SlideShare a Scribd company logo

Authentication service security

G
G Prachi

The document discusses several topics related to security for mobile devices and networks. It addresses two main components of mobile security: device security and network security. It then examines specific issues like cryptographic security using cryptographically generated addresses, LDAP security, RAS security, and various attacks on mobile devices like theft, viruses, phishing variants (mishing, vishing, smishing), and hacking of Bluetooth. Prevention and protection techniques are also proposed for many of these threats.

Related slideshows

Mobile computing unit2,SDMA,FDMA,CDMA,TDMA Space Division Multi Access,Frequ...
Mobile computing unit2,SDMA,FDMA,CDMA,TDMA Space Division Multi Access,Frequ...Mobile computing unit2,SDMA,FDMA,CDMA,TDMA Space Division Multi Access,Frequ...
Mobile computing unit2,SDMA,FDMA,CDMA,TDMA Space Division Multi Access,Frequ...
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Multiplexing in mobile computing
Multiplexing in mobile computingMultiplexing in mobile computing
Multiplexing in mobile computing
 
1 of 19
Authentication Service Security • Two components of security in mobile computing- 1. Security of Devices 2. Security in Networks • Some eminent attacks are discussed 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 1
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 2
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 3
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 4
Cryptographic security for mobile devices • CGA- cryptographically generated address. • 64 bit address generated by hashing owner’s public key address. • Corresponding private key is used to assert address ownership by signing the messages sent. • Mainly deployed on palm-held devices. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 5
LDAP security for hand-held mobile computing devices • Light weight version of Directory Access Protocol (DAP). • Does not contain security features in its initial version. • Software protocol used to locate individuals, organisations, other resources such as files and devices on the network. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 6
• Directories tell where an entity reside in a network. • LDAP directory structure- 1. Root directory 2. Countries which it branches out to 3. Organizations which it branches out to 4. Organizational units 5. Individual units • An LDAP server is called Directory Systems Agent (DSA). 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 7
RAS security for mobile devices • RAS- Remote Access Service • For protecting the business-sensitive data that may reside on employee’s mobile devices. • Divided into three areas- 1. Security of the RAS server 2. Security of the RAS client 3. Security of data transmission • Additional means- 1. Personal firewalls 2. Strong authentication 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 8
8/19/2019 Prachi-31603216 (NIT Kurukshetra) 9
Attacks on mobile phones/cell phones • Mobile phone theft • Mobile viruses • Mishing • Vishing • Smishing • Hacking bluetooth 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 10
Mobile phone theft • Transformed from being a luxury to a bare necessity. • Ensure to note the following details about your cell phone and preserve it in a safe place- 1. Your phone number. 2. The make and the model. 3. Color and appearance details. 4. PIN and/or security lock code. 5. IMEI number. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 11
• The International Mobile Equipment Identity(IMEI). -Unique to every GSM,WCDMA cell phone. -15-digit number. -Can be obtained by dialing *#06# -Used by the GSM network to identify all valid device and therefore can be used to stop a stolen phone from accessing the network in that country. • Add a security mark. • Install anti-theft software on your phone. Factors- • Enough target terminals. • Enough functionality. • Enough connectivity. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 12
Mobile viruses • Similar to computer virus that targets mobile phone data or applications. • In total 40 mobile virus families. • First virus identified in 2004 “cabir”. • Spread through two dominant ways- 1. Bluetooth virus 2. MMS virus Protection- • Download from a trusted source. • Download and install antivirus software. • Turn bluetooth OFF/ put in non-discoverable mode when not in use. • If phone IR enabled then allow it to receive incoming beams only from trusted sources. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 13
Mishing • Mobile phone and phishing. • These attacks are attempted using mobile phone technology. • M-commerce. • More vulnerable if you use mobile phone for - purchasing goods/services banking 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 14
Vishing • Voice and phishing • Criminal practice of using social engineering over the telephone to gain access to personal and financial information. • When the victim answers the call an automated recorded message is played which instructs the victim to call one phone number. • Spoofed caller ID 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 15
Smishing 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 16 • SMS phishing • Uses cell phone to deliver a lure message to get the victim reveal his PI. Prevention- • Do not reply to such text messages. • Avoid calling on any phone numbers mentioned. • Never click on the hotlink received. • Use SMS blocker application.
Hacking bluetooth • Open wireless technology standard used for communication between fixed and/or mobile devices. • Short-range wireless communication. • Uses 2.4 Ghz frequency range. • Bluetooth 1.0- max speed 1 Mbps. • Bluetooth 2.0- max speed 3 Mbps. • Broadcasts “I’m here, and I’m able to connect.” 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 17
Bluetooth hacking tools 1. BlueScanner- Searches for bluetooth enabled devices and extract as much information as possible after connecting with the target. 2. BlueSniff- GUI based utility for finding discoverable and hidden blutooth-enabled devices. 3. BlueBugger- Exploits the vulnerability of the device and access the images, phonebook, messages and other personal information(PI). 4. BlueSnarfer- If bluetooth of a device is swithched ON, then it maks it possible to connect to phone without alerting the owner and gains access to restricted portions of the stored data. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 18
Bluetooth-specific attacks 1. Bluejacking- Sending unsolicited messages over bluetooth to bluetooth-enabled devices within 10 metres radius. 2. Bluesnarfing- Unauthorized access of information through a bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and users can copy pictures and videos. 3. Bluebugging- Attacker remotely accesses a user’s phone and use its features without user’s attention. Initially only listen to the conversation, then can initiate phone calls, send and read SMS, and connect to the internet. 4. Car Whisperer- Attacker send audio to and receive audio from a bluetooth-enabled car stereo. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 19

