Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan
Sujeeth Narayan2 Agenda Part 1 - Introduction to Smartphones Part 2 - Security Issues Part 3 - Unified Framework Part 4 - New Authentication Method Part 5 - Conclusion
Sujeeth Narayan3 Motivation A developing Technology Industry Security is unstable in Mobile phones Easy to Test
Sujeeth Narayan4 Part 1: Introduction to Smartphones
Sujeeth Narayan5 What are Smartphones? Includes : Vocal Communications – GSM,GPRS Web Browsing Organizer Functions Multimedia Capabilities Media Player Audio, Video Recorder Camera
Sujeeth Narayan6 Smartphones Internals Capabilities : Personal Information Management Synchronize using protocols such as ActiveSync, IntelliSync Connect using Bluetooth, IrDA or GPRS Operating Systems : Windows Mobile TM - Audiovox SMT 5600 Symbian (Linux) – Motorola A760
Sujeeth Narayan7 OS Architecture
Sujeeth Narayan8 Based on Operating System – Bugs, Security Holes Data Security – PIN exists but not applied for data Risks related to Inherent Characteristics
Sujeeth Narayan9 Risks related to Users Mobile usage Surveyby Pointsec Mobile Technologies Ease to synchronize data with Personal Computer Not Enough Data Security
Sujeeth Narayan10 Risks related to Networks Bluetooth : Short range wireless connections Has Security specification but not used many users. Setting Bluetooth Service in Discoverable Mode Possible Attacks: BTBrowser scans for nearby Bluetooth devices and Browses Directories Buffer overflows attacks in some response messages Bluejacking : Putting a message in place of ones device name Sending with a pairing request With a prompting message, the victim presses a key Victim would be allow attacker to access files
Sujeeth Narayan11 Risks related to Networks GPRS (General Packet Radio Service) : Works on Radio waves Work with Internet connectivity Possible Attacks: Attacks from Internet – s, Messenger Messages Compromised backbone of GGSN – Gateway GPRS Support Node
Sujeeth Narayan12 Enterprises Security Policy Banning use of Personal Smartphones Unrealistic Impossible to physically control Should Define: Synchronization Use of devices in public places (Deactivate Bluetooth) Information Exchange between Device and Enterprise System
Sujeeth Narayan13 USF - Unified Security Framework Driven by: NIST – National Institute of Standard and Technology CSRC – Computer Security Resource Center Published on June
Sujeeth Narayan14 User Authentication – The first line of defense for an unattended, lost, or stolen device. Multiple modes of authentication increase the work factor for an attacker. Content Encryption – The second line of defense for protecting sensitive information. Policy Controls – Policy rules, enforced for all programs regardless of associated privileges, protect critical components from modification, and limit access to security-related information. USF- Addresses Issues
Sujeeth Narayan15 Part 4: New Authentication Method
Sujeeth Narayan16 Picture Password : A Visual Login Technique for Mobile Devices Wayne Jansen, Serban Gavrila, Vlad Korolev, Rick Ayers, Ryan Swanstrom
Sujeeth Narayan17 Method: Extracting the selection of Images Matrix Formation of Images Associated value for each image Generate equivalent Password Extracting the characteristics of Image ???
Sujeeth Narayan18 Part 5: Conclusion
Sujeeth Narayan19 Smartphones are complex in Architecture and Design Network protocols are complex to implement Technology is growing and possibly more weaknesses discovered Organizations should consider these devices in policy making Conclusion
Sujeeth Narayan20 References Mobile Firewall and Antivirus - Mobile Security Software
Sujeeth Narayan21 Questions ??