Title: Mobile Handsets: A Panoramic Overview
1Mobile Handsets A Panoramic Overview
- Dong Xuan
- Associate Professor
- CSE Dept., The Ohio State University
2Outline
- Introduction
- Handset Architecture
- Handset Operating Systems
- Networking
- Applications
- Security Risks and Mitigation Strategies
3What Is A Mobile Handset?
- A mobile handset (handset) is an electronic
device that provides services to users, e.g. - Managing address book
- Scheduling calendar
- Cellular telephony
- Accessing Internet, email
- Handsets include smartphones and PDAs
Example handsets Apple iPhone, BlackBerry Storm,
Palm TreoPro
4Handsets Your Next Computer?
- Handsets small form factor, mobility have
yielded meteoric sales 1 - 3.3 billion mobile phone subscriptions as of Jan.
2008 - 2.7 billion subscriptions correspond to one
person some people have multiple phones! - Rapid replacement rate young adults replace
phones every 6 months in South Korea 1 - These statistics are just for phones
- Your handset your next computer? 2
5Whats Inside a Mobile Handset?
Source 3
6Handset Architecture (1)
- Handsets use several hardware components
- Microprocessor
- ROM
- RAM
- Digital signal processor
- Radio module
- Microphone and speaker
- Hardware interfaces
- LCD display
7Handset Architecture (2)
- Handsets store system data in electronically-erasa
ble programmable read-only memory (EEPROM) - Service providers can reprogram phones without
requiring physical access to memory chips - OS is stored in ROM (nonvolatile memory)
- Most handsets also include subscriber identity
module (SIM) cards
8Handset Microprocessors
- Handsets use embedded processors
- Intel, ARM architectures dominate market.
Examples include - BlackBerry 8700, uses Intel PXA901 chip 4
- iPhone, uses Samsung ARM 1100 chip 5
- Low power use and code size are crucial 3
- Microprocessor vendors often package all the
chips functionality in a single chip
(package-on-package) for maximum flexibility
9Example The iPhones CPU
- The iPhone a real-world mobile handset 67
- Runs on Samsung S3C6400 chip, supports ARMv6
architecture - Very few details are known about the ARM Core,
esp. given Apples secrecy - Highly modular architecture
- Similar to Apples iPod Touch, which lacks
telephony capability 8
Source 6
10SIM Cards
- They include their own microprocessor and 16 KB
4 MB EEPROM - They come in two sizes
- Their versatility arises from portability of
information - SIM card identifies subscriber to network
- Stores personal information, address books,
messages, service-related information
11Other Memory Cards
- Some handsets include other peripheral memory
cards - Compact Flash
- Multimedia Card
- Secure Digital
- Handsets synchronize with a computer
- Nowadays, computers include slots of various
sizes to hold these memory cards
12Handset Operating Systems
- Currently, handsets run several OSes
- Symbian OS
- iPhone OS (an embedded version of OS X)
- Windows Mobile
- BlackBerry OS
- Google Android Platform (based on Linux)
- With the exceptions of Symbian and Android, these
OSes are proprietary 910 - Telecom carriers frequently lock down handset
firmware, OSes to prevent user modifications
13Handset OS Usage
- According to British analysis firm Canalys,
handset OS usage in 3Q 2008 had the following
ranking (most to least) 11 - Symbian OS
- iPhone OS
- BlackBerry OS
- Windows Mobile
- Linux (Android, etc.)
- Others
- iPhone OS surged ahead of BlackBerry OS, but with
new BlackBerries and Android phones, this ranking
may easily change in the future 11 - Well now examine each OS individually
14Symbian OS
- Dominant OS in the mobile handset market
- Runs exclusively on ARM processors
- Owned by British firm Symbian Ltd.
