A technology that allows transmission of data via a computer, without having to be connected to a fixed physical link is called mobile computing. The advent of wireless networks has greatly increased the possibilities for mobile computing offered to the general public. Miniaturization has aided this trend towards increased user mobility with the development of notebook computers and Personal Digital Assistants (PDAs) which are truly portable. Currently, the most popular form of wireless communication is the cellular phone. The future for wireless networks promises greatly enhanced utility of mobile computers by expanding the areas covered by these networks and branching into digital communications. For example, users will be able to access electronic mail and data remotely. Wireless networks pose some unique security concerns in comparison to their wired counterparts. Foremost among these is that the transmission medium, in this case electro-magnetic radiation (EMR), cannot be secured against unauthorized access. There is also a problem in verifying the identities of the parties involved in a conversation. Also, cellular phones can be modified so that calls made illegally from one telephone are credited to a different legitimate cellular phone subscriber. Before wireless networks can achieve broad acceptance, these problems of fraud and security from eavesdroppers need to be resolved. The solution lies in the implementation of security protocols over wireless networks. Many security protocols exist for both wired and wireless networks. In deciding on a protocol, attention must be paid to the unique characteristics of the wireless medium. In particular, the wireless link is likely to be limited by bandwidth, so any applications or protocols used over the link should be chosen to minimize both the size and number of messages transmitted. Some other items that must be considered when choosing a protocol include the high error rates on a wireless link (compared to a wired link) and the problems introduced by mobility. As wireless communications and mobilemultimedia services are booming nowadays, systematic research of the overall aspects of mobile security is crucial. This paper presents a framework model for guiding the systematic investigation of mobile security. Based on the introduction of some background viewpoints of security targets from a novel perspective, the framework is described as a hierarchical model in which mobile security research is partitioned into three different layers, including Property Theory, Limited Targets, and Classified Applications. Key research topics in each layer are discussed respectively in detail. In the Property Theory layer, some basic topics related to security are provided. Then, security issues in networks, computing, and multimedia processing are fused together in the Limited Targets layer upon the limitation operator of mobile technology. A goal of mobile computing research is to make any changes that might occur in location or type of network connection transparent to the user (or at least to the mobile applications), thus allowing the mobile users to work in the same manner and with the same productivity no matter where they are, how they are connected, or which platform they are currently using. But present support for adaptation is limited. Part of the difficulty of adaptation in the mobile environment is the

requirement not just to deliver data and services over challenging network conditions, but to deliver them in formats suitable for the devices that need them.

The term "Mobile computing" is used to describe the use of computing devices-which usually interact in some fashion with a central information system--while away from the normal, fixed workplace. Mobile computing technology enables the mobile worker to: (a) create; (b) access; (c) process; (d) store; and (e) communicate information without being constrained to a single location. By extending the reach of an organization's fixed information system, mobile computing enables interaction with organizational personnel that were previously disconnected.

First Generation Mobile Networks • • • • • • AMPS (Advanced Mobile Phone Service) in Asia and North America NMT (Nordic Mobile Telephone) in Sweden, Norway, Finland ETACS (Extended Total Access Communication System) in the UK NTT (Nippon Telegraph and Telephone) in Japan

Second Generation Mobile Networks D-AMPS (Digital Advanced Mobile Phone Service, also known as IS-54): Operates at 800MHz. Uses TDMA Standard — Exists mainly in USA N-CDMA (Narrow-band Code Division Multiple Access, also Known as IS95):Operates at 800MHz 1. Characterized by high capacity and small cell radius 2. Uses Spread spectrum technology 3. Exists mainly in the USA • GSM (Global System for Mobile Communications): First digital cellular system developed for compatibility throughout Europe. Operates at 900MHz range. Data rates vary according to switching type. 3G Wireless Networks

Now that the importance of data over wireless networks is well understood, research institutions and organizations have progressively started investing in developing high speed data networks that can enhance the capacity, quality and rates at which data is

currently available. These emerging technologies constitute what is known commonly as Third Generation Wireless networks, or simply 3G. These systems aim to provide an enhanced experience to the users in terms of receiving or sending voice, text or binary data. It includes • • • General Packet Radio Service (GPRS) High-Speed Circuit Switched Data (HSCSD) Enhanced Data for Global Evolution (EDGE)

Table 1: Wireless Connectivity Technologies
Technology On-premises wireless messaging (e.g., by using messaging pagers, PDAs)

