Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager - PowerPoint PPT Presentation


PPT – Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager PowerPoint presentation | free to download - id: 6b28b1-OTU4N


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager


Molde University College Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager – PowerPoint PPT presentation

Number of Views:17
Avg rating:3.0/5.0
Slides: 20
Provided by: Bj164
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager

Mobile and Wireless SecurityINF245 Guest
lecture 17.10.2007 by Bjorn Jager
Molde University College
Overview of lecture
  • Litterature
  • Wireless and Mobile Security (Ch 6 Mallic)
  • VPN portals http//
  • Background for further studySee on-line
    references for info on 802.11 security

Overview of lecture
  • What are you afraid of?
  • Security is
  • Security Threats
  • Security Technologies
  • Products and Standards

1. What are you afraid of?
  • Brainstorming session with the students ....
  • Relate to data traffic in wireless and mobile
    environments, and related to voice using mobile
  • Mention some examples
  • In norwegian 5.9.07 Mobilen hører alt
  • http//
  • MMS Flooding (PocketPC can use WAPPush)

2. Security is
  • Confidentiality
  • Integrity
  • Authentication
  • Nonrepudiation

3. Security Threats
  • Exposure Sniffing, theft
  • Violates Confidentiality
  • Tampering change or delete
  • Violates Integrity
  • Spoofing, Exposure
  • Violates Authentication
  • Repudiation
  • Violates Non-Repudiation
  • NOTE Be careful to distinguish between threats
    on something you are afraid of
  • and the reason for the threat!
  • E.g. You may fear exposure of sensitive
    information, the reason can be to weak
  • authentication, virus or other malware that cause
    exposure, etc.

4 Security Technologies
  • Cryptology
  • Cryptology
  • Cryptology
  • Cryptology
  • All security issues (Confidentiality, Integrity,
  • Authentication, and Nonrepudiation) are solved
  • using Cryptology!

5. Products and Standards
  1. PKI
  2. IPSec
  3. VPN
  4. SSL. TLS
  5. HTTPS
  6. Firewalls
  7. WEP WPA
  8. Voice Encryption
  9. Security Development Tools and Kits

Cryptology basics
  • We look at major principles for
  • Symmetric encryption schemes
  • Asymmetric encryption schemes
  • Hybrid encryption systems

Code excerpt for synchronous encryption in Java
  • We looked at code from
  • Beginning J2ME at page 363
  • The remaining parts of the presentation was
    skipped due to time limits....

Layered Architecture
Encryption can be done at each layer!
  • Layer 1 Physical
  • Layer 2 Link layer by link protocol
    (WPA-protocol, Access list at MAC layer)
  • Layer 3 Network layer by link protocol
    (IPsec-protocol, VPN)
  • Layer 4 Transport layer (SSL, TLS, HTTPS)
  • Layer 5-7 Up to Application layer BY YOU!
    Develop your own solutions using Java framework
    or other.
  • (See e.g. http//

  • Threat evesdropping at hotspots etc.
  • All through the infrastructure WLAN, Micro Wave
    Systems, Internet routers, ...
  • By connecting a mobile device with the home
    office via VPN ALL TRAFFIC to the home office AND
    all traffic to/and from the public Internet is
    sent through the encrypted VPN connection.
  • VPN connects to host
  • VPN Client establish a connection
  • The mobile user is prompted for proof of identity
    using a token such as a SecurID password or a
    digital certificate.
  • A VPN tunnel is established between the mobile
    phone and the corporate network and all data
    traveling to and from the device is encrypted.
  • See VPN portals http//

SSL Secure Sockets Layer
  • SSL is part of many standard applications E.g
  • Browsers and WEB servers
  • E-mail clients and servers
  • FTP (file transfer protocol) etc.
  • To use SSL you need a Server ID, i.e. a Digital
    Certificate for a Web-server. Web-clients
    (browsers use this to authenticate a server and
    encrypt information).
  • SSL forerunner of TLS used by HTTPS

  • WPA Wi-Fi Protected Access
  • Industry standard by Wi-Fi Alliance
  • WPA is WEP with fast change of keys
  • WPA consists of
  • WEP( Wireless Equivalent Privacy)
  • TKIP
  • Checksum that ensures that no single bit is
    changed (CRC)
  • 802.1x authentification is an option

Bluetooth security See
  • BlueSnarf
  • Read SMS, contacts, calender
  • BlueBug
  • Complete control of mobile
  • HeloMoto
  • Connect to headset/handsfree
  • BlueSmack
  • DoS-attack, buffert overflow
  • BlueStab
  • Makes the phone crash
  • BlueSnarf
  • Read files, full read and write access, access to
    memory card

Get address book from Sony Ericsson T610
  • You need
  • Linux distribution with hcitool and obexftp

Get address book from Sony Ericsson T610
  • Do
  • hcitool scan
  • Scanning .
  • 000AD9150B1C T610-phone
  • obexftp -b 000AD9150B1C --channel 10 -g
    telecom/pb.vcf -v
  • Browsing 000AD9150B1C ...
  • Channel 7
  • No custom transport
  • 1
  • done
  • Receiving telecom/pb.vcf...\
  • done
  • Disconnecting...
  • done

This works on
  • Nokia
  • 6310
  • 6310i
  • 8910
  • 8910i
  • Sony Ericsson
  • T68
  • T68i
  • R520m
  • T610
  • Z600