Mobile Computing and Programming

Course Code: SWEG4103

Target Group: Software Engineering
Year : IV
 Outline
• Overview on Security in mobile and Wireless
Networks
• Security and Ad Hoc Networking
Technologies
• Location Information, Security, and Privacy
• Distinguishing Privacy and Security.
• Modeling security with UML
 What Is Computer Security?
• the protection of the items you value, called the
assets of a computer or computer system.
• There are many types of assets, involving hardware,
software, data, people, processes, or combinations
of these.
• To determine what to protect, we must first identify
what has value and to whom.
• is about provisions and policies adopted to protect
information and property from theft, corruption, or
natural disaster while allowing the information and
property to remain accessible and productive to its
intended users.
Con’t…
 Con’t…
• A computer device (including hardware, added
components, and accessories) is certainly an asset.
Because most computer hardware is pretty useless
without programs, the software is also an asset.
 Computer Security
• Computer Security when there is connection to networks
(Network security) on the other hand deals with
provisions and policies adopted to prevent and monitor
unauthorized access, misuse, modification, or denial of
the computer network and network-accessible resources.

Not Sufficient!!

Internet
Internet
 Why Computer Security
The past decade has seen an explosion in the concern for
the security of information, 2023 some statistical data
• There are now over 1 billion malware programs in existence.
• Trojans account for 58% of all computer malware.
• Every minute, four companies fall victim to ransomware
attacks.
• Every day, 560,000 new pieces of malware are detected.
• Nearly every second computer in China is infected with some form
of malware.
• Iran has the highest mobile malware infection rate at 30.3%.
 Why Computer Security (cont’d)
• Android devices are 50 times more likely to be infected with
malware than iOS devices. (Why? Explore more…)
• Over the past decade, there has been an 87% increase in malware
infections.
• The cost of cybercrime is predicted to reach more than $9 trillion
in 2025.
• Open-source vulnerabilities are found in 84% of code bases.
• Jobs and salaries for technology professionals have lessened in
recent years,BUT,Security specialists markets are expanding !
 Why Computer Security (cont’d)
• Virus and worms faster and powerful
• Melissa, Nimda, Code Red, Code Red II, Slammer
…
• Cause over $28 billion in economic losses in 2003,
growing to over $75 billion in economic losses by
2007.
• Code Red (2001): 13 hours infected >360K
machines - $2.4 billion loss
• Slammer (2003): 10 minutes infected > 75K
machines - $1 billion loss
 Biological Analogy
• Computing today is very homogeneous.
• A single architecture and a handful of OS
dominates
• In biology, homogeneous populations are in
danger
• A single disease or virus can wipe them out
overnight because they all share the same
weakness
• The disease only needs a vector to travel among
hosts
• Computers are like the animals, the Internet
provides the vector.
 Computer Security History
• In the 80s and 90s
• Evolutions
• Personal computers were popularized

• LANs and Internet invaded the world

• Applications such as E-commerce, E-government and

E-health started to develop
• Viruses become majors threats

• Organizations and individuals started to worry about

• Who has access to their computers and data

• Whether they can trust a mail, a website, etc.

• Whether their privacy is protected in the connected world

 Computer Security History
• Famous security problems
– Morris worm – Internet Worm
• November 2, 1988 a worm attacked more than 60,000
computers around the USA
• The worm attacks computers, and when it has installed itself,
it multiplies itself, freezing the computer
• It exploited UNIX security holes in Sendmail and Finger

• A nationwide effort enabled to solve the problem within 12

hours
– Robert Morris became the first person to be indicted
under the Computer Fraud and Abuse Act.
• He was sentenced to three years of probation, 400 hours of
community service and a fine of $10,050
– Until recently, he has been an associate professor at the
 Computer Security History
• Famous security problems …
– NASA shutdown
• In 1990, an Australian computer science student was
charged for shutting down NASA’s computer system for 24
hours
– Airline computers
• In 1998, a major travel agency discovered that someone
penetrated its ticketing system and has printed airline
tickets illegally
– Bank theft
• In 1984, a bank manager was able to steal $25 million
through un-audited computer transactions
 Computer Security History
• Famous security problems …
• In Ethiopia
– Employees of a company managed to change their salaries by
fraudulently modifying the company’s database
– In 1990s Internet password theft
• Hundreds of dial-up passwords were stolen and sold to other users

