Enterprise Mobile Security

Introduction

Mobile has become our an additional finger which knows all most of sensitive information. Leading this makes it very much important to secure and especially for enterprise. The mobile device has different composition regular computer, embedded in nature makes it bit more challenging in securing.

Communicating Methods

Communication between from one mobile to another mobile is through electro magnetic waves (zero and one) but the mobile itself does not have the capability to transfer through long distance. Hence mobile devices can communicate using different methods such as Cellular Network - (5G which is the fifth generation of cellular wireless standards providing capabilities beyond 4G), Bluetooth, Wi-Fi, Near field communications and so on. There are various security concerns with this, i.e., Traffic monitoring, Location tracking, Wide access to mobile devices. Let's look into each of these methods.

Cellular Network

• Cellular network or also known as mobile network, are the main mode of the communications, which connects to and from end nodes through the service provider network.  
• Each phone communicates with the service provider by radio waves through a local antenna at a cellular base station or cell site. The cellular consists of below components:

Credits: https://www.electroschematics.com/wp-content/uploads/2010/03/Mobile-Communication.png

• Cellular Layout
• Mobile network is divided into different geographical areas known as cells. This geographical are is divided hexagonal cells - an antenna coverages a cell with certain frequencies. 
• Each cell has a transceiver - mobile tower that make a wireless connection to the mobile device and the base station is a land station in the land mobile service below the tower. Both serves the similar purpose to produce network signals to the consumers.
• Base Station
• Base stations provide the cell with the network coverage and connects with the tower, which can be used for transmission of voice, data, and other types of content.
• The base stations are meant to improve the signal frequency and communication between interconnected devices such as computers or smartphones.
• Tower
• Tower is where the antennas and electric communications equipments are placed to create a cell or adjacent cells.
• The cell towers distributes the signals are generated by the base station. 
• All base stations and towers in a city are connected via a high-speed link or fibre optics to a mobile telephone switching office (MTSO). 
• Mobile Tower Switching Office
• Our mobile has not enough signal powers to directly call a caller residing in another city hence it sends signals to a mobile tower. 
• The mobile tower then sends signals to MTSO. MTSO check our sim data in its database to find the cell in which the phone is present  and send a signal to another city MTSO. Then MTSO sends signals to mobile through the mobile tower.
• MTSO is normally located in the central cell of a cluster and is generally connected to the Public Switched Telephone Network (PSTN).
• Public Switched Telephone Network - PSTN
• A public switched telephone network is a combination of telephone networks used worldwide, including telephone lines, fiber optic cables, switching centers, cellular networks, satellites and cable systems. 
• PSTN is a century-old worldwide connected telephone network and lets users make landline telephone calls.
• Common security concerns
• Traffic monitoring
• Location tracking
• DDOS attacks
• Access fraud
• Stolen phones
• Subscription fraud
• Security measures
• Network Traffic Monitor and Analysis
• Encrypted communication
• Velocity Checking
• A subscriber usage-pattern database 
• Customer call analysis 
• Geographic dispersion checking 
• Extensive proprietary antifraud algorithms 
• Below site explains in detail about different fraud and solutions in cellular network
• https://csrc.nist.gov/csrc/media/publications/conference-paper/1997/10/10/proceedings-of-the-20th-nissc-1997/documents/031.pdf

Wi-Fi 

• Wi-Fi is the family of wireless network protocols, commonly used for local network access. Wi-Fi stands for Wireless Fidelity.
• Wi-Fi uses radio frequency.
• An internet connection shared with multiple devices within certain range via wifi router. This router is connected directly to the internet modem and acts as a hub to broadcast the internet signal to all your Wi-Fi enabled devices.
• Wifi repeaters, is used to extend the length of the existing network.
• Common security concerns
• Data capture: Need to Encrypt data
• On-path attack: Always Monitor data
• Denial of service: Monitor unwanted traffic which is calling the frequency interference
• Security measures
• Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping but it is no longer considered secure. Later WPS - Wi-Fi Protected Setup, WPA - Wi-Fi Protected Access and WAP2 were introduced, which is also not secure now.
• In 2018, WPA3 was announced as a replacement for WPA2, increasing security and enabling secure authentication on the wireless router. 
• WPA3-Personal
• WPA3 with shared key where everyone uses same key
• WPA3-PSK
• Using WPA3 session key is derived from PSK using SAE (Simultaneous Authentication of Equals) to provide stronger defences against password guessing.
• This allows the access provider and station peers to authenticate each other as part of the handshake process while using cryptographic tools to prevent an attacker from performing an offline password cracking scheme.
• As like Cellular networks, W-Fi internet access has become much more embedded in society. 

