is the Mobile Security Framework?
*>A mobile security framework fits within the larger security framework to specifically protect mobile
users within the larger technology ecosystem. Maintaining a strong mobile security framework is
crucial for business as the proliferation of mobile use continues to skyrocket. According to Statista,
there were 178.1 billion mobile apps downloaded in 2017 and that number is only projected to grow.

*>Hackers are seeing the giant growth in mobile use and are tailoring their thievery to take advantage
of such growth. Individual users and more importantly, businesses, need to understand the
risks of apps and mobile sites so they may properly protect themselves with web and app security. That
is where the mobile security framework comes in.

You might also like