• Many of the owners lost tens of thousands of Birr each

– A major company suspended the use of a remote login software

by technicians who were looking at the computer of the
General Manager
• In Africa: Cote d’Ivoire
• An employee who has been fired by his company deleted all the
data in his company’s computer
 Computer Security formally
• Security is a state of well-being of information and
infrastructures in which the possibility of successful yet
undetected theft, tampering, and disruption of
information and services is kept low or tolerable
• Security rests on confidentiality, authenticity, integrity,
and availability
• Comp. Security: The protection of computer assets from
unauthorized access use, alteration, degradation,
destruction, and other threats.
 Threat Vs Vulnerabilities Vs risk and control
•
risk
Threat: a person/thing likely to cause damage, thing that
we are going to protect against (hackers, malicious
program, etc)
• A threat to a computing system is a set of
circumstances that has the potential to cause loss
or harm.

• Vulnerabilities: it is a weakness / gap in our protection

system which can be exploited by threats to gain
unauthorized access to our asset.
• A vulnerability is a weakness in the system, for
example, in procedures, design, or implementation, that
 Con’t…
• For instance, a particular system may be vulnerable to
unauthorized data manipulation because the system does not
verify a user’s identity before allowing data access.

• Risk: a potential for loss, destruction/ damage of an asset as a

result of a threat exploiting vulnerabilities.
 Con’t…

• How do we address these problems? We use a control or

countermeasure as protection. That is, a control is an action,
device, procedure, or technique that removes or reduces a
vulnerability.

• Controls prevent threats from exercising vulnerabilities.

 Con’t…
• We can consider potential harm to assets in two ways:
• First, we can look at what bad things can happen to assets,
and
• second, we can look at who or what can cause or allow those
bad things to happen. These two perspectives enable us to
determine how to protect assets.

• Think for a moment about, what makes your computer

valuable to you?
• What kinds of threat (types of threat do you expect)?
 Con’t…

Security threats
A ______ is blocked by control of a vulnerability
The Basic Components
• Confidentiality is the concealment(protection) of
information or resources.
– the ability of a system to ensure that an asset is viewed
only by authorized parties
• Authenticity is the identification and assurance of
the origin of information.
• Integrity refers to the trustworthiness of data or
resources in terms of preventing improper and
unauthorized changes.

• Availability refers to the ability to use the

information or resource desired.
Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate
“securely”
• Trudy (intruder) may intercept, delete, add
Alice
messages Bob
channel data, control
messages

data secure secure data

sender receiver

Trudy
 Computer Security and Privacy/Attacks

Categories of Attacks
• Interruption: An attack on availability
• Interception: An attack on
confidentiality
• Modification: An attack on integrity
• Fabrication: An attack on authenticity
 Classify Security Attacks as
• Passive attacks – eavesdropping (spying /
observation) on, or monitoring of,
transmissions to:
– obtain message contents, or
– monitor traffic flows
• Active attacks – modification of data stream
to:
– Masquerade / mask / Pretense of one entity as
some other
– replay previous messages
– modify messages in transit
 Eavesdropping - Message
Interception (Attack on
Confidentiality)
• Unauthorized access to information
• Packet sniffers and wiretappers
• Illicit copying of files and programs

A B

Eavesdropper
 Attack on Confidentiality (examples)

Here are some properties that could mean a failure of data

confidentiality:
• An unauthorized person accesses a data item.
• An unauthorized process or program accesses a data
item.
• A person authorized to access certain data accesses
other data not authorized (which is a specialized
version of “an unauthorized person accesses a data
item”).
 Attack on Confidentiality (examples)
• An unauthorized person accesses an approximate data
value (for example, not knowing someone’s exact salary
but knowing that the salary falls in a particular range or
exceeds a particular amount).

