Scribd Logo
Upload

Welcome to Scribd!

  • Itss Lab8.odt

    Uploaded by

    MANSI BISHT
    8 views5 pages

    Original Title

    itss_lab8.odt

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views5 pages

    Itss Lab8.odt

    Uploaded by

    MANSI BISHT

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Name – Anurag Porwal sap id – 500061971

    Roll no – R134217034 Batch – cse csf(b1)

    1. What do you understand by Mobile Security.

    Mobile security refers to efforts to secure data on mobile devices such as


    smartphones and tablets. Typically, mobile security is something that
    enterprises work on to control sensitive information that could be jeopardized
    because of its use on various mobile devices. As the use of mobile devices has
    proliferated, securing them has increasingly become an important issue in
    mobile technology.

    One of the big reasons that mobile security is such a major concern for
    businesses relates to the emerging use of mobile devices, including personal
    employee devices, in corporate systems. A trend called bring your own device
    (BYOD) is allowing businesses and their employees to profit from device-
    sharing strategies. The downside is the security gap, which is what mobile
    security seeks to address.
    Some of the biggest issues in mobile security are related to device loss or
    device theft. In either case, sensitive corporate information could get into the
    wrong hands. Another big element of mobile security is preventing malware on
    mobile devices from attacking corporate systems. Yet another significant part
    of mobile security involves device data leakage, where mobile device screens
    can display information that could be captured by unauthorized parties.

    2. Compare and contrast Android and iOS architectures


    Both operating systems vary from each other in terms of architecture, but they
    are more similar in principle than execution. This answer is a summary of how
    it works, and I will not go in-depth into any particular topic or else this answer
    would be pages long.
    Android differs from iOS’s architecture because of how open Android is and how
    closed-source iOS is.

    Both start with a kernel, which is pretty much what controls the hardware,
    timing, file system, interrupts, drivers, and power management. Android runs
    off the Linux kernel, while iOS opted for a BSD-derived kernel called Darwin.
    Both are UNIX based.

    Next for iOS is the Core OS layer, which has most of the low-level things
    needed for abstraction of system functions like OpenCL and disk access.
    For Android, it’s the library layer, which has a bit more libraries in it than the
    Core OS, like media frameworks, OpenGL, SSL, LibWebCore, and LibC.
    Next for iOS is the Core Services layer, which is more like the library layer for
    Android, but it’s all Apple made libraries, like Core Data, Core Animation,
    WebKit, Address Book, Core Foundation, Social Libraries, and Security.

    After that comes the Media layer, which controls all the video, audio, text, and
    animations. Pretty much everything that’s displayed on the screen.

    Then for Android, there is the Android Runtime, which has the Core Libraries for
    Java and the JavaVM. This is pretty much the basis for the Application
    Framework, which is a layer we will get to later.

    After the Media Layer in iOS comes AppKit. This is the part that brings all the
    layers together to be able to function as a whole; this hooks all the libraries and
    runtimes together to be able to run iOS apps. Developers use AppKit to be able
    to make and run iOS apps. This is the last layer in the iOS architecture.

    After the Android Runtime is the Application Framework, which works a lot like
    AppKit. This is the layer that brings everything together to be able to be used
    by programmers. This is the last layer in Android.

    The way that the iOS architecture differs from Android is that iOS is more
    customized and programmed for security. This is because Apple uses a custom
    BSD-based kernel and programs almost all their libraries from scratch. This is
    compared to Android which uses a lot of open-source software instead of
    customized software like Apple opted for. This means a lot of it may not even
    be needed for your phone and is useless.

    However, that is not necessarily a bad thing.

    Because the way I think about it is having the choice between a super thin
    laptop with every part in it built by the same manufacturer or building your own
    computer and using off-the-shelf parts, while using a custom case to put it in.
    Some people like the laptop because it’s sleek, while others like building their
    own because they like how they can change or modify what they have, and
    they like how they can participate in creating it, like Android.

    3. Discuss the OAuth 2.0 architecture for Web, desktop and smart


    devices in detail.

    OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses
    on client developer simplicity while providing specific authorization flows for
    web applications, desktop applications, mobile phones, and living room
    devices. This specification and its extensions are being developed within the
    IETF OAuth Working Group.

    Oauth 2.0 architecture

    FACEBOOK,GOOGLE
    USER CLIENT APP
    TWITTER etc.

    1. user accesses resources


    using the client application

    2. client application will be


    provided with the client id
    and client password during
    3. user logs in using the
    registering the redirect URI
    authenticating application

    4. authenticating server redirects


    the user to a redirect Uniform
    Resource Identifier using
    authorization code

    5. user accesses the page located at


    redirect URI in the client
    application

    6. client application will be


    provided with the
    authentication code, client id
    and client password, and send
    them to the authorization server

    7. authenticating application
    returns an access token to the
    client application

    8. client application gets an access


    token, the user starts accessing the
    resources of the resource owner
    using the client application
    4. Write python/java/C code to analyze the PCAP file captured in lab 6
    for :
    finding the number of unique pckets

    Answer: Use scapy methods to filter out uninteresting packets. For starters,
    let us consider all IPv4/TCP packets as interesting.

    from scapy.utils import RawPcapReader


    from scapy.layers.l2 import Ether
    from scapy.layers.inet import IP, TCP

    def process_pcap(file_name):
    print('Opening {}...'.format(file_name))

    count = 0
    interesting_packet_count = 0

    for (pkt_data, pkt_metadata,) in RawPcapReader(file_name):


    count += 1

    ether_pkt = Ether(pkt_data)
    if 'type' not in ether_pkt.fields:
    # LLC frames will have 'len' instead of 'type'.
    # We disregard those
    continue

    if ether_pkt.type != 0x0800:
    # disregard non-IPv4 packets
    continue

    ip_pkt = ether_pkt[IP]
    if ip_pkt.proto != 6:
    # Ignore non-TCP packet
    continue

    interesting_packet_count += 1

    print('{} contains {} packets ({} interesting)'.


    format(file_name, count, interesting_packet_count))

    You might also like