Cellular Network and Smart Phone Application Security - Case Study Example

Cellular network and smart phone application security Introduction As the world stepped into the 21st centaury, cell phones became a common technology for laymen. The cellular networks quickly worked their way in to the arena and today it is the most competitive field. Users increased at a phenomenal rate and the concern for security and privacy became more intense. Crackers and malicious users have become a great threat to security and are constantly trying to find loop holes within new secure systems. Smart phones offers additional applications of PDAs and PCs along with general phone features. Numerous applications present in smart phones have raised new security questions. Security is a prime requirement for users today and therefore users should be knowledgeable about their vulnerability to attacks. Types of Cellular Networks 2G Stands for second generation wireless telephone technology it’s known as Personal Communications Service, or PCS, in the United States. 2G technologies can be broadly divided into TDMA-based, FDMA-based and CDMA-based standards. Compared to previous 1G networks that were analogue, 2G offered digital encryption and started the data service for cell phones including text messages. Digital signals allowed effective data compression and multiplexing while reducing the emission of radio power. Enhanced security decreased the incidences of frauds. 2G is also a cell phone network protocol .Their features included voice mail, caller ID, Conference calling and simple web applications like web browsing and email. Some modifications in 2G led to the evolution of 2.5G and 2.75G that account for the transition to 3G. 2.5G has a circuit switch domain and included MMS technology along with GPRS. 2.75G technology enables improved data transmission rates by virtue of being an extension on top of standard GSM hence performed better than its predecessors 2G and 2.5G. 3G Third generation succeeded the GSM standards. It provided great speed to browse through WebPages, play 3D games, download or stream full motion music videos. Verizon Wireless was the first to introduce 3G services in 2005.3G was accompanied by increase bandwidth, and greater support for diverse applications by the inclusion of packet-switched data with spectral efficiency at greater speeds. There are two 3G families 3GPP and 3GPP2. 3GPP was formed to foster deployment of 3G networks that came from GSM. Deployment GPRS and EDGE began in 2000 and 2003 respectively. These technologies are defined by IMT-2000.IMT2000 stands for International mobile telecommunications while 2000 means it was launched in 2000 had data rates of 2000 Kbp and frequency range of 2000 MHz. 3GPP2 was introduced to help operators using CDMA2000 to move to 3G. 3.5G was introduced with cable speeds and its added features include faster browsing of graphic intensive site and on demand videos.   4G Fourth generation refers to fourth-generation wireless that overtakes the 3G technology. What really constitutes 4G is not yet defined but 4G networks are distinguished by their use of orthogonal frequency-division multiplexing (OFDM) rather than (TDMA) or (CDMA) even though carriers are divided on whether to use (LTE) or WiMAX. ITU standards claim that 4G network should allow exchange of data at 100 Mbit/sec whereas 3G’s speeds can be as low as 3.84 Mbit/sec. As expected 4G is faster than all previous generations. Technologies that enhance coverage like Femtocell and Picocell are being developed to support 4G technology. LTE (Long-term-evolution) –It uses additional spectrum and multiplexing enhancing speeds which are10 times faster than 3G.The lag time has also reduced delay increasing the responsiveness of buffering. It is known for its high quality Voice-over-IP (VoIP).It is believed that songs can be downloaded within 4 seconds and photos uploaded in 6 seconds. Most of the smart phones support 4G LTE and it is available in more than 175 cities. WiFi WiFi provides wireless connectivity. It uses 802.11 radio technologies providing a fast and secure network and works on a frequency of around 2.4GHz-5GHz. In every continent one in ten people are currently using WiFi. More than 11,000 product certifications have been provided to devices by WiFi alliance. It is said to be more secure and is growing at a fast rate some even allow internet connectivity 10,000ft high in the airplane. Till present four WiFi generations of products have been made available while others are under process as well. Security of Networks  Security issues related to cellular networks. Security is a very big issue for cellular networks today. Integrity and confidentiality are important issues raised under the umbrella of security. Automatically sharing options should be disabled to retain privacy. Wireless networks are more prone to attack because there are no physical barriers for them and they are more complex resulting in more security vulnerabilities. WiFi network that uses WPA2 is known for its provision of security and privacy and is required on all WiFi certified products since 2006. WiFi certified devices are known for their updated and newest security technologies. When WiFi is being used outside home or office the user should configure its device to ask for approval before connecting.3G allows people to communicate all over the world hence authentication of the network is important. At the time of setting up the network the SSID and administrative credentials should be changed from default and passphrase that meets recommended guidelines should be set. To ensure security, tools including firewalls, HTTPS and VPNs can also be used.WPA-2-PSK should be enabled with AES encryption whereas location detection should be disabled for privacy. Device should also be protected against unauthorized use. Types of Attacks  Attacks can be broadly divided into Attacks on the core network, attacks on the air interface and attacks on the Femtocell. Most networks are prone to virus and worm attacks. They travel from one infected computer to the other affecting all systems within the network. Denial of service results when excess data is sent to the network that it is unable to handle hence users can’t access the resources. An attacker can gain unauthorized access if proper measures are not taken. Message forgery and man in the middle attack occurs when an attacker gains access and manipulates the message exchange between two parties. Eavesdropping is also an attack on the privacy whereby attackers can intercept documents and other communications of the user. Channel jamming can be employed by attacker to jam and cut down the network access of the users. Message replay occurs when encrypted messages are intercepted by attacker to reply back at a later time. Session hijacking is also a type of attack where an attacker hijacks a session and acts as a legitimate base. Some other attacks worth mentioning include power exhaustion attack, packet sniffing