- Descendant of Psion EPOC OS (dev. in 1990s)
- Sony Ericsson, Nokia, et al. bought shares in the
firm until Nokia bought Symbian in 2008, formed
Symbian Foundation to further future open handset
development 12 - Nokia plans to open-source the OS by 2009 9
15Design of Symbian OS
- Based on Psion EPOC desktop OS features include
13 - Bare-bones microkernel (nanokernel)
- Pre-emptive multitasking
- Memory protection
- Handset-centric design, can operate several
months without reboot - Supports multiple UIs based on smartphone form
factor (e.g., 320 240)
16Symbian OS Devices
- Numerous handsets use Symbian OS UIs largely
based on manufacturer device - Nokia S60 includes J2ME, std. UI (mostly Nokia
phones) - Nokia S80 QWERTY keyboard, Web browser,
enterprise office-doc. support (older Nokia
Communicators) - Nokia S90 used only on Nokia 7710
- UIQ Sony Ericsson/Motorola GUI platform used
primarily on those companies handsets - FOMA platform closed-dev. software platform
used by handsets on NTT DoCoMos network (Japan)
17Symbian OS v9 Architecture
Source 15 (heavily modified)
18Symbian OS Development
- Native language is C
- Nokia provides free Eclipse-based Carbide.c
development tools, Carbide.vs Visual Studio
plugin - Mac Linux development is possible
- Can program in many other languages C, Java,
Ruby, Python, Perl, OPL, Visual Basic, Simkin - Applications needing any capabilities beyond bare
minimum must be cryptographically signed (see
http//www.symbiansigned.com) - Can also program in Adobe Flash Lite (mobile
version of Flash)
19iPhone OS
- Runs on both the iPhone and iPod Touch
- Variation of Mach microkernel-based OS X that
fits in 512 MB flash memory, runs on ARM
architecture 21 - Four abstraction layers Core OS, Core Services,
Media, Cocoa Touch 22 - Core Animation and PowerVR MBX 3D hardware
provide interface animations - 320 480 LCD display that supports multi-touch
gestures
20iPhone Developer Program
- iPhone Developer Program provides dev. tools,
iPhone emulator, means to upload to App Store
(SDK) - To download SDK, you must apply to be a member,
pay fees - Standard Developer 99
- Enterprise Developer 299
- Exception Apples free iPhone Developer
University Program for higher-ed. institutions
23 - SDK only runs on Mac OS X Leopard on Intel-based
Macs (go figure)
21iPhone Web App Development
- You can develop Web apps for iPhone so long as
they run on Safari 24 - Safari features 2526
- Auto-resizes Web pages to fit browser size
- Multi-touch functionality
- XHTML 1.1, CSS 2.1, JavaScript, W3C DOM Level 2,
AJAX technology, cookies, - Does not support Flash or Java
- iPhone Web apps should
- Minimize user awareness of browser experience
- Reproduce control style, layout, behavior of
iPhone apps - Integrate with built-in iPhone features services
22BlackBerry OS
- BlackBerry OS is Research in Motions (RIMs)
proprietary OS for its BlackBerry handsets - Provides multitasking, heavily uses BlackBerry
input devices, e.g., thumbwheel - Current OS 4 provides a subset of Javas Mobile
Information Device Profile (MIDP) 2.0 - Developers can use these APIs, proprietary APIs
to write software - All applications must be digitally signed so to
link an app with the developer
23BlackBerry Software
- Email from BlackBerry service, MS Exchange,
Domino, Yahoo, etc. can be pushed to the
handset - Can view PDF, MS Word, Excel, PowerPoint
attachments - BlackBerry Browser (only supports JavaScript)
- Other online apps include
- BlackBerry Maps
- Facebook services
- Yahoo Messenger, Google Talk
- Calendar, Address Book, and PIM Sync via USB
- GPS
- See http//www.blackberry.com for much more
information about handset and desktop software
24BlackBerry Wireless Platform
- RIM provides standards-based platform and
developer tools to develop and deploy custom
wireless applications - HTML Web browser
- Java Mobile Edition development tools
- .NET applications
- BlackBerry handsets support standard networking
protocols and connect to any type of server
application
25BlackBerry Mobile Data System
- BlackBerry Mobile Data System (MDS) supports MS
Exchange, Lotus Domino, Novell GroupWire, and
RIMs own MDS systems for messaging applications
26BlackBerry Mobile Voice System
- With this service, theres only one business
number BlackBerry users must remember - Calls are routed to a BlackBerry handset,
regardless of whether the call is directed to an
office or mobile phone 27 - Provides security and authentication through
BlackBerry Enterprise Servers 28 - IT administrators can lock down handsets, route
calls through their telecom infrastructure, etc.
2728
27BlackBerry Internet Services
- BlackBerry Internet Service leverages
centrally-hosted wireless gateways, allowing
users to access up to 10 supported email
accounts, browse Internet
28BlackBerry Developer Tools
- RIM provides several development tools
- BlackBerry MDS Studio
- Developers can quickly create rich client apps
using component-based drag-and-drop approach - Tool requires MDS runtime
- BlackBerry plugin for MS Visual Studio
(development on MDS platform) - BlackBerry Java Development Environment (JDE)
- Provides IDE, simulation tools for Java ME app
for Java-based BlackBerry so developers can
create standalone or client-server apps
29Windows Mobile
- Windows Mobile is powered by Microsofts Windows
CE embedded OS Windows CE runs on x86, MIPS,
ARM, Hitachi SuperH processors - Latest version, 6.1, includes Windows Live
services, Exchange 2007 mail access - Designed to closely mimic desktop Windows
- Windows Mobile 6.1 includes mobile versions of
Office applications, Outlook (w/HTML email),
Internet Explorer, Windows Media Player - SQL Server 2005 included in ROM
- .NET Compact Framework 2.0 included
30Windows Mobile Development (1)
- Native code is developed with MS Visual C
- Microsoft strongly recommends development with
managed code 19 - Managed code is written in one of the .NET
framework object-oriented languages - Compiled to MS Intermediate Language (MSIL) that
all the languages share - At execution time, MSIL is compiled just in
time to native object code - Contrast with Java
- Java code is compiled to Java bytecode
- Java interpreter interprets bytecode, dynamically
compiles frequently-accessed bytecode into native
object code (HotSpot)
.NET Framework in Context. Source 19
31Windows Mobile Development (2)
- Windows Mobile development tools include
- Plugins for MS Visual Studio 2005, 2008, etc.
