Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Mobile Security Seminar
Transcript of Mobile Security Seminar
Provider Network Mobile? Network? SMS WiFi Location via -GPS Address Book Bank Account Information Health Information Calendar bluetooth Web Browser Service Povider TV Ad-hoc Network *Each node is a router *No hierarchy *Dynamic topology How does it work? A --message-->B A B each node pass the message to the closest node Uses In the past mainly military and governmental Pros & Cons : *MANET *No infrastructure
*Unlimited users *Uses each node resources
(especially important with mobile devices)
*Each node can disappear - complicated routing algorithm Useful for specific Applications, where a quick and dynamic topology is needed Dynamic changing of topology: Current Security methods Provide a solution for each new attack Any new attack will burst the network security Security requirements Availability Authenticity Integrity Non-repudiation Confidentiality Optional solution AAA Protocol IPSec Data link layer challenges 1. Mutual authentication
2. Creating Cryptography key
3. Giving cypher and authentication algorithm for further sessions Trusted Computing *Provide security between 2 hops
*Data integrity verification
*Node availability Network layer challenges *Routing malicious changes that can cause to:
1. Loops until failure
2.Routing to malicious nodes
1. content change
*DoS Optional solution Optional solution Computer Network Secutiry 1. Confidentiality
5.Non-repudiation Softwares Countermeasures Network layer challenges Routing Protocols Types: Proactive Protocols Reactive Protocols Hybrid Protocols Nodes are updated every T time Nodes updated only when needed 1. Operating System
2. Security Software
3 .Biometric Identification
4. Resource Monitoring in the smartphone
5. User awareness Network layer challenges Routing Protocol examples SRP ARIADNE ARAN Publish combined key based on the public keys of the communication components Ensures node to node authentication by using MAC address Protects the usage of the network by faking nodes.
The protection is achieved by encryption, which consume a lot of CPU usage.
Doesn't protect against the "Warm tail attack". SEAD Reactive Reactive Reactive Pro-active Deals with attackers that tries to change the routing data.
Uses one-direction mapping instead of complicated encryption.
Doesn't support "warm tail attack" protection Reactive Types of attacks Routing protocols attacks *Changing routing data
*Planting wrong routing information
*Posing to other nodes התחזה Warm tail attack 2 malicious nodes create a private connection that shorten the regular path and makes all data go between them Spoofing spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
* Caller ID spoofing
* Email address spoofing
* GPS spoofing Denial of Service attack Spamming the network with a huge amount of packages that will cause to a big load which might lead to a network crash Layered Security mechanism *Not attack driven
*Takes into consideration all security requirements
*Deals not only with attack but also with other network problems:
wrong configuration, extreme load and more.
*Robust protection with more then 1 line protection Layered Security mechanism Pre-Security Detect security threats
using various encryption techniques Post-Security Prevent security threats.
React when an attack is detected. identify abnormal node behavior, in the stage of node authentication or node availability React:
*Change routing protocols
*Expel malicious node GSM MANET A B Cellular Network 1.Endorsement key
2.Secure input and output
3.Memory curtaining / 4.protected execution
6.Trusted Third Party (TTP) Internet network Ringtons. movies Quoting Traffic analysis Change message Flooding Spoofing Nonpayment denial of service Illegal content distribution End :) Chaya & Rivka