• An unauthorized person learns the existence of a piece of

data (for example, knowing that a company is developing
a certain new product or that talks are underway about
the merger of two companies)
Access Control
Integrity Attack – Tampering With
Messages
• Stop the flow of the message
• Delay and optionally modify the message
• Release the message again

A B

Perpetrator
 Authenticity Attack -
Fabrication
• Unauthorized assumption of other’s
identity
• Generate and distribute objects under this
identity

A B

Masquerader: from A
 Attack on Availability
• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias
commands)
• Corrupt packets in transit

A B

• Blatant denial of service (DoS):

– Crashing the server
– Overwhelm the server (use up its resource)
 Goals of computer security
• Computer security seeks to prevent unauthorized
viewing (confidentiality) or modification (integrity) of
data while preserving access (availability) with
authentication.
 Some computer threat
1. Blackout 19. Spike
2. Brownout 20. Server Spoofing
3. Brute Force Attack 21. Session Hijacking
4. Buffer Overflow 22. Smurf Attack
5. Cookie Injection 23. SNMP Community Strings
6. Cookie Poisoning 24. Spamming
7. Cracking 25. Scam and Phishing
8. DNS Poisoning 26. Spoofing Attack
9. DoS Attack 27. SQL Injection
10. DDoS Attack 28. SYN Attack
11. Eavesdropping 29. Teardrop
12. HTTP Tunnel Exploit 30. Traffic Analysis
13. ICMP Flood 31. Trojan Horses
14. Logic Bomb 32. UDP Flood
15. Malware Attack 33. Viruses
16. Packet Sniffing 34. Worms
17. Ping of Death 35. War Dialing
18. Serge 36. Wire Tapping
 Mobile Security
• Security is the biggest concerns when designing any application.
• distributed applications :Most Mobile Apps
• We need security for two reasons:
1. To keep out Unauthorized users to get access to things that they
are not allowed to access.
2. To ensure that computing assets access are not inadvertently
given to parties not actively seeking a system breach.
• Such a breach can happen at different points:
– Hardware
– ˆ Software, and ˆ Communication channels.

• Various types of security concerns for mobile applications :OSI

Model
 Mobile Security
• Security consists of four parts:
1. Physical security: prevent interference signals + Protecting the
hardware

2. Data Security: what encryption techniques are used to protect

the data.
3. User authentication: how to protect the wireless network from
unauthorized users.

