Mobile computing has brought nearly every aspect of desktop computing in user’s pocket. At personal level, the convenience to speak, on-the-go, texting, and availability of direct person. At work level, productivity and availability of employees by embracing mobile computing devices. Realizing about this fact, providing mobile devices can bring efficiency and productivity but also comprehend and defend against the unique security issues introduced by mobile computing.Mobile Computing -
Mobile Computing, also popularly known as Wireless Computing or Ubiquitous Computing, is coupled with available infrastructure of distributed systems and thus, making it possible to see it as expanding distributed system computing. Although, wireless communications has common problems such as– Disconnection, bandwidth and Interface variability, and Heterogeneous network but there are certain issues which should be resolved at first before mobile computing are realized in place for e.g. Security – just because wireless connection is so easy to access and open for threats, the security can be compromised. Mobile computing devices can store large amount of data, are highly portable and are frequently unprotected. Unless protected, mobile computing devices are easy to lose, stolen by an unauthorised person. Thus, an unauthorised person can have access to the information stored in such devices.
Mobile computing devices in scope include
- Laptops, netbooks, and notebooks.
- Portable digital assistance (PDA’s)
- Smartphones It also include -
- Universal Serial Bus (USBs) devices for storage – MP3/4s, thumbdrives), MMC (Multimedia Memory Card), micro/mini SD Cards included in smartphones.
- Digital Cameras
- RFIDs and M-RFIDs devices for data storage, and identification
Recently, the trend of increase in usage of mobile devices is observed as a part of their communication tools to achieve productivity for business houses and managing personal life. With this technological shift, lot more data, both personal and sensitive, is shared over network, of which access should be controlled to protect the privacy and intellectual property of any enterprise.
Security information from unauthorized access is a major problem for any network – wired or wireless. It focuses on network, system, information and physical security. Security within particular focused area cannot be achieved, thus, it needs integration of all focused area to achieve highly secured transport and communication.
Some common examples of security breaches –
- Interception of credit card authorizations over wireless networks
- Interception of e-mail messages on wireless internet connections
- Physical breach of security at communications centres
Data and Information protection -
The best method to protect the information and data stored on device is to not to store any confidential information or prohibited data unless there is no restriction of storing it. Confidential information can be any classified to any sensitive data such as Credit Card details, Social Security Numbers, password to various user-logins, VPN/s information, and access to authorised site URLs not known or exposed to public domain.
Security Design in Mobile Computing
Per Yialelis, 1996 and Varadharajan, 1995 – generally and typically at the higher level, there are 2 types of security threats – host compromise and the message communication compromise. Common and possible host/communication attacks can be Masquerading, unauthorized access to resources, disclosure and alteration of information, denial of service. Additionally, communication attacks Intercepted, fabricated, repudiated of actions.
- Design for Physical Security – Investing huge in physical security by deploying hi-end systems to protect is no mean if the base stations and information storage systems are unattended and ignored. Hence, leaving physical machine unattended at exposed place is too common security violation.
- Design for System Assisted Security – Each wireless device and/or mobile possess identifier number which is unique, globally. Also, the wireless devices should be smart enough to identify the possessor of the device and in case of imposter, the device should communicate back to the possessor informing about the exact details of the location using satellite services.
- Design for Infrastructure Security – Firewall is very common measure to prevent, the intruders to access the communicating data, and to protect, the access the restricted data. Also, to disallow remote access from unauthorised access should be in place, such as RAS security products from Cylink, Watchword token, etc. Pre-ssembled wireless security servers from Entrust, Sonera’s SmartTrust (for m-commerce) etc. can also be taken into consideration.
- Design for Data Security – data encryption involving scrambling of digital information in the form of bits, using complex algorithms is the most important data protection method. Algorithms such as Data Encryption Standard (DES), RSA (based on public key cryptography), etc. are most commonly used mechanisms in order to protect data from intruders in wireline communication. Unfortunately, the data encryption within mobile device is compromised and had to rely on the manufacturer. Additionally, electronic signatures can be used to avoid impersonation.
WPA-2, a security for wireless networks based on IEEE 802.11i standard, WPA-2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication.
Common Security guidelines -
- Audit/assurance tool or process should be in place to adhere laid policies and/or procedures.
- Developing application for mobile to secure authorised access to that mobile
- Using in-built security application to protect the devices
- Data encryption enable
- Devices should be smart enough to port only to secured ports
- Server accessed by mobile computing devices should be firewalled and should establish network connection only with authentication token.
Security Testing Tools
Mere implementing the security will itself not suffice the unauthorised prevention or protection, testing using different set of available tools, adhering to wireless communication security standards, is also a need. Various tools, methodologies, and policies have to be tested before going live. Tools such as HeatMapper, Kismet, Airsnort are some of popular AP testing tools.
– Jagdish M ChichriaTitle
– Sr. Technical ArchitectCompany
– Zensar Technologies Ltd., Pune