cse 543 computer security
play

CSE 543 - Computer Security Lecture 26 - Mobile phone security - PowerPoint PPT Presentation

Dec 16, 2022 •179 likes •302 views

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mobile Phones Networked device

  1. CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1

  2. Mobile Phones • Networked device capable of making phone calls • But it could do so much more! • Messaging (Text messaging and Email) • Entertainment (Web and Games) • Safety (Mobile communicator) • Personal computing token (Hey, let’s improve security too!) • Q: What is the difference between a mobile phone and a personal computer? 2 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  3. Mobile Phone Security • In some ways, mobile phones and their infrastructure are potentially more difficult to control • Networking : everyway imaginable • Systems : security not a major focus • Applications : all kinds • Personal : seen as more personal, so the tendency is to depend on it for more, rather than less, security 3 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  4. Networking • Multiple ways to communicate • Then connect to multiple networks • And communicate different types of data • Wireless (E.g., CDMA): Transmit voice, data, multimedia data • SMS/MMS: Text and multimedia messages • WAP: Wireless Application Protocol • SS7: Eventually calls get to phone network • IP: Vendors moving to IP networks • Bluetooth: Short distance networking • Communicate with neighboring devices 4 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  5. Bluetooth • A standard for building very small personal area networks (PANs) • Connects just everything you can name: PDAs, phones, keyboards, mice, your car • Very short range range network: 1 meter, 10 meters, 100 meters (rare) • Advertised as solution to "too many cables" • Authentication – "pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?) 5 CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page Page

  6. Bluetooth • Devices “pair” to establish a communication channel • A pair is associated with a PIN selected by the users • 4-digit PIN would be a problem, but... • There are so many other problems • BlueSnarf : pull known files from remote phone • BlueBug : execute commands on victim • BlueSmack : “Ping of death” • Long distance attacks 6 CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page

  7. WAP (Wireless Application Protocol) • A set of protocols for implementing applications over thin (read wireless) pipes. • Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices – reduce overhead and flabby content (image rich HTML) – support limited presentation and content formats • Wireless Markup Language (XML-based language) – reduce the footprint of the rendering engine (browser) • Security : WTLS – SSL/TLS protocol -- public keys, key negotiation, etc. • Success in Japan, little elsewhere (currently) 7 CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page Page

  8. Systems • Common operating systems • Symbian (85% of market), Windows Mobile, and now Linux • Symbian protection model • Installer • Symbian-signed programs • Everything else (e.g., games) • Everything else is limited in its writing, but can read most anything • Thus, some phone models using Symbian disallow ‘everything else’ 8 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  9. Applications • Typical application problems • Buffer overflows • User administration (Install an MMS attachment with a virus) • New vectors (e.g., download and install a file from bluetooth) • But more trust permitted to Symbian applications • Contacts database • Pairing database • Phone identity • Also, more vectors for propagation 9 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  10. Personal • But, people have found that since everyone carries a mobile phone, it would be useful to add security function to it • User authentication support • Generate one-time passwords • Face authentication • Secure web authentication • Keep cookies on cell phone • Seeing is believing • Use cell phone for authorization system • Q: Should we trust phones? 10 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  11. Take Away • Mobile phones are flexible computing devices • But, security has not yet been a focus 11 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

8.10.2019 Information Security Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak Can Network Security: Hacettepe University Ensure security of communication over insecure medium

267 views • 10 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
Bluetooth Hacking The State of the Art 22C3 December 30st 2005, Berlin, Germany by Adam Laurie,

Bluetooth Hacking The State of the Art 22C3 December 30st 2005, Berlin, Germany by Adam Laurie,

Bluetooth Hacking The State of the Art 22C3 December 30st 2005, Berlin, Germany by Adam Laurie, Marcel Holtmann and Martin Herfurt ... because infinite is sometimes not enough! Agenda Quick technology overview Security mechanisms

776 views • 49 slides
Southwold Enterprise Hub DEVELOPMENT PLANS 11 NOVEMBER 2019 Southwold Background Station

Southwold Enterprise Hub DEVELOPMENT PLANS 11 NOVEMBER 2019 Southwold Background Station

Southwold Enterprise Hub DEVELOPMENT PLANS 11 NOVEMBER 2019 Southwold Background Station Yard development over 20 Enterprise Hub years Existing services what happens to the existing services needed by the community? Slides from

967 views • 45 slides
BalCCon 2K16 Badge Instructions for use and schematic diagram 1. Badge SWITCH ON: Press and

BalCCon 2K16 Badge Instructions for use and schematic diagram 1. Badge SWITCH ON: Press and

BalCCon 2K16 Badge Instructions for use and schematic diagram 1. Badge SWITCH ON: Press and release the lower button. Rotating LED pattern in CW direction signifies that the unit is ON. SWITCH OFF: Press and release the lower button again.

558 views • 10 slides
SC Beta Ring Ching Pi Beta Phi was founded as I.C. Sorosis in 1867 at Monmouth College as

SC Beta Ring Ching Pi Beta Phi was founded as I.C. Sorosis in 1867 at Monmouth College as

SC Beta Ring Ching Pi Beta Phi was founded as I.C. Sorosis in 1867 at Monmouth College as the First Fraternity for Women. Official Symbol: Arrow Pi Beta Phi has 131 Collegiate Chapters Unofficial Symbol: Angel

688 views • 6 slides
Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy cornerstones Need to

582 views • 37 slides
A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

WAC workshop 2020 A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele Antonioli Daniele Antonioli ( @francozappa ) A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy 1

949 views • 69 slides
CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Bluetooth Communication Bluetooth-enabled

343 views • 18 slides
+ eDiscovery: Energy Ef fi cient Device Discovery for Mobile Opportunistic Communications Bo Han

+ eDiscovery: Energy Ef fi cient Device Discovery for Mobile Opportunistic Communications Bo Han

+ eDiscovery: Energy Ef fi cient Device Discovery for Mobile Opportunistic Communications Bo Han AT&T Labs Research Aravind Srinivasan University of Maryland Presented by Xin Gao NJIT + Summary 2 Background Introduction

256 views • 12 slides

More recommend