4. User anonymity : what kind of protection is used against

information gathering
– User anonymity refers to the practice of keeping a user's identity hidden while using online
services or browsing the internet.
 Mobile Security
• Security concerns for mobile applications
Application Layer Security
• The most important layer for Securing our mobile application
• Directly communicate with users
• Standalone Application :application without constant netw.
Comm.
– Encrypting data: Use encryption methods like AES (Advanced Encryption
Standard) to protect sensitive data stored in the app or on the device.
– Authentication & Authorization: only legitimate users can access the
app((e.g., using strong usernames and passwords or biometrics like
fingerprint/face ID). Authorization determines what users can do once
authenticated. (r,w,x)
• Think Networked application ([Link] may additionally include
usage of encrypted communication using techniques such as DS3
 Mobile Security
• Security concerns for mobile applications
Application Layer Security
• Networked application ([Link] rely on constant network
connections, such as social media platforms or cloud storage
services.
• may additionally include usage of encrypted communication using
techniques such as DS3, AES, 3DES, etc
– Ensure all data transmitted between the app and the server is encrypted
using HTTPS (HyperText Transfer Protocol Secure).
– HTTPS protects against eavesdropping and man-in-the-middle attacks.
– Use encryption protocols like DS3 (Data Security Standard 3), which offer
high-level encryption for secure communications over the network.
 Mobile Security
• Security concerns for mobile applications
Presentation Layer and Session Layer Security
• handle the display of data and manage user sessions (connections
between the user and the application).
• Securing the Presentation Layer:
• This layer ensures that the data displayed to users is
accurate and secure, and that attackers cannot manipulate or
alter it.
– Example: An online shopping app ensures that the product prices
shown to users are authentic and cannot be altered.
• Securing the Session Layer: SSL (Secure Socket Layer):
– SSL is a cryptographic protocol that secures data exchanged
 Mobile Security
• Security concerns for mobile applications
Transport Layer and Network Layer Security
• These layers are responsible for transmitting data over the
network.
• The transport layer handles communication between applications,
while the network layer manages data routing.
Transport Layer: Technology used TCP
– Ensures reliable communication by checking that data packets
are delivered and reassembled correctly.
– Example: When a file is uploaded to a cloud app, TCP
ensures all parts of the file are delivered without
corruption.
 Mobile Security
• Security concerns for mobile applications
Transport Layer and Network Layer Security
• Network Layer: Technology Used: IP
– Directs data packets between the user's device and the
server.
– Example: When accessing a website, IP determines how the
request reaches the server and how the response is returned.
 Mobile Security
• Security concerns for mobile applications
Transport Layer and Network Layer Security
• How to Secure These Layers:
• Important Technology: IPSec (Internet Protocol Security):
– IPSec is a suite of protocols that secures communications by
encrypting and authenticating data packets.
– Example: When using a VPN, IPSec ensures that all data passing
through the network is encrypted and secure from interception.
– Without security at these layers, attackers can intercept or
manipulate data packets (e.g., altering the content of messages
sent over a chat app).
 Mobile Security
• Security concerns for mobile applications

Data link layer & Physical Layer

• Data Link Layer Security
• MAC (Medium Access Control) addresses belong. Physical
Layer Security
• In addition to OSI Model :The dimensions of mobility, and
user mobility leads :Other security issues that are unique
from any of those concerns experienced by stationary
applications:
 Mobile Security
• Security concerns for mobile applications

Security concerns
• secure authentication and authorization of nodes,
• secure communications between the authenticated and
authorized nodes of the
• network over a wireless connection the network users
 Mobile Security
• Security concerns for mobile applications

Security concerns
• secure deployment of an application on the target device
• securing any conversion of content required for
supporting multimodal applications
• defending against the fraudulent usage of the wireless
service, and
• defending against various Denial of Service attacks that
may interrupt service to
 Mobile Security
Wireless Security
• Wireless Network…
• Advantage of Wireless Network…
• Categories of Wireless Network…(WPAN,WLAN,WMAN,WWAN)

• What do u think z Key Problem with Wireless Communication?

• The data being transmitted over wireless networks can be

intercepted because:
• Wireless signals travel through the air.
• Any nearby device can potentially “sniff” or intercept these signals.
 Wireless Security
• Why is this dangerous?
• Data Theft: Sensitive information like passwords, credit card
details, or personal chats can be stolen.
• Unauthorized Access:
• MITMTA
• Wireless network security is the practice of protecting wireless
networks from unauthorized access and malicious attacks.
• Without security, data can be intercepted, altered, or stolen.
• Wireless networks are inherently more vulnerable because they
use open air to transmit data.
 Wireless Security
• Layered Security Approach
What is Layered Security?
• uses multiple layers of defense to protect a wireless network.
• If one layer fails, the other layers provide additional protection.

• Physical Security:
• Protect the physical devices like routers and access points from
unauthorized access.
• Example: Keep routers in secure locations to prevent tampering.
 Wireless Security
• Authentication: Verify the identity of users before
granting access.
• WPA2/WPA3 (Wi-Fi Protected Access): Uses strong passwords
and encryption.
• MAC Address Filtering: Only allow specific devices to connect.
• Encryption:
• Scramble the data so that it cannot be understood by
unauthorized users.
• Protocols:
• WPA2/WPA3: Modern encryption standards.
• AES (Advanced Encryption Standard): Ensures strong encryption.
 Wireless Security
Firewalls:
• Monitor and filter incoming/outgoing traffic to block
unauthorized access.
• Example: Routers often have built-in firewalls to detect malicious
activity.
Network Monitoring:
• Use software to continuously monitor for suspicious behavior.
• Example: Network Intrusion Detection Systems (NIDS).
• Regular Updates:
• Update firmware and software regularly to patch vulnerabilities.
 Wireless Security
Level 1: Wireless Deployment and Policy
• foundational level of wireless security. It focuses on proper
deployment of WAPs and establishing policies to govern their
use.
• Key Components: Deploy Minimum WAPs: Ensure only the
minimum number of access points are deployed to provide adequate
coverage. (Civil & arch?)

