You are on page 1of 33







A technology that allows transmission of data via a computer, without having to
be connected to a fixed physical link is called mobile computing. The advent of wireless
networks has greatly increased the possibilities for mobile computing offered to the
general public. Miniaturization has aided this trend towards increased user mobility with
the development of notebook computers and Personal Digital Assistants (PDAs) which
are truly portable. Currently, the most popular form of wireless communication is the
cellular phone. The future for wireless networks promises greatly enhanced utility of
mobile computers by expanding the areas covered by these networks and branching into
digital communications. For example, users will be able to access electronic mail and
data remotely.
Wireless networks pose some unique security concerns in
comparison to their wired counterparts. Foremost among these is that the transmission
medium, in this case electro-magnetic radiation (EMR), cannot be secured against
unauthorized access. There is also a problem in verifying the identities of the parties
involved in a conversation. Also, cellular phones can be modified so that calls made
illegally from one telephone are credited to a different legitimate cellular phone
subscriber. Before wireless networks can achieve broad acceptance, these problems of
fraud and security from eavesdroppers need to be resolved. The solution lies in the
implementation of security protocols over wireless networks.
Many security protocols exist for both wired and wireless
networks. In deciding on a protocol, attention must be paid to the unique characteristics
of the wireless medium. In particular, the wireless link is likely to be limited by
bandwidth, so any applications or protocols used over the link should be chosen to
minimize both the size and number of messages transmitted. Some other items that must
be considered when choosing a protocol include the high error rates on a wireless link
(compared to a wired link) and the problems introduced by mobility.
As wireless communications and mobilemultimedia
services are booming nowadays, systematic research of the overall aspects of mobile
security is crucial. This paper presents a framework model for guiding the systematic
investigation of mobile security. Based on the introduction of some background
viewpoints of security targets from a novel perspective, the framework is described as a
hierarchical model in which mobile security research is partitioned into three different
layers, including Property Theory, Limited Targets, and Classified Applications. Key
research topics in each layer are discussed respectively in detail. In the Property Theory
layer, some basic topics related to security are provided. Then, security issues in
networks, computing, and multimedia processing are fused together in the Limited
Targets layer upon the limitation operator of mobile technology.
A goal of mobile computing research is to make any changes
that might occur in location or type of network connection transparent to the user (or at
least to the mobile applications), thus allowing the mobile users to work in the same
manner and with the same productivity no matter where they are, how they are
connected, or which platform they are currently using. But present support for adaptation
is limited. Part of the difficulty of adaptation in the mobile environment is the
requirement not just to deliver data and services over challenging network conditions, but
to deliver them in formats suitable for the devices that need them.


The term "Mobile computing" is used to describe the use of computing devices--
which usually interact in some fashion with a central information system--while away
from the normal, fixed workplace. Mobile computing technology enables the mobile
worker to: (a) create; (b) access; (c) process; (d) store; and (e) communicate information
without being constrained to a single location. By extending the reach of an
organization's fixed information system, mobile computing enables interaction with
organizational personnel that were previously disconnected.

First Generation Mobile Networks
• AMPS (Advanced Mobile Phone Service) in Asia and North America
• NMT (Nordic Mobile Telephone) in Sweden, Norway, Finland
• ETACS (Extended Total Access Communication System) in the UK
• NTT (Nippon Telegraph and Telephone) in Japan
Second Generation Mobile Networks
• D-AMPS (Digital Advanced Mobile Phone Service, also known as IS-54):
Operates at 800MHz. Uses TDMA Standard — Exists mainly in USA
• N-CDMA (Narrow-band Code Division Multiple Access, also Known as IS-
95):Operates at 800MHz
1. Characterized by high capacity and small cell radius
2. Uses Spread spectrum technology
3. Exists mainly in the USA
• GSM (Global System for Mobile Communications): First digital cellular system
developed for compatibility throughout Europe. Operates at 900MHz range. Data
rates vary according to switching type.
3G Wireless Networks
Now that the importance of data over wireless networks is well understood, research
institutions and organizations have progressively started investing in developing high
speed data networks that can enhance the capacity, quality and rates at which data is

currently available. These emerging technologies constitute what is known commonly as

Third Generation Wireless networks, or simply 3G. These systems aim to provide an
enhanced experience to the users in terms of receiving or sending voice, text or binary
data. It includes
• General Packet Radio Service (GPRS)
• High-Speed Circuit Switched Data (HSCSD)
• Enhanced Data for Global Evolution (EDGE)