Costs Low fixed cost for simple, shrinkwrapped application s and devices Low operating cost Low to high capital cost, depending on complexity of network and data rate Low to moderate operating cost depending on stability of software


• • •

Shrinkwrapped applications do not require IT support Easy, fast implementati on for shrinkwrapped applications Medium to high data rates User interface similar to landline Local Area Network (LAN); little additional end-user training is needed Eliminates need for wiring in older buildings or where impractical. Can be combined with landline LAN to

Small data display area Range limited to few hundred feet Custom applications may require additional support Signals can be intercepted, posing security risk

Wireless Local Area Network (WLAN)

• • • • •

New technology for most IT departments; another support burden More expensive than landline LAN for equivalent data rates Not supported by most handheld devices Very short range Signals can be intercepted, posing security risk unless appropriate security measures are used

network mobile devices on a large campus 2.5G, 3G wireless devices (e.g., 2.5 generation cell phones)

No fixed costs except for mobile devices (usually phones) High operating costs (perminute connection charges)

Cell network supported by the vendor, usually the Internet service provider (ISP) Wide area coverage in metropolitan areas Fast implementati on Network supported by vendor (ISP) High data rate may compete with T1 speeds Potential low cost alternative to T1 in metropolitan markets

• • • • •

Not widely implemented in U.S. Low data rate except for newest technology in test markets Coverage usually does not include rural areas Small data display area Poor Wireless Access Protocol (WAP) security

Broadband wireless

Moderate fixed costs for receivers Operating costs depend on ISP service level

• • • •

Currently available in only a few markets Requires fixed point receiver for speeds greater than 384 Kbps Coverage does not include rural areas Security concerns are identical to those of Internet


Low to high fixed costs for receivers, depending on the application Low operating cost per data rate

Network supported by the vendor (ISP) At present, easier and faster to get than DSL in many markets, especially rural ones Medium to high download data rate; can be much better than T3 in dedicated applications Medium to high data rate; can be much better than T3 Prices will be competitive with broadband wireless

• •

Upload data rate equivalent to dial-up Off-the-shelf commercial offerings more expensive than cable or DSL with slower data rates High speed, high capacity applications require custom engineering; difficult and expensive to implement Signal can be intercepted, potentially compromising security

Free Space Optics

Low to high fixed costs for receivers, depending on the application Low operating cost per data rate

• • •

In prototype stage Coverage is unlikely to include rural areas in the near future Reliability can be degraded by several environmental conditions, reducing data rate as distance increases Requires fixed point receiver; appropriate only for data replication and synchronization Signal cannot be intercepted without detection, providing security no other media can match

Connectivity Strategy:
Since wireless data communication technology is usually more expensive than landline technology for equivalent data volume, it must be justified by a large or quick payback. For instance, the immediacy provided by some wireless connectivity options could preserve the value of information that would only degrade as time passes. Another possibility is that wireless computing would allow a company to offer an increased level

of service, resulting in additional revenue. The value, timeliness, and type of information being used in a mobile task must be taken into consideration before implementing any kind of mobile or wireless strategy. Figure 1 illustrates how these decision factors come into play when selecting a mode of connectivity. Selection of Connectivity

Figure 1: The horizontal axis represents the amount of data that the client must have to perform a task. For some activities, a simple message may suffice, requiring little wireless bandwidth and device memory. Currently, 2.5G and 3G phones, for example, could be used in this capacity. For other activities, a high-resolution bitmapped image may be necessary, which increases both bandwidth and memory requirements. In such cases, a more complex device, such as a laptop, could be used to transfer data over a traditional network in order to meet these requirements more effectively.

• Packet-Switched Data–—Packet-switched “describes a network over which relatively small units of data, called packets, are routed over a network (wireless or wired) based on the destination address contained within each packet. Information is sent in packets and bundled with overhead information. This overhead data includes routing and destination

