DOC PREVIEW
PSU CSE 543 - Mobile phone security

This preview shows page 1-2-3-4 out of 11 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerCSE 543 - Computer SecurityLecture 26 - Mobile phone securityDecember 11, 2007URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/1CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerMobile Phones•Networked device capable of making phone calls•But it could do so much more!•Messaging (Text messaging and Email)•Entertainment (Web and Games)•Safety (Mobile communicator)•Personal computing token (Hey, let’s improve security too!)•Q: What is the difference between a mobile phone and a personal computer?2CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerMobile Phone Security•In some ways, mobile phones and their infrastructure are potentially more difficult to control•Networking: everyway imaginable•Systems: security not a major focus•Applications: all kinds•Personal: seen as more personal, so the tendency is to depend on it for more, rather than less, security3CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerNetworking•Multiple ways to communicate•Then connect to multiple networks•And communicate different types of data•Wireless (E.g., CDMA): Transmit voice, data, multimedia data•SMS/MMS: Text and multimedia messages•WAP: Wireless Application Protocol•SS7: Eventually calls get to phone network•IP: Vendors moving to IP networks•Bluetooth: Short distance networking•Communicate with neighboring devices4CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page Bluetooth•A standard for building very small personal area networks (PANs)•Connects just everything you can name: PDAs, phones, keyboards, mice, your car•Very short range range network: 1 meter, 10 meters, 100 meters (rare)•Advertised as solution to "too many cables"•Authentication–"pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?)CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page 5CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page Bluetooth•Devices “pair” to establish a communication channel •A pair is associated with a PIN selected by the users•4-digit PIN would be a problem, but...•There are so many other problems•BlueSnarf: pull known files from remote phone•BlueBug: execute commands on victim•BlueSmack: “Ping of death”•Long distance attacks 6CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page WAP (Wireless Application Protocol)•A set of protocols for implementing applications over thin (read wireless) pipes.•Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices–reduce overhead and flabby content (image rich HTML)–support limited presentation and content formats•Wireless Markup Language (XML-based language)–reduce the footprint of the rendering engine (browser)•Security: WTLS–SSL/TLS protocol -- public keys, key negotiation, etc.•Success in Japan, little elsewhere (currently)CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page 7CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerSystems•Common operating systems•Symbian (85% of market), Windows Mobile, and now Linux•Symbian protection model•Installer•Symbian-signed programs•Everything else (e.g., games)•Everything else is limited in its writing, but can read most anything•Thus, some phone models using Symbian disallow ‘everything else’8CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerApplications•Typical application problems•Buffer overflows•User administration (Install an MMS attachment with a virus)•New vectors (e.g., download and install a file from bluetooth)•But more trust permitted to Symbian applications•Contacts database•Pairing database•Phone identity•Also, more vectors for propagation9CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerPersonal•But, people have found that since everyone carries a mobile phone, it would be useful to add security function to it•User authentication support•Generate one-time passwords•Face authentication •Secure web authentication•Keep cookies on cell phone•Seeing is believing•Use cell phone for authorization system•Q: Should we trust phones?10CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerTake Away•Mobile phones are flexible computing devices •But, security has not yet been a


View Full Document

PSU CSE 543 - Mobile phone security

Documents in this Course
Agenda

Agenda

14 pages

HYDRA

HYDRA

11 pages

PRIMA

PRIMA

15 pages

CLIMATE

CLIMATE

15 pages

Load more
Download Mobile phone security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Mobile phone security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Mobile phone security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?