Li-Fi

• Li-Fi stands for Light Fidelity.
• LiFi technology will allow us to connect to the internet using light from lamps, streetlights or LED televisions. 
• Li-Fi uses infrared light or via LED to transmit data.
• In addition to being cheaper, safer and faster than wifi, it does not need a router and just requires to point your mobile or tablet towards a light bulb to surf the web.
• Common security concerns
• Jamming
• Spoofing
• Data modification
• Inability to work without light
• Security measures
• LiFi technology is widely considered to be generally more secure than WiFi. 
• Plenty of security features can be embedded in LiFi systems in order to make them more secure as light cannot pass through walls like radio waves and it carries more volume of data at a time.
• Encryption
• Monitoring

Bluetooth

• Bluetooth wireless technology is a short range communications technology intended to replace the cables connecting portable unit and maintaining high levels of security. 
• Bluetooth uses a spread-spectrum, frequency-hopping, full-duplex signal.
• An antenna-equipped chip in each device that wants to communicate sends and receives signals at a specific frequency range defined for short-range communication.
• For Bluetooth devices to communicate, they pair with each other to form a personal area network (PAN), also known as a piconet.
• This process is done through discovery, with one device making itself discoverable by the other device. 
• Bluetooth is a common mobile connectivity method because it has low power consumption requirements and a short-range signal. 
• Point to Point
• One-to-one connection, conversation between two devices
• Point to Multi Point
• One of the most popular communication methods 802.11 wireless.
• Multipoint doesn’t necessarily mean that you can stream media from two devices at a time.
• Common security concerns
• Bluejacking
• Sending of unsolicited messages to another device via Bluetooth
• Bluesnarfing
• Access a bluetooth enabled device to access data from the device.
• Security has been patched in the latest devices
• Security measures
• Update with latest patches
• Monitoring
• Encryption

RFID

• Radio Frequency Identification (RFID) refers to a wireless system comprised of two components: tags and readers. The reader is a device that has one or more antennas that emit radio waves and receive signals back from the RFID tag.
• Uses radar technology
• Radio energy is transmitted
• Bidirectional communication
• There are two types of RFID tags: active and passive tags. An active tag can broadcast a signal over a larger distance because it contains a power source. A passive tag, on the other hand, isn’t powered but is activated by a signal sent from the reader.
• Common security concerns
• Data capture
• Spook reader
• Signal jamming
• Decrypt communication
• Security measures
• Cryptography is primary
• Blocker tags, prevent unauthorized readers
• Commonly used as geofencing security measure, radio-frequency identification (RFID) to define a geographic perimeter, when the device enters of exits alerts are sent.

NFC

• Near-field communication (NFC) is a set of standards for contactless communication between devices. NFC chips in mobile devices generate electromagnetic fields. This allows a device to communicate with other devices. 
• NFC is extension of RFID technology.
• Near-field communication transmits data through electromagnetic radio fields to enable two devices to communicate with each other. To work, both devices must contain NFC chips, as transactions take place within a very short distance. 
• NFC-enabled devices must be either physically touching or within a few centimetres of each other for data transfer to occur.
• NFC began in the payment-card industry and is evolving to include applications in numerous industries worldwide.
• The NFC standard has three modes of operation: 
• Peer-to-peer mode: Information shared exchanged between two mobile devices directly.
• Read/write mode: An active device receives data from a passive device. 
• Card emulation: The device is used as a contactless credit card. It emulates a payment card or other physical card in card readers, magnetic-stripe readers, and contactless card readers used to make payments directly from your mobile device.
• Common security concerns
• Remote capture
• Frequency jamming
• On path attack
• Lost of NFC device control - digital pickpocketing
• Security measures
• Encryption
• Always patch up-to-date
• Turn-off when not in use 

Mobile Networks

Mobile networking has evolved significantly since the introduction of the first-generation (1G) mobile network in the 1980s. G refers to Generation. Each Generation is defined as a set of telephone network standards, which details the technological implementation of a particular mobile phone system.