information as well as error correction data to ensure correct transmission in case of poor signal quality. 1. Dividing a message into packets allows many network users to share the same data path 2. This type of communication between sender and receiver is known as connectionless (rather than dedicated) communications. Most traffic over the wired Internet relies on a packet-switching type protocol 3. Cellular digital packet data (CDPD) a wireless data service, is an example of a widely used packet-switched technology. This type of packet-switched data service is the main type of data communications used by public safety agencies 4. Packet-switched based data services allow for the use of special data applications to assess central databases owned by the agency or remotely maintained by a state or a federal agency, i.e., National Crime Information Center (NCIC), National Law Enforcement Telecommunications System (NLETS), Washington Area Law Enforcement System (WALES), etc. 5. Packet data architecture is normally based on open architecture, which allows for continuous upgrades and enhancements to keep it current with advancing. The openness of the architecture allows use of a wide variety of computing devices and modems • Circuit-Switched Data–—Circuit-switched “describes a network, such as the standard cellular network, in which the communication circuit path for the call is set up and dedicated to the participants in that call. For the duration of the connection, all resources on that circuit are unavailable to other users 1. Data transferred through this type of circuit passes through a digital cellular telephone with a built-in modem, or through an analog telephone with an attached analog-to-digital modem. This type of communication relies on the quality of the cellular providers’ service. 2. Users can connect to a data service by using a cellular telephone as a modem to connect to an Internet service provider, or to a business local area network (LAN) using a dial-up networking type of model

Cellular and personal communications services (PCS) providers have lately offered services that enable data-capable digital telephones to send and receive data from and to a laptop or personal digital assistant (PDA)

• •

Similar to packet-switched service, users can access information such as e-mail, Internet data, or query databases The cellular telephone user dials in to either an Internet service provider or a business LAN, depending on the type of connection that is arranged ahead of time

A business LAN can consist of a public safety agency‘s own central office LAN with a server or workstation connected to a dial-up networking modem or a modem pool, which would answer one or many calls, depending on the number of modems present

Users can employ either analog or digital voice channels to access data; however, digital telephones have built-in modems, thus eliminating the need for an additional modem. Analog telephones require a modem in order to encode or decode digital information

3. Because the cellular and PCS providers supply the connectivity and data-capable telephones, the infrastructure is identical to that of PCS and cellular infrastructures • • • Coverage of a circuit-switched network is identical to the coverage of the specific service provider‘s network Users must employ specific telephones and cables to connect to a laptop or PDA As with voice calls, subscribers share the airwaves and compete for capacity on the network. Note, however, sometimes the demand at a site will exceed available capacity, rendering the service useless

Cellular Digital Packet Data (CDPD) is the first public wireless data system ever developed for the Advanced Mobile Telephone Service (AMPS) system. It is a system for transmitting packets of data over the existing AMPS system. As its traffic continuous to

grow, potential new costumers require to know the platform’s quality of service. Our task is to seek answers regarding number of mobile users, with a certain application, that can share a CDPD channel. To facilitate this, we used a simulation tool called BONeS.

CDPD Network Architecture:
A CDPD network consists of five components: 1. M-ES(Mobile End Station) 2. .MDBS(Mobile Data Base Station) 3. MD-IS(Mobile Data Intermediate systems) 4. IS (Intermediate system) 5. F-ES(Fixed End System)

Calling Procedure:
In a CDPD network, multiple M-ESs (Mobile End Station) share the channel medium with a single Mobile Data Base Station (MDBS). Direct communication is only possible between an M-ES and MDBS, but not between two M-ESs in same cell. The medium consists of a forward channel from MDBS to M-ES and a reverse-channel from M-ES to

MDBS. The forward channel is a connectionless broadcast channel carrying transmissions from MDBS only.

Information is received and decoded by all M-ES’s on the channel simultaneously. The reveres channel is shared between all M-ES’s. Access to the channel and resolution of contention is controlled by each M-ES assisted by reverse-channel status information returned by the MDBS on the forward channel. The registration procedure starts when ME-S is switched on. The signal is caught by a MDBS and forwarded to a MDBS router. Having been directed via the MDBS router and the main router, it reaches the Serving MD-IS, which registers the M-ES on a channel stream transceiver (TRX). The Serving MD-IS then sends a message to the Home MD-IS, telling where the mobile is located at the moment, i.e., which Serving MD-IS is administrating the base station that has taken up the signal from the ME-S. The Home MD-IS takes care of the authentication procedure and registers the ME-S at the Serving MD-IS. If moving, the ME-S decides itself when to get connected with a new base station. The base station is the only part in the CDPD system having knowledge about the cell structure. When the ME-S connects with a new base station, the registration procedure is repeated, except the

authentication part, which is not required. The Serving MD-IS then switches the M-ES to a new channel stream. If the change of base station also means a new Serving MD-IS, the Home MD-IS will get a message from the new MD-IS about the change. When changing to a new a new MD-IS, the authentication must be repeated as well.

