SlideShare a Scribd company logo

Security models of modern mobile systems

D
Divya Raval

Describes about various security issues in modern mobile systems

Technology
1 of 43
BY DIVYA RAVAL Security Models of Modern Mobile Systems
What is Mobile Security? Mobile security is the protection of smart phones, tablets, laptops and other portable computing devices and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security.
Need of Mobile Security?  As Smartphones are becoming storage units for personal information through use of various social networking applications, personal organizers and e-mail clients.  So, smartphones are becoming primary target of attackers.  Mobile threats are endangering safety of individuals, companies and if measures are not taken, then the cybercrime can have impact on the security of the whole society.
Smartphone OS Market Share
Nielsen Report Smartphone operating system share
Security Challenges for Mobile Device Users  Insecure Data Storage.  Physical Security.  Mobile browsing.  Multiple User Logging.  Client side injection.  Improper session handling.  Weak Authentication and Brute Force Attack.
Mobile Threats and Vulnerabilities Mobile Threats 1. Physical threats - Bluetooth. - Lost or Stolen Mobile Devices.
2. Application based Threats -Spyware. - Malware. - Vulnerable Application. - Privacy Threats.
3. Network based threats -Denial of Service Attack (DoS). - Network Exploits. - Mobile Network Services. - Wi-Fi Sniffing.
4. Web based threats - Drive by downloads. - Browser Exploits. - Phishing Scams.
Mobile Vulnerabilities • Trojan horse. • Botnet. • Worm. • Rootkit.
ANDROID SECURITY MODEL
Introduction to Android  It is a open source software platform and operating system for mobile devices.  Based on Linux kernel.  Developed by Google and later the Open Handset Alliance.  Allows writing managed code in Java Language.  Android has its own virtual machine i.e DVM(Dalvik Virtual Machine),which is used for executing the android application.  Google purchased the initial developer of the software, android incorporated in 2005.
Android Architecture
Android Security Model
Application Permission  There are four permissions levels and they are as follows:  Normal (not a dangerous one and considered as an application-level permission).  Dangerous (a more risky permission could access, without the asking the user to confirm; a sensitive data or damaging functions).  Signature (a permission can be granted only to other packages that are signed with the same signature).  Signature-or-system (a special type of signature permission that's existing to manipulate with the legacy permissions).
Android Security Mechanism 1. Sandboxing Mechanism. 2. Application Permission Mechanism.
Improvements in the Existing Security Model Practically, there are a number of issues in such a model:- 1)The user must grant all of the required permissions in order to install the application, 2) Once the permissions are granted; there is no method of restricting an application to use the granted permissions, 3) There is no way of restricting access to the resources based on dynamic constraints as the permission model is based on install-time check only, 4) Granted permissions can only be revoked by uninstalling the application.
Proposed Framework for Android Security 1. Kirin:-install-time certification mechanism – that allows the mobile device to enforce a list of predefined security requirements prior to installation process of an application. 2. SCanDroid: Android to perform information flow analysis on applications in order to understand the flow of information from one component to another component.
Android Malware 1. Android.Pjapps / Android.Geinimi (January/February, 2010) 2. AndroidOS.FakePlayer (August, 2010) 3. Android.Root Cager (February, 2011) 4. Android.Bg Serv (March, 2011) 5. Acnetdoor. 6. Kemoge Malware.
Example of Malicious Application Malicious content delivery scenario for Android
Example of Malicious Application(cont’d) Example malicious application of android
 First Version of Android.  The focus of Android beta is testing incorporating usability.  Android beta will generally have many more problems on speed and performance.  First full version of android.  Released on September 23, 2008.  Wi-Fi and Bluetooth support.  Quite slow in operating.  copy and paste feature in the web browser is not present.
 Released on April 30, 2009.  Added auto-rotation option.  Copy and Paste feature added in the web browser.  Increased speed and performance but not upto required level.  Released on September 15, 2009.  Voice search and Search box were added.  Faster OS boot times and fast web browsing experience.  Typing is quite slower.  Released on October 26, 2009.  Bluetooth 2.1 support.  Improved typing speed on virtual keyboard, with smarter dictionary.  no Adobe flash media support.
 Released on May 20, 2010.  Support for Adobe Flash 10.1  Improved Application launcher with better browser  No internet calling.  Released on December 6, 2010.  Updated User Interface with high efficiency and speed  Internet calling  One touch word selection and copy/paste.  New keyboard for faster word input.  More successful version of Android than previous versions.  not supports multi-core processors.  Released on February 22, 2011.  Support for multi-core processors  Ability to encrypt all user data.  This version of android is only available for tablets.
 Released on November 14, 2011.  Virtual button in the UI.  A new typeface family for the UI, Roboto.  Ability to shut down apps that are using data in the background.  Released on June 27, 2012.  Latest version of Android.  Smoother user interface.
 Android Kitkat  Released on April 14,2014  Bug fixes.  Security enhancements.  Android Lollipop  Released on December 2,2014.  Speed improvement.  Battery consumption improvement.  Multiple SIM cards support.  Quick settings shortcuts to join Wi-Fi networks or control Bluetooth devices.
 Android Marshmallow  Fingerprint Authentication support.  Better battery life with "deep sleep".  Permissions dashboard.  Android Pay.  MIDI support.  Google now improvements.
iOS SECURITY MODEL
Introduction to iOS  iOS is the Operating System that run on Apple devices like iPhone, iPod, iPad & Apple TV.  Provides multi tasking.  Only allows to run Apple signed applications.  New features & Bug fixes with every release.  Current version is iOS 9.
iOS Security Model Two different views of iOS security model are presented. The first model stands on four pillars that are mentioned in and are as follows:  Device Security.  Data Security.  Network Security.  Application Security.
 Keychain Services.  CFNetwork.  The Certificate, Key, and Trust Services API.  Randomization Services.
 The second perspective discuss the security as a set of different techniques to ensure the security.  ASLR.  Code Signing.  Sandboxing.  Data Encryption.
iOS Malware  Aurora Feint (July, 2008)  Storm8 (November, 2009)  IPhoneOS.Ikee Worm (November, 2009)  iPhoneOS.Ikee.B (November, 2009)  KeyRaider (August 2015)  XcodeGhost (September 2015)  Youmi Ad SDK (October 2015)
Security Comparison of iOS 8 and iOS 9 1) Stronger passcodes 2) Two factor Authentication
Windows Phone Security Model
Introduction to Windows:  Microsoft’s new Mobile OS -Successor to the Windows Phone.  Based on Windows CE kernel.  Released on November 8,2010.  Supports 25 Languages.  Offers a new User Interface with its “metro” login.
Windows Phone Security Model
Which is safest: Android, iOS or Windows Phone?  iOS is the safest out of the box  Second place goes to Windows Phone: very robust and with excellent backup options, but still needs some work.  Android falls to third place, as it forces you to make more decisions and has a less consistent security landscape, with manufacturers adding their own security customizations.
Mobile security best practices 1. User Authentication. 2. Update Your Mobile OS with Security Patches. 3. Regularly Backup Your Mobile Device. 4. Utilize Encryption. 5. Enable Remote Data Wipe as an Option.
Mobile security best practices(cont’d) 6. Disable Wi-Fi and Bluetooth When Not Needed. 7. Don't Fall for Phishing Schemes. 8. Avoid All Jailbreaks. 9. Add a Mobile Security App. 10. Communicate Your Mobile Security Best Practices.
Conclusion • Modern Operating Systems come with a strong security background but there is nothing more important than the safety of the user’s data. • In these days there are a lot of known vulnerabilities in these operating systems, applications, internet browsers and specific teams and developers working on issues trying to fix known problems. • However, there is the weakest point at this security and that point is always the user of the current device.
Thank You!!

