876 resultados para Mobile Security, Mobile App Security, App Stores, Android Security, iOS Security
Resumo:
The increase of online services, such as eBanks, WebMails, in which users are verified by a username and password, is increasingly exploited by Identity Theft procedures. Identity Theft is a fraud, in which someone pretends to be someone else is order to steal money or get other benefits. To overcome the problem of Identity Theft an additional security layer is required. Within the last decades the option of verifying users based on their keystroke dynamics was proposed during login verification. Thus, the imposter has to be able to type in a similar way to the real user in addition to having the username and password. However, verifying users upon login is not enough, since a logged station/mobile is vulnerable for imposters when the user leaves her machine. Thus, verifying users continuously based on their activities is required. Within the last decade there is a growing interest and use of biometrics tools, however, these are often costly and require additional hardware. Behavioral biometrics, in which users are verified, based on their keyboard and mouse activities, present potentially a good solution. In this paper we discuss the problem of Identity Theft and propose behavioral biometrics as a solution. We survey existing studies and list the challenges and propose solutions.
Resumo:
Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.
Resumo:
Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.
Resumo:
We present a virtual test bed for network security evaluation in mid-scale telecommunication networks. Migration from simulation scenarios towards the test bed is supported and enables researchers to evaluate experiments in a more realistic environment. We provide a comprehensive interface to manage, run and evaluate experiments. On basis of a concrete example we show how the proposed test bed can be utilized.
Resumo:
Modern mobile computing devices are versatile, but bring the burden of constant settings adjustment according to the current conditions of the environment. While until today, this task has to be accomplished by the human user, the variety of sensors usually deployed in such a handset provides enough data for autonomous self-configuration by a learning, adaptive system. However, this data is not fully available at certain points in time, or can contain false values. Handling potentially incomplete sensor data to detect context changes without a semantic layer represents a scientific challenge which we address with our approach. A novel machine learning technique is presented - the Missing-Values-SOM - which solves this problem by predicting setting adjustments based on context information. Our method is centered around a self-organizing map, extending it to provide a means of handling missing values. We demonstrate the performance of our approach on mobile context snapshots, as well as on classical machine learning datasets.
Resumo:
In the modern connected world, pervasive computing has become reality. Thanks to the ubiquity of mobile computing devices and emerging cloud-based services, the users permanently stay connected to their data. This introduces a slew of new security challenges, including the problem of multi-device key management and single-sign-on architectures. One solution to this problem is the utilization of secure side-channels for authentication, including the visual channel as vicinity proof. However, existing approaches often assume confidentiality of the visual channel, or provide only insufficient means of mitigating a man-in-the-middle attack. In this work, we introduce QR-Auth, a two-step, 2D barcode based authentication scheme for mobile devices which aims specifically at key management and key sharing across devices in a pervasive environment. It requires minimal user interaction and therefore provides better usability than most existing schemes, without compromising its security. We show how our approach fits in existing authorization delegation and one-time-password generation schemes, and that it is resilient to man-in-the-middle attacks.
Resumo:
The IEEE Wireless LAN standard has been a true success story by enabling convenient, efficient and low-cost access to broadband networks for both private and professional use. However, the increasing density and uncoordinated operation of wireless access points, combined with constantly growing traffic demands have started hurting the users' quality of experience. On the other hand, the emerging ubiquity of wireless access has placed it at the center of attention for network attacks, which not only raises users' concerns on security but also indirectly affects connection quality due to proactive measures against security attacks. In this work, we introduce an integrated solution to congestion avoidance and attack mitigation problems through cooperation among wireless access points. The proposed solution implements a Partially Observable Markov Decision Process (POMDP) as an intelligent distributed control system. By successfully differentiating resource hampering attacks from overload cases, the control system takes an appropriate action in each detected anomaly case without disturbing the quality of service for end users. The proposed solution is fully implemented on a small-scale testbed, on which we present our observations and demonstrate the effectiveness of the system to detect and alleviate both attack and congestion situations.
Resumo:
The evolution of classic power grids to smart grids creates chances for most participants in the energy sector. Customers can save money by reducing energy consumption, energy providers can better predict energy demand and environment benefits since lower energy consumption implies lower energy production including a decrease of emissions from plants. But information and communication systems supporting smart grids can also be subject to classical or new network attacks. Attacks can result in serious damage such as harming privacy of customers, creating economical loss and even disturb the power supply/demand balance of large regions and countries. In this paper, we give an overview about the German smart measuring architecture, protocols and security. Afterwards, we present a simulation framework which enables researchers to analyze security aspects of smart measuring scenarios.
Resumo:
Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact.
Resumo:
Substantial growth has occurred in the telecommunication sector in Papua New Guinea (PNG) since 2007. Mobile telephony has spread to rural and remote localities, following decades of inadequate telephone services. This paper examines the introduction of mobile telephones into a rural village in PNG, and focuses on information access during emergency situations. It considers three tsunami alerts: one immediately prior to the introduction of mobile phone services in the area, and two which occurred after mobile phone reception became available. The research shows that for people with limited access to information, responses to threats such as tsunamis can be inappropriate and driven by fear and panic. By contrast, when there is reliable, timely information available, measured responses can be adopted. This research demonstrates how the use of newly-introduced communication technologies for handling emergencies may work in practice, benefitting people in poorer, rural communities.
Resumo:
We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases
Resumo:
Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.