Credits: https://www.techindulge.com/technovation/1g-2g-3g-4g-and-5g-wireless-phone-technology-explained-meaning-and-differences/

1G

• 1G is the first generation of wireless cellular technology. 
• 1G supports voice only calls.  
• 1G is analog technology
• The maximum speed of 1G is 2.4 Kbps.

2G

• Changed from analogue (1G) to Digital (2G).
• Ability to send SMS (Short Message Service) and plain text-based messages.
• GSM and CDMA was introduced during this period.
• The maximum speed of 2G with General Packet Radio Service (GPRS) is 50 Kbps. The max theoretical speed is 384 Kbps with Enhanced Data Rates for GSM Evolution (EDGE).
• Before making the major leap from 2G to 3G wireless networks, the lesser-known 2.5G and 2.75G were interim standards that bridged the gap to make data transmission.

3G

• Enabled web browsing, email, video downloading, picture sharing and so on.
• The maximum speed of 3G was around 2 Mbps for non-moving devices and 384 Kbps in moving vehicles. 

4G

• Applications include amended mobile web access, IP telephony, gaming services, high-definition mobile TV, video conferencing, 3D television, and cloud computing. 
• The max speed of a 4G network when the device is moving is 100 Mbps. The speed is 1 Gbps for low-mobility communication such as when the caller is stationary or walking.

5G

• 5G promises significantly faster data rates, higher connection density, much lower latency, and energy savings, among other improvements.
• 5G offers data transfer rates of up to 20 Gbps, it allows users to download ultra-high-definition videos and access the internet at lightning-fast speeds. 
• Also offers lower latency, better network coverage, and improved call quality.

Wireless Carriers

Wireless carrier means the cellular technology company that provides mobile telecommunication services for a Supported Device.

CMDA

• CDMA stands for Code Division Multiple Access. 
• It is handset-specific.
• CDMA is not very common, and it is available in comparatively fewer carriers and countries. These devices are exclusive to Canada, Japan, and the United States.
• The CDMA technology does not support any such feature. It cannot transmit voice and data simultaneously.
• CDMA is faster, provides better security and has comes with built in encryption.

GSM

• GSM (Global System for Mobile) standard in Finland was launched by AT&T. Every device uses SIM (Subscribers Identity Module) to communicate with the provider network.
• GSM is highly available and globally used. Over 80% of the entire world’s mobile networks use it.
• It uses the Time division multiple access (TDMA) and Frequency division multiple access (FDMA).
• GSM supports the transmission of both voice and data at once.
• GSM is slower, less secure and no default encryption compared to CDMA.

LTE

• Long-Term Evolution (LTE) is used for faster data transfer and higher capacity. Different variations of LTE networks exist across carriers that use different frequencies. For example Sprint, T- Mobile, Verizon, and AT&T all have their own bands of LTE.
• LTE moves large packets of data to an internet protocol system (IPS). Old ways of moving data used Code-division multiple access (CDMA) and the Global System for Mobile Communications (GSM), and those methods moved only small amounts of data.
• LTE and 4G simply evolved together, with LTE is industry standard that describes the particular type of the forward edge of the fourth generation’s advancement.
• 4G LTE functionality has two key preconditions: a network that supports the ITU-R (ITU Radiocommunication Sector) standard speeds and a device powerful enough to match and handle the speeds of that network. 
• GSM and CDMA all switched to LTE as global 4G standard. As CDMA and GSM, are inefficient uses of the airwaves.

SATCOM

• For users who lack traditional landline or cellular coverage, satellite communication (SATCOM) is an option for mobile device use. 
• SATCOM uses an artificial satellite for telecommunication that transmits radio signals. 
• It can cover far more distance and wider areas than most other radio technologies. 
• Because satellite phones do not rely on phone transmission lines or cellular towers, they function in remote locations. 
• Most satellite phones have limited connectivity to the Internet, and data rates tend to be slow, but they come with GPS capabilities to indicate the user’s position in real time. 

