Challenges in Mobile Security
Challenges in Mobile Security
Challenges in Mobile Security
PANG Jian Hao Jeffrey, CHUA Chee Leong, CHAN Guan Huat, LIM Seh Leng
ABSTRACT
In recent years, mobile devices have been used increasingly in organisations to improve productivity with the Ministry of
Defence looking to leverage this trend to enhance its operational efficiency. However, the use of mobile devices also opens
up new areas of vulnerability for potential adversaries to target.
This article shares the security challenges that arise from the use of mobile technology and how DSTA is adopting a systematic
approach in overcoming and securing the mobile cyber space. The article further discusses some design considerations for
mobile solutions and shares emerging technologies in mobile malware analysis and detection.
In an application-based threat, malware is one of the key tools To empower mobile users with the capability to process
used by attackers to perform malicious activities on a mobile classified information on the move, DSTA designed and
device. The harm caused by malware and malicious activities developed a two factor authentication2 (2FA) solution for
can be reduced through early detection. The classic defence mobile devices using smartcard technology. The solution
method against malware is the use of anti-virus. However, consists of four components – the smartcard reader hardware,
malicious software writers have become more sophisticated, driver, smartcard middleware and client application. The client
often using mechanisms to change or obfuscate their codes applicaton requires the smartcard middleware and the driver to
to foil detection by classic security defences. As such, a new communicate with the smartcard and the reader respectively.
approach of employing a combination of static and dynamic To log in, the 2FA solution requires the user to present a
analysis, as well as machine learning techniques is proposed tangible asset that only he or she has, such as a smartcard, as
to achieve comprehensive results. well as enter a piece of information that only he or she knows,
such as a PIN.
Another detection methodology is to monitor and pick up
anomalous system activities and behaviours. Once an anomaly One of the challenges is in sourcing for a smartcard reader
is detected, alerts are triggered to the user and backend and interface that can work with mobile devices. Smartcard
reporting system. These alerts may provide information on the readers used for desktops are not suitable for mobile devices
malicious activities and can be correlated with other security due to interface or driver incompatibility. Furthermore, the
data to provide cyber defence engineers with useful information software driver and middleware need to be customised in order
to detect and respond to threats quickly. to work with certain hardware and mobile OS. Moreover, as
peripheral interfaces for mobile devices are changed every few
Response years, the smartcard solution may have to be modified or even
redeveloped often.
Incident response is an important element in any security
framework. When an incident occurs, the incident response DSTA overcame this issue by adopting a systems engineering
team will need to step in to contain it and conduct technical approach in which each component of the mobile smartcard
investigation. The prevention or mitigation method is then solution was designed to be modular and developed on an
reviewed to prevent similar incidents from occurring. open standard smartcard application interface, making the
solution flexible in adapting to changes in the mobile world.
In an application-based attack, the application used is analysed With this modular design, subsequent development of the
to understand its behaviour and other critical information mobile smartcard solution requires less development work.
required to assess its impact and derive appropriate Throughout the years, many peripheral interface options for
countermeasures. smartcard readers were explored, developed and delivered
for use in MINDEF. These include Secure Digital Input Output,
Education Compact Flash, Bluetooth and USB interfaces (see Figure 3).
Although many users may be aware that mobile devices are Hardware Limitations
actively targeted by malware, most still do not believe that they
will fall victim to these attacks. Thus, it is important to educate While the processor speed of mobile devices has gone up
users on the safe practices for mobile device usage and keep significantly over the last few years, the devices themselves are
them updated on new forms of attacks. still limited in terms of memory size, network connection and
physical interfaces. These can be limiting factors in solution
DESIGN CONSIDERATIONS OF design. For example, the mobile security solution needs to
be optimised for power efficiency as mobile devices tend to
MOBILE SOLUTION have shorter battery life. Network data transfer also has to be
minimised as data transfer over mobile network can incur high
DSTA’s design and development of mobile solutions gave rise
costs to users.
to some challenges and provided many learning points for the
organisation.
Dynamic Analysis machine learning algorithms are able to correlate patterns and
trends to make predictions or classify observations. Machine
Dynamic analysis is the analysis of an application that learning-based malware detection allows organisations to
is performed by executing a program on a real or virtual classify an application as being either malicious or benign.
environment to observe its behaviours at runtime. These
behaviours include system calls at runtime, file accesses Static or dynamic analysis can be used to collect the data
and network information which are difficult to analyse solely required for machine learning. The former was used in the
with static analysis. A commonly used approach is the Drebin project which outperformed nine out of ten selected
sandbox concept whereby an inspected application is being anti-virus software with a detection rate of more than 93% (Arp,
executed in an emulator or virtual environment for behaviour Spreitzenbarth, Hübner, Gascon, & Rieck, 2014). The results
monitoring. For example, the DroidScope project provided show that these emerging techniques can be useful tools for
an open source implementation of a customised Android OS. protection against application-based threats.
This implementation is capable of collecting an application’s
behavioural information at different layers of the platform (Lok Proposed Integrated Malware Detection
& Heng, 2012). System
The information collected from these application sandboxes DSTA is continously experimenting and exploring solutions to
allows one to understand the behavioural characteristics of an enhance cybersecurity. One such solution is the adoption of an
application and provides insights that may be useful to combat integrated system approach in malware detection (see Figure
new and unknown malware. 4). This integrated system aims to combine and assess the
results from several backend detection engines that leverage
Machine Learning different detection techniques to derive a final assessment of
targeted applications. As no single technique is completely
Machine learning is a popular technique used in financial and robust and foolproof, a combination of the mobile malware
marketing industries to predict trends and user behaviour detection approaches can be integrated to complement
patterns. By analysing a large amount of real world data, signature-based detection.
REFERENCES
Amit, Y. (2015, April 22). “No iOS zone” – a new vulnerability
allows DoS attacks on iOS devices. Retrieved from https://
www.skycure.com/blog/ios-shield-allows-dos-attacks-on-ios-
devices/
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., & Rieck, K.
(2014). Drebin: effective and explainable detection of Android
malware in your pocket. Network and Distributed System
Security Symposium, San Diego, California. Retrieved from
http://www.internetsociety.org/sites/default/files/11_3_1.pdf
Grace, M., Zhou, Y., Zhang, Q., Zou, S., & Jiang, X. (2012).
RiskRanker: scalable and accurate zero-day Android malware
detection. International Conference on Mobile Systems,
Applications, and Services, Lake District, United Kingdom,
281-294. doi: 10.1145/2307636.2307663
BIOGRAPHY
PANG Jian Hao Jeffrey is an Engineer
(Cybersecurity) who is currently involved in
the development of cybersecurity solutions
on mobile devices for DSTA, the Ministry
of Defence (MINDEF) and the Singapore
Armed Forces (SAF). Jeffrey graduated
with a Bachelor of Engineering (Computer
Science) degree with Honours from Nanyang
Technological University (NTU) in 2012.