- SDKs for Windows Mobile-based handsets
- Microsoft gives away Visual Studio to students
for free with its DreamSpark program 20
32Android Mobile Handset Platform
- Android is a software development platform for
mobile handsets that is based on Linux - Developed by Google and Open Handset Alliance
(OHA) for different handset manufacturers - The Alliance includes T-Mobile, Sprint Nextel,
Google, Intel, Samsung, Wind River Systems, et
al. 29 - Its purpose is to build a fully free and open
mobile handset platform to facilitate development
of handsets, software, services 30 - First Android-based handset is T-Mobile G1 31
33Android Architecture
34Android Features and Software
- Features
- 3D OpenGL ES 1.0
- SQLite Database engine
- WebKit Web browser
- Dalvik Register-based VM similar to Java VM
32 - FreeType Bitmap and vector font rendering
- Connectivity Bluetooth, 802.11, GPS
- Core Applications
- Email client, SMS program, calendar, Google Maps
(and Apps), browser, etc. - Written in Java
- App Framework
- Full access to same framework APIs
- Architecture designed for component reuse
- Runtime
- Core C library
- Multiple Dalvik VMs run in a process, rely on
Linux kernel for process isolation 32
35Android SDK
- Android SDK provides required tools and APIs to
develop apps on Android platform using Java - Android is licensed under the Apache open-source
license - The Android Development Tools (ADT) Eclipse
plugin eases development - Download the Android SDK at http//code.google.com
/android/ and the Eclipse plugin at
https//dl-ssl.google.com/android/eclipse
36Palm OS
- Palm OS originally designed by Palm Computing
Inc. for Palm handsets, sold to Japanese firm
ACCESS 16 - From Jan. 2004 Jun. 2005, there has been no
development on Palm OS past v6.1 16 - ACCESS and Palm are working on new versions of
the OS that are Linux-based 16 - ACCESS version is called the ACCESS Linux
Platform - Palms version will be called Palm OS should be
available Q1 2009
37Handset Networking
- Handsets communicate with each other and with
service providers via many networking
technologies - There are two classes of these technologies
- Cellular telephony
- Wireless networking
- Most handsets support both, some also support
physical connections such as USB
38Cellular Telephony Basics (1)
- There are many types of cellular services before
delving into details, focus on basics (helps
navigate the acronym soup) - Cellular telephony is a radio-based technology
radio waves are electromagnetic waves that
antennas propagate - Most signals are in the 850 MHz, 900 MHz, 1800
MHz, and 1900 MHz frequency bands
Cell phones operate in this frequency range (note
the logarithmic scale)
39Cellular Telephony Basics (2)
- Digital signal processors (DSPs) are key to radio
reception in handsets - They transform signals from one form to another,
e.g. - Fourier transforms
- Discrete cosine transform
Source 3
40Cellular Telephony Basics (3)
- Cells and base stations
- Space is divided into cells, and each cell has a
base station (tower and radio equipment) - Base stations coordinate themselves so mobile
users can access the network - If you move from one cell to another, the first
cell notices your signal strength decreasing, the
second cell notices your signal strength
increasing, and they coordinate handover so your
handset switches to the latter cell
41Cellular Telephony Basics (4)
- Statistical multiplexing
- Time Division Multiple Access (TDMA)
- A 30 kHz-wide and 6.7 ms-long band is split into
3 time slots - Each conversation gets the radio 1/3 of the time
voice data is converted to digital information
and compressed to use less transmission space
42Cellular Telephony Basics (5)
- Statistical multiplexing contd.
- Frequency Division Multiple Access (FDMA)
- Analogous to TDMA, but each conversation uses a
different frequency in the same band - Code Division Multiple Access (CDMA) 38
- Uses spread-spectrum technology and different
pseudo-noise codes so multiple users share the
same physical channel
43Cellular Telephony
- It is useful to think of cellular telephony in
terms of generations 3337 - 0G Briefcase-size mobile radio telephones
- 1G Analog cellular telephony
- 2G Digital cellular telephony
- 3G High-speed digital cellular telephony
(including video telephony) - 4G IP-based anytime, anywhere voice, data,
and multimedia telephony at faster data rates
than 3G (to be deployed in 20122015) - We will focus on 2G and 3G technologies
44Cellular Telephony 2G
- There are two main 2G technologies
- Global System for Mobile communications (GSM),
which uses TDMA 39 - Interim Standard 95 (IS-95, aka cdmaOne), which
uses CDMA 40 - There are other TDMA networks such as PDC
(Japan-only), iDEN (Nextel-only), and IS-136 (now
converted to GSM) - We wont worry about these
45GSM (1)
GSM network architecture includes the following
subsystems
- Mobile Stations (MSes) handsets
- Each handset has a SIM card
- Base Station Subsystems (BSSes) provide air
link for MSes - A BSS consists of a Base Station Controller
(BSC), which includes the TransCoder Unit (TCU)
and the Base Transceiver System (BTS) - A BSC controls several BTSes, which is
responsible for communication with the NSS and OSS
- Network SubSystems (NSSes) connect calls
between network users - Composed of several Mobile Switching Centers
(MSC) in conjunction with location registers
(Home Location Registers HLRs, Visitor Location
Register VLRs) and authentication centers
(AUCs) - Operation SubSystems (OSSes) provide network
admins with remote network monitoring, mgmt.
