Essay: Security Guidance for Critical Areas of Mobile Computing

“Security Guidance for Critical Areas of Mobile Computing”
1.2. What Is Mobile Computing?
Mobile Computing is very broad term which can be used to define any means of using a computer outside the workplace. This includes working from home or on the road, at airport or at hotel. This also includes kiosks used to remotely connect to corporate office, home computers, laptops, smart phones or tablets. In this paper we have restricts our scope up to mobile devices like smart phones & Tablets. It is human—computer interaction by which a computer is expected to be transported during normal usage.
The birth of “mobile computing” has signalled a new era in the field of computing and information systems. The concept of mobile computing is derived from the realization that as computing machinery decrease in size and increase in computing power users will demand these machinery to be part of their everyday life, accompanying them in the carrying-out of their everyday tasks. Researchers in this new field envisage that mobile computing units, such as today’s laptops and palmtops, in the future will be communicating with each other via wireless networks, whilst providing location transparency to the user. Mobile computing activity be connected wirelessly to and through the Internet or to and through a private network.
Mobile computing is distributed computing that involves elements whose location changes in the course of computation. Elements may be software components such as mobile agents data, hardware such as palmtops and wireless phones or users The term mobile computing is very often used for wireless mobile computing – the use of portable devices capable of wireless networking. Wireless mobile computing faces additional constraints induced by the characteristics of wireless communications and the demand for portability. Mobile wireless computing enables access to data at any time and from any place towards the vision of ubiquitous (see Ubiquitous Computing) or pervasive computing. Although mobile computing covers a variety of different hardware and software platforms as well as diverse applications, many common issues arise.
1.2.1. What Comprises Mobile Computing?
Mobile Computing comprises of several different components. As compared to components of other technology, the mobile computing technology components take a more critical role in terms of making decisions on how to manage these devices. Mobile computing is human—computer interaction by which a computer is expected to be transported during normal usage. Mobile computing involves mobile communication, mobile hardware, and mobile software. Communication issues include ad hoc and infrastructure networks as well as communication properties, protocols, data formats and concrete technologies. Hardware includes mobile devices or device components. Mobile software deals with the characteristics and requirements of mobile applications. The term mobile computing is very often used for wireless mobile computing – the use of portable devices capable of wireless networking. Wireless mobile computing faces additional constraints induced by the characteristics of wireless communications and the demand for portability
1.2.1.1 BYOD Concept:
BYOD (Bring Your Own Device). This concept permitting the employees to bring their own mobile devices to their work place and to use those devices to access the privileged company information and applications.
1.2.1.2 Authentication:
Authentication is another concept that is not new to mobile computing, but how it is handled with respect to mobile computing can be little bit different from prior technologies. The focus of authentication is not just to protect the device but also to protect the data stored and accessed by device.
1.2.1.3 App Store:
Traditionally the management & distribution of applications was the role of IT. But the new concept of App Store helped to ensure the uniformity across the system by Licensing, centralized management and controlled distribution of applications.
1.2.1.4 Device Management:
Mobile device management (MDM) is the administrative area dealing with deploying, securing, monitoring, integrating and managing mobile devices, such as smart phones, tablets and laptops, in the workplace. The intent of MDM is to optimize the functionality and security of mobile devices within the enterprise, while simultaneously protecting the corporate network. Mobile device management software allows distribution of applications, data and configuration settings and patches for such devices. Ideally, MDM software allows administrators to oversee mobile devices as easily as desktop computers and provides optimal performance for users. MDM tools should include application management, file synchronization and sharing, data security tools, and support for either a corporate-owned or personally owned device.
1.2.1.5 Security:
Mobile phone security has become most important in mobile computing. It is of particular concern as it relates to the security of personal and business information now stored on smart phones. While security affects all areas of mobile computing, it is still necessary to call it out separately.
1.3. Characteristics of Mobile Computing:
There are several characteristics of mobile computing.
1.3.1 Portability:
As the name “Mobile” implies, the device is to be able to move from one place to another place without affecting its ongoing functionality. The portability provides the user to take away its digital devices from his/her office location & provides easy access of its working files on the go.
