Mobile Computing with Security

Jagdish Chichria
Zensar Technologies Ltd., Pune
jagdish.chichria@zensar.com
[1]Abstract
With the introduction of the mobile computing, the mobile computing has bought
nearly every aspect of desktop computing in users pocket. Mobile computing
involves mobile communication, mobile hardware, and mobile software.
Common personal use of mobile involves convenient to speak on the go, texting,
direct person availability, while at work, it enables and helps in improvising
employee productivity and availability by embracing mobile computing devices.
Releasing this fact, it also trails the security issues which have become
increasingly important in mobile computing.
[2]Introduction
Mobile computing, also popularly known as Wireless Computing, is coupled with
available infrastructure of distributed systems and thus, making it possible to
see it as expanding distributed system computing. Although, mobile computing
is still currently dealing with some sort of common problems viz. remote
disconnections, limited support bandwidth & interface variability, and most
importantly, heterogeneous network, but there are certain issues which should
be resolved at first before mobile computing are realized in place Security
just because wireless connection is so easy to access and sometimes, open to
threats, the security can be compromised.
Devices in scope include

Laptops, netbooks, and notebooks,

Portable Digital Assistance (PDAs)
Smartphones
To some extent it also includes
o Universal Serial Bus (USB) devices for storage, Thumb drives,
o RFIDs and M-RFIDs devices for data storage, and identification

[3]Problem statement
There is observation of increasing trend in usage of mobile devices, as a part of
communication tool to achieve efficiency for corporates and business houses
and to manage the personal life. With this technological shift, lot more data is
shared over mobile network. The ignorance of protecting this sensitive
information over network can mislead to steal, manipulate and/or destroy
information. The object of Security is to protect valuable or sensitive

organizational information. Large organizations need to share services and

resources and information with the employees, but still they need to keep it
protected from the unauthenticated and unauthorized people who should not
access them.
Computer Security is about protecting information and disallowing unauthorized
access. However, mobile computing security includes protecting privacy,
maintaining confidentiality, and data integrity.
[4]Understanding Security
Protecting information from unauthorized access is a major problem for any
wireless network. Security within particular focused area cannot be achieved,
thus, in a heterogeneous environment; it needs integration and handshake of all
focused area groups to achieve maximum secured transport and communication.
Most common examples of security breaches over mobile or wireless network

Interception of credit-card authorizations over wireless networks

Interception of e-mail messages on wireless connections
Physical breach of security at communications centers.
Theft of mobile devices and laptops or other mobile computing devices

Among most security breaches, theft of mobile devices can be prevented by

never leaving it unattended. In addition, having security software on device
enables and helping to track the device. To the least, the best method to protect
information and data stored on device is to not to store any confidential
information or prohibited data unless there is no restriction of storing it.
Confidential information can be easily classified to any sensitive data such as
Credit Card details, Social Security Numbers, password to various user logins,
secured VPN information, and access to authorized site URLs not known or
exposed to public domain.
[5]Security Design
Per Yialelis, 1996 and Varadharajan, 1995 generally and typically at the higher
level, there are 2 types of security threats host compromise and the message
communication compromise. Common and possible host/communication attacks
can be Masquerading, unauthorized access to resources, disclosure and
alteration of information, denial of service. Additionally, communication attacks
Intercepted, fabricated, repudiated of actions.
1. Design for Physical Security Investing huge in physical security by
deploying hi-end systems to protect is no mean if the base stations and
information storage systems are unattended and ignored. Hence, leaving
physical machine unattended at exposed place is too common security
violation.

2. Design for System Assisted Security Each wireless device and/or

mobile possess identifier number which is unique, globally. Also, the
wireless devices should be smart enough to identify the possessor of the
device and in case of imposter, the device should communicate back to
the possessor informing about the exact details of the location using
satellite services.
3. Design for Infrastructure Security Firewall is very common measure
to prevent, the intruders to access the communicating data, and to
protect, the access the restricted data. Also, to disallow remote access
from unauthorized access should be in place, such as RAS security
products from Cylink, Watchword token, etc. Pre-ssembled wireless
security servers from Entrust, Soneras SmartTrust (for m-commerce) etc.
can also be taken into consideration.
4. Design for Data Security data encryption involving scrambling of
digital information in the form of bits, using complex algorithms is the
most important data protection method. Algorithms such as Data
Encryption Standard (DES), RSA (based on public key cryptography), etc.
are most commonly used mechanisms in order to protect data from
intruders in wire line communication. Unfortunately, the data encryption
within mobile device is compromised and had to rely on the manufacturer.
Additionally, electronic signatures can be used to avoid impersonation.
WPA-2, a security for wireless networks based on IEEE 802.11i standard,
WPA-2 provides government grade security by implementing the National
Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES
encryption algorithm and 802.1 x-based authentications.
[6]Security strategies Audit/assurance tool or process should be in place to adhere laid policies and/or
procedures.
Developing application for mobile to secure authorized access to that mobile
Using in-built or devices shipped with security application in order to protect the
Data encryption enable
Devices should be smart enough to port only to secured ports
Server accessed by mobile computing devices should be firewalled and should
establish network connection only \with authentication token.
[7]Security Testing Tools
Mere implementing the security will itself not suffice the unauthorised
prevention or protection, testing using different set of available tools, adhering
to wireless communication security standards, is also a need. Various tools,

methodologies, and policies have to be tested before going live. Tools such as
HeatMapper, Kismet, Airsnort are some of popular AP testing tools.
[8]References
[1] http://www.mobileinfo.com
[2] Security Issues in a Mobile Computing Paradigm by Mavridis I., Pangalos G.
[3] A framework for Mobile Computations by Jan Vitek and Giuseppe Castagna

[4] http://www.webopedia.com/TERM/W/WPA2.html