capabilities - Operations Maintenance Center (OMC) provides
network with remote monitoring, maintenance as
well as alarms, event logging
46GSM (2)
- GSM network architecture is as follows
47GSM (3)
- Short Message Service (SMS) 41
- 1985 GSM standard that allows messages of at most
160 chars. (incl. spaces) to be sent between
handsets and other stations - Over 2.4 billion people use it multi-billion
industry - General Packet Radio Service (GPRS)
- GSM upgrade that provides IP-based packet data
transmission up to 114 kbps - Users can simultaneously make calls and send
data - GPRS provides always on Internet access and the
Multimedia Messaging Service (MMS) whereby users
can send rich text, audio, video messages to each
other 42 - Performance degrades as number of users increase
- GPRS is an example of 2.5G telephony 2G service
similar to 3G
48GSM (4)
- Enhanced Data rate for GSM Evolution (EDGE) 43
- GSM revision that provides 3 GPRS data rate
(max. 236.8 kbps) considered 3G tech. - Deployed on GSM networks starting in 2003
- EDGE Evolution increases bit rates to
(theoretical) max. of 1 Mbps, decreases latency
from 200 ms to 100 ms
49IS-95, CDMA2000, and 3G
- Qualcomm developed IS-95 in the 1990s as first
CDMA-based mobile standard 40 - Unlike GSM, which is open, Qualcomm owns patents
on CDMA technology - CDMA2000, IS-95s hybrid 2.5G/3G successor, is
supplanting it 44 - The Telecommunications Industry Association owns
the trademarks cdmaOne and CDMA2000 in the
U.S. - There are two competing 3G technologies the
Universal Mobile Telecommunications System (UMTS)
and CDMA2000
50UMTS and HSPA
- The UMTS is an international standard designed to
replace GSM (aka 3GSM) 45 - UMTS is a 3G standard and is being developed into
a 4G standard - Its air interface is Wideband CDMA (W-CDMA),
which was developed by NTT DoCoMo for Japans 3G
wireless network 46 - W-CDMA has been deployed in Europe and Asia
- In theory, High Speed Packet Access (HSPA)
protocols extend UTMS performance to 14.4 Mbps
and 5.76 Mbps downlink and uplink, respectively
47 - In practice, max speeds are 7.2 Mbps and 1.4
5.8 Mbps, respectively (depending on carrier)
51Other Handset Networks
- Many handsets not only support cellular
telephony, they support other networking
technologies as well - Wireless
- Bluetooth (100 m max, 10 m for handsets)
- IEEE 802.11 (longer range)
- Infrared Data Association (IrDA)
- Wired
- USB, etc.
52Bluetooth (1)
- Bluetooth is a technology specification for small
form factor, low-cost, short-range wireless links
between mobile handsets, Internet connectivity - Max range is 100 m in 2.4 GHz frequency band
(handsets 10 m radios) - There is possible interference with IEEE 802.11b
WLANs operating in this band - Max bandwidth is 3 Mbps for Bluetooth 2.x with
Enhanced Data Rate
53Bluetooth (2)
- Link Types
- Synchronous Connection-Oriented (SCO)
- Useful for circuit-switched services, e.g.,
voice, where low delay and high QoS are required - Offered channels are symmetric and synchronous
- Asynchronous Connection-Less (ACL)
- More efficient for data transfer, other async.
services - Link offers packet switching, transmission
(Xmission) slots granted by polling access scheme - A piconet is a collection of up to 8 Bluetooth
units where one is a master that controls
Xmission, hopping scheme, others are slaves - Master tells slave, I want to send, and slave
receives - Slaves can send on slots only when they agree
with master - One connection can have several links of either
type, but theres a 3 voice call limit within a
piconet
54Bluetooth (3)
- Piconets and scatternets
- One device can be connected in two or more
piconets, which is termed a scatternet - But a device can only be a master to one piconet
at a time - In order for device to be part of scatternet,
support for hold, park, or sniff mode is needed - Master/slave roles are not necessarily fixed and
can be changed during connection - Master/slave switch needed in scatternet
55Bluetooth (4)
- Piconets and scatternets, contd.
- a) Point-to-point connection between two devices
- b) Point-to-multipoint connection between a
master and three slaves - c) Scatternet consisting of three piconets
56Bluetooth (5)
- Bluetooth uses adaptive frequency hopping (AFQ)
that detects other devices in the frequency
spectrum and hops among 79 channels 1 MHz apart
to reduce interference 48
57Bluetooth (6)
- Connections established via page messages if
recipient address is unknown, masters inquiry
message is needed (that gives access code, asks
for slaves Bluetooth address and system clock) - Units are in standby mode before connections are
made - Page message is sent on 16 frequencies 128 times
if no response, message is sent on 16 different
frequencies 128 times - Max. connection time is 2.56 seconds
58Bluetooth (7)
- Bluetooth Special Interest Group (SIG) has
defined numerous usage models for the technology
that describe primary Bluetooth applications
intended devices - Profiles define the protocols protocol features
that support a usage model - See 49 for more information
59IEEE 802.11 Networks
- The IEEE 802.11 standards specify how electronic
devices communicate with each other in wireless
fidelity (Wi-Fi) networks - Many handsets can communicate with each other
this way - There are many 802.11 standards 53 well only
look at 802.11b, 802.11g, and WiMax here - Other 802.11 standards provide greater security,
which well discuss later
60IEEE 802.11 WiMax Specs.