Table 1: Wireless Connectivity Technologies

Technology Costs Advantages Disadvantages

On-premises wireless • Low fixed • Shrink- • Small data display area

messaging cost for wrapped • Range limited to few hundred feet
simple, applications • Custom applications may require
(e.g., by using shrink- do not additional support
messaging pagers, wrapped require IT
PDAs) application support • Signals can be intercepted, posing
s and security risk
devices • Easy, fast
• Low on for
operating shrink-
cost wrapped

Wireless Local Area • Low to • Medium to • New technology for most IT

Network (WLAN) high capital high data departments; another support burden
cost, rates • More expensive than landline LAN for
depending • User equivalent data rates
on interface • Not supported by most handheld
complexity similar to devices
of network landline • Very short range
and data Local Area
rate Network • Signals can be intercepted, posing
(LAN); little security risk unless appropriate security
• Low to additional measures are used
moderate end-user
operating training is
cost needed
depending • Eliminates
on stability need for
of software wiring in
buildings or

• Can be
with landline
LAN to
devices on a
large campus

2.5G, 3G wireless • No fixed • Cell network • Not widely implemented in U.S.

devices costs supported by • Low data rate except for newest
except for the vendor, technology in test markets
(e.g., 2.5 generation mobile usually the • Coverage usually does not include rural
cell phones) devices Internet areas
(usually service • Small data display area
phones) provider
(ISP) • Poor Wireless Access Protocol (WAP)
• High • Wide area security
operating coverage in
costs (per- metropolitan
minute areas
charges) • Fast

Broadband wireless • Moderate • Network • Currently available in only a few

fixed costs supported by markets
for vendor (ISP) • Requires fixed point receiver for
receivers • High data speeds greater than 384 Kbps
rate may • Coverage does not include rural areas
• Operating compete
costs with T1 • Security concerns are identical to those
depend on speeds of Internet
ISP service
level • Potential
low cost
alternative to
T1 in
Satellite • Low to • Network • Upload data rate equivalent to dial-up
high fixed supported by • Off-the-shelf commercial offerings
costs for the vendor more expensive than cable or DSL with
receivers, (ISP) slower data rates
depending • At present, • High speed, high capacity applications
on the easier and require custom engineering; difficult
application faster to get and expensive to implement
than DSL in
• Low many • Signal can be intercepted, potentially
operating markets, compromising security
cost per especially
data rate rural ones

• Medium to
data rate;
can be much
better than
T3 in

Free Space Optics • Low to • Medium to • In prototype stage

high fixed high data • Coverage is unlikely to include rural
costs for rate; can be areas in the near future
receivers, much better • Reliability can be degraded by several
depending than T3 environmental conditions, reducing
on the • Prices will data rate as distance increases
application be • Requires fixed point receiver;
competitive appropriate only for data replication
• Low with and synchronization
operating broadband
cost per wireless • Signal cannot be intercepted without
data rate detection, providing security no other
• media can match

Connectivity Strategy:

Since wireless data communication technology is usually more expensive than landline
technology for equivalent data volume, it must be justified by a large or quick payback.
For instance, the immediacy provided by some wireless connectivity options could
preserve the value of information that would only degrade as time passes. Another
possibility is that wireless computing would allow a company to offer an increased level
of service, resulting in additional revenue. The value, timeliness, and type of information
being used in a mobile task must be taken into consideration before implementing any
kind of mobile or wireless strategy. Figure 1 illustrates how these decision factors come
into play when selecting a mode of connectivity.

Selection of Connectivity

Figure 1:

The horizontal axis represents the amount of data that the client must have to perform a
task. For some activities, a simple message may suffice, requiring little wireless
bandwidth and device memory. Currently, 2.5G and 3G phones, for example, could be
used in this capacity. For other activities, a high-resolution bitmapped image may be
necessary, which increases both bandwidth and memory requirements. In such cases, a
more complex device, such as a laptop, could be used to transfer data over a traditional
network in order to meet these requirements more effectively.