More Related Content

Authentication service security

  • 1. Authentication Service Security • Two components of security in mobile computing- 1. Security of Devices 2. Security in Networks • Some eminent attacks are discussed 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 1
  • 5. Cryptographic security for mobile devices • CGA- cryptographically generated address. • 64 bit address generated by hashing owner’s public key address. • Corresponding private key is used to assert address ownership by signing the messages sent. • Mainly deployed on palm-held devices. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 5
  • 6. LDAP security for hand-held mobile computing devices • Light weight version of Directory Access Protocol (DAP). • Does not contain security features in its initial version. • Software protocol used to locate individuals, organisations, other resources such as files and devices on the network. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 6
  • 7. • Directories tell where an entity reside in a network. • LDAP directory structure- 1. Root directory 2. Countries which it branches out to 3. Organizations which it branches out to 4. Organizational units 5. Individual units • An LDAP server is called Directory Systems Agent (DSA). 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 7
  • 8. RAS security for mobile devices • RAS- Remote Access Service • For protecting the business-sensitive data that may reside on employee’s mobile devices. • Divided into three areas- 1. Security of the RAS server 2. Security of the RAS client 3. Security of data transmission • Additional means- 1. Personal firewalls 2. Strong authentication 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 8
  • 10. Attacks on mobile phones/cell phones • Mobile phone theft • Mobile viruses • Mishing • Vishing • Smishing • Hacking bluetooth 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 10
  • 11. Mobile phone theft • Transformed from being a luxury to a bare necessity. • Ensure to note the following details about your cell phone and preserve it in a safe place- 1. Your phone number. 2. The make and the model. 3. Color and appearance details. 4. PIN and/or security lock code. 5. IMEI number. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 11
  • 12. • The International Mobile Equipment Identity(IMEI). -Unique to every GSM,WCDMA cell phone. -15-digit number. -Can be obtained by dialing *#06# -Used by the GSM network to identify all valid device and therefore can be used to stop a stolen phone from accessing the network in that country. • Add a security mark. • Install anti-theft software on your phone. Factors- • Enough target terminals. • Enough functionality. • Enough connectivity. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 12
  • 13. Mobile viruses • Similar to computer virus that targets mobile phone data or applications. • In total 40 mobile virus families. • First virus identified in 2004 “cabir”. • Spread through two dominant ways- 1. Bluetooth virus 2. MMS virus Protection- • Download from a trusted source. • Download and install antivirus software. • Turn bluetooth OFF/ put in non-discoverable mode when not in use. • If phone IR enabled then allow it to receive incoming beams only from trusted sources. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 13
  • 14. Mishing • Mobile phone and phishing. • These attacks are attempted using mobile phone technology. • M-commerce. • More vulnerable if you use mobile phone for - purchasing goods/services banking 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 14
  • 15. Vishing • Voice and phishing • Criminal practice of using social engineering over the telephone to gain access to personal and financial information. • When the victim answers the call an automated recorded message is played which instructs the victim to call one phone number. • Spoofed caller ID 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 15
  • 16. Smishing 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 16 • SMS phishing • Uses cell phone to deliver a lure message to get the victim reveal his PI. Prevention- • Do not reply to such text messages. • Avoid calling on any phone numbers mentioned. • Never click on the hotlink received. • Use SMS blocker application.
  • 17. Hacking bluetooth • Open wireless technology standard used for communication between fixed and/or mobile devices. • Short-range wireless communication. • Uses 2.4 Ghz frequency range. • Bluetooth 1.0- max speed 1 Mbps. • Bluetooth 2.0- max speed 3 Mbps. • Broadcasts “I’m here, and I’m able to connect.” 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 17
  • 18. Bluetooth hacking tools 1. BlueScanner- Searches for bluetooth enabled devices and extract as much information as possible after connecting with the target. 2. BlueSniff- GUI based utility for finding discoverable and hidden blutooth-enabled devices. 3. BlueBugger- Exploits the vulnerability of the device and access the images, phonebook, messages and other personal information(PI). 4. BlueSnarfer- If bluetooth of a device is swithched ON, then it maks it possible to connect to phone without alerting the owner and gains access to restricted portions of the stored data. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 18
  • 19. Bluetooth-specific attacks 1. Bluejacking- Sending unsolicited messages over bluetooth to bluetooth-enabled devices within 10 metres radius. 2. Bluesnarfing- Unauthorized access of information through a bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and users can copy pictures and videos. 3. Bluebugging- Attacker remotely accesses a user’s phone and use its features without user’s attention. Initially only listen to the conversation, then can initiate phone calls, send and read SMS, and connect to the internet. 4. Car Whisperer- Attacker send audio to and receive audio from a bluetooth-enabled car stereo. 8/19/2019 Prachi-31603216 (NIT Kurukshetra) 19