- 802.11b (1999) 51, 53
- Operates in the 2.4 GHz frequency band
- Provides max 11 Mbps data rate
- 38 m indoor range
- 802.11g (2003) 51, 53
- Operates in either 2.4 GHz or 5 GHz frequency
bands - Provides max 54 Mbps data rate
- 38 m indoor range
- WiMax (802.16) 52
- Operates in 2.3 GHz, 2.5 2.6 GHz frequency
bands - Provides max 40 Mbps data rate now, 300 Mbps
later - 3 km cell range
61IrDA
- The Infrared Data Association (IrDA) provides
protocols to transfer data between handsets,
other devices using infrared light 54 - Similar in principle to a remote control
- Data rate is 16 Mbps now, 300 500 Mbps later
- Range is 1 m, communicating devices must have a
line of sight - Deployed in over 500 million devices
62Wired Networks USB
- The Universal Serial Bus (USB) is a ubiquitous
standard for transferring data between computers
(including handsets!) 55 - By definition, data is transferred one bit at a
time - USB 1.1 (1998) max 1.5 Mbps (low-speed), 12 Mbps
(full-speed) - USB 2.0 (2000) max 480 Mbps
- USB 3.0 (to be released in 2009 2010) max 5
Gbps
63Handset Applications
- Many handset applications mirror those of
computers, e.g., managing ones schedule, Web
browsing, etc. - But handsets mobility is opening up new markets
- Global mobile gaming market value expected to
reach 2.6 billion (3.27 billion) in 2012 - Global mobile advertising market value expected
to reach 1.77 billion (2.23 billion) in 2012 - Also, handsets make mobile and location-based
services possible, which well discuss next
64Mobile Location-based Services
- Carnegie Mellon Universitys (CMUs) Human
Computer Interaction Institute has developed
several such services that well examine - Mobile social computing
- inTouch Coordination for families, small groups
- Whisper Mobile Coordinating groups for social
events - Large-scale mobile collaboration
- Hitchhiking estimating places busyness
- Mobile data
- GurunGo Linking desktop, mobile devices
- Usable privacy and security
- Contextual instant messaging
- People Finder
- CMUs Grey resource-control system
- Memory support
- Memory karaoke
65Mobile Social Computing
- Mobile social computing
- inTouch Coordination for families, small groups
- Whisper Mobile Coordinating groups for social
events - Large-scale mobile collaboration
- Hitchhiking estimating places busyness
- Mobile data
- GurunGo Linking desktop, mobile devices
- Usable privacy and security
- Contextual instant messaging
- CMUs Grey resource-control system
66inTouch (1)
The inTouch service helps coordinate with others
while mobile
- Target Users
- Small to medium groups of people
- Fluid demanding schedule
- Many responsibilities
- Examples
- Dual-career families
- Work groups
- Ad hoc (e.g., conferences)
Mobility
Awareness
Messaging
67inTouch (2)
- inTouch use case Suppose Vanessa is running
late picking up her son Daniel. She can send him
a text message telling him that shell be 15
minutes late.
68Whisper Mobile (1)
- Motivation Easily find, share, and coordinate
friends for social events
69Whisper Mobile (2)
- Creating an event is straightforward
- Minimal text input
- Use location, audio, camera to do so
- Then link it with inTouch
(a)
(b)
(c)
(d)
(e)
70Large-Scale Mobile Collaboration
- Mobile social computing
- inTouch Coordination for families, small groups
- Whisper Mobile Coordinating groups for social
events - Large-scale mobile collaboration
- Hitchhiking estimating places busyness
- Mobile data
- GurunGo Linking desktop, mobile devices
- Usable privacy and security
- Contextual instant messaging
- CMUs Grey resource-control system
71Hitchhiking (1)
- Many location-based services focus on where you
are - Hitchhiking looks at places busyness, e.g.,
- Is the café busy?
- How long are the airport lines?