• Packet-Switched Data–—Packet-switched “describes a network over which relatively
small units of data, called packets, are routed over a network (wireless or wired) based on
the destination address contained within each packet. Information is sent in packets and
bundled with overhead information. This overhead data includes routing and destination
information as well as error correction data to ensure correct transmission in case of poor
signal quality.
1. Dividing a message into packets allows many network users to share the same
data path
2. This type of communication between sender and receiver is known as
connectionless (rather than dedicated) communications. Most traffic over the
wired Internet relies on a packet-switching type protocol
3. Cellular digital packet data (CDPD) a wireless data service, is an example of a
widely used packet-switched technology. This type of packet-switched data
service is the main type of data communications used by public safety agencies
4. Packet-switched based data services allow for the use of special data applications
to assess central databases owned by the agency or remotely maintained by a state
or a federal agency, i.e., National Crime Information Center (NCIC), National
Law Enforcement Telecommunications System (NLETS), Washington Area Law
Enforcement System (WALES), etc.
5. Packet data architecture is normally based on open architecture, which allows for
continuous upgrades and enhancements to keep it current with advancing. The
openness of the architecture allows use of a wide variety of computing devices
and modems

• Circuit-Switched Data–—Circuit-switched “describes a network, such as the standard

cellular network, in which the communication circuit path for the call is set up and
dedicated to the participants in that call. For the duration of the connection, all resources
on that circuit are unavailable to other users
1. Data transferred through this type of circuit passes through a digital cellular
telephone with a built-in modem, or through an analog telephone with an attached
analog-to-digital modem. This type of communication relies on the quality of the
cellular providers’ service.
2. Users can connect to a data service by using a cellular telephone as a modem to
connect to an Internet service provider, or to a business local area network (LAN)
using a dial-up networking type of model
• Cellular and personal communications services (PCS) providers have
lately offered services that enable data-capable digital telephones to send
and receive data from and to a laptop or personal digital assistant (PDA)
• Similar to packet-switched service, users can access information such as
e-mail, Internet data, or query databases
• The cellular telephone user dials in to either an Internet service provider
or a business LAN, depending on the type of connection that is arranged
ahead of time
• A business LAN can consist of a public safety agency‘s own central office
LAN with a server or workstation connected to a dial-up networking
modem or a modem pool, which would answer one or many calls,
depending on the number of modems present
• Users can employ either analog or digital voice channels to access data;
however, digital telephones have built-in modems, thus eliminating the
need for an additional modem. Analog telephones require a modem in
order to encode or decode digital information
3. Because the cellular and PCS providers supply the connectivity and data-capable
telephones, the infrastructure is identical to that of PCS and cellular
• Coverage of a circuit-switched network is identical to the coverage of the
specific service provider‘s network
• Users must employ specific telephones and cables to connect to a laptop
or PDA
• As with voice calls, subscribers share the airwaves and compete for
capacity on the network. Note, however, sometimes the demand at a site
will exceed available capacity, rendering the service useless
Cellular Digital Packet Data (CDPD) is the first public wireless data system ever
developed for the Advanced Mobile Telephone Service (AMPS) system. It is a system for
transmitting packets of data over the existing AMPS system. As its traffic continuous to
grow, potential new costumers require to know the platform’s quality of service. Our task
is to seek answers regarding number of mobile users, with a certain application, that can
share a CDPD channel. To facilitate this, we used a simulation tool called BONeS.

CDPD Network Architecture:

A CDPD network consists of five components:
1. M-ES(Mobile End Station)
2. .MDBS(Mobile Data Base Station)
3. MD-IS(Mobile Data Intermediate systems)
4. IS (Intermediate system)
5. F-ES(Fixed End System)
Calling Procedure:
In a CDPD network, multiple M-ESs (Mobile End Station) share the channel medium
with a single Mobile Data Base Station (MDBS). Direct communication is only possible
between an M-ES and MDBS, but not between two M-ESs in same cell. The medium
consists of a forward channel from MDBS to M-ES and a reverse-channel from M-ES to
MDBS. The forward channel is a connectionless broadcast channel carrying
transmissions from MDBS only.

Information is received and decoded by all M-ES’s on the channel

simultaneously. The reveres channel is shared between all M-ES’s. Access to the channel
and resolution of contention is controlled by each M-ES assisted by reverse-channel
status information returned by the MDBS on the forward channel.
The registration procedure starts when ME-S is switched on. The signal is caught
by a MDBS and forwarded to a MDBS router. Having been directed via the MDBS router
and the main router, it reaches the Serving MD-IS, which registers the M-ES on a channel
stream transceiver (TRX).
The Serving MD-IS then sends a message to the Home MD-IS, telling where the
mobile is located at the moment, i.e., which Serving MD-IS is administrating the base
station that has taken up the signal from the ME-S. The Home MD-IS takes care of the
authentication procedure and registers the ME-S at the Serving MD-IS. If moving, the
ME-S decides itself when to get connected with a new base station. The base station is
the only part in the CDPD system having knowledge about the cell structure. When the
ME-S connects with a new base station, the registration procedure is repeated, except the
authentication part, which is not required. The Serving MD-IS then switches the M-ES to
a new channel stream. If the change of base station also means a new Serving MD-IS, the
Home MD-IS will get a message from the new MD-IS about the change. When changing
to a new a new MD-IS, the authentication must be repeated as well.
Protocols used:
• MDLP(Mobile Data Link Protocol)
• SNDCP(Sub network-Network Dependent Convergence Protocol)
• DSMA/CD (Digital Sense Multiple Access with Collision Detection)