1.3.2 Connectivity:
The ease of being able to connect to the Internet and receive or transmit data is an essential component to mobile computing. Connectivity through mobile carriers over a 3G- or 4G-type network, as well as Wi-Fi capabilities, are basic requirements for mobile devices.
1.3.3 Interactivity:
This could almost go without saying, but like most other computing technologies, the ability for a mobile device is critical. The interactivity becomes more significant with mobile devices, as they typically have less computing power than other types of technology.
1.3.4 Individuality:
Individuality may sometimes be overlooked, but it is a basic component of the concept of mobile computing. Mobile devices, including smart phones and tablets, are designed for individuals and have become a sort of extension to people in many aspects of their lives. From this perspective, how individuals interact with mobile devices remains unique.
1.4. Threats to Mobile Computing:
Mobile computing brings with it threats to the user and to the corporate environment. From personal information to corporate data, mobile devices are used for a wide variety of tasks by individuals and companies. Mobile devices have added a new threat to the corporate landscape as they have introduced the concept of bring your own device (BYOD). While this is not necessarily an entirely new concept, the wide acceptance of BYOD with mobile devices has created a paradigm shift, where the security and safety of the device is not necessarily to protect the corporate data, but to keep the personal data out of the hands of corporate management. In July 2012, the Cloud Security Alliance and the Mobile Working Group surveyed 210 security practitioners from 26 countries. Respondents were approximately 80% “experts in the field of information security,” which includes security admins, consultants and cloud architects. Twenty percent of respondents held these roles at cloud service providers. The survey asked users to rank mobile top threats in order of both their concern and likelihood of a threat: occurring this year, next year, or not likely to happen. After considering over 40 different top threats to the mobile landscape, the top candidates were dubbed “The Evil 8.”
1.4.1. The Evil 8: Top Threats to Mobile:
1. Data Loss from lost, stolen, or decommissioned devices
2. Information stealing mobile malware
3. Data Loss and Data Leakage through poorly written third-party applications
4. Vulnerabilities within devices, OS, design, and third-party applications
5. Unsecured Wi-Fi, network access, and rogue access points
6. Unsecured or rogue marketplaces
7. Insufficient management tools, capabilities, and access to APIs (includes personas)
8. MDM and proximity-based hacking
Threat #1 — Data Loss from Lost, Stolen, or Decommissioned Devices:
By their nature, mobile devices are with us everywhere we go. The information accessed through the device means that theft or loss of a mobile device has immediate consequences. Additionally, weak password access, no passwords, and little or no encryption can lead to data leakage on the devices. Users may also sell or discard devices without understanding the risk to their data.
The threat level from data loss is high, as it occurs frequently and is a top concern across executives and IT admins.
Threat Example:
The Symantec Smartphone Honey Stick Project1 was designed to collect information on what happens when a smartphone is lost. The company “lost” 50 smartphones, each containing simulated personal and corporate information. The results were astonishing:
• 83% had attempts to access business apps
• 89% had attempts to access personal apps
• 96% had attempts to access at least some type of data
• 50% of finders contacted the owner and offered to help return the phone
• The most popular apps accessed were: Contacts; Pictures; Social networking; Webmail and Passwords.
Threat #2 — Information-Stealing Malware:
Android devices, in particular, offer many options for application downloads and installations. Unlike iOS devices, which need to be jail broken, Android users can easily opt to download and install apps from third-party marketplaces other than Google’s official “Play Store” marketplace. To date, the majority of malicious code distributed for Android has been disseminated through third-party app stores, predominantly in Asia. Most of the malware distributed through third-party stores has been designed to steal data from the host device.
This threat level is high, as Android malware in particular is becoming a more popular attack surface for criminals who traditionally have used PCs as their platforms. Kaspersky Labs found that malware targeting Android users nearly tripled in the 2nd quarter of 2012.
Threat Example:
One of the most prevalent pieces of malicious code for Android is called “Zitmo.” This is a mobile version of the Zeus malware, which is designed to steal information from the device by defeating the SMS-based banking two-factor authorization.