Protocols used:
• • • MDLP(Mobile Data Link Protocol) SNDCP(Sub network-Network Dependent Convergence Protocol) DSMA/CD (Digital Sense Multiple Access with Collision Detection)

CDPD Advantages: The CDPD protocol is designed to work with the existing
Internet Protocol (IP) based networks. It can also be used as transport for Local Area Network (LAN) based wireless applications The advantages that packet transmission has over conventional circuit switching include the following: 1. Robustness: Carrier loss between packets is typically not a problem. 2. Security: Encryption on small packets is easily handled. 3. Per-packet billing! 4. User Always on-line and connected! Robustness is shown from the fact that CDPD provides today a complete network mobility during subscriber roaming without affecting the surrounding traffic. The combination of wireless data traffic and cellular services within the same frequency band and channels is obtained with no loss of performance of either.

Maintenance organizations face pressure when budgets are cut and the expectation of customer service remains high. That's why many organizations are arming their field maintenance personnel with handhelds! Mobilizing your workforce can significantly decrease wasted data entry time and wait time for materials, increase operational efficiency, reduce transcription errors, and make data immediately available for trending and analysis. Unlike other mobile solutions for MAXIMO® software that are rigid, expensive, and have limited functionality, DataSplice solutions can be easily tailored to meet your work processes and are guaranteed to save your organization money.

Data Splice mobile technology provides a flexible platform that is capable of delivering mobile data access to field personnel for any CMMS application. Every aspect of the mobile solution can be easily customized: the data and fields displayed to the user, the relationships and links between the data, and the business rules performed when information is modified. Most importantly, we understand that the success of any mobile application lies in its ability to integrate with your existing business and work processes. Other mobile solutions force users to change the way they work to conform with the way the software functions. All Data Splice solutions can easily be modified to your expectations, ensuring user acceptance. The features of Data Splice mobile technology are as follows: The Flexibility to Work the Way You Want • Easily Configured to Precisely Meet Your Work Processes: DataSplice can quickly and easily be configured to provide the end-user functionality required to support your best practice maintenance processes. The standard off-the-shelf DataSplice interface can be modified to access multiple MAXIMO® software database tables and provide the simplest data entry process possible. One of our utility customers created a Substation Maintenance Management mobile data collection solution by creating a DataSplice interface to the database that combines condition monitoring and location attributes. Substation inspectors now simply enter the specific Substation and are presented an editable list of all the measurement points and location attribute values they need to record, reducing data capture time by 43%. • Remote Users Only See the Data They Need : The utilization of attributes and view criteria enable the DataSplice administrator to easily define the specific subsets of data available for each user, based on your exact work assignments.One of our utility customer's Transmission and Distribution groups assigns all activity for each Substation to a specific technician. Based on the user's login all data associated with the user's assigned list of substations is automatically loaded to their mobile device.

Open Hardware Support: DataSplice users can reliably access their data from different connectivity environments; online, offline, cradle synchronization, wireless LAN and WAN. DataSplice is compatible with all modern Windows® operating systems, including Windows CE (Pocket PC, Windows Mobile and CE.NET), Windows 98, and Windows 2000/XP. The DataSplice client is also designed to display properly on any screen size, from handhelds to desktop monitors. Electric Utility field technicians download work orders to laptops from their trucks daily via a wireless LAN, then work in offline mode, and send their changes at shift end via the wireless LAN. Other Power Plant users in the same Electric Utility can scan tools in and out via wireless LAN handhelds.

Advanced Functionality: • Business Rule Configuration: DataSplice also features flexible business rule emulation, via the off-the-shelf application packages that DataSplice has created to support MAXIMO® software implementations. No tables or triggers are added to the database. Maintaining and upgrading the MAXIMO® software becomes more manageable. For example, a food manufacturing customer required the ability to return inventory items to closed work orders. The standard MAXIMO® software business rules do not allow this. The DataSplice mobile application was configured to allow return of inventory items to closed work orders • Access Information From Multiple Sources : DataSplice can access other enterprise software systems in addition to the MAXIMO® software application from the same mobile device handheld client. A business process at a large electric utility requires receiving Inventory items into the ERP system, but counting and issuing the items from MAXIMO® software. DataSplice provides a single handheld interface to accomplish both requirements. • Barcode Scanning and Printing Support : The DataSplice Remote Client has been designed to work with most available handheld scanning systems, making data input easier and more reliable for mobile users. DataSplice users also can print bar code labels on a networked printer directly from the mobile device.