CDPD Advantages: The CDPD protocol is designed to work with the existing
Internet Protocol (IP) based networks. It can also be used as transport for Local Area
Network (LAN) based wireless applications
The advantages that packet transmission has over conventional circuit switching include
the following:
1. Robustness: Carrier loss between packets is typically not a problem.
2. Security: Encryption on small packets is easily handled.
3. Per-packet billing!
4. User Always on-line and connected!
Robustness is shown from the fact that CDPD provides today a complete network
mobility during subscriber roaming without affecting the surrounding traffic. The
combination of wireless data traffic and cellular services within the same frequency band
and channels is obtained with no loss of performance of either.

Maintenance organizations face pressure when budgets are cut and the expectation of
customer service remains high. That's why many organizations are arming their field
maintenance personnel with handhelds! Mobilizing your workforce can significantly
decrease wasted data entry time and wait time for materials, increase operational
efficiency, reduce transcription errors, and make data immediately available for trending
and analysis. Unlike other mobile solutions for MAXIMO® software that are rigid,
expensive, and have limited functionality, DataSplice solutions can be easily tailored to
meet your work processes and are guaranteed to save your organization money.
Data Splice mobile technology provides a flexible platform that is capable of delivering
mobile data access to field personnel for any CMMS application. Every aspect of the
mobile solution can be easily customized: the data and fields displayed to the user, the
relationships and links between the data, and the business rules performed when
information is modified. Most importantly, we understand that the success of any mobile
application lies in its ability to integrate with your existing business and work processes.
Other mobile solutions force users to change the way they work to conform with the way
the software functions. All Data Splice solutions can easily be modified to your
expectations, ensuring user acceptance.

The features of Data Splice mobile technology are as follows:

The Flexibility to Work the Way You Want

• Easily Configured to Precisely Meet Your Work Processes: DataSplice can

quickly and easily be configured to provide the end-user functionality required to
support your best practice maintenance processes. The standard off-the-shelf
DataSplice interface can be modified to access multiple MAXIMO® software
database tables and provide the simplest data entry process possible. One of our
utility customers created a Substation Maintenance Management mobile data
collection solution by creating a DataSplice interface to the database that
combines condition monitoring and location attributes. Substation inspectors now
simply enter the specific Substation and are presented an editable list of all the
measurement points and location attribute values they need to record, reducing
data capture time by 43%.
• Remote Users Only See the Data They Need : The utilization of attributes and
view criteria enable the DataSplice administrator to easily define the specific
subsets of data available for each user, based on your exact work assignments.One
of our utility customer's Transmission and Distribution groups assigns all activity
for each Substation to a specific technician. Based on the user's login all data
associated with the user's assigned list of substations is automatically loaded to
their mobile device.
• Open Hardware Support: DataSplice users can reliably access their data from
different connectivity environments; online, offline, cradle synchronization,
wireless LAN and WAN. DataSplice is compatible with all modern Windows®
operating systems, including Windows CE (Pocket PC, Windows Mobile and
CE.NET), Windows 98, and Windows 2000/XP. The DataSplice client is also
designed to display properly on any screen size, from handhelds to desktop
monitors. Electric Utility field technicians download work orders to laptops from
their trucks daily via a wireless LAN, then work in offline mode, and send their
changes at shift end via the wireless LAN. Other Power Plant users in the same
Electric Utility can scan tools in and out via wireless LAN handhelds.

Advanced Functionality:

• Business Rule Configuration: DataSplice also features flexible business rule

emulation, via the off-the-shelf application packages that DataSplice has created
to support MAXIMO® software implementations. No tables or triggers are added
to the database. Maintaining and upgrading the MAXIMO® software becomes
more manageable. For example, a food manufacturing customer required the
ability to return inventory items to closed work orders. The standard MAXIMO®
software business rules do not allow this. The DataSplice mobile application was
configured to allow return of inventory items to closed work orders
• Access Information From Multiple Sources : DataSplice can access other
enterprise software systems in addition to the MAXIMO® software application
from the same mobile device handheld client. A business process at a large
electric utility requires receiving Inventory items into the ERP system, but
counting and issuing the items from MAXIMO® software. DataSplice provides a
single handheld interface to accomplish both requirements.
• Barcode Scanning and Printing Support : The DataSplice Remote Client has
been designed to work with most available handheld scanning systems, making
data input easier and more reliable for mobile users. DataSplice users also can
print bar code labels on a networked printer directly from the mobile device.
Total Cost of Ownership:

