Security for Mobile

Systems
CNET351SL_PUSL3101

Coursework
2017 – 2018
Term: Term 2
Submission Deadline: TBD
Coursework Type: Group assignment ( 4 members max)
Element of Assessment: C1
Module Leader: Saliya Patabandi
E-mail: saliya@nsbm.lk

Coursework 2017/2018
1
 Coursework

Assignment Aims:
To understand the security issues of mobile and wireless networks and associated devices.
Number of key wireless technologies are investigated and identifies technologies, products
and procedures which are used to safeguard mobile devices.

Background:

Recently there is an increasing tendency of using mobile devices as attack vector by

adversaries. Hence organizations are becoming more and more concerned about mobile
security over past few years. Following excerpts from several security reports too indicates
the same.

“It is common knowledge that mobile devices are integral to both our personal and business
lives. With cyberattacks against individuals, businesses, and government entities increasing
in frequency and sophistication, it is no surprise that mobile devices are now considered by
threat actors to be one of the weakest links in the IT infrastructure of most enterprises”.
(Dimentional Research, 2017)

“With a significant increase in mobile-related data breaches over the course of 2016, it’s no
surprise to hear that CIOs and senior IT decision makers remain concerned about mobile
security threats. Indeed, organizations appear to be increasingly worried about mobile security
in 2017.” (iPass Corporate, 2017)

“Mobile attacks (Pegasus, XcodeGhost) and vulnerabilities (Stagefright, Heartbleed) are

increasing in terms of both number and pragmatism. Enterprises are now looking for solutions
that can enhance their mobile security posture.” (Gartner, Inc, 2017)

The Case:

Assume that you have been appointed as the mobile security consultant for a large
commercial bank of Sri Lanka. You should produce recommendations to make sure mobile
systems of the company have appropriate level of security.
Company use WLAN as the primary method of connection for mobile systems. It is not
required to explain the importance of evaluating and implementing proper security in WLAN.
Many devices, from mobile phones to personal digital assistants and laptops, now have
Bluetooth capability as standard, which means there are a lot of Bluetooth signals floating
around the office. Security of these Bluetooth connections should also be concerned.
While desktops is the primary method of Internet access for most users/employees of the
company, It is well known mobile is also a frequently utilised alternative. This trend is
increasing as more workers than ever shift from being tied to a desktop or laptop PC to
connecting to files from anywhere. Not only workers connect to presentations and documents
from anywhere, but they also tend to access critical business information over mobile. Due to
this, taking necessary actions to ensure the security of android, iOS and other mobile
operating systems of the devices used is a paramount requirement. Ultimately this data is
transmitted over GSM/3G/4G networks. Hence proper evaluation of security of such mobile
networks is also required.

Coursework 2017/2018
2
In addition to employees, customers have also been facilitated with online banking. Earlier
online banking was allowed through computers, but now online banking is allowed through
smart phones with an app distributed by the bank itself. Security of this facility is also under
your scope of work.
RFID are used by the company to identify, monitor, and manage all the things in the business
including but not limited to containers, tools, vehicles, inventory, files, and so on. Which is just
about everything that is mobile and not connected to the Internet. So security aspects of RFID
and related systems are too under your scope.

Tasks:
You are required to produce,

1. Recommendations to secure company’s WLAN,

2. Recommendations to secure Bluetooth connections used by employees to transfer
official data,
3. Comprehensive evaluation of GSM/3G/4G security and recommendation on their level
of security,
4. Evaluation of smart phone operating system platforms and recommendations to
ensure security of the banking app,
5. Recommendations to secure RFID systems.

Your recommendations should be solid and when implemented should harden above systems
to withstand probable future breaches.

Deliverables:
- Produce a report elaborating security aspects of concerned technologies and
recommendation to harden them.
- You should justify all your recommendations
- Report Length: Maximum limit 6000 words
- Each group needs to present their work through a MS Power Pointer presentation and
defend their recommendations

Submission Type:
DLE e-submission through Plymouth Digital Learning Environment (DLE) and manual
submission to the programme office both in printed and soft copy format is compulsory. Both
manual and e-submission should be made before the submission deadline.

References:
You are required to provide references using Harvard format, wherever appropriate. Originality
of your work will be accessed using Turnitin and other tools. Any issues of plagiarism and any
form of academic dishonesty are treated very seriously. For details on academic offences refer
section 5 of CNET351SL module handbook.

Assumptions:
If you are not able to learn any information about certain parts of the network, you should be
able make valid logical assumptions and justify them

Coursework 2017/2018
3
Assignment Feedback:
Marked assessments will be returned to the students within 20 working days. Each individual
student will receive an oral and written feedback document based on their performance

Detailed Assessment Criteria:

Group Written Report: 100% (Overall weight carried will be 60%)
Fully documented approach with justification of your architecture choices.
Identifying current threat landscape for banking sector: 15%
Presenting recommendation on WLAN, Bluetooth, GSM/3G/4G security levels, RFID systems,
smart phone platforms and banking app in solid and comprehensive manner: 5 x 15%
Quality of the report as an academic report: 10%

Threshold
Criteria:
Report:
To achieve a pass (40%), the written report must demonstrate a moderate understanding of
security aspects of mobile technologies which should also be reflected on the
recommendations. You must provide a justified written report addressing all security issues
related to mobile systems.
To achieve a 2.2 (50%+), the written report must demonstrate a good understanding of
security aspects of mobile technologies which should also be reflected on the
recommendations. You must provide a justified written report addressing all security issues
related to mobile systems
To achieve a 2.1 (60 %+), the written report must demonstrate a very good understanding of
security aspects of mobile technologies which should also be reflected on the
recommendations. You must provide accurately justified written report addressing all the
required aspects without misconceptions and errors.
To achieve a first class (70%+), the written report must demonstrate a in deep understanding
of security aspects of mobile technologies which should also be reflected on the
recommendations. You must provide an accurately and comprehensively justified written
report addressing all security issues related to mobile systems.

Bibliography
Dimentional Research (2017) The growing threat of mobile device security breaches, p. 2.
Available at: https://blog.checkpoint.com/wp-
content/uploads/2017/04/Dimensional_Enterprise-Mobile-Security-Survey.pdf (Accessed:
20 August 2017).
iPass Corporate (2017) 2017 Mobile Security Report. Available at:
https://www.ipass.com/wp-content/uploads/2017/05/iPass-2017-Mobile-Security-Report.pdf
(Accessed: 20 August 2017).
Gartner, Inc (2017) Predicts 2017: Endpoint and Mobile Security, p. 4.

Coursework 2017/2018
4