Recommended

Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Mobile security
Mobile securityMobile security
Mobile securityMphasis
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 

Recommended

Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Mobile security
Mobile securityMobile security
Mobile securityMphasis
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virusKriti kohli
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Layer architecture of ios (1)
Layer architecture of ios (1)Layer architecture of ios (1)
Layer architecture of ios (1)dwipalp
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityManish Gupta
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYJASHU JASWANTH
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Android studio installation
Android studio installationAndroid studio installation
Android studio installationPoojaBele1
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's typesAakash Baloch
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockInside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockiChinaStock
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 

More Related Content

What's hot

Android security
Android securityAndroid security
Android securityMobile Rtpl
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virusKriti kohli
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Layer architecture of ios (1)
Layer architecture of ios (1)Layer architecture of ios (1)
Layer architecture of ios (1)dwipalp
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityManish Gupta
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYJASHU JASWANTH
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Android studio installation
Android studio installationAndroid studio installation
Android studio installationPoojaBele1
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's typesAakash Baloch
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 

What's hot (20)

Android security
Android securityAndroid security
Android security
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Android security
Android securityAndroid security
Android security
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
Layer architecture of ios (1)
Layer architecture of ios (1)Layer architecture of ios (1)
Layer architecture of ios (1)
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITY
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Android studio installation
Android studio installationAndroid studio installation
Android studio installation
 