• Simple Licensing : Utilization of concurrent use licenses greatly reduces

licensing cost in facilities with wireless LANs and where multiple shifts are
deployed. A manufacturing customer with an 802.11b wireless infrastructure
requires only 19 concurrent licenses for 43 technicians.
• Rapid Implementation : DataSplice solutions are specifically designed to help
you implement mobile applications quickly and efficiently to get your staff
mobile. The DataSplice Administration Client enables simple and effective
implementation of mobile solutions. No advanced programming skills are
required to administrate DataSplice and administrators do not need to rewrite
scripts or code to make changes or enhancements.
• Automatic Handheld Configuration and Provisioning : On-going remote user
software and mobile device support is provided by DataSplice Windmill enables
your IT team to efficiently manage hundreds of mobile devices and their
associated functionality. Software updates and hardware configurations are
delivered automatically to the mobile end-users.

Data Splice operation:

The Data Splice Server acts as a broker between mobile devices and your enterprise data.
This provides a single configuration point to manage all of your mobile solutions.

The Data Splice Server performs most of the "heavy-lifting" for the application suite.
This include managing and storing the mobile solution configuration, brokering database
queries from remote clients to the correct data source, constructing offline sets of data for
individual users, and much more.
• Provide Mobile Access to Multiple Data Sources: The DataSplice Server is
capable of connecting to all your information systems - simultaneously! This
means it can be used to serve mobile applications for your financials in Oracle,
your maintenance data in SQL Server, along with homegrown systems in FoxPro
or Microsoft Access. DataSplice can even be used to integrate this information for
users in the field without expensive data migration projects to standardize on a
single platform.
• Centralized Configuration: Because the DataSplice Server handles all direct
communications with external databases, this means that the individual devices do
not need any data-access software installed or configured. This simple approach
simplifies software installation and network configuration.
• Simplified Networking: All DataSplice communications run over a single TCP
port, making it easy to configure firewalls and gateways to handle the service.
This also makes it very easy to run DataSplice over secure channels such as

In addition the DataSplice Server maintains all database connections and the individual
clients never connect directly to a database. This means that the networks for any
DataSplice client devices can be isolated from database resources to provide additional

The DataSplice Server performs:

• ODBC Connectivity
Connect to any modern database, including Microsoft SQL Server, Oracle,
Progress, and many more.
• Manage Remote Device Configuration
Simplify your network configurations: the DataSplice server pushes settings to all
remote devices, meaning no time is wasted managing individual handhelds or
• High Performance
The server is multi-threaded so it can handle any number of connections

Administration Client performs

• Centralized Configuration - All configuration tasks may be performed through the

Administration Client. These settings are then automatically pushed out to
Remote Clients over the network, creating seamless maintenance for handheld
• Network Administration - The Administration Client works connect and manage
server operations from any location on your network.
• Fine-grained Permissions Control - Administration tasks can be broken down by
groups to allow or restrict different users from performing certain tasks. This
feature allows delegation of tasks without the concern that key portions of data
may become corrupted.

• Create views displaying information from multiple data sources.

• Limit accessible records on a per-user or group basis.
• Define how fields are displayed and manipulated.
• Control field validation, including value lists of dynamic relational data.
• Define view relationships to control client navigation.
Remote Client performs:
The DataSplice Remote Client provides real-time or offline data access to any enterprise
data with a simple, easy-to-use interface. DataSplice users can access just the information
they need, when they need it, in the order in which they need it.

The Remote Client provides users with a simple interface that makes working with all
enterprise data easy and consistent. The interface is tailored specifically to display
information on screens with limited screen size, yet is flexible enough to be used at any


The following tables list the minimum and recommended system requirements for
running the various components of the DataSplice Mobile Integration Suite:

DataSplice Server:

The DataSplice Server acts as a broker between remote clients and the underlying
databases being accessed for information. For this reason, database performance is
usually the limiting factor for the overall system performance. That being said, certain
server operations, such as constructing large offline datasets for users, can consume
considerable resources on a server.

System Requirements for the DataSplice Server

Operating Microsoft Windows NT 4 SP6a or better (2000, XP, or Windows Server
The Microsoft XML Parser used by the server requires at least Service Pack
6a for Windows NT 4.