Another example is the Nickspy Trojan, which began infecting mobile devices in 2011. This application disguises itself as a Google Plus app but contains the ability to record phone conversations to an audio file, which it uploads to a remote server managed by the app’s originators.
Figure1. Fake Android Security App
Threat #3 — Data Loss and Data Leakage through Poorly-Written Applications:
Applications for smartphones and tablets have grown exponentially on iOS and Android. Although the main marketplaces have security checks, certain data collection processes are of questionable necessity; all too often, applications either ask for too much access to data or simply gather more data than they need or otherwise advertise.
This is a mid-level threat. Although data loss and leaking through poorly-written applications happens across mobile operating systems, it is not exploited nearly as often as other threats in the Evil 8.
Threat Example:
A report published by Arxan, a private software security company, states that more than 90% of top paid mobile apps have been hacked, and few apps use security defenses that keep user data protected.4 For example, LinkedIn recently jeopardized user data by unknowingly enabling privileged access to calendar data within their iPad and iPhone apps. Without user knowledge, LinkedIn’s application on iOS devices transmitted passwords, meeting notes, and other information from calendar entries.
Threat #4 — Vulnerabilities in Hardware, OS, Application and Third-Party Applications:
Mobile hardware, OS, applications and third-party apps contain defects (vulnerabilities) and are susceptible to exfiltration and/or injection of data and/or malicious code (exploits). The unique ecosystem inherent in mobile devices provides a specialized array of security concerns to hardware, OS, and application developers, as mobile devices increasingly contain all of the functionalities attributed to desktop computing, with the addition of cellular communication abilities.
This is a mid-level threat; although the possibility is high, the number of exploits is not.
Threat Example:
This is seen in the exponential growth of mobile malware with hardware that sends data back to the manufacturer and weak coding techniques that are easy to exploit by criminals. ZTE phones sold in the US exposed backdoor code infiltration in hardcoded password/keys.6 iOS approved a third-party Stock app that could exploit user data leakage.7 Another flaw in a Citibank app created unsafe sensitive data storage/transmission onto the device.
Threat #5 — Unsecured Wi-Fi, Network Access, Rogue Access Points:
Unsecured Wi-Fi has been available for years. However, as more users are mobile and data plans become more limited, users will increasingly use Wi-Fi in public locations. The number of locations that provide Wi-Fi in particular, free Wi-Fi has exploded over the last few years. This has increased the attack surface for users who connect to these networks. In the last year, there has been a proliferation of attacks on hotel networks, a skyrocketing number of open rogue access points installed, and the reporting of eavesdropping cases.
This threat level is high. Increased access to public Wi-Fi, along with increased use of mobile devices, creates a heightened opportunity for abuse of this connection. Firefox’s Firesheep extension is a perfect example of how one can gain access to data through public unsecured Wi-Fi.
Threat Example:
Faceniff:
Faceniff is the Android version of the Firesheep Firefox extension that uses packet sniffing technology to intercept unencrypted cookies, thereby compromising a user’s login credentials.
Hotel & Airport Hacking
Unsecured wireless networks at hotels have proven to be ideal places for hackers to commit a wide variety of crimes. Fake Wi-Fi access points are designed to look like real hotel Wi-Fi networks. These malicious networks may contain the hotel’s name or other deceptive descriptions.
Threat #6 — Unsecured or Rogue Marketplaces:
Android devices, in particular, offer many options for application downloads and installations. Unlike iOS devices, which need to be jail broken, Android users can easily opt to download and install apps from third-party marketplaces other than Google’s official “Play Store” marketplace. To date, the majority of malicious code distributed for Android has been distributed through third-party app stores, predominantly in Asia. Most of the malware distributed through third-party stores has been designed to steal data from the host device. This threat level is high: Android malware in particular is being distributed through these marketplaces more and more frequently.
Threat Example:
Disguised as a popular app and unseen on the home screen, Tigerbot is downloaded involuntarily to devices from third-party marketplaces. TigerBot is a bot designed to gather confidential data from a mobile device and uses SMS to control the installed bot. This has been discovered on several marketplaces in Asia. In the image to the left, the TigerBot malware hides from the user by masking itself as a popular icon, such as Google’s search app, and a generic application name (ie. “System”).