Mobile Management

• Mobile Device Management
• Managing mobile device access and usage in an organization is a security challenge to achieve. 
• Manage the company owned or user owned mobile devices centrally. 
• Set policies on apps, camera, data, access and so on.
• Access control such as force screen locks, multi factor authentication, remote wipe, geofencing will be part of MDM.
• Mobile Content Management
• Secure the content present in the mobile device is role of Mobile Content Management - MCM. 
• Monitoring and restriction on the file sharing, online content viewing and uploading.
• Centrally manage the data in cloud using solutions such as Microsoft Office 365.
• Any data which sent or receives from mobile devices should go through DLP - Data Loss Prevention - preventing any sensitive information leakage.
• Data on the device needs to be encrypted.
• Restrict and block external or removable drives.
• Mobile Application Management
• Not all applications are secure some are malicious, managing mobile apps is quite tough.  
• Any new application installed should be managed through Mobile Application Management - MAM and only allowed apps could be installed. 
• Not all the applications dangerous but still are not required for the business, such as games and social media apps - these applications would be denied for installation.
• Unified Endpoint Management - UEM
• Evolution of MDM, manages mobile and non mobiles.
• End users can use different types of devices, and it could be blended together.
• Applications can be used across different platforms.

Mobile Protection Measures

• Remote wipe
• Managed by MDM, removes all the data from the device whenever required usually during theft.
• Make sure essential data is properly backed up.
• Geolocation
• Location tracking system
• Used during commute, cross border alerts, find phone
• Geofencing
• Restrict mobile feature or features when the device is present in particular location.
• Authenticate and allow login when the device is located in particular area.
• Screen lock
• Locking the mobile using PIN, Passcode, Pattern and Biometerics.
• Auto lock after configured time.
• Erase data after few invalid entries.
• Push notification services
• Information popup service on the screen.
• Receives notifications even when the phone is idle or using different application.
• Passwords and Pins and Biometrics
• Mobile devices can have multi authentication based on the apps used.
• Password rotation, reset, complexity policy handled through MDM.
• Context aware authentication
• Switch to multi level authentication during abnormalities observed or different pattern followed.
• Example, access through different location, connected to different wifi, paired with bluetooth.
• Containerization
• Segment the storage for business use, to avoid data leak.
• Easy to manage offboarding where the corporate data is deleted retaining the personal data.
• Full device encryption
• Encryption ensures even after the theft data is lost but still secure.
• Managed and keys are rotated through MDM.
• MicroSD Hardware Security Module - HSM
• Provides security services - encryption, key generation, key rotation, digital signatures, store keys securely and encrypted.
• SEAndriod
• Security Enhancements for Andriod, built using SELinux (Security Enabled Linux).
• Centralized policy management. 
• Always have the device patched with the latest security fixes.

Mobile Deployment Models

Enterprise mobile device deployment models would fall in any of the below agreements:

• BYOD is Bring Your Own Device
• Employee owns the device
• Difficult to secure, could be managed by MDM using containterization.
• COPE is Company Owned/Personally Enabled
• Company buys the device, used for both professional and personal.
• Organization has full control on the device, including monitoring.
• CYOD is Choose Your Own Device
• Similar to COPE, corporate own device but user's choice of mobile device.
• Gets tricky in terms of security for certain models.
• COBO is Company Owned/Business Only
• Company buys the device and used only officially with restriction.
• VMI is Virtual Mobile Infrastructure
• Apps and Data are separated from the mobile device.
• Data is stored securely centralized, risk is minimized.

Conclusion

Mobile security along with other general security measures will help the enterprise and the individual to be secure.

Credits and References

• https://www.uscybersecurity.net/wp-content/uploads/2019/02/Mobile-Security.jpg
• https://whatsag.com/mobile-technology/the-difference-between-a-cell-tower-and-a-base-station.php
• https://www.youtube.com/watch?v=1JZG9x_VOwA
• https://www.baeldung.com/cs/mobile-networking-generations
• https://www.lifewire.com/1g-vs-2g-vs-2-5g-vs-3g-vs-4g-578681
• https://www.weboost.com/blog/what-is-4g-lte-and-how-does-it-work#:~:text=LTE%20moves%20large%20packets%20of,it%20helps%20streamline%20your%20service.
• https://www.uctel.co.uk/blog/4g-vs-lte-understanding-the-difference-between-4g-and-lte#:~:text=So%20what%27s%20the%20difference%20between,compared%20to%20the%20fourth%20generation.
• https://csrc.nist.gov/csrc/media/publications/conference-paper/1997/10/10/proceedings-of-the-20th-nissc-1997/documents/031.pdf
• https://www.investopedia.com/terms/n/near-field-communication-nfc.asp
• https://www.youtube.com/watch?v=UOGZbq4t_g8