Recommended: Windows 2000 or newer for optimal operation. Future

versions of DataSplice will rely heavily on Microsoft .NET and other
technologies that have better support on newer operating systems.

Terminal Server: DataSplice can be installed on Microsoft Terminal Server.

However, installing the Microsoft XML Parser may be difficult.
The hardware required to run the DataSplice server effectively is highly
dependent on the number of client connections it needs to support.

For small installations (< 10 clients) it is not necessary that the server run
on it's own dedicated machine - it could easily run on the same hardware as
Server the database.

Hardware For larger installations the server should have a minimum 500Mhz
processor and 256M RAM. To ensure optimal performance under heavy
traffic, the more RAM available the better.

In addition, the server must have network connectivity so DataSplice

clients can connect.
The server does not actually store much data. All data operations are
delegated to an external database. The entire set of configuration files for
DataSplice are generally less than a megabyte.
Hard Disk
100M of available storage should be sufficient storage, even for large
installations. This provides plenty of room for temporary ODBC cache
files, as well as session data for the server.

DataSplice Administration Client

The DataSplice Administration Client is a thin-client that enables administrators to

manage all aspects of server configuration. It does not store any configuration data, or
perform complex processing - everything is handled by the server.

System Requirements for the Administration Client

Any current Microsoft Windows® desktop operating system, including:

• Windows 98
Operating • Windows NT
System • Windows 2000
• Windows XP

Recommended: Windows 2000 or better.

Any desktop machine capable of performing basic workstation tasks
(Word Processing, Web Browsing, etc.) is sufficient.
In addition, the client must have network connectivity to the server.
Hard Disk At least 5M of available space to install the client.

DataSplice Remote Client

The DataSplice Remote client is similar to the Administration Client, in that it is a thin-
client that passes off as much processing as possible to the server. This means it is
capable of accessing large amounts of enterprise data on minimal hardware.

System Requirements for the Remote Client (Handheld)

Any Microsoft Windows CE operating system, including:

• Pocket PC
Operating • Pocket PC 2000
• Pocket PC 2002
System • Pocket PC 2003 (a.k.a. Windows Mobile)
• Windows CE 2.11 or newer

• Windows CE .NET
For online applications, any device capable of running the supported
operating systems will be sufficient for the Remote Client.
If used offline, processor speed and memory become more important for
accomodating data storage. We recommend at least 300Mhz ARM
processors, as well as 64M of memory.
Most handheld devices occasionally lose battery charge and will reset to
Storage factory settings. DataSplice can be installed on storage cards so
applications and data are preserved.

The phenomenal growth in mobile and wireless communications entails the serious
problem of security. The causes, mainly due to the frangibility of wireless and mobile
Features and the variety of applications and services, fall into the following categories:
• The physical weaknesses and limitations of mobile and wireless communications,
e.g. high error rate and unpredictable error behavior due to external interference
and mobility, introduce influences on characteristics of not only performance, but
also security.
• The entirely exposed environment of wireless air radio and field devices provides
much more opportunities of being subject to malicious attacks and/or being
susceptible to accidental interferences.
• Applications are becoming more and more important than ever, including mobile
applications and services in areas of military, health care, business, finance, etc.
• Other services may bring users easily in contact with possible threats of intruding
privacy, e.g. location awareness services and context-based applications.
• Contents of provided services, most of which are multimedia-type, are valuable
not only to subscribers but also to composers and providers, and thus secure
protective measures are needed.
This section briefly outlines the sketch of the mobile security framework model that we
propose. The framework layout is figured as a hierarchical architecture consisting of,
from bottom to top, three different layers including Property Theory layer, Limited
Targets layer, and Classified Applications layer, as illustrated in Fig. 2. A more detailed
explanation of each layer of the framework model can be found in the next section.
On the lowest layer, Property Theory, some basic issues of security are considered as the
fundamental points of mobile security research, as follows. Note that since security can
be treated as just a property of information technology and systems, discussions in this
layer are common to all the other fields besides the area of mobile communications.
• Security objectives, i.e. to formulate and determine what kinds of security goals
are going to be achieved and to what extent.
• Attacks, i.e. to analyze and distinguish the possible threats and offensive methods
from all the directions against which targets are to be protected.
• Security mechanisms, i.e. to find and do research on the effective techniques to
fulfill security objectives.
• Security management, i.e. to prescribe and carry out laws and policies relevant to
the administration and maintenance of security targets, including the training of
personnel for security consciousness.
• Security evaluation, including identification of critical components and
assessment of  vulnerabilities, inspection of performance interference, evaluation
of privacy and robustness, and determination of testing strategy and benchmarks.
Based on the discussion in Section II and using the limitation operator of the
term “mobile”, we get the Limited Targets layer as the research domains of mobile