• Policies for Installation: Define strict rules for where and how
WAPs are installed.
• Prevent unauthorized personnel from adding rogue WAPs that
bypass security controls.
 Wireless Security
NIC Operational Modes:

• Infrastructure Mode: All devices connect to a central WAP.

• This is the most common and secure mode for enterprise WLANs.

• Ad-hoc Mode: Devices connect directly (peer-to-peer).

• This mode is insecure as it bypasses central control.
• Best Practice: Disable ad-hoc mode on all wireless NICs in an
enterprise environment.
 Wireless Security
• Policies for User Group Access: Define access rules for specific
groups:

• Employees: Full access to internal resources with proper

authentication.
• Visitors: Limited or isolated access, such as guest networks.

• At Level 1, ensure a controlled deployment of WAPs, set policies for

installation, and restrict NIC operation modes.
 Wireless Security
Level 2 :Wireless Access Control
• This level ensures that only authorized devices can connect to the
wireless network.
• Access control includes device-level authorization and basic
authentication mechanisms.
 Wireless Security
Components of Access Control:
• Device Access Control:
• Restricts network access to specific devices by verifying their
MAC addresses (Media Access Control).
• Example: Allow only pre-registered MAC addresses to connect
to the network.
• User Authentication:
• Involves validating the user attempting to connect to the
network through credentials (username/password).
 Wireless Security
• WEP (Wired Equivalent Privacy):
• A legacy encryption mechanism for WLANs. Although outdated
and vulnerable to attacks, it was once widely used.

• Best Practice: Configure WEP for its highest encryption level

(e.g., 128-bit keys).

• Note: Modern networks use WPA2/WPA3 for stronger

encryption and should avoid WEP.
 Wireless Security
• SSID Management:
– SSID (Service Set Identifier) is the network name broadcasted by
WAPs.
– Best Practices for SSID:
• Do not broadcast the SSID: Prevent casual detection by
unauthorized devices.
• Change the SSID regularly: To reduce risk from previously
compromised SSIDs.
• Level 2 focuses on securing access to the wireless network by
managing SSID configurations, device controls, and
authentication methods.
 Wireless Security
• Level 3 : Perimeter Security
• Perimeter security aims to protect the wireless infrastructure itself
and the traffic flowing within the network.

• Virtual Private Network (VPN):

• A VPN is an essential component of perimeter security. It ensures

secure communication over the wireless network.
 Wireless Security
• VPN Basics:
• A VPN creates an encrypted, authenticated, and encapsulated
connection between the client device and a VPN server.
• It essentially extends a private network over a public medium,
ensuring data confidentiality and integrity.
• Example: Remote employees connecting securely to their
company’s internal network.
 Wireless Security
• Benefits of VPN:
– Encrypts traffic to protect sensitive data.
– Prevents man-in-the-middle (MITM) attacks.
– Masks the actual network traffic from eavesdroppers.

• Wireless Firewall and Intrusion Prevention System (IPS):

– Install wireless firewalls to monitor and filter wireless traffic.
– Use Intrusion Prevention Systems (IPS) to detect and prevent
malicious activities.
 Wireless Security
• Best Practices for Perimeter Security:
• Install an intrusion prevention system (IPS) and wireless
firewall on WLAN.
• Use VPN servers: Direct all wireless traffic through VPN servers.
• Configure Clients: Ensure client devices are set up to connect
securely to the VPN.
• Access Policies: Enforce strong user authentication and define
routing policies for network access.
• Level 3 protects wireless traffic and infrastructure through VPNs,
firewalls, and intrusion prevention systems.
 Wireless Security
• Application Security in Wireless Communication (Level-4)
• minimizing vulnerabilities within different types of software and
ensuring applications are safeguarded against unauthorized access,
data breaches, and other threats.
Why Application Security Matters?
• Wireless networks transmit data through the air instead of physical
connections, making them more vulnerable to interception and
unauthorized access.

