Show Menu

Mobile Cheat Sheet by

mobile

Security Basics

Symmetric Key
One key is shared by two users both encryption & decryption (subst­iution cipher, aes, des)
Assymetric
Public and Private Key
Substi­tution Ciper
Mono-a­lph­abetic cipher 2^n/2
Diffie­-Helman Exchange
Exchanging secret keys over insecure medium. Known large prime and base shared and a secret integer
DES
56-bit symmetric key, 64bit plain text US standard
AES
Replaces DES 128 bit
Axor0, AxorA
A, 0
Main Sec. Probs In Mobile?
Config. manage­ment, excessive privleges, privacy violat­ions, poor session management
Most proble­matic part in mobil apps?
Android abstra­ction layer
Preventing replay attacks?
Use a nonce
Pros of Symmetric Keys
No worry of replay or man in the middle attacks
Agreement on shared key
diffie helman or KDC
Certif­icate Auth
Binds pub key to part. entity. E registers with CA. When Alice wants bobs pub key, get the certif­icate, apply CA pub key and get bobs pub key.
Symmetric and Public Key Problems
Sym: establish shared key? (deffi­e-h­elman, KDC), Public Key(Man in middle) use CA

power/­energy

factors that affect power
power affects temp, but energy doesn't
equations
power/area propor­tional to temp
associ­ations
higher current implies high power which increases cpu frequency
thermal runaway
power -> temp -> resistance decrease -> current increase I (cycle)
energy
asffects battery life, power * time = E
energy harvesting
solar, wind -> high capacity, low leakage (low discha­rge), low capacity, high leakage (quick discha­rge), appliance

Certif­icate Authority

 

Recent Trends in Security

ID vs Auth
Auth = username + pass, ID = passwd & something like biometric
Data injection
sending false radio signal to pace maker and inducing heart attack
Threat Model/­Attack model
What the system thinks about the model. Believes attacker is much more powerful than he actually is. Attack model attacker believes it knows a lot about the system
Key establ­ishment in physi. sec.
Done using human body
Ways to fool machine
brute force feature guess, generate signal (gener­ative), evasion, poison
Evasion attack
create points to gain access without getting caught, alter features
Poison attack
attacker can see the training set, injects their own data at key points, skews the lines
Biometric signals
Signals that don't change like finger­prints
Physio­logical signals
hard because constantly changing
Hardening Technique
instead of line, have piecewise curves, or instead of line use polygo­n(p­oly­tope)
Internet Control Protocol Messages
agent advert­ise­ment, agent solici­tation, regist­ration request, regist­ration reply
Foreign Agent
Consumes less ip addresses than mobile host
security perfor­mance tradeoff
Increase in security strength -> hardening Hardening implies more difficult classi­fic­ation boundaries May increase False positives or negatives How to find a balance between security strength and perfor­mance? Multi-­obj­ective optimi­zation problem

Hardening Technique

 

Internet of Things

Challenges of CPS
hard to know how many sensors to use, what data to collect
Cyber Physical Systems
embedding sensors into physical devices
Human to Human intera­ction
person a thinks about a color red and that dot is displayed to another person in another country
3 charac­ter­tistics of IOT devices
anytime, anything, any place connetion
USN applic­ation layer
where apps are built to perform tasks using the sensors through middleware
middleware (Drivers)
allows you to build apps on top of iot sensors
sensor networking layer (bottom)
sensors are launched in enviro­nment and report to usn
Difference between gps and tower based location manage­ment?
gps needs clear line of sight and is more accurate. Tower based management is bad if you're not near tower, access­ibility is less than gps.
what is iot
Network of Physical Objects embedded systems with electr­onics, software, sensors enable objects to exchange data with manufa­cturer, operator, other devices through network infras­tru­cture allow remote control direct integr­ation computer + physical world Result: automation in all fields

Challenges in Security

Challenges in medical apps
resource constr­aints in sensors, poor software dev support, real-time requir­ements for health apps

Network Sec

challenges cps

thread indexing

 

RSA Example

RSA Continued

Diffie­-Helman

System Model

CUDA

CUDA basics
Termin­ology  Host – The CPU and its memory (host memory)  Device – The GPU and its memory (device memory
__global__
 As before, __global__ is a CUDA C keyword meaning — add() will execute on the device — add() will be called from the host
memory management
Host and device memory are distinct entities — Device pointers point to GPU memory  May be passed to and from host code  May not be derefe­renced from host code — Host pointers point to CPU memory  May be passed to and from device code  May not be derefe­renced from device code

Threat Model

Download the Mobile Cheat Sheet

3 Pages
//media.cheatography.com/storage/thumb/rschacht_mobile.750.jpg

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!

 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          jQuery Mobile Cheat Sheet