Total Cost of Ownership: • Simple Licensing : Utilization of concurrent use licenses greatly reduces licensing cost in facilities with wireless LANs and where multiple shifts are deployed. A manufacturing customer with an 802.11b wireless infrastructure requires only 19 concurrent licenses for 43 technicians. • Rapid Implementation : DataSplice solutions are specifically designed to help you implement mobile applications quickly and efficiently to get your staff mobile. The DataSplice Administration Client enables simple and effective implementation of mobile solutions. No advanced programming skills are required to administrate DataSplice and administrators do not need to rewrite scripts or code to make changes or enhancements. • Automatic Handheld Configuration and Provisioning : On-going remote user software and mobile device support is provided by DataSplice Windmill enables your IT team to efficiently manage hundreds of mobile devices and their associated functionality. Software updates and hardware configurations are delivered automatically to the mobile end-users.

Data Splice operation:
The Data Splice Server acts as a broker between mobile devices and your enterprise data. This provides a single configuration point to manage all of your mobile solutions. The Data Splice Server performs most of the "heavy-lifting" for the application suite. This include managing and storing the mobile solution configuration, brokering database queries from remote clients to the correct data source, constructing offline sets of data for individual users, and much more.

Provide Mobile Access to Multiple Data Sources: The DataSplice Server is capable of connecting to all your information systems - simultaneously! This means it can be used to serve mobile applications for your financials in Oracle, your maintenance data in SQL Server, along with homegrown systems in FoxPro or Microsoft Access. DataSplice can even be used to integrate this information for users in the field without expensive data migration projects to standardize on a single platform.

Centralized Configuration: Because the DataSplice Server handles all direct communications with external databases, this means that the individual devices do not need any data-access software installed or configured. This simple approach simplifies software installation and network configuration.

Simplified Networking: All DataSplice communications run over a single TCP port, making it easy to configure firewalls and gateways to handle the service. This also makes it very easy to run DataSplice over secure channels such as VPNs.

In addition the DataSplice Server maintains all database connections and the individual clients never connect directly to a database. This means that the networks for any DataSplice client devices can be isolated from database resources to provide additional security. The DataSplice Server performs: • ODBC Connectivity

Connect to any modern database, including Microsoft SQL Server, Oracle, Progress, and many more. • Manage Remote Device Configuration Simplify your network configurations: the DataSplice server pushes settings to all remote devices, meaning no time is wasted managing individual handhelds or workstations. • High Performance The server is multi-threaded so it can handle any number of connections simultaneously. Administration Client performs

Centralized Configuration - All configuration tasks may be performed through the Administration Client. These settings are then automatically pushed out to Remote Clients over the network, creating seamless maintenance for handheld devices.

Network Administration - The Administration Client works connect and manage server operations from any location on your network. Fine-grained Permissions Control - Administration tasks can be broken down by groups to allow or restrict different users from performing certain tasks. This feature allows delegation of tasks without the concern that key portions of data may become corrupted.

• • • • •

Create views displaying information from multiple data sources. Limit accessible records on a per-user or group basis. Define how fields are displayed and manipulated. Control field validation, including value lists of dynamic relational data. Define view relationships to control client navigation.

Remote Client performs: The DataSplice Remote Client provides real-time or offline data access to any enterprise data with a simple, easy-to-use interface. DataSplice users can access just the information they need, when they need it, in the order in which they need it. The Remote Client provides users with a simple interface that makes working with all enterprise data easy and consistent. The interface is tailored specifically to display information on screens with limited screen size, yet is flexible enough to be used at any resolution.

The following tables list the minimum and recommended system requirements for running the various components of the DataSplice Mobile Integration Suite:

DataSplice Server:
The DataSplice Server acts as a broker between remote clients and the underlying databases being accessed for information. For this reason, database performance is usually the limiting factor for the overall system performance. That being said, certain server operations, such as constructing large offline datasets for users, can consume considerable resources on a server. System Requirements for the DataSplice Server Operating Microsoft Windows NT 4 SP6a or better (2000, XP, or Windows Server 2003) System The Microsoft XML Parser used by the server requires at least Service Pack 6a for Windows NT 4. Recommended: Windows 2000 or newer for optimal operation. Future versions of DataSplice will rely heavily on Microsoft .NET and other

technologies that have better support on newer operating systems. Terminal Server: DataSplice can be installed on Microsoft Terminal Server. However, installing the Microsoft XML Parser may be difficult. The hardware required to run the DataSplice server effectively is highly dependent on the number of client connections it needs to support. For small installations (< 10 clients) it is not necessary that the server run on it's own dedicated machine - it could easily run on the same hardware as the database.