Figure 3. Tiger Bot.
Threat #7 — Insufficient Access to APIs, Management Tools, and Multi-Personas:
Granting users and developers access to a device’s low-level functions is a double-edged sword, as attackers, in theory, could also gain access to those functions. However, a lack of access to system-level functions to trusted developers could lead to insufficient security. Additionally, with most smartphone and tablet operating systems today, there is little, if any, guest access or user status. Thus, all usage is in the context of the admin, thereby providing excessive access in many instances.
This is a mid-level threat. Actual reported instances are not as frequent as several other threats in the Evil 8.
Threat Example:
Lack of Access to APIs/OS Architecture:
An anti-virus vendor may not have the ability to read programs in memory for real-time protection, leading to malicious code being run. Additionally, operating systems may limit access to core OS architecture, entirely leaving anti-virus vendors out of the equation, as is the case with Apples iOS.
User Error:
Additionally, a user may simply leave the phone unlocked, which allows someone with access to read and modify all information on the phone, including configuration settings.
Threat #8 — NFC and Proximity-Based Hacking:
Near-field communication (NFC) allows mobile devices to communicate with other devices through short-range wireless technology. NFC technology has been used in payment transactions, social media, coupon delivery, and contact information sharing. Due to the information value being transmitted, this is likely to be a target of attackers in the future.
The threat level is low, as the threat is still in the proof-of-concept phase.
Threat Example:
A drive-by payment occurs when, based on the user’s physical location or proximity, an attacker can receive currency from the user’s smartphone (AKA digital wallet). Exposing Google Wallet’s unencrypted user data and hacking into the Nexus S NFC shows early vulnerabilities in this new technology
2. Literary Survey
2.1. Mobile Computing Systems Security:
Mobile computing, that is the ability of having computing and communication abilities on the move, depends on the existence of a suitable distributed systems infrastructure. So, security considerations of mobile computing can be seen as extensions to those of distributed computing. We will, therefore, examine the security issues in mobile computing on the basis of known security issues of information systems.
As with PCs, there are a variety of security threats that can affect mobile devices. We split mobile threats into several categories: application-based threats, web-based threats, network-based threats and physical threats.
A. Application-based threats:
Downloadable applications present many security issues on mobile devices, including both software specifically designed to be malicious as well as software that can be exploited for malicious purposes. Application based threats generally fit into one or more of the following
categories:
1) Malware is software that is designed to engage in malicious behavior on a device. For example, malware can commonly perform actions without a user’s knowledge, such as making charges to the user’s phone bill, sending unsolicited messages to the user’s contact list, or remotely giving an attacker control over a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud.
2) Spyware is designed to collect or use data without a user’s knowledge or approval. Data commonly targeted by spyware includes phone call history, text messages, location, browser history, contact list, email, and camera pictures. Spyware generally fits into two categories:
Targeted, that is, designed for surveillance over a particular person or organization, or Untargeted, that is, designed to gather data about a large group of people. Depending on how it is used, targeted spyware may or may not be considered malicious, such as in the case of a parent using a text messaging or location monitoring application on a child’s phone.
3) Malware and Spyware (comparison): Malware and spyware are currently focused on targeting Android devices, though there are notable pieces of commercial spyware targeting iOS (Apple Mobile Operating System) devices as well. In 2010, spyware (targeted and untargeted) was far more prevalent than malware across the Android user base, but the trend has shifted, as malware has made significant gains against spyware. Of the threats Lookout detected in the wild during June 2011, 48% were malware vs. 52% spyware as shown in Figure 3. People, do not knowingly
download malware or spyware to their devices, and so attackers must use techniques to mislead users into downloading malicious apps unknowingly. Once an attacker convinces someone to download a malicious app, then the technical hacking can begin.
Figure 3. Malware and Spyware threats
4) Vulnerable Applications contain software vulnerabilities that can be exploited for malicious purposes. Such vulnerabilities can often allow an attacker to access sensitive information, perform undesirable actions, stop a service from functioning correctly, automatically download
additional apps, or otherwise engage in undesirable behavior. Vulnerable applications are typically fixed by an update from the developer [6].