• Applications interacting with the wireless network must be secure

to avoid being exploited as entry points for malicious actors.
 Wireless Security
• Unsecured applications: Applications may have vulnerabilities
that attackers can exploit.
• Malware Injection: Exploiting flaws in software can lead to
malicious code being injected.
• Data Breaches: Sensitive information (user credentials, financial
data, etc.) can be intercepted.
• How to Achieve Application Security?

• Application security is achieved through a layered security

approach at the application level, integrating protection throughout
the Secure Software Development Life Cycle (SDLC).
 Wireless Security
• Key Protection: Secure Software Development Life Cycle
(SDLC)
• The SDLC integrates security measures into each phase of the
software development process to minimize risks and ensure robust
application security.
Phases of Secure SDLC:
Requirements Gathering & Analysis
– Identify security requirements (e.g., user authentication, data
encryption).
– Define compliance needs based on security standards (e.g.,
GDPR, ISO 27001).
 Wireless Security
Design
• Develop a secure architecture using best security practices.
• Incorporate threat modeling to identify and mitigate vulnerabilities
in the design phase.
• Key activities:
– Access Control: Ensure users only access authorized resources.
– Data Flow Diagrams: Analyze data transfer to avoid leakage or
interception.
 Wireless Security
Implementation (Coding)
• Follow secure coding guidelines and standards (e.g., OWASP).
• Avoid common vulnerabilities like SQL injection, cross-site scripting
(XSS), or buffer overflows.
• Use tools like static and dynamic code analysis for vulnerability
detection.
• Example practices:
– Input validation to avoid malicious input.
– Password hashing instead of storing plaintext passwords.
 Wireless Security
Testing
• Perform security testing alongside functional testing.
• Types of security testing:
– Penetration Testing: Simulate real-world attacks to find
weaknesses.
– Code Review: Manual or automated code inspection for flaws.
– Vulnerability Scanning: Identify known vulnerabilities in the
application.
 Wireless Security
Deployment
• Implement security measures during deployment, such as:
– Secure configurations (e.g., HTTPS, secure ports).
– Enabling logging and monitoring to track unauthorized access
attempts.
• Maintenance & Monitoring
• Continuously monitor applications for new vulnerabilities.
• Apply regular patches and updates to fix security flaws.
• Conduct periodic security audits to ensure compliance.
 Wireless Security
• Key Security Measures at the Application Level
• Authentication and Authorization