Hardware For larger installations the server should have a minimum 500Mhz processor and 256M RAM. To ensure optimal performance under heavy traffic, the more RAM available the better. In addition, the server must have network connectivity so DataSplice clients can connect. The server does not actually store much data. All data operations are delegated to an external database. The entire set of configuration files for DataSplice are generally less than a megabyte. Hard Disk 100M of available storage should be sufficient storage, even for large installations. This provides plenty of room for temporary ODBC cache files, as well as session data for the server.

DataSplice Administration Client
The DataSplice Administration Client is a thin-client that enables administrators to manage all aspects of server configuration. It does not store any configuration data, or perform complex processing - everything is handled by the server. System Requirements for the Administration Client Any current Microsoft Windows® desktop operating system, including: Operating System
• • • •

Windows 98 Windows NT Windows 2000 Windows XP

Recommended: Windows 2000 or better.

Hardware Hard Disk

Any desktop machine capable of performing basic workstation tasks (Word Processing, Web Browsing, etc.) is sufficient. In addition, the client must have network connectivity to the server. At least 5M of available space to install the client.

DataSplice Remote Client
The DataSplice Remote client is similar to the Administration Client, in that it is a thinclient that passes off as much processing as possible to the server. This means it is capable of accessing large amounts of enterprise data on minimal hardware.

System Requirements for the Remote Client (Handheld) Any Microsoft Windows CE operating system, including:
• • • • • •

Operating System

Pocket PC Pocket PC 2000 Pocket PC 2002 Pocket PC 2003 (a.k.a. Windows Mobile) Windows CE 2.11 or newer

Windows CE .NET For online applications, any device capable of running the supported operating systems will be sufficient for the Remote Client. Hardware If used offline, processor speed and memory become more important for accomodating data storage. We recommend at least 300Mhz ARM processors, as well as 64M of memory. Most handheld devices occasionally lose battery charge and will reset to factory settings. DataSplice can be installed on storage cards so applications and data are preserved.

Storage Cards


The phenomenal growth in mobile and wireless communications entails the serious problem of security. The causes, mainly due to the frangibility of wireless and mobile Features and the variety of applications and services, fall into the following categories: • The physical weaknesses and limitations of mobile and wireless communications, e.g. high error rate and unpredictable error behavior due to external interference and mobility, introduce influences on characteristics of not only performance, but also security. • The entirely exposed environment of wireless air radio and field devices provides much more opportunities of being subject to malicious attacks and/or being susceptible to accidental interferences. • • • Applications are becoming more and more important than ever, including mobile applications and services in areas of military, health care, business, finance, etc. Other services may bring users easily in contact with possible threats of intruding privacy, e.g. location awareness services and context-based applications. Contents of provided services, most of which are multimedia-type, are valuable not only to subscribers but also to composers and providers, and thus secure protective measures are needed. MOBILE SECURITY FRAMEWORK: This section briefly outlines the sketch of the mobile security framework model that we propose. The framework layout is figured as a hierarchical architecture consisting of, from bottom to top, three different layers including Property Theory layer, Limited Targets layer, and Classified Applications layer, as illustrated in Fig. 2. A more detailed explanation of each layer of the framework model can be found in the next section. On the lowest layer, Property Theory, some basic issues of security are considered as the fundamental points of mobile security research, as follows. Note that since security can be treated as just a property of information technology and systems, discussions in this layer are common to all the other fields besides the area of mobile communications. • • Security objectives, i.e. to formulate and determine what kinds of security goals are going to be achieved and to what extent. Attacks, i.e. to analyze and distinguish the possible threats and offensive methods from all the directions against which targets are to be protected.

• •

Security mechanisms, i.e. to find and do research on the effective techniques to fulfill security objectives. Security management, i.e. to prescribe and carry out laws and policies relevant to the administration and maintenance of security targets, including the training of personnel for security consciousness.