5) Privacy Threats may be caused by applications that are not necessarily malicious, but gather or use more sensitive information, for example, location, contact lists, personal information, than is necessary to perform their function or than a user is comfortable with [7].
6) Repackaging is a very common tactic, in which a malware writer takes a legitimate application, modifies it to include malicious code, then republishes it to the app market
or download site as shown in the Figure 4. In all, among the 1260 malware samples, 1083 of them (or 86.0%) are repackaged [8].
Figure 4. Process of third party app stores
There are various repackaging detection algorithms available. All these algorithms help to identify a repackaged application on a third party app market [9]. One such algorithm is the DroidMOSS algorithm, worked upon by Wu Zhou, Yajin Zhou, Xuxian Jiang and Peng Ning in their research paper titled Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces[10], that we have explained below in detail. Figure 5 shows an overview of DroidMOSS. DroidMOSS has three key steps: Feature Extraction, Finger Print Generation and Similarity scoring.
a) Feature Extraction: This is the first step where the two main features of each app, that is, instructions contained in the app and its author information, are extracted. These two features are used to uniquely identify each app. Each Android app is essentially a compressed archive file which contains the classes.dex file and a META-INF subdirectory. The classes.dex file contains the actual Dalvik bytecode for execution while the META-INF subdirectory contains the author information. Dalvik disassemblers are used to extract Dalvik bytecode from classes.dex. The code contains opcodes and operands. Further abstraction is made by removing the operands and retaining only the opcode with the believe that it might be easy for repackagers to modify or rename the operands, but much harder to change the actual instructions. [10] For the author information, the META-INF subdirectory contains the full developer certificate, from which the developer name, contact and organization information, as well as the public key fingerprints are obtained. Each developer certificate is mapped into one unique 32-bit identifier (authorID) which is integrated into signature for comparison.[10]
Figure 5. An Overview of DroidMOSS
b) Fingerprint Generation: The second step is to generate a fingerprint for each app, using a specialized hashing technique called fuzzy hashing [10][11]. Instead of directly processing or comparing the entire (long) instruction sequences, it first condenses each sequence into one much shorter fingerprint. The similarity between two apps is then calculated based on the shorter fingerprints, not the original sequences. The instruction sequence is first divided into smaller pieces. Each piece is considered as an independent unit to contribute to the final fingerprint. However, the challenge lies on the determination of the boundary of each piece. In DroidMOSS, a sliding window is used, that starts from the very beginning of the instruction sequence and moves forward until its rolling hashing value equals a pre-selected reset point, which determines the boundary of the current piece. Specifically, if a reset point is reached, a new piece should be started. The concrete process is presented in Algorithm 1. and visually summarized in Figure 6.
Algorithm 1: Generate the app fingerprint[10]
Input: Instruction sequence iseq of the app
Output: Fingerprint fp
Description: wsize – sliding window size, rp – reset point value,
sw – content in sliding window, ph – the piece hash
1: set_wsize(wsize)
2: set_resetpoint(rp)
3: init_sliding_window(sw)
4: init_piece_hash(ph)
5: for all byte d from iseq do
6: update_sliding_window(sw, d)
7: rh rolling_hash(sw)
8: update_piece_hash(ph, d)
9: if rh = rp then
10: fp concatenate(fp, ph)
11: init_piece_hash(ph)
12: end if
13: end for
14: return fp
Figure 6. Fuzzy Hashing for Fingerprint Generation
B. Web-based Threats:
Because mobile devices are often constantly connected to the Internet and used to access web-based services, web based threats that have historically been a problem for Personal Computers also pose issues for mobile devices.
Some examples are as follows:
1) Phishing Scams use web pages or other user Interfaces designed to trick a user into providing information such as account login information to a malicious party posing as a legitimate service. Attackers often use email, text messages, or social media like Facebook, and Twitter to send links to phishing sites.
2) Drive-By Downloads automatically begins downloading an application when the user visits a web page. In some cases, the user must take some action to open the downloaded application, while in other cases the downloaded application can start automatically.