– Use multi-factor authentication (MFA) and Role-Based Access

Control (RBAC) to validate and restrict user access.
• Data Encryption
– Encrypt sensitive data (e.g., using AES or RSA algorithms)
during transmission and storage to prevent unauthorized access.
 Wireless Security
• Input Validation
– Sanitize all user inputs to prevent injection attacks like SQL
injection and XSS.
• Session Management
– Secure sessions with timeouts, tokens, and proper session ID
management.
• Monitoring and Logging
– Continuously log user activities and monitor for suspicious
behavior to detect potential threats early.
• Patch Management
– Regularly update and patch applications to close security
vulnerabilities.
 Wireless Security
• Let’s assume a company is building a mobile banking app that
operates over a wireless network:
• Requirements: Define secure logins and encrypted data transfers.
• Design: Secure API design with HTTPS and data encryption
protocols.
• Implementation: Enforce secure coding practices, like input
validation and encryption.
• Testing: Conduct penetration testing to identify vulnerabilities.
• Deployment: Deploy with SSL/TLS enabled.
• Maintenance: Apply patches to fix new vulnerabilities.
 Wireless Security
WIRELESS NETWORK COMPONENTS AND ARCHITECTURAL
MODELS
• A wireless network is composed of several key components that
work together to allow devices to communicate wirelessly. The core
components in wireless networks are:
• Wireless End Station: refers to any physical device that can
connect to and communicate within a wireless network. These
devices use the IEEE 802.11 standard (which is the basis for Wi-Fi).
• Examples: Laptops, smartphones, tablets, wireless printers, and any
device that supports Wi-Fi or Bluetooth.
 Wireless Security
• Access Points (AP): is a device that acts as the central hub in a
wireless network, allowing multiple devices to connect to a
network.
• It essentially provides a bridge between a wireless local area
network (WLAN) and a wired LAN.
• Network Platform: The AP enables wireless communication
between different devices within a WLAN, or between a WLAN and
a wired LAN.
• Relay Function: The AP serves as a relay between devices (stations)
attached to it, facilitating communication between them.
 Wireless Security
• 2. IEEE 802.11 Standard: standard is crucial in defining how
wireless communication works.
• It is the foundation of Wi-Fi networks. There are two primary
operational modes in this standard:
• Infrastructure Mode: relies on fixed infrastructure, such as Access
Points (APs), to relay information between devices.
• wireless devices (end stations) connect to an AP to access the
network. The AP acts as a central communication point between the
wireless devices and the wired network.
 Wireless Security
• 2.2 Ad-Hoc Mode: decentralized, peer-to-peer network type where
devices communicate directly with each other without the need for
an AP or central server.
• Devices in an ad-hoc network can communicate directly, making it
possible to set up networks quickly and cheaply.
• However, security becomes a significant concern, as there is no
central control and the network topology can change dynamically.
 Wireless Security
• Challenges of Securing Wireless Ad-Hoc Networks
• Vulnerability of Channels: Wireless communication can be
intercepted easily since the data travels through the air, making it
prone to eavesdropping.
• Attackers can listen in on unsecured wireless channels and
potentially steal sensitive data.
• Vulnerability of Nodes: The absence of infrastructure means
there is no central authority to enforce security.
• Devices in ad-hoc networks can be easily impersonated, leading to
attacks such as Masquerading (pretending to be a legitimate node).
 Wireless Security
Dynamic Topology
• As devices join or leave the network dynamically, the network
topology changes.
• This introduces instability and makes it harder to implement
traditional security measures like encryption and authentication.
 Wireless Security
• Security Services for Wireless Networks: The primary goal of any
wireless network security solution is to ensure the
confidentiality, integrity, authentication, and availability of
data.
• To achieve this, security mechanisms must span the entire protocol
stack of a network.
Security at Various Protocol Layers
• Security can be enforced across various layers of the protocol stack:
• Application Layer: Detects and prevents malicious code, viruses,
and application abuses.
• Transport Layer: Secures end-to-end communication through
encryption and authentication.
 Wireless Security
• Network Layer: Protects the routing and forwarding protocols.
• Data Link Layer: Provides link-layer security, ensuring secure
communication on the wireless medium. (MAC)
• Physical Layer: Prevents denial-of-service (DoS) attacks by
preventing signal jamming.
• Each of these layers must be secured to maintain the overall
integrity of the wireless network.
 Wireless Security
• Security Solutions and Mechanisms
• Security solutions aim to implement various security services such
as:
• Authentication: Verifying the identity of devices and users.
• Confidentiality: Ensuring that sensitive data is only accessible to
authorized parties.
• Integrity: Ensuring that data is not tampered with during
transmission.
• Availability: Making sure the network is accessible and functional,
even in the event of attacks.
Security and Privacy Concerns in Location-based
Services (LDS)
• Location-based services (LDS) are commonly used in mobile
computing, and they come with a set of security and privacy
concerns:

• most of the security & privacy intimidations related to LDS have

still not been appropriately addressed
Security and Privacy Concerns in Location-based
Services (LDS)
• Location-based services (LDS) are commonly used in mobile
computing, and they come with a set of security and privacy
concerns:

