CRITICAL REVIEW: SECURITY ISSUES IN MOBILE

NETWORKS

Leung, A., Sheng, Y., Cruickshank, H. (2007) The security challenges for mobile ubiquitous

services. Information Security Technical Report 12(3) pp 162-171

Zdarsky, F., Robitzsch, S., Banchs, A. (2010) Security analysis of wireless mesh backhauls for mobile

networks. Journal of network and computer applications. pp 1-11

INTRODUCTION

Security issues in mobile networks is bleeding and have rampaged every sector of life,

starting from homes extending into businesses, internets, banks and even into the mobile

network world. It is discovered that as technology advances so also theft and hacking increases

geometrically. There are so many cases of data loss, stolen credit cards, bank frauds, spam

messages, hacking, and virus attacks due to porous security platforms developed. These

challenges occur at the user's ends, on the core networks and at the providers end. It is

observed that enterprise users now use mobile devices to execute functions which are

previously performed from their desktops making the network to be more complex. In order to

effectively protect business and non business assets, measures has to be implemented and

adopted considering the fact that it must not affect quality and efficient delivery of services to

users on the network. Therefore the above has generated an urgent need to focus on providing

more comprehensive security solutions especially in mobile networks because they are more

vulnerable to attacks and threats. This paper comparatively reviews threat analysis and

identifies the appropriate security measures and requirements and subsequently devised good

security solutions.

BODY

The methodology used in these two papers is different but they had the same result.

Zdarsky, F., Robitzsch, S., Banchs, A. (2010) evaluated the analysis for security threats which has

greatly helped to identify potential risks and attacks on mobile network. He further examined

the highest ranking of security threats, analyzing where there could be major threats on the

network. He made his analysis by comparing the impact of a threat placing it side by side with

the likelihood of the threat so as to know the level of the risk under wireless mesh and

management links especially when there is physical attack or when faults are exploited during

threat implementation of the network. On the other hand Leung, A., Sheng, Y., Cruickshank, H.

(2007) examined threat analysis using a different approach and method by using a pictorial

diagram of a man called Jose who was moving from one end to another and still doing all of his

activities in a wireless environment e.g. from watching TV to using mobile phone, and

contacting service provider, taking a train using his laptop getting to the café and so on.

Emphasizing that as Mr. Jose moves from one node to the other which makes him open to

threat which could be from the user, provider or the network. From the stated analysis these

two authors identifies the various security threat on the networks as threat to user, threat to

providers, and as threat to data transport, threat to network mesh and management control.

These various threats are critically looked into and narrowed down as spoofing, framing,

malware, active and passive threats.

Based on the threat analysis discussed above the two papers agree on the basic

requirements for proficient security solution e.g. they mentioned providing confidentiality,

integrity, authenticity, non repudiation, availability, and privacy. Confidentiality is the assurance

that information or data is confined only to the authorized users on the network. Integrity is the

case when data is complete and sufficiently perfect and accurate for its purpose. While

authenticity establishes that information is genuine and has not been tampered with or forged,

a typical example when violated is masquerading. Authentication process is in the three forms

namely identification, verification and authentication which are the resources of a network. The

non repudiation basically gives protection against false involvement in an action.

Availability is also stressed as making that accessible when ever they are needed. The use of

network access control must be deployed to make sure the unauthorized users are not allowed

to access the network while the authorized users are granted the access.

Furthermore, Leung, A. et. al. (2007) examined security threats from three dimensions

e.g. user, network and service provider. He highlighted the various ways by which a user can be

subjected to security threats e.g. spoofing, information disclosure, profiling, framing, malware,

information overloading, configuration complexity, security parameters. He mentioned a key

point of how a network could be opened to security threats e.g. passive and active threats.

Passive threat is a threat where a party that is unauthorized gains access to data and he does

not change its content i.e. eavesdropping and traffic analysis while active threat is when

attackers make changes to data, messages modifications, denial of services. However the

approach of Zdarsky, F. et. al. (2010) identifies security threat in three ways, under

management and control, data transport, network entities. He emphasized passive and active

traffic analysis; he said security threat can emerge as a result of faulty softwares thereby

creating avenues for network attackers. He also mentioned that the attackers could have

classical software having sophisticated conglomerate.

In order to provide lasting security solutions to the aforementioned security threats

Leung, A. et. al. (2007) emphasized on two main clues which are by developing trusted

computing and integration of IPSec with AAA (Authentication, Authority and Account) and

hierarchical mobile IPv6 on the mobile network. Trusted computing is achieved by

incorporating a trusted hardware functionality that would provide a trusted platform module.

IPSec is fundamentally secures information traffics on the core network while AAA is used to

authenticate mobile signal nodes. IPSec is a layer protocol that ensures via sending and

receiving of cryptographically data packets with modifications. In the other paper "Zdarsky, F.

et. al. (2010)" he stressed the need to avoid a state without authorization, control signaling,

and also to avoid single points of failure.

CONCLUSION

The two papers have clearly and fully established security threats and were able to

streamline it down to mobile networks using different methodology emphasizing that they are

more vulnerable to security attacks on the ad hoc network. They both highlighted the various

security challenges and issues under mobile network in a diverse form and subsequently

provided possible solutions to avert mobile networks breakdown as a result of security threats

and attacks. Most importantly Leung, A. et. al. (2007) was able to deliver a descriptive

methodology. He gave a strong and deep technical analysis of security threat and he provided

concrete technical solutions which could give a long lasting solution to security attacks and also

left some open issues on security threats while Zdarsky, F. et. al. (2010) was just writing on the

surface although he dwelled too much in analyzing security threats but he did not provide a

silver bullet answer to security solutions which is a key under this topic. However the two

papers are recommendable, personally I will look at Leung, A. et. al. (2007) as an experienced

expatriate in security issues especially in mobile networks while Zdarsky, F. et. al. (2010) could

be a senior apprentice in mobile network security matters judging by the content of their

respective papers.