3) Browser exploits: are designed to take advantage of the vulnerabilities in a web browser or software that can be launched via a web browser such as a Flash player, PDF reader, or image viewer. Simply by visiting a web page, an
unsuspecting user can trigger a browser exploit that can install malware or perform other nefarious actions on a device.
4) Direct exploitation: is a significant threat to mobile browsers, as there are a number of large code bases on mobile devices that malicious web pages can target, including the browser itself. Additionally, image viewers, Flash players, PDF readers, and so on. WebKit, the popular rendering engine, is a systematic risk because it is used by the default browsers on Android, Blackberry, and iOS, creating a homogenous ecosystem where a single vulnerability can potentially affect a humungous number of mobile devices. Browser exploits are also very difficult to fix because mobile browsers and their associated libraries are often revised with firmware, which can be extremely slow to update. Last year, iOS has seen multiple web-based exploits that allow an attacker to run code as “root” if a user simply visits a web page. These exploits first take advantage of a browser vulnerability to run code as the browser process, and then take advantage of a local privilege escalation vulnerability to run code as “root user”. [6]
C. Network Threats: Mobile devices are typically supported by cellular networks, and in turn, can support local wireless networks. The following are a variety of threats that can affect these networks:
1) Network exploits take advantage of software flaws in the mobile operating system or other software that operates on local (e.g., Bluetooth, Wi-Fi) or cellular (e.g., SMS, MMS) networks. Network exploits often do not require any user intervention, making them especially dangerous when used to automatically propagate malware.
2) Wi-Fi Sniffing is a technique where nearby attackers can get access to data transmitted to or received from a mobile device. Barriers to Wi-Fi sniffing continue to drop as easy-to-use tools emerge. While these tools facilitate targeted rather than broad-based attacks, the increased use of free Wi-Fi networks in airports, cafes, and other public
places has increased the likelihood of interception of Wi-Fi traffic, including account and personal information [12].
D. Physical Threats:
Since mobile devices are portable and designed for use throughout our daily lives, their physical security is an important consideration. Lost or Stolen Devices are one of the most prevalent mobile threats. The mobile device is valuable not only because the hardware itself can be illegally re-sold, but also, more importantly because of the sensitive personal and organization information that the mobile device may contain [12] [13].
3. Case Study
2.2. Proposed System:
2.2.1. Detecting Replicas in Mobile Computing Environments:
The witness finding strategy exploits the fact that one mobile computing device cannot appear at different locations, but, unfortunately, the mobile computing devise in mobile networks have the possibility of appearing at different locations at different times, so the above schemes cannot be directly applied to mobile networks. Slight modification of these schemes can be helpful for applicability to mobile computing. For instance, the witness finding strategy can adapt to mobile environments if a timestamp is associated with each location claim. In addition, setting a fixed time window in advance and performing the witness finding strategy for every units of time can also keep witness finding feasible in mobile. Nevertheless, accurate time synchronization among all the nodes in the network is necessary. Moreover, when witness finding is applied to mobile networks, routing the message to the witnesses incurs even higher communication cost. After identifying the replicas, a message used to revoke the replicas, possibly issued by the base station or the witness that detects the replicas, is usually flooded throughout the network. Nevertheless, network-wide broadcast is highly energy-consuming and, therefore, should be avoided in the protocol design. Time synchronization is needed by almost all detection algorithms [4], [10], [18], [22]. Nevertheless, it is still a challenging task to synchronize the time of nodes in the network, even though loose time synchronization is sufficient for the detection purpose. Hence, as we know that time synchronization algorithms currently need to be performed periodically to synchronize the time of each node in the network, thereby incurring tremendous over head, it would be desirable to remove this requirement. Witness finding could be categorized as a strategy of cooperative detection; sensor nodes collaborate in certain ways to determine which ones are the replicas. In this regard, the effectiveness of witness finding could be reduced when a large number of sensor nodes have been compromised, because the compromised nodes can block the message issued by the nodes near the replicas. Hence, the witness nodes cannot discover the existence of replicas. To cope with this issue, localized algorithms could enhance the resilience against node compromise. In spite of the effectiveness in detecting replicas, all of the schemes adopting witness finding have the common drawback that the detection period cannot be determined. In other words, the replica detection algorithm can be triggered to identify the replicas only after the network anomaly has been noticed by the network planner. Therefore, a detection algorithm that can always automatically detect the replica is desirable. Since the existing algorithms are built upon several other requirements, we have found that the common weakness of the existing protocols in detecting node replication attacks is that a large amount of communication cost is still unavoidable. To detect the node replicas in mobile sensor networks, two localized algorithms, eXtremlly Efficient Detection (XED) and Extended Distributed Detection (EDD), are proposed. The techniques developed in our solutions, challenge-and-response and encounter-number, are fundamentally different from the others. Our algorithms possess the following advantages.