Security Concerns
• Authentication: Only authorized users should be able to access
location data.
• Traceability: It’s crucial to track and report malicious activities.
• Confidentiality: The location data must be shared only with
authorized parties, using encryption.
• Efficiency: Lightweight security mechanisms should be
implemented to minimize overhead.
Security and Privacy Concerns in Location-based
Services (LDS)
Security Concerns
• Anonymity: The ability of a user to access something without
disclosing the identity to the third-parties.
• Short-term likability: A receiving vehicle (VANET) must be
capable of verifying that the multiple messages it is receiving
within a small-time frame.
• Pseudonymity : It gives assurance of resource access by a user
without sharing its identity, but can still be answerable for that use.
• Location Privacy: The location of the user must be shielded from
unapproved access.
Security and Privacy Concerns in Location-based
Services (LDS)
Security Vs Privacy
• While security focuses on protecting data and systems from threats,
privacy is about ensuring that users have control over their
personal information.
• Data Privacy: Ensuring that the content of a transaction is
protected from unauthorized disclosure.
• Source and Destination Privacy: The identity of the parties
involved in the transaction should be hidden.
• Location Privacy: The geographical or logical location of users
should remain private.
• Time Privacy: The specific time a transaction occurs should not be
disclosed.
Security and Privacy Concerns in Location-based
Services (LDS)
Security Vs Privacy
• Tips for protecting your privacy & security
• Limit your social media presence and the data you share online.
• Read the organization’s privacy policy in its entirety before agreeing and accepting the
terms.
• Keep your social security number (SSN) secure, and avoid distributing it when possible.
• Use multifactor authentication to log in to secure sites. Install and use security software.
• Use a VPN when on public WiFi.
• Ensure your router is secure, and use a firewall.
• Consider identity theft protection services.
• Use different passwords for different sites and applications. Make each password complex,
or consider a passphrase instead.
 Questions
1. Wireless networks offer significant advantages like flexibility, mobility, and cost-
efficiency. However, they are inherently insecure because data can be
intercepted over the air.
• Analyze the following scenarios:
– A wireless LAN (WLAN) in a AASTU library.
– A wireless personal area network (WPAN) connecting IoT devices at home.
– A wireless wide area network (WWAN) providing public Wi-Fi in a city.

• For each case, identify the security risks and propose a layered security
approach to mitigate the threats.
 Questions
2. Network Interface Cards (NICs) in wireless devices operate in different modes.
Explain how each NIC mode operates in the context of wireless communication,
evaluate how attackers can exploit NIC modes to intercept data and launch
attacks. Suggest countermeasures to prevent unauthorized access or
eavesdropping.

3. Define the core principles of layered security and why it is essential for wireless
communication. Apply these principles to a practical situation: Securing a
Wireless Metropolitan Area Network (WMAN) used to connect different
branches of a government office.
 Course Objectives
• To provide students with an understanding of the fundamental
concepts of mobile computing, such as mobile hardware, software,
and communications.
• To introduce students to the different types of mobile devices and
operating systems.
• To teach students how to develop mobile applications using
popular programming languages and frameworks.
• To enable students to design and implement mobile applications
that meet the needs of users and businesses.
• To develop students' problem-solving and analytical skills in the
context of mobile computing.
 Course Learning Outcomes
Up on successful completion of this course, students should Program
be able to: learning
outcomes
CLO 1 Define, Explain and state the key concepts in mobile computing, PLO 2
emerging and possible future technologies and its application areas.

CLO 2 Applying various scientific computing knowledge of mobile computing PLO 1

to antithetic application area

CLO 3 Critically articulate, analyze and evaluate security concerns of the PLO 6
mobile computing technologies and mobile networks.

CLO 4 Perform/conduct simulation for studying and predicting challenge and PLO 5
behaviors of various mobile computing
technologies.

CLO 5 PLO 8
Choose, Practice legal and Ethical principles mobile application
framework for designing, and constructing mobile Software
application