- Approach estimate number of people in a place
by counting number of handsets there and upload
number and location to servers (anonymized for
privacy) - Locations can be viewed on a map, e.g.,
Microsofts SensorMap
72Hitchhiking (2)
73Mobile Data
- Mobile social computing
- inTouch Coordination for families, small groups
- Whisper Mobile Coordinating groups for social
events - Large-scale mobile collaboration
- Hitchhiking estimating places busyness
- Mobile data
- GurunGo Linking desktop, mobile devices
- Usable privacy and security
- Contextual instant messaging
- CMUs Grey resource-control system
74GurunGo (1)
- Goal Easily access useful info while mobile
- Motivations
- People print out online maps rather than copy
them to handset (easier, small mobile form
factor) - People browse the Web differently on desktops and
handsets - GurunGo allows people to explicitly copy info to
handsets, implicitly copy maps to handsets and
generate speech-based directions
75GurunGo (2)
- Example of speech-based directions
76Usable Privacy and Security
- Mobile social computing
- inTouch Coordination for families, small groups
- Whisper Mobile Coordinating groups for social
events - Large-scale mobile collaboration
- Hitchhiking estimating places busyness
- Mobile data
- GurunGo Linking desktop, mobile devices
- Usable privacy and security
- Contextual instant messaging
- CMUs Grey resource-control system
77Contextual Instant Messaging
- CMU developed a custom AIM client, bot that
people can query howbusyis screenname - Robot respects user-specified privacy settings
- Users can create groups, put screen names in them
- Users can specify what each group can see
- System generates audit logs for security
78Grey Resource Control
- CMU developed a distributed handset-based
resource control system - Resources include office doors, electronic files,
etc. - Flexible, end user-specified policies
- Proactive Manually create policy before request,
e.g., Alice can always enter my office - Reactive Generates policy based on request,
e.g., Can I enter your office? - CMU connected Grey with Bluetooth-enabled office
doors - There were security and usability issues with the
system
79A Large-Scale Mobile App
- Gawker Stalker people spotting celebrities in
New York City
80Handset Security Issues (1)
- People store a wealth of information on their
handsets and dont think about securing them! - Naturally, this makes handsets targets for
miscreants whether theyre script kiddies or
Mafia cybercriminals due to whats stored on
them - Incoming, outgoing, missed calls
- SMS (text) and MMS messages
- E-mail
- Instant-messaging (IM) logs
- Multimedia, e.g., pictures, music, videos
- Personal calendars
- Address books
- Clearly, handset security is a vitally important
challenge
81Handset Malware History (1)
- Hackers are already attacking handsets
- Most well-known case a 17-year-old broke into
Paris Hiltons Sidekick handset 58 - Less well-known worms, viruses, and Trojans have
targeted handsets since 2004 - 2004 59
- Cabir worm released by 29A, targets Symbian
phones via Bluetooth - Duts virus, released by same group, targets
Windows Mobile phones - Brador Trojan released by same group, opens
backdoor on Windows Mobile 63
82Handset Malware History (2)
- 2005 60
- CommWarrior worm released replicates via
Bluetooth, MMS messages to all contacts in
address book - Doomboot Trojan released claims to be Doom 2
video game, installs Cabir and CommWarrior - 2006 5960
- RedBrowser Trojan released claims to be a Java
program, secretly sends premium-rate SMS messages
to a Russian phone number - FlexiSpy spyware released sends log of phone
calls, copies of SMS/MMS messages to Internet
server for third party to view - 2008 61
- First iPhone Trojan released
- Of course, other mobile malware has been
released some malware completely disables the
handset - There is also the possibility of mobile botnets
62
83Key Handset Security Problems
- At this point, mobile device capability is far
ahead of security. Prof. Patrick Traynor,
Georgia Tech (emphasis added) 62 - Handset information can be stolen 63
- Transient information Enhanced 911 can provide
user location information - Static information BlueSnarfing attacks
(connection without owners knowledge), cracking
Wired Equivalent Privacy (WEP) and Wi-Fi
Protected Access (WPA) 64 - Theft of service attacks, e.g., premium-rate
calls/SMS messages 63 - Denial-of-service attacks 63
- Flooding attacks overload the handset radio with
garbage - Power-draining attacks attempt to drain the
battery - Botnets and DoS attacks against networks are
likely in the future 62 - Cybercriminals make 10 as much as security
researchers! 69
84Mitigation Strategies
- Handset manufacturers, OS software vendors, and
researchers have worked to counter threats - Symbian OS requires apps to be cryptographically
signed in order for them to run without user
approval - Some handset manufacturers have joined the
Trusted Computing Group (TCG) and added hardware
to thwart malware tampering with the device 60 - The iPhone runs each application in a sandbox
to prevent malware from running on the device
68 - Heterogeneous handset OSes make massive malware
outbreaks difficult - Vendors like McAfee, Symantec, and Trend Micro
sell security software for handsets F-Secure has
bundled its software with Hong Kong provider
CSLs handsets 65 - Researchers have worked on modeling malware
propagation on networks, detecting power-draining
attacks, etc. 6667
85The Challenges Ahead
- Because the mobile communications field is
evolving so quickly, it presents a unique
opportunity to design security properlyan
opportunity we missed with the PC. Prof.
Patrick Traynor 62 - Since most people buy a new handset every 2
years, its vital to ensure the security of
handset hardware, OSes, applications, and
networks while maintaining usability 62 - One suggested approach is to give handsets a
hard power-off switch so they dont have power
when turned off 63 - Academic research will play a key role in this,
as will user education to counter social
engineering - Given the sensitivity of information stored on
handsets, cybercriminals may well find effective
ways to use them to continue their nefarious
acts, e.g., bot herding, data theft, etc., even
with different operating systems, power
constraints, and carriers - Though we may not hear news of handset attacks as
often as those against (Windows) PCs, we cannot
fall into a false sense of security
86Questions?