and data plane attacks. Smart phone Application Security Using Applications  Smart phones integrate mobile phones and Personal Digital Assistants (PDAs). They are famous for providing a diverse and numerous applications. Most of these applications are used in vulnerable locations like restaurants, airports and so on therefore users should password protect their smart phones. They should also use file encryption and device registration. Mobile banking is a new application that is also being offered it enables users to receive account alerts and pay their bills. User authentication can secure smart phones application whereby personal identification numbers are used to access the network. Many smart phones use RSA encryption for authentication. Android had surpassed Symbian as the most attacked mobile platform. Malware applications (like spveve and GoldDream.A ) can come disguised as a game or other program with the smart phone and then run in the background without the user’s knowledge. McAfee partnered up with Sprint Nextel to promote McAfee Mobile Security by offering softwares that track stolen and lost phones and protect against web links that are not secure and rogue applications. AT&T also partnered with Juniper Networks to offer better security applications. Users should look at the requirements of downloading applications instead of blindly allowing total access and should ensure it is from an authentic source. Protecting Personal Information Many companies have started giving their employees smart phones to improve efficiency and allow constant connectivity with the business. When employees get these phones they tend to install their personal information on it as well. Smart phones containing private information should have greater privacy and security settings. “BizzTrust for Android” is a security solution separating business applications from private information on the phones. “AppFence” is another application that protects personal information. It stops the applications from sending personal data over network and substitutes sensitive information. Smart cards are also being introduced and added to smart phones to increase security. IT companies are also working on technologies that would allow data deletion if the phone is stolen or lost. Countermeasures Available  Preventing Attacks  Attacks on the networks can be reduced if not completely eliminated by making the network more secure. Attacks on 3G can be prevented by building a secure architecture for it which would include visibility and configurability of security, application security, network domain security and network access security. When the user is roaming and using the network his location should remain anonymous. This can be done by allotting him a temporary identity (TID) instead of the real id of the user. Denial of service can be protected against by filling in a buffer in a network device or by trying to jam the channel. Channel surfing allows the device to change its transmission frequency to avoid interference whereas in Spatial retreats user changes location to avoid interference. Manual authentication for wireless devices is also used as a deterrent measure. Elliptic Curve Cryptography (ECC) uses points on an elliptic curve to encrypt & decrypt data. Future of Networks and Security Wireless Payments Wireless payments are increasing as people find them more convenient, yet they are less secure and more prone to fraud. WAP is a wireless application protocol that is used in the banking sector. Its security includes smart cards, end to end security, and elimination of fraud source for online transaction. It allows credit card and debit card transactions via a wireless network. MeT and WPP are two types of wireless payment protocols. SWPP (Secure Wireless Payment Protocol) is emerging as a more secure payment protocol. They provide secure WTLS sessions between customer and bank. Certificates both for signature and encryption were also provided. With increasing technology the wireless payments are expected to become more secure. Keeping Information Secure To ensure that all information shared over the network is secure and will not be vulnerable to being attacked easily, users must take appropriate measures. Every other day new Trojan, Worms and Viruses are being developed by crackers to gain unauthorized access to user’s information. For this user must ensure that the network they are using is secure and password protected. Multiple layers of encryption of the protocol stack ensure the security of information. Businesses are concerned about their information being leaked to competitors and military/intelligence agencies are scared of being intercepted. Therefore security of information should not be compromised and all required measures to shield information theft must be firmly implemented. References Bilogrevic, M. Jadliwala, and J. Hubaux. (2010). Security issues in next generation mobile networks: LTE and femtocells.2nd International Femtocell Workshop, Luton, UK. Retrieved from infoscience.epfl.ch/record/.../files/secu-LTE-femtocells-BJH-final.pdf Brain, M., Tyson, J., & Layton, J. (2000). How cell phones work.  HowStuffWorks.com. Retrieved from http://electronics.howstuffworks.com/cell-phone.htm. Cheng, R. (2011). Security becoming a must on smart phones (Inside Apps). Retrieved from http://news.cnet.com/8301-1035_3-20111012-94/security-becoming-a-must-on-smartphones-inside-apps/. Fraunhofer-Gesellschaft. (2011). Smart phones: keeping business data secure while allowing installation of personal apps. Retrieved December 6, 2011, from http://www.sciencedaily.com/releases/2011/10/111007103237.htm. Huston, B. (2011, September 22). Smart phones and banking application security. [Web log comment]. Retrieved from https://www.infosecisland.com/blogview/16527-Smartphones-and-Banking-Application-Security.html. Jansen, W., Scarfone, K. (Oct. 2008). Guidelines on cell phone and PDA security recommendations of the national institute of standards and technology. National Institute of Standards and Technology Special Publication 800-124. Motorola. (2008) .WHITE PAPER: 2G and 3G cellular networks: Their impact on today’s enterprise mobility solutions…and future mobility strategies. retrieved from http://www.bm-tricon.com/.../motorola_2g-and-3g-cellular-networks.pdf Nigam, Subhash., & Siljerud, Peter. (2006). 4G (fourth-generation wireless). Retrieved December 8, 2011, from http://searchmobilecomputing.techtarget.com/definition/4G.  Patterson, B. (2005). 3G cell phone service. Retrieved from http://reviews.cnet.com/4520-3504_7-5664933-1.html. Phifer, Lisa. (2000). 3G (third generation of mobile telephony). Retrieved from http://searchtelecom.techtarget.com/definition/3G. Verizon Wireless. (2011). Retrieved December 8, 2011, from http://network4g.verizonwireless.com/#/capabilities. Webopedia .(n.d). Retrieved from http://www.webopedia.com/TERM/W/Wi_Fi.html. Wi-Fi Alliance. (2011). Retrieved December 8, 2011, from http://www.wi-fi.org/enterprise.php. Read More