Securing the Mobile Enterprise

September 13, 2009

Context Aware Mobility -1

Context Aware  Computing is next big thing on the horizon.  It is alternatively known by the much more cooler moniker “Ambient Computing“. From an architectural standpoint context aware services (CAS) usually have a component-based design with basic constructs like components, connectors, contracts and interfaces. Components provide the core functionality of the application and use connectors to communicate with other components in the system. Contracts and interfaces ensure a specific behavior in a given situation. “Awareness” is programmed into the system by rewiring the interfaces and contracts when the context changes. The context could be changed by changing one or more of the following parameters – userID, activity, geospatial information (location, direction, speed etc.), Temporal Information (timeOfday, date), ServiceVicinity (presence of other devices or services) etc. A simple manifestation of this is the popular app “Locale“.

Major universities  are furiously researching and developing technologies to incorporate context awareness in SOA environments. Such applications benefit from technology that connects everyday objects and provides opportunities to collect and use context specific information from various sources and present them on increasingly sophisticated mobile platforms. Enterprises have only recently started looking into how CAS applications can provide real-time benefits. In fact Cisco has recently announced mobile context aware framework running on the 3300 MSE (Mobility Services Edge) that enterprises can incorporate   into their existing SOA framework.

That’s it for a high level overview of context aware mobility. In the next article I will talk about some of the unique security constraints that have to be addressed in CAS environments.


September 2, 2009

Kaspersky releases mobile security suite

Filed under: Mobile Security,security,smartphone — Balaji Prasad @ 10:28 pm
Tags: , , ,

Kaspersky has announced what is by far the most promising security suite for Symbian and Windows Mobile phones. Besides providing a regulation firewall and anti-virus it offers unique features like anti-theft and SIM-Watch modules. Remote Device wipe is nothing new, Blackberry and Windows Mobile devices (via ActiveSync) have had this feature for years. However this is the first time we are having a device wiping solution for a mobile device that is not tethered to the enterprise. The device wipe in this case happens by sending an SMS message to the lost/stolen phone causing it to digitally self-destruct. The unique anti-theft module locks your data if a new SIM card is inserted into the device. Additionally it sneaks an email back to you with the telephone number of the new SIM card!! Truly ingenious. Enough data about the performance/battery-life implications of running this suite is not available as yet but if Kaspersky engineers it similar to their desktop solution, that should not be too much of a performance hog.

August 30, 2009

hacking A5/1

Filed under: Mobile Security — Balaji Prasad @ 11:52 pm
Tags: , ,

A5/1 is a stream cipher that is used to provide OTA security on GSM wireless networks. Vulnerabilities in this protocol have been known for years. It has been rumored that these vulnerabilities were left unfixed more due to political concerns than technical.Earlier this month, researcher Karsten Nohl has unveiled software that uses the distributed computing power of thousands of graphics processors (a la-‘ SETI) to construct a massive rainbow table  of GSM codes. A rainbow table is just a fancy name for a look up table that allows one to “invert” a hash. This hack in its most benign form would allow the community to come up with an open-source GSM protocol (though the market and business case for this is as yet unclear), however a more sinister manifestation would allow a hacker to snoop the airwaves and listen in on any cellular conversation(shudder!!). In the US, Verizon and Sprint are unaffected by this flaw, though AT&T and T-Mobile are potentially vulnerable. Presently there is no software or technique out there that can exploit this, however that could change soon. The GSM Association is said to be working on updating this decades old protocol and address some of its security flaws. About time!!

August 26, 2009

What is this blog about?

Filed under: Mobile Security — Balaji Prasad @ 2:37 am
Tags: , , , , ,

Today’s smart phones offer as much processing power as personal computers from half a decade ago. These devices and the complimenting apps offer incredible flexibility in processing and pulling information from the cloud around us, yet at the same time they expose us to new and unique attack vectors that can compromise the sensitive and often personal nature of data resident on the phone.
Security Vendors are furiously developing solutions that address this up and coming threat. In this blog I will discuss this exciting new frontier that will prove to be the next battleground between the good guys and the bad.

Blog at