Mobile security
Mobile securityMobile security
Mobile security
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 

Viewers also liked

Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockInside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockiChinaStock
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013Graeme Wood
 
The effects of Social Networking upon society
The effects of Social Networking upon societyThe effects of Social Networking upon society
The effects of Social Networking upon societyBishrul Haq
 
Teaching methods
Teaching methodsTeaching methods
Teaching methodscami20003
 
Lo teaching techniques
Lo teaching techniquesLo teaching techniques
Lo teaching techniquesolympia
 
Implementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And LearningImplementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And Learninggellynn
 
Modern approach in teaching
Modern approach in teachingModern approach in teaching
Modern approach in teachingArlene Chu
 
Online teaching techniques
Online teaching techniquesOnline teaching techniques
Online teaching techniquesJuliana Antunes
 
It strategie-security-first
It strategie-security-firstIt strategie-security-first
It strategie-security-firstRalph Belfiore
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CloudIDSummit
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to SelinuxAtul Jha
 
Rahmenbedingungen mobile security
Rahmenbedingungen mobile securityRahmenbedingungen mobile security
Rahmenbedingungen mobile securityPeter Teufl
 
Impact Of IT on Society.
Impact Of IT on Society.Impact Of IT on Society.
Impact Of IT on Society.Monica Khatri
 
Tradition vs. Innovation
Tradition vs. InnovationTradition vs. Innovation
Tradition vs. Innovationmontagues
 
Bootkits: past, present & future
Bootkits: past, present & futureBootkits: past, present & future
Bootkits: past, present & futureAlex Matrosov
 
Security models
Security models Security models
Security models LJ PROJECTS
 

Viewers also liked (20)

Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStockInside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
Inside NetQin Mobile Inc. (NYSE: NQ) - By iChinaStock
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013
 
The effects of Social Networking upon society
The effects of Social Networking upon societyThe effects of Social Networking upon society
The effects of Social Networking upon society
 
Teaching methods
Teaching methodsTeaching methods
Teaching methods
 
Android Security
Android SecurityAndroid Security
Android Security
 
Lo teaching techniques
Lo teaching techniquesLo teaching techniques
Lo teaching techniques
 
Implementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And LearningImplementing Effective Online Teaching And Learning
Implementing Effective Online Teaching And Learning
 
Modern approach in teaching
Modern approach in teachingModern approach in teaching
Modern approach in teaching
 
Online teaching techniques
Online teaching techniquesOnline teaching techniques
Online teaching techniques
 
1 system security
1 system security1 system security
1 system security
 
It strategie-security-first
It strategie-security-firstIt strategie-security-first
It strategie-security-first
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
 
Rbac
RbacRbac
Rbac
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to Selinux
 
Rahmenbedingungen mobile security
Rahmenbedingungen mobile securityRahmenbedingungen mobile security
Rahmenbedingungen mobile security
 
Impact Of IT on Society.
Impact Of IT on Society.Impact Of IT on Society.
Impact Of IT on Society.
 
Tradition vs. Innovation
Tradition vs. InnovationTradition vs. Innovation
Tradition vs. Innovation
 
Bootkits: past, present & future
Bootkits: past, present & futureBootkits: past, present & future
Bootkits: past, present & future
 
Security models
Security models Security models
Security models
 

Similar to Security models of modern mobile systems

Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Write a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment iWrite a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment ilorindajamieson
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Android and its applications
Android and its applicationsAndroid and its applications
Android and its applicationsSoba Arjun
 
Android os ark 2 (2) copy
Android os ark 2 (2) copyAndroid os ark 2 (2) copy
Android os ark 2 (2) copyAnandRk4
 
Mobile Application Development with Android
Mobile Application Development with AndroidMobile Application Development with Android
Mobile Application Development with AndroidIJAAS Team
 
Introduction to Android
Introduction to Android Introduction to Android
Introduction to Android dipali badgujar
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Android Vs Iphone
Android Vs IphoneAndroid Vs Iphone
Android Vs IphoneLucy Nader
 
Android vs iOS security
Android vs iOS securityAndroid vs iOS security
Android vs iOS securitySumanth Veera
 
Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1Zulkar Naim
 
Android Design Patterns in Mobile Application Development - Michalis Grigorop...
Android Design Patterns in Mobile Application Development - Michalis Grigorop...Android Design Patterns in Mobile Application Development - Michalis Grigorop...
Android Design Patterns in Mobile Application Development - Michalis Grigorop...Michail Grigoropoulos
 

Similar to Security models of modern mobile systems (20)

Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
 
Write a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment iWrite a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment i
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Android
AndroidAndroid
Android
 