This layer seems to be the most important part of the whole research layout, since, based
on the common security theory below, the specific character of mobile targets is
considered in each of the three overlapping targets as follows, which at the same time
acts as the main basis for various mobile communication applications further.
Mobile networking, including different mobile network structures and protocols
related to security.
Mobile computing, security problems related mainly to mobile agents and light-
weight operating systems and terminals, with the stratification concept in mind.
Mobile media, usually two aspects, i.e. media content and copyright, are considered
for the security protection during transmission and processing respectively.
Some applications, which cannot be successfully deployed without the support from
secure mobile networks and computing and media processing environment, are classified
and listed on the top layer. Obviously here are just some representative examples of the
diverse applications.
• Messaging, e.g. UM (Unified/Universal Message), PIM (Personal Information
Management), Email, Fax, SMS (Short Message Service).
• Telephony, including VoIP (Voice over IP), IPT (IP Telephony), Video
Conference, etc.
• Tele-Services, such as Tele-Medicine, Tele- GeoProcessing, Tele-Education, etc.
This section describes the framework components on each layer in more detail by
figuring the possible research topics.
A. Property Theory Layer
We focus more on the technical area of security here, which by no means implies that
security management and evaluation are less important. In total, there are three different
security objectives on data that are to be reached, one or all, including
• Confidentiality, i.e. the data can only be used by authorized users and/or parties.
• Integrity, i.e. the data cannot be modified during transfer and storage by
• Availability, i.e. the data is always available for authorized use.
B. Limited Targets Layer
1) Mobile Networks: Security issues have not been satisfactorily solved in 2G mobile
communication protocols and networks (GSM). The deficiencies and limitations include
lack or absence of mutual authentication, end-to-end security, non-repudiation, and user
anonymity, together with protocol weaknesses. In 3G wireless networks (IMT-2000),
comprehensive requirements are considered, in categories related to access, radio
interface, terminal, user association, network operation, security management, etc. As 4G
vision is paving its way to reality, more topics of wireless and mobile networks need to
be concerned, e.g. mobile ad hoc networks, WLAN, PAN and micro-cellular

2) Mobile Computers and Computing: Mobile agent is one of the most popular types
of distributed and mobile computing environment [7, 8]. Mobile software agent extends
the concept of software object with the attributes and capabilities of mobility, reactivity,
autonomy, and collaboration. Generally three different problems need to be considered
about the security of mobile agent, including protection of a host from malicious agents,
protection of an agent from malicious hosts, and from other agents, where attacks include
damage, modification, DoS, breaking of privacy, harassment, etc.
3) Mobile Multimedia: The overwhelming advantages of digital data have led to all
kinds of digital media being composed and distributed widely over the Internet, but then
again the possibility of unrestricted duplication and unlimited copying without loss of
fidelity is brought along at the same time. Two main techniques exist for the protection of
intellectual property rights (IPR): media encrypting and information hiding. The former
method takes care of the protection of multimedia data during the transmission process
through suitable coding and encryption, while the latter concerns mainly copyright
protection and copy prevention.
C. Classified Applications Layer—Mobile E-commerce
This section uses mobile E-commerce as a representation to describe the mobile security
issues of the Classified Applications layer. Mobile E-commerce is selected as the
discussed example because it is ever-increasingly popular as a wireless Internet
application converging a mobile communications network with the Internet, and is thus a
promising candidate for the killer application.
• Security for mobile, wireless computing is a particularly difficult problem. Some
technologies, such as Free Space Optics, have more security because of the
physical characteristics of the media. However, other technologies, such as cell
phones and digital pagers, have almost no security because of poorly designed
communications protocols.

The picture below gives a typical pictorial representation of how the future network
systems will co-exist and interact with each other.
Some of these components are:
• 4G-Cellular Systems
• Broadband Wireless Access Systems
• Evolution of Mobile Network
• Intelligent Transport Systems
• High-Altitude Stratospheric Platform Station Systems
Features of future mobile computing devices:
• Increased storage capacity lets you bring everything you need with you:
• Input innovations make data entry easier:
• Enhanced display technology :
• Faster processors support feature-rich applications
• Stay connected with faster, more ubiquitous wireless
• Enhanced battery capacities and more power-efficient devices
• Portable processing power

The real power of mobile computing becomes apparent when mobile hardware, software,
and communications are optimally configured and used to accomplish a specified mobile
task. Although many varied applications exist, mobile computing applications can
generally be divided into two categories--horizontal and vertical.

