Subject: Mobile Communication and Computing

Topic: Security Issues in Mobile Computing

Difficulty: High

The mobile computing is the communication between computing devices without a physical connection between them through wireless networks, which mean there are some of new mobile security issues that are originated from wireless security issues. The security issues and threats of mobile computing can be divided into two categories: security issues that related to transmission of information over wireless networks, and the issues that related to information and data residing on mobile devices.

A General Security Issue Confidentiality: Preventing unauthorized users from gaining access to critical information of any particular user.

Integrity: Ensures unauthorized modification, destruction or creation of information cannot take place.

Availability: Ensuring authorized users getting the access they require.

Legitimate: Ensuring that only authorized users have access to services.

E. Accountability: Ensuring that the users are held responsible for their security related activities by arranging the user and his/her activities are linked if and when necessary.

B Wireless Security Issues

The security issues that related of wireless networks are happened by intercepted of their radio signals by hacker, and by non-management of its network entirely by user because most of wireless networks are dependent on other private networks which managed by others, so the user has less control of security procedures. There are some of the main security issues of mobile computing, which introduced by using of wireless networks are:

Denial of Service (DOS) attacks: It's one of common attacks of all kinds of networks and specially in wireless network, which mean the prevent of users from using network services by sending large amounts of unneeded data or connection requests to the communication server by an attacker which cause slow network and therefore the users cannot benefit from the use of its service.

Traffic Analysis: It's identifying and monitoring the communicating between users through listening to traffic flowing in the wireless channel, in order to access to private information of users that can be badly used by attacker.

Eavesdropping: The attacker can be log on to the wireless network and get access to sensitive data, this happens if the wireless a network was not enough secure and also the information was not encrypted. Session Interception and Messages Modification: Its interception the session and modify transmitted data in this session by the attacker through scenario which called: man in the middle which inserts the attacker’s host between sender and receiver host.

Spoofing: The attacker is impersonating an authorized account of another user to access sensitive data and unauthorized services.

Captured and Re transmitted Messages: Its can get some of network services to attacker by get unauthorized access through capture a total message and replay it with some modifications to the same destination or another

C Device Security Issues Mobile devices are vulnerable to new types of security attacks and vulnerable to theft not because of the get these devices itself, but because of get to sensitive data That exists within its devices. Mobile computing, like any computer software may damage by malware such as Virus, Spyware and Trojan. A virus is a real part of malicious software and Spyware is gathering information about the user without his knowledge. Some of main new mobile computing security issues introduced by using mobile devices include:

Pull Attacks: In pull Attack, the attacker controls the device as a source of data by an attacker which obtained data by device itself.

Push Attacks: It's creation a malicious code at mobile device by attacker and he may spread it to affect on other elements of the network.

Forced De-authentication: The attacker convinces the mobile end-point to drop its connection and re-connection to get new signal, then he inserts his device between a mobile device and the network. Multi-protocol Communication: It is the ability of many mobile devices to operate using multiple protocols, e.g. a cellular provider’s network protocol, most of the protocols have a security holes, which help the attacker to exploit this weakness and access to the device.

Mobility: The mobility of users and their data that would introduce security threats determined in the location of a user, so it must be replicate of user profiles at different locations to allow roaming via different places without any concern regarding access to personal and sensitive data in any place and at any time. But the repetition of sensitive data on different sites that increase of security threats.

Disconnections: When the mobile devices cross different places it occurs a frequent disconnections caused by external party resulting hand off.