Android and its applications
Android and its applicationsAndroid and its applications
Android and its applications
 
Android report
Android reportAndroid report
Android report
 
Android os ark 2 (2) copy
Android os ark 2 (2) copyAndroid os ark 2 (2) copy
Android os ark 2 (2) copy
 
Mobile Application Development with Android
Mobile Application Development with AndroidMobile Application Development with Android
Mobile Application Development with Android
 
Introduction to Android
Introduction to Android Introduction to Android
Introduction to Android
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphones
 
A017360104
A017360104A017360104
A017360104
 
Mobile testing
Mobile testingMobile testing
Mobile testing
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Android Vs Iphone
Android Vs IphoneAndroid Vs Iphone
Android Vs Iphone
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
Android vs iOS security
Android vs iOS securityAndroid vs iOS security
Android vs iOS security
 
Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1Research on Comparative Study of Different Mobile Operating System_Part-1
Research on Comparative Study of Different Mobile Operating System_Part-1
 
Android Design Patterns in Mobile Application Development - Michalis Grigorop...
Android Design Patterns in Mobile Application Development - Michalis Grigorop...Android Design Patterns in Mobile Application Development - Michalis Grigorop...
Android Design Patterns in Mobile Application Development - Michalis Grigorop...
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Security models of modern mobile systems