87References (1)
- T. T. Ahonen, When there is a mobile phone for
half the planet Understanding the biggest
technology, 16 Jan. 2008, http//communities-domi
nate.blogs.com/ brands/2008/01/when-there-is-a.htm
l - A. Wolfe, Is the Smartphone Your Next
Computer?, InformationWeek, 4 Oct. 2008,
http//www.informationweek.com/news/personal_tech/
smartphones/ showArticle.jhtml?articleID210605369
- J. L. Hennessy and D. A. Patterson, Computer
Architecture A Quantitative Approach, 4th ed.,
Elsevier, 2007 - Research in Motion, BlackBerry 8700c Technical
Specifications, http//www.blackberry.com/product
s/pdfs/blackberry8700c_ent.pdf - R. Block, iPhone processor found 620MHz ARM
CPU, Engadget, 1 Jul. 2007, http//www.engadget.c
om/2007/07/01/iphone-processor-found-620mhz-arm/ - Samsung Semiconductor, Product Technical Brief
S3C6400, Jun. 2007, http//www.samsung.com/global
/system/business/semiconductor/product/2007/8/21/6
61267ptb_s3c6400_rev15.pdf - Wikipedia, iPhone, updated 15 Nov. 2008,
http//en.wikipedia.org/wiki/Iphone - Wikipedia, iPod Touch, updated 14 Nov. 2008,
http//en.wikipedia.org/wiki/ Ipod_touch
88References (2)
- N. Cubrilovic, Symbian Goes Open Source
Courtesy of Nokia, TechCrunchIT, 24 Jun. 2008,
http//www.techcrunchit.com/2008/06/24/symbian-goe
s-open-source-courtesy-of-nokia/ - Android An Open Handset Alliance Project,
http//code.google.com/android/ - Canalys, Global smart phone shipments rise 28
Nokia retains lead, but Apple moves into number
two position, 6 Nov. 2008, Press Release,
http//canalys.com/pr/2008/r2008112.htm - Nokia, Nokia to acquire Symbian Limited to
enable evolution of the leading open mobile
platform, 24 Jun. 2008, Press Release,
http//www.nokia.com/A4136001?newsid1230415 - Wikipedia, Symbian OS, updated 13 Nov. 2008,
http//en.wikipedia.org/wiki/ Symbian_os - Symbian Ltd., Symbian OS, http//www.symbian.com
/symbianos/ - B. Morris, Symbian OS Architecture Overview,
Wireless Developer Forum UK 06, Symbian Software
Ltd., http//developer.symbian.com/wiki/download/a
ttachments/1376/Ben_Morris.ppt?version1 - Wikipedia, Palm OS, updated 3 Nov. 2008,
http//en.wikipedia.org/wiki/ Palm_os
89References (3)
- Wikipedia, Windows Mobile, updated 13 Nov.
2008, http//en.wikipedia.org/ wiki/Windows_mobile
- Wikipedia, Windows CE, updated 12 Nov. 2008,
http//en.wikipedia.org/wiki/ Windows_CE - Microsoft Corp., .NET Framework Conceptual
Overview, MSDN, 2008, http//msdn.microsoft.com/e
n-us/library/zw4w595w(printer).aspx - Microsoft Corp., Microsoft Gives Students Access
to Technical Software at No Charge to Inspire
Success and Make a Difference, 18 Feb. 2008,
Press Release, http//www.microsoft.com/Presspass/
press/2008/feb08/02-18GSDPR.mspx - K. Haslem, Macworld Expo Optimised OS X sits on
versatile Flash, 12 Jan. 2007, Macworld,
http//www.macworld.co.uk/ipod-itunes/news/
index.cfm?newsid16927 - Wikipedia, iPhone OS, updated 16 Nov. 2008,
http//en.wikipedia.org/wiki/ IPhone_OS - Apple Inc., iPhone Developer University
Program, 2008, http//developer.apple.com/iphone/
program/university.html - Apple Inc., Apple Developer Connection Web
Apps Dev Center, 2008, http//developer.apple.com
/webapps/
90References (4)
- Apple Inc., Apple iPhone Features Safari,
2008, http//www.apple.com/iphone/features/safari.
html - Apple Inc., Safari 3.1 Product Overview, Jun.
2008, http//images.apple.com/safari/docs/Safari_P
roduct_Overview20080602.pdf - Research in Motion, BlackBerry Mobile Voice
System, 2008, http//na.blackberry.com/eng/servic
es/blackberry_mvs/ - A. Succo, RIM exec sees BlackBerry product as
shaping telephony, 22 May 2008, InfoWorld,
http//www.infoworld.com/news/feeds/08/05/22/RIM-e
xec-sees-BlackBerry-product-as-shaping-telephony.h
tml - Open Handset Alliance, Members,
http//www.openhandsetalliance.com/
oha_members.html - Open Handset Alliance, Overview,
http//www.openhandsetalliance.com/
oha_overview.html - Wikipedia, Android (mobile device platform),
updated 16 Nov. 2008, http//en.wikipedia.org/wiki
/Android_(mobile_device_platform) - Google Inc., What Is Android?, 2008,
http//code.google.com/android/what-is-android.htm
lruntime
91References (5)
- Wikipedia, Mobile radio telephone, updated 6
Jul. 2008, http//en.wikipedia.org/wiki/0G - Wikipedia, 1G, updated 6 Aug. 2008,
http//en.wikipedia.org/wiki/1G - Wikipedia, 2G, updated 18 Nov. 2008,