2.2.3. Localized Detection:
XED and EDD can resist replication attacks in a localized fashion. Note that, compared to the distributed algorithm, which only requires that nodes perform the task without the intervention of the base station, the localized algorithm is a particular type of distributed algorithm. Each node in the localized algorithm can communicate with only its one-hop neighbors. This characteristic is helpful in reducing the communication overhead significantly and enhancing the resilience against node compromise. Efficiency and Effectiveness: The XED and EDD algorithms can identify replicas with high detection accuracy. Notably, the storage, communication, and computation overheads of EDD are all only. Network-Wide Revocation Avoidance: The revocation of the replicas can be performed by each node without flooding the entire network with the revocation messages.
Our proposed algorithms, eXtremely Efficient Detection (XED) and Efficient Distributed Detection (EDD), Although the storage overhead of XED is higher than that of EDD, we still use the name, XED, to comply with the name used in the preliminary version of this paper [25]. for replica detection in mobile networks will be described. A. XED The idea behind XED is motivated by the observation that, if a sensor node meets another sensor node at an earlier time and sends a random number to at that time, then, when and meet again, can ascertain whether this is the node met before by requesting the random number. Note that, in XED, we assume that the replicas cannot collude with each other but this assumption will be removed in our next solution. In addition, all of the exchanged messages should be signed unless specifically noted. Specifically, the XED scheme is composed of two steps: an offline step and an online step. The former is executed before sensor deployment while the latter is executed by each node after deployment.
2.2.4. Working Concept:
The basic Idea behind these two algorithms to detect the replica of the device while two mobile computing devices are communicating with each other.
For example if there are more than two mobile devices in the mobile computing environments (User1, User2, User3, etc..) And here the User1 starts the communication with User3. First User1 Broadcast its message with the specific Id in the Mobile computing environment. At the same time all the users are receiving this broadcast message from User1. And User3 gives Acknowledges to this broadcast message & validate it.
But during this whole operation if other than User3 tries to acknowledge this message this means that User3 is get replicated by the unknown user & it is to considered as the unknown user is attacking the User1 & starts communicating with the User1.
4. Recent Trends
With the development of IT convergence technologies to improve quality of life, users can now more easily access useful information. A convergence system represents an environment that is able to provide personal services by configuring various devices and sensors based on both wire and wireless networks. Further, diverse and far-reaching information is being produced fast and distributed instantly in digitized format. Studies on mobile computing are continuously presenting more efficient ways of delivering information to more users. Mobile computing is a technology that provides a service automatically based on perceived situational information in personal and ubiquitous environments. Ubiquitous computing is characterized by users who are focused on a virtual space established by computers and networks. However, mobile computing groups of computers work through various sensors that exist in the real world. Users are able to receive various personal services using many different types of mobile computing resources within an internal/external space, without limitations in time or space. Previously, users had to convey their intentions using standard input devices and obtain the results on an output device. On the contrary, in a distributed and mobile computing environment, life log, sensors, big data, and computing resources are ubiquitous in a user’s everyday life. To provide personal services according to various lifestyles, these computing resources should be aware of a user’s intentions and the surrounding environment, as well as provide optimal.
Here Top Ten Trends are mentioned in Mobile Computing as below.
4.1.1. Long Term Evolution (LTE):
The so-called fourth generation of mobile computing (4G) is expected to be rolled out across North America over the next three years, making it possible for corporate users to run business applications on their devices simultaneously with Voice over IP (VoIP) capabilities.