  • 1. BY DIVYA RAVAL Security Models of Modern Mobile Systems
  • 2. What is Mobile Security? Mobile security is the protection of smart phones, tablets, laptops and other portable computing devices and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security.
  • 3. Need of Mobile Security?  As Smartphones are becoming storage units for personal information through use of various social networking applications, personal organizers and e-mail clients.  So, smartphones are becoming primary target of attackers.  Mobile threats are endangering safety of individuals, companies and if measures are not taken, then the cybercrime can have impact on the security of the whole society.
  • 5. Nielsen Report Smartphone operating system share
  • 6. Security Challenges for Mobile Device Users  Insecure Data Storage.  Physical Security.  Mobile browsing.  Multiple User Logging.  Client side injection.  Improper session handling.  Weak Authentication and Brute Force Attack.
  • 7. Mobile Threats and Vulnerabilities Mobile Threats 1. Physical threats - Bluetooth. - Lost or Stolen Mobile Devices.
  • 8. 2. Application based Threats -Spyware. - Malware. - Vulnerable Application. - Privacy Threats.
  • 9. 3. Network based threats -Denial of Service Attack (DoS). - Network Exploits. - Mobile Network Services. - Wi-Fi Sniffing.
  • 10. 4. Web based threats - Drive by downloads. - Browser Exploits. - Phishing Scams.
  • 11. Mobile Vulnerabilities • Trojan horse. • Botnet. • Worm. • Rootkit.
  • 13. Introduction to Android  It is a open source software platform and operating system for mobile devices.  Based on Linux kernel.  Developed by Google and later the Open Handset Alliance.  Allows writing managed code in Java Language.  Android has its own virtual machine i.e DVM(Dalvik Virtual Machine),which is used for executing the android application.  Google purchased the initial developer of the software, android incorporated in 2005.
  • 16. Application Permission  There are four permissions levels and they are as follows:  Normal (not a dangerous one and considered as an application-level permission).  Dangerous (a more risky permission could access, without the asking the user to confirm; a sensitive data or damaging functions).  Signature (a permission can be granted only to other packages that are signed with the same signature).  Signature-or-system (a special type of signature permission that's existing to manipulate with the legacy permissions).
  • 17. Android Security Mechanism 1. Sandboxing Mechanism. 2. Application Permission Mechanism.
  • 18. Improvements in the Existing Security Model Practically, there are a number of issues in such a model:- 1)The user must grant all of the required permissions in order to install the application, 2) Once the permissions are granted; there is no method of restricting an application to use the granted permissions, 3) There is no way of restricting access to the resources based on dynamic constraints as the permission model is based on install-time check only, 4) Granted permissions can only be revoked by uninstalling the application.
  • 19. Proposed Framework for Android Security 1. Kirin:-install-time certification mechanism – that allows the mobile device to enforce a list of predefined security requirements prior to installation process of an application. 2. SCanDroid: Android to perform information flow analysis on applications in order to understand the flow of information from one component to another component.
  • 20. Android Malware 1. Android.Pjapps / Android.Geinimi (January/February, 2010) 2. AndroidOS.FakePlayer (August, 2010) 3. Android.Root Cager (February, 2011) 4. Android.Bg Serv (March, 2011) 5. Acnetdoor. 6. Kemoge Malware.
  • 21. Example of Malicious Application Malicious content delivery scenario for Android
  • 22. Example of Malicious Application(cont’d) Example malicious application of android
  • 23.  First Version of Android.  The focus of Android beta is testing incorporating usability.  Android beta will generally have many more problems on speed and performance.  First full version of android.  Released on September 23, 2008.  Wi-Fi and Bluetooth support.  Quite slow in operating.  copy and paste feature in the web browser is not present.
  • 24.  Released on April 30, 2009.  Added auto-rotation option.  Copy and Paste feature added in the web browser.  Increased speed and performance but not upto required level.  Released on September 15, 2009.  Voice search and Search box were added.  Faster OS boot times and fast web browsing experience.  Typing is quite slower.  Released on October 26, 2009.  Bluetooth 2.1 support.  Improved typing speed on virtual keyboard, with smarter dictionary.  no Adobe flash media support.
  • 25.  Released on May 20, 2010.  Support for Adobe Flash 10.1  Improved Application launcher with better browser  No internet calling.  Released on December 6, 2010.  Updated User Interface with high efficiency and speed  Internet calling  One touch word selection and copy/paste.  New keyboard for faster word input.  More successful version of Android than previous versions.  not supports multi-core processors.  Released on February 22, 2011.  Support for multi-core processors  Ability to encrypt all user data.  This version of android is only available for tablets.
  • 26.  Released on November 14, 2011.  Virtual button in the UI.  A new typeface family for the UI, Roboto.  Ability to shut down apps that are using data in the background.  Released on June 27, 2012.  Latest version of Android.  Smoother user interface.
  • 27.  Android Kitkat  Released on April 14,2014  Bug fixes.  Security enhancements.  Android Lollipop  Released on December 2,2014.  Speed improvement.  Battery consumption improvement.  Multiple SIM cards support.  Quick settings shortcuts to join Wi-Fi networks or control Bluetooth devices.
  • 28.  Android Marshmallow  Fingerprint Authentication support.  Better battery life with "deep sleep".  Permissions dashboard.  Android Pay.  MIDI support.  Google now improvements.
  • 30. Introduction to iOS  iOS is the Operating System that run on Apple devices like iPhone, iPod, iPad & Apple TV.  Provides multi tasking.  Only allows to run Apple signed applications.  New features & Bug fixes with every release.  Current version is iOS 9.
  • 31. iOS Security Model Two different views of iOS security model are presented. The first model stands on four pillars that are mentioned in and are as follows:  Device Security.  Data Security.  Network Security.  Application Security.
  • 32.  Keychain Services.  CFNetwork.  The Certificate, Key, and Trust Services API.  Randomization Services.
  • 33.  The second perspective discuss the security as a set of different techniques to ensure the security.  ASLR.  Code Signing.  Sandboxing.  Data Encryption.
  • 34. iOS Malware  Aurora Feint (July, 2008)  Storm8 (November, 2009)  IPhoneOS.Ikee Worm (November, 2009)  iPhoneOS.Ikee.B (November, 2009)  KeyRaider (August 2015)  XcodeGhost (September 2015)  Youmi Ad SDK (October 2015)
  • 35. Security Comparison of iOS 8 and iOS 9 1) Stronger passcodes 2) Two factor Authentication
  • 37. Introduction to Windows:  Microsoft’s new Mobile OS -Successor to the Windows Phone.  Based on Windows CE kernel.  Released on November 8,2010.  Supports 25 Languages.  Offers a new User Interface with its “metro” login.
  • 39. Which is safest: Android, iOS or Windows Phone?  iOS is the safest out of the box  Second place goes to Windows Phone: very robust and with excellent backup options, but still needs some work.  Android falls to third place, as it forces you to make more decisions and has a less consistent security landscape, with manufacturers adding their own security customizations.
  • 40. Mobile security best practices 1. User Authentication. 2. Update Your Mobile OS with Security Patches. 3. Regularly Backup Your Mobile Device. 4. Utilize Encryption. 5. Enable Remote Data Wipe as an Option.
  • 41. Mobile security best practices(cont’d) 6. Disable Wi-Fi and Bluetooth When Not Needed. 7. Don't Fall for Phishing Schemes. 8. Avoid All Jailbreaks. 9. Add a Mobile Security App. 10. Communicate Your Mobile Security Best Practices.
  • 42. Conclusion • Modern Operating Systems come with a strong security background but there is nothing more important than the safety of the user’s data. • In these days there are a lot of known vulnerabilities in these operating systems, applications, internet browsers and specific teams and developers working on issues trying to fix known problems. • However, there is the weakest point at this security and that point is always the user of the current device.