Security evaluation, including identification of critical components and assessment of  vulnerabilities, inspection of performance interference, evaluation of privacy and robustness, and determination of testing strategy and benchmarks. Based on the discussion in Section II and using the limitation operator of the

term “mobile”, we get the Limited Targets layer as the research domains of mobile security.

This layer seems to be the most important part of the whole research layout, since, based on the common security theory below, the specific character of mobile targets is considered in each of the three overlapping targets as follows, which at the same time acts as the main basis for various mobile communication applications further. Mobile networking, including different mobile network structures and protocols related to security. Mobile computing, security problems related mainly to mobile agents and lightweight operating systems and terminals, with the stratification concept in mind. Mobile media, usually two aspects, i.e. media content and copyright, are considered for the security protection during transmission and processing respectively. Some applications, which cannot be successfully deployed without the support from secure mobile networks and computing and media processing environment, are classified and listed on the top layer. Obviously here are just some representative examples of the diverse applications. • • • Messaging, e.g. UM (Unified/Universal Message), PIM (Personal Information Management), Email, Fax, SMS (Short Message Service). Telephony, including VoIP (Voice over IP), IPT (IP Telephony), Video Conference, etc. Tele-Services, such as Tele-Medicine, Tele- GeoProcessing, Tele-Education, etc.

FRAMEWORK LAYERS DESCRIPTIONS This section describes the framework components on each layer in more detail by figuring the possible research topics. A. Property Theory Layer We focus more on the technical area of security here, which by no means implies that security management and evaluation are less important. In total, there are three different security objectives on data that are to be reached, one or all, including • • • Confidentiality, i.e. the data can only be used by authorized users and/or parties. Integrity, i.e. the data cannot be modified during transfer and storage by adversaries. Availability, i.e. the data is always available for authorized use.

B. Limited Targets Layer 1) Mobile Networks: Security issues have not been satisfactorily solved in 2G mobile communication protocols and networks (GSM). The deficiencies and limitations include lack or absence of mutual authentication, end-to-end security, non-repudiation, and user anonymity, together with protocol weaknesses. In 3G wireless networks (IMT-2000), comprehensive requirements are considered, in categories related to access, radio interface, terminal, user association, network operation, security management, etc. As 4G vision is paving its way to reality, more topics of wireless and mobile networks need to be concerned, e.g. mobile ad hoc networks, WLAN, PAN and micro-cellular environments.

2) Mobile Computers and Computing: Mobile agent is one of the most popular types of distributed and mobile computing environment [7, 8]. Mobile software agent extends the concept of software object with the attributes and capabilities of mobility, reactivity, autonomy, and collaboration. Generally three different problems need to be considered

about the security of mobile agent, including protection of a host from malicious agents, protection of an agent from malicious hosts, and from other agents, where attacks include damage, modification, DoS, breaking of privacy, harassment, etc. 3) Mobile Multimedia: The overwhelming advantages of digital data have led to all kinds of digital media being composed and distributed widely over the Internet, but then again the possibility of unrestricted duplication and unlimited copying without loss of fidelity is brought along at the same time. Two main techniques exist for the protection of intellectual property rights (IPR): media encrypting and information hiding. The former method takes care of the protection of multimedia data during the transmission process through suitable coding and encryption, while the latter concerns mainly copyright protection and copy prevention. C. Classified Applications Layer—Mobile E-commerce This section uses mobile E-commerce as a representation to describe the mobile security issues of the Classified Applications layer. Mobile E-commerce is selected as the discussed example because it is ever-increasingly popular as a wireless Internet application converging a mobile communications network with the Internet, and is thus a promising candidate for the killer application. • Security for mobile, wireless computing is a particularly difficult problem. Some technologies, such as Free Space Optics, have more security because of the physical characteristics of the media. However, other technologies, such as cell phones and digital pagers, have almost no security because of poorly designed communications protocols.

The picture below gives a typical pictorial representation of how the future network systems will co-exist and interact with each other.