4.1.2. Wi-Max:
As LTE and Wi-Max networks are deployed in the U.S. through 2012, expect to see more netbooks and laptops equipped with built-in radio frequency identification (RFID) and wireless support.
4.1.3. 3G & 4G interoperability:
Sprint has developed a dual mode card which will enable mobile device users to work on both 3G and 4G networks. Other carriers are expected to follow suit.
4.1.4. Smartphone applications:
Third-party software vendors will increasingly make enterprise applications available for smartphones, including inventory management, electronic medical records management, warehousing, distribution and even architectural and building inspection data for the construction industry.
4.1.5. GPS:
Global Positioning Systems will increasingly be used to identify end users by their whereabouts and also to analyze route optimization for delivery workers and service technicians.
4.1.6. Security:
As new and different types of mobile devices are introduced, corporate IT departments will find it increasingly challenging to identify and authenticate individual end users. As such, expect to see a combination of improvements in both Virtual Private Network (VPN) software and hardware-based VPNs to support multiple device types.
4.1.7. Anti-virus:
As more third-party business applications are made available on smartphones and other mobile devices, CIOs will also have to be cognizant about the potential for viruses and worms.
4.1.8. Push-button applications:
Let’s say a waste disposal truck arrives at an industrial site and is unable to empty a dumpster because a vehicle is blocking its path. Smartphones will increasingly have applications built into them that would make it possible for the disposal truck driver to photograph the impeding object and route the picture to a dispatcher to document and time-stamp the obstruction.
4.1.9. Supplemental Broadband:
As carriers implement LTE and Wi-Max networks, companies such as Sprint and Verizon are looking at potentially extending wireless broadband capabilities to small businesses which don’t have fiber optic or copper connections on the ground. Under this scenario, a small packaging company in New Jersey could potentially be able to receive T-1 level broadband capabilities in regions of the U.S. where it has offices but doesn’t have wire line broadband connections.
4.1.10. Solid State Drives:
Corporate customers should expect to see continued improvements in the controllers and firmware built into SSDs in order to improve the longevity of the write cycles in notebooks.
4.2 Merits:
Mobile computing has changed the complete landscape of human being life. Following are the clear advantages of Mobile Computing:
4.2.1. Location flexibility:
This has enabled user to work from anywhere as long as there is a connection established. A user can work without being in a fixed position. Their mobility ensures that they are able to carry out numerous tasks at the same time perform their stated jobs
.
4.2.2 Saves Time:
The time consumed or wasted by travelling from different locations or to the office and back, have been slashed. One can now access all the important documents and files over a secure channel or portal and work as if they were on their computer. It has enhanced telecommuting in many companies. This also reduces unnecessary expenses that might be incurred.
4.2.3 Enhanced Productivity:
Productive nature has been boosted by the fact that a worker can simply work efficiently and effectively from which ever location they see comfortable and suitable. Users are able to work with comfortable environments.
4.2.4 Ease of research:
Research has been made easier, since users will go to the field and search for facts and feed them back to the system. It has also made it easier for field officer and researchers to collect and feed data from wherever they without making unnecessary trip to and from the office to the field.
4.3 Demerits:
As mobile computing opens the door for the doing the various task while on the move. It also has some disadvantages.
4.3.1 Data Leakage:
As the mobility allows to access our private data from the anywhere, it may get theft by hackers or attackers.
4.3.2. Quality of Connectivity:
As one of the disadvantages, mobile devices will need either WiFi connectivity or mobile network connectivity such as GPRS, 3G and in some countries even 4G connectivity that is why this is a disadvantage because if you are not near any of these connections your access to the internet is very limited.
4.3.3. Security Concerns:
Mobile VPNs are unsafe to connect to, and also syncing devices might also lead to security concerns. accessing a WiFi network can also be risky because WPA and WEP security can be bypassed easily.
4.3.4. Power Consumption:
Due to the use of batteries in these devices, these do not tend to last long, if in a situation where there is no source of power for charging then that will certainly be a let down.