http//en.wikipedia.org/wiki/2G - Wikipedia, 3G, updated 19 Nov. 2008,
http//en.wikipedia.org/wiki/3G - Wikipedia, 4G, updated 11 Nov. 2008,
http//en.wikipedia.org/wiki/4G - Wikipedia, Code division multiple access,
updated 30 Oct. 2008, http//en.wikipedia.org/wiki
/Code_division_multiple_access - Wikipedia, GSM, updated 14 Nov. 2008,
http//en.wikipedia.org/wiki/GSM - Wikipedia, IS-95, updated 10 Oct. 2008,
http//en.wikipedia.org/wiki/IS-95 - Wikipedia, Short message service, updated 19
Nov. 2008, http//en.wikipedia.org/wiki/Short_mess
age_service - Wikipedia, Multimedia messaging service,
updated 3 Nov. 2008, http//en.wikipedia.org/wiki/
Multimedia_Messaging_Service - Wikipedia, Enhanced Data Rates for GSM
Evolution, updated 19 Nov. 2008,
http//en.wikipedia.org/ wiki/Enhanced_Data_Rates_
for_GSM_Evolution - Wikipedia, CDMA2000, updated 17 Nov. 2008,
http//en.wikipedia.org/wiki/ CDMA2000
92References (6)
- Wikipedia, Universal Mobile Telecommunications
System, updated 18 Nov. 2008, http//en.wikipedia
.org/wiki/Universal_Mobile_Telecommunications_Syst
em - Wikipedia, W-CDMA (UTMS), updated 19 Oct. 2008,
http//en.wikipedia.org/ wiki/W-CDMA_(UMTS) - Wikipedia, High Speed Packet Access, updated 15
Oct. 2008, http//en.wikipedia.org/wiki/High_Spee
d_Packet_Access - Bluetooth SIG, Basics, 2008, http//www.bluetoot
h.com/Bluetooth/ Technology/Basics.htm - Bluetooth SIG, Profiles Overview, 2008,
http//www.bluetooth.com/Bluetooth/
Technology/Works/Profiles_Overview.htm - Wikipedia, Wi-Fi, updated 18 Nov. 2008,
http//en.wikipedia.org/wiki/Wi-fi - Wikipedia, Wi-Fi technical information, updated
31 Oct. 2008, http//en.wikipedia.org/wiki/Wi-Fi_T
echnical_Information - WiMax Forum, Frequently Asked Questions,
http//www.wimaxforum.org/ documents/faq/ - Wikipedia, IEEE 802.11, updated 16 Nov. 2008,
http//en.wikipedia.org/wiki/ 802.11 - Infrared Data Association, Welcome to IrDA,
http//www.irda.org/ displaycommon.cfm?an1subart
iclenbr14
93References (7)
- Wikipedia, Universal Serial Bus, updated 19
Nov. 2008, http//en.wikipedia.org/wiki/Usb - Screen Digest, iPhone breathes new life into
mobile gaming market, 31 Jul. 2008, Press
Release, http//www.screendigest.com/press/release
s/ pr_31_07_2008/view.html - Screen Digest, Mobile media advertising
opportunities The market for advertising, 2
May 2008, http//www.screendigest.com/reports/
08mobilemediaadvert/pdf/08chinacabletv-pdf/view.ht
ml - B. Krebs, Teen Pleads Guilty to Hacking Paris
Hiltons Phone, Washington Post, 13 Sep. 2005,
http//www.washingtonpost.com/wp-dyn/content/artic
le/2005/ 09/13/AR2005091301423_pf.html - D. Emm, Mobile malware new avenues, Network
Security, 200611, Nov. 2006, pp. 46 - M. Hypponen, Malware Goes Mobile, Scientific
American, Nov. 2006, pp. 7077,
http//www.cs.virginia.edu/robins/Malware_Goes_Mo
bile.pdf - PandaLabs, PandaLabs Quarterly Report
JanuaryMarch 2008, http//pandalabs.pandasecurit
y.com/blogs/images/PandaLabs/2008/04/01/Quarterly_
Report_PandaLabs_Q1_2008.pdf - Georgia Tech Information Security Center,
Emerging Cyber Threats Report for 2009,
http//www.gtiscsecuritysummit.com/pdf/CyberThreat
sReport2009.pdf
94References (8)
- D. Dagon et al., Mobile Phones as Computing
Devices The Viruses are Coming!, IEEE
Pervasive Computing, Oct. Dec. 2004, pp. 1115 - G. Fleishman, Battered, but not broken
understanding the WPA crack, Ars Technica, 6
Nov. 2008, http//arstechnica.com/articles/paedia/
wpa-cracked.ars - CSL Unveils Mobile Security Service, China Tech
News, 31 Mar. 2008, http//www.chinatechnews.com/2
008/03/31/6562-csl-unveils-mobile-security-service
/ - C. Fleizach et al., Can You Infect Me Now?
Malware Propagation in Mobile Phone Networks,
Proc. of ACM Workshop on Recurring Malcode (WORM
07), Alexandria, VA, USA, 2 Nov. 2007, pp.
6168. - H. Kim et al., Detecting Energy-Greedy Anomalies
and Mobile Malware Variants, Proc. of the 6th
Intl Conf. on Mobile Systems, Applications, and
Services (MobiSys 08), Breckenridge, CO, USA,
1720 Jun. 2008, pp. 239252. - E. Sadun, Programming with Safety Scissors and
Glitter Glue, Inside iPhone, 10 Oct. 2008,
http//blogs.oreilly.com/iphone/2008/10/programmin
g-with-safety-scisso.html - T. Claburn, The Cybercrime Economy,
InformationWeek, 9 Apr. 2008, http//www.informati
onweek.com/blog/main/archives/2008/04/the_cyber_c
rime.html