Some of these components are: • • • • • • • • • • • • 4G-Cellular Systems Broadband Wireless Access Systems Evolution of Mobile Network Intelligent Transport Systems High-Altitude Stratospheric Platform Station Systems

Features of future mobile computing devices: Increased storage capacity lets you bring everything you need with you: Input innovations make data entry easier: Enhanced display technology : Faster processors support feature-rich applications Stay connected with faster, more ubiquitous wireless Enhanced battery capacities and more power-efficient devices Portable processing power

The real power of mobile computing becomes apparent when mobile hardware, software, and communications are optimally configured and used to accomplish a specified mobile task. Although many varied applications exist, mobile computing applications can generally be divided into two categories--horizontal and vertical. Horizontal Applications Horizontal applications have broad-based appeal and include software that performs functions such as: (a) email; (b) Web browsing; (c) word processing; (d) scheduling; (e) contact management; (f) to-do lists; (g) messaging; (h) presentation. These types of applications usually come standard on Palmtops, Clamshells, and laptops with systems software such as Windows 95. Vertical Applications Vertical applications are industry-specific and only have appeal within the specific industry for which the application was written. Vertical applications are commonly used in industries such as: (a) retailing; (b) utilities; (c) warehousing; (d) shipping; (e) medical; and (f) law enforcement and public safety. These vertical applications are often transaction oriented and normally interface with a corporate database.

Bearer Limitations Wireless network bearers operate under several fundamental constraints, which place restrictions on the type of protocols and applications offered over the network: Power consumption.

As bandwidth increases, power consumption increases. In a mobile device, this reduces battery life. Cellular network economics. Mobile networks are typically based on a cellular architecture. Cells are a resource shared by all mobile terminals in a geographic area, and typically have a fixed amount of bandwidth to be shared among all users. This characteristic rewards efficient use of bandwidth, as a means of reducing the overall cost of the network infrastructure. Latency. The mobile wireless environment is characterized by a very wide range of network latency, ranging from sub-second round-trip communication time up to many tens of seconds. In addition, network latency can be highly variable, depending on the current radio transmission characteristics (e.g., in a tunnel or off network) and the network loading in a particular area. Latency is further increased by routing, error correction and congestion-avoidance characteristics of a particular network. Bandwidth. The mobile wireless environment is characterized by a very wide range of network characteristics, and typically has far less bandwidth available than a wire line environment. In addition, the economics of the wireless environment encourage the conservation of bandwidth to achieve greater density of subscribers.

Device Limitations Wireless devices operate under a set of physical limitations, imposed by their mobility and form factor: Limited power.

Any personal, or "hand held" mobile device will have a very limited power reserve, due to existing battery technology. This reduces available computational resources, transmission bandwidth, etc. Size: many mobile wireless are very small (hand-held). Mobile wireless devices are characterized by a different set of user interface constraints than a personal computer. To enable a consistent application programming model, a very wide range of content scalability is required. In practice, a significant amount of the current WWW content is unsuitable for use on hand-held wireless devices. Problems include: Output scalability. Existing content is designed for viewing on PC screens, whereas mobile devices will have a wide range of visual display sizes, formatting and other characteristics. In the near future, this will include voice-only output. Input scalability. Mobile devices feature a wide range of input models, including numeric keypad, very few or no programmable soft keys, etc. In the near future, this will include voice-only input. Use Case Limitations Many wireless devices, for example cellular phones and pagers, are consumer devices. These devices are used in a wide variety of environments and under a wide range of use scenarios. For example: Simple user interfaces: Many mobile devices, in particular, cellular telephones, are mass-market consumer-oriented devices. Their user interface must be extremely simple and easy to use. Single-purpose devices:

The goal and purpose of most mobile devices is much focused (e.g., voice communication). This is in contrast with the general-purpose tool-oriented nature of a personal computer. This motivates a very specific set of use cases, with very simple and focused behavior. For example, "place a voice call" or "find the nearest ATM."

Mobile computing is an important, evolving technology. It enables mobile personnel to effectively communicate and interact with the fixed organizational information system while remaining unconstrained by physical location. Mobile computing may be implemented using many combinations of hardware, software, and communications technologies. The MOBILE framework can assist information technology professionals in determining the applicability of mobile technology to an organizational problem, opportunity, or directive. Mobile computing is a versatile and potentially strategic technology that improves information quality and accessibility, increases operational efficiency, and enhances management effectiveness Mobile Computing involves six different categories by which the processing can be improved. The categories are: M O B I L E       the need for mobility the need to improve operations the need to break business barriers the need to improve information quality the need to decrease transaction lag the need to improve efficiency.


Mobile computing brings a wealth of benefits to an organization, but also a wealth of headaches to its information security department. The goal is to implement effective security controls that support the needs of the individual business while minimally impacting the usability of mobile devices.