Horizontal Applications

Horizontal applications have broad-based appeal and include software that performs
functions such as: (a) email; (b) Web browsing; (c) word processing; (d) scheduling; (e)
contact management; (f) to-do lists; (g) messaging; (h) presentation. These types of
applications usually come standard on Palmtops, Clamshells, and laptops with systems
software such as Windows 95.

Vertical Applications

Vertical applications are industry-specific and only have appeal within the specific
industry for which the application was written. Vertical applications are commonly used
in industries such as: (a) retailing; (b) utilities; (c) warehousing; (d) shipping; (e) medical;
and (f) law enforcement and public safety. These vertical applications are often
transaction oriented and normally interface with a corporate database.


Bearer Limitations

Wireless network bearers operate under several fundamental constraints, which place
restrictions on the type of protocols and applications offered over the network:

Power consumption.
As bandwidth increases, power consumption increases. In a mobile device, this
reduces battery life.
Cellular network economics.
Mobile networks are typically based on a cellular architecture. Cells are a
resource shared by all mobile terminals in a geographic area, and typically have a
fixed amount of bandwidth to be shared among all users. This characteristic
rewards efficient use of bandwidth, as a means of reducing the overall cost of the
network infrastructure.
The mobile wireless environment is characterized by a very wide range of
network latency, ranging from sub-second round-trip communication time up to
many tens of seconds. In addition, network latency can be highly variable,
depending on the current radio transmission characteristics (e.g., in a tunnel or off
network) and the network loading in a particular area. Latency is further increased
by routing, error correction and congestion-avoidance characteristics of a
particular network.
The mobile wireless environment is characterized by a very wide range of
network characteristics, and typically has far less bandwidth available than a wire
line environment. In addition, the economics of the wireless environment
encourage the conservation of bandwidth to achieve greater density of

Device Limitations

Wireless devices operate under a set of physical limitations, imposed by their mobility
and form factor:

Limited power.
Any personal, or "hand held" mobile device will have a very limited power
reserve, due to existing battery technology. This reduces available computational
resources, transmission bandwidth, etc.
many mobile wireless are very small (hand-held).

Mobile wireless devices are characterized by a different set of user interface constraints
than a personal computer. To enable a consistent application programming model, a very
wide range of content scalability is required. In practice, a significant amount of the
current WWW content is unsuitable for use on hand-held wireless devices. Problems

Output scalability.
Existing content is designed for viewing on PC screens, whereas mobile devices
will have a wide range of visual display sizes, formatting and other
characteristics. In the near future, this will include voice-only output.
Input scalability.
Mobile devices feature a wide range of input models, including numeric keypad,
very few or no programmable soft keys, etc. In the near future, this will include
voice-only input.

Use Case Limitations

Many wireless devices, for example cellular phones and pagers, are consumer devices.
These devices are used in a wide variety of environments and under a wide range of use
scenarios. For example:

Simple user interfaces:

Many mobile devices, in particular, cellular telephones, are mass-market
consumer-oriented devices. Their user interface must be extremely simple and
easy to use.
Single-purpose devices:
The goal and purpose of most mobile devices is much focused (e.g., voice
communication). This is in contrast with the general-purpose tool-oriented nature
of a personal computer. This motivates a very specific set of use cases, with very
simple and focused behavior. For example, "place a voice call" or "find the
nearest ATM."


Mobile computing is an important, evolving technology. It enables mobile personnel to

effectively communicate and interact with the fixed organizational information system
while remaining unconstrained by physical location. Mobile computing may be
implemented using many combinations of hardware, software, and communications
technologies. The MOBILE framework can assist information technology professionals
in determining the applicability of mobile technology to an organizational problem,
opportunity, or directive. Mobile computing is a versatile and potentially strategic
technology that improves information quality and accessibility, increases operational
efficiency, and enhances management effectiveness Mobile Computing involves six
different categories by which the processing can be improved. The categories are:

M  the need for mobility

O  the need to improve operations

B  the need to break business barriers

I  the need to improve information quality

L  the need to decrease transaction lag

E  the need to improve efficiency.

Mobile computing brings a wealth of benefits to an organization, but also a wealth of
headaches to its information security department. The goal is to implement effective
security controls that support the needs of the individual business while minimally
impacting the usability of mobile devices.