621 research outputs found
Exploiting Temporal Complex Network Metrics in Mobile Malware Containment
Malicious mobile phone worms spread between devices via short-range Bluetooth
contacts, similar to the propagation of human and other biological viruses.
Recent work has employed models from epidemiology and complex networks to
analyse the spread of malware and the effect of patching specific nodes. These
approaches have adopted a static view of the mobile networks, i.e., by
aggregating all the edges that appear over time, which leads to an approximate
representation of the real interactions: instead, these networks are inherently
dynamic and the edge appearance and disappearance is highly influenced by the
ordering of the human contacts, something which is not captured at all by
existing complex network measures. In this paper we first study how the
blocking of malware propagation through immunisation of key nodes (even if
carefully chosen through static or temporal betweenness centrality metrics) is
ineffective: this is due to the richness of alternative paths in these
networks. Then we introduce a time-aware containment strategy that spreads a
patch message starting from nodes with high temporal closeness centrality and
show its effectiveness using three real-world datasets. Temporal closeness
allows the identification of nodes able to reach most nodes quickly: we show
that this scheme can reduce the cellular network resource consumption and
associated costs, achieving, at the same time, a complete containment of the
malware in a limited amount of time.Comment: 9 Pages, 13 Figures, In Proceedings of IEEE 12th International
Symposium on a World of Wireless, Mobile and Multimedia Networks (WOWMOM '11
ConXsense - Automated Context Classification for Context-Aware Access Control
We present ConXsense, the first framework for context-aware access control on
mobile devices based on context classification. Previous context-aware access
control systems often require users to laboriously specify detailed policies or
they rely on pre-defined policies not adequately reflecting the true
preferences of users. We present the design and implementation of a
context-aware framework that uses a probabilistic approach to overcome these
deficiencies. The framework utilizes context sensing and machine learning to
automatically classify contexts according to their security and privacy-related
properties. We apply the framework to two important smartphone-related use
cases: protection against device misuse using a dynamic device lock and
protection against sensory malware. We ground our analysis on a sociological
survey examining the perceptions and concerns of users related to contextual
smartphone security and analyze the effectiveness of our approach with
real-world context data. We also demonstrate the integration of our framework
with the FlaskDroid architecture for fine-grained access control enforcement on
the Android platform.Comment: Recipient of the Best Paper Awar
A Novel Approach to Trojan Horse Detection in Mobile Phones Messaging and Bluetooth Services
A method to detect Trojan horses in messaging and Bluetooth in mobile phones by means of monitoring the events produced by the infections is presented in this paper. The structure of the detection approach is split into two modules: the first is the Monitoring module which controls connection requests and sent/received files, and the second is the Graphical User module which shows messages and, under suspicious situations, reports the user about a possible malware. Prototypes have been implemented on different mobile operating systems to test its feasibility on real cellphone malware. Experimental results are shown to be promising since this approach effectively detects various known malwareMinisterio de Ciencia e Innovación TIN2009-14378-C02-0
Applications of Temporal Graph Metrics to Real-World Networks
Real world networks exhibit rich temporal information: friends are added and
removed over time in online social networks; the seasons dictate the
predator-prey relationship in food webs; and the propagation of a virus depends
on the network of human contacts throughout the day. Recent studies have
demonstrated that static network analysis is perhaps unsuitable in the study of
real world network since static paths ignore time order, which, in turn,
results in static shortest paths overestimating available links and
underestimating their true corresponding lengths. Temporal extensions to
centrality and efficiency metrics based on temporal shortest paths have also
been proposed. Firstly, we analyse the roles of key individuals of a corporate
network ranked according to temporal centrality within the context of a
bankruptcy scandal; secondly, we present how such temporal metrics can be used
to study the robustness of temporal networks in presence of random errors and
intelligent attacks; thirdly, we study containment schemes for mobile phone
malware which can spread via short range radio, similar to biological viruses;
finally, we study how the temporal network structure of human interactions can
be exploited to effectively immunise human populations. Through these
applications we demonstrate that temporal metrics provide a more accurate and
effective analysis of real-world networks compared to their static
counterparts.Comment: 25 page
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System
Contactless payments devised for NFC technology are gaining popularity. Howbeit, with NFC technology permeating concerns about arising security threats and risks to lessen mobile payments is vital. The security analysis of NFC-enabled mobile payment system is precariously imperative due to its widespread ratification. In mobile payments security is a prevalent concern by virtue of the financial value at stave. This paper assays the security of NFC based mobile payment system. It discusses the security requirements, threats and attacks that could occur in mobile payment system and the countermeasures to be taken to secure pursuance suitability
Recommended from our members
A review paper on preserving privacy in mobile environments
Technology is improving day-by-day and so is the usage of mobile devices. Every activity that would involve manual and paper transactions can now be completed in seconds using your fingertips. On one hand, life has become fairly convenient with the help of mobile devices, whereas on the other hand security of the data and the transactions occurring in the process have been under continuous threat. This paper, re-evaluates the different policies and procedures used for preserving the privacy of sensitive data and device location.. Policy languages have been very vital in the mobile environments as they can be extended/used significantly for sending/receiving any data. In the mobile environment users always go to service providers to access various services. Hence, communications between the service providers and mobile handsets needs to be secured. Also, the data access control needs to be in place. A section of this paper will review the communication paths and channels and their related access criteria. This paper is a contribution to the mobile domain, showing the possible attacks related to privacy and the various mechanisms used to preserve the end-user privacy. In addition, it also gives acomparison of the different privacy preserving methods in mobile environments to provide guidance to the readers. Finally, the paper summarises future research challenges in the area of privacy preservation. This paper examines the ‘where’ problem and in particular, examines tradeoffs between enforcing location security at a device vs. enforcing location security at an edge location server. This paper also sketches an implementation of location security solution at both the device and the edge location server and presents detailed experiments using real mobility and user profile data sets collected from multiple data sources (taxicabs, Smartphones)
A Survey on Security for Mobile Devices
Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach
- …