With the rapid growth in the wireless mobile communication technology a new computing platform called mobile computing is becoming widely spread Mobile computing provide a to computing resources from anywhere using mobile devices.
However, each devices in such a platform comes with new security risks and challenges. The security issues related with Mobile computing can be classified into two main categories:
- Traditional Security issues
- Mobile computing Security issues
1. Traditional Security Issues :
- Confidentiality : It ensures that information used on a system or transmitted over communication links, is only disclosed to those users who are authorized to have access to it.
- Integrity : he ensures that information exchanged between different parties is accurate, complete and not altered during transmission
- Authentication : to enforce the verification and validation of the identities and credentials etched between mobile systems or a mobile device and a service provider. It ensures that the user accessing the information is the right person.
- Authorization: It ensures that the service requester has the right to access the information on different network or mobile resources. It defines the policies associated with the required access control to the resources.
- Accountability : It ensures that the different communicating parties cannot deny the exchange of information or the acceptance of a committed transaction at a later time.
- Availability: It ensures that the mobile computing environment or the services of the information systems are all the time available for users.
2. Mobile Computing Security Issues :
Mobile computing allows the facility of computing and communicating while moving from one place to another place. This can be achieved using Wireless networks.
So the security issues introduced in mobile computing are classified into following two categories:
- Wireless Network Security Issues : Wireless networks have their own security issues and challenges. This is mainly due to the fact that they use radio signals that travel through the air where they can be intercepted by location-less hacker that are difficult to track down. Following are some of the security issues related with Wireless Network:
- Denial of Service : This attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.
- Traffic Analysis : The attacker can monitor the transmission of data, measure the load on the wireless communication channel, capture packets, and reads the source and destination fields.
- Eavesdropping : This is a well known security issue in wireless networks. If the network is not secure enough and the transmitted information is not encrypted then an attacker can log on to the network and get access to sensitive data, as long as he or she is within range of the access point.
- Session Interception and Messages Modification: The attacker can intercept a session and alter the transmitted messages of the session.
- Spoofing: The attacker may hijack a session and impersonate as an authorized legitimate user to gain access to unauthorized information and services.
- Captured and Re-transmitted Messages : The attacker can capture a full message that has the full credential of a legitimate user and replay it with some minor but crucial modification to the same destination or to another one to gain unauthorized access and privileged to the certain computing facilities and network services.
- Information Leakage : The attacker may issue a number of queries to the database at the user’s home node or to database at other nodes, with the aim of deducing parts of the user’s profile containing the patterns and history of the user’s movements.
- Mobile Device Security Issue: Mobile Devices are essential and key components of a mobile computing environment. The main new mobile computing security issues introduced by the use of mobile devices include the following:
- Pull Attacks: The attacker controls the device as a source of propriety data and control information. Data can be obtained from the device itself through the data export interfaces, a synchronized desktop, mobile applications running on the device, or the intranet servers.
- Push Attacks: The attacker use the mobile device to plant a malicious code and spread it to infect other elements of the network. Once the mobile device inside a secure network is compromised, it could be used for attacks against other devices in the network.
- Forced De-authentication: The attacker transmits packets intended to convince a mobile end-point to drop its network connection and reacquire a new signal, and then inserts a crook device between a mobile device and the genuine network.
- Multi-protocol Communication : This security issue is the result of the ability of many mobile devices to operate using multiple protocols. e.g. one of the 802.11 family protocols, a cellular provider’s network protocol, and other protocols which may have well-known security loop-holes.
- Mobility and Roaming : The mobility of users and data that they carry introduces security issues related to the presence and location of a user, the secrecy and authenticity of the data exchanged, and the privacy of user profile. To allow roaming, certain parameters and user profiles should be replicated at different locations so that when a user roams across different zones, she or he should not experience any degradation in the access and latency times.
- Disconnections : The frequent disconnections caused by hand-offs that occur when mobile devices cross different introduce new security and integrity issues.