Mobile Security Assignment: Security Breaches In New Zealand

Question

Task: Prepare a mobile security assignment discussing how the data encryptions work and past security breaches taken place in New Zealand.

Answer

Abstract
The study prepared within this mobile security assignment illustrates that there have been technological developments due to which there is a difference in usage of mobile phones. Unlike before, the mobile phones are used for many purposes apart from calling and messaging. Thus, smartphones store a lot of data that can be breached by cybercriminals. However, the manufacturers of Android and Apple have designed the phones with high-end encryption that scrambles the data, thus making it non-readable for the hackers. The high-end encryption also restricts external attacks by seeking permission while accessing external links or unknown sources. The mobile security assignment helps in understanding how the data encryptions work and past security breaches that have taken place in New Zealand. The literature review by several authors considered in the segments of mobile security assignment helps to understand the recent developments in the data encryptions and smartphone security that will further help many organizations and individuals to use technology cautiously. It is recommended that New Zealand can hire and utilize the knowledge of cyber experts through cybercrimes that can be mitigated. Thus, in conclusion, the mobile security assignment has stated clear discussions on smartphone data, their hazards, and protection.

Introduction
Technological advancements have enabled the use of an online server in the daily routines. In the past times, where telephones were developed, only calls could be done through wired headsets [11]. The technical advancements helped in developed telephones to mobile phones where many functions like messaging, radio, the calculator could be used other than the call facility. In the late 21^st century, mobile phones were further developed to be smartphones that can perform many advanced functions through various IT applications [14].

It is important to study the encryptions through which the mobile devices are operated. The encrypted data is essential for ensuring the security of the data stored in the smart devices like mobile phones, laptops, tabs and others [3]. It is essential to study the past breaches and details about how encryptions work. This will help in gaining knowledge about advancing knowledge while also helping in protecting the data from unauthorized users. The security breaches can leak many confidential data like bank details- account number/passwords, credit /debit card details, personal data like contacts, pictures, browsing history and many others [5].

The leaked data is used by cybercrimes for theft due to which individuals, as well as organizations, may incur huge losses [10]. Thus, the mobile security assignment aims to analyze theories related to mobile encryptions while also studying new developments in technology in smart devices like mobile phones. The mobile security assignment will also provide recommendations for the problems detected by mobile encryptions and their security breaches.

Findings
Mobile phones encryption
The smart devices like mobile phones are mini-computers that provide a treasure of data for the hackers that can easily the identity of the user [13]. In today's time, many generations of smartphone devices have encryptions that obscure data thus protecting it from unauthorized users. In these smartphones, many of the applications are highly encrypted due to which hackers cannot transmit data from that particular IT application. In the scenario of device encryption explored in the mobile security assignment, the data stored are jumbled and become unreadable to hackers [17]. In such cases, only correct passwords reveal the data. The highly encrypted mobile device seeks permission while connecting to another device or while downloading from unknown sources. Mobile phone encryption is an important topic today due to the vast usage and connectivity to global internet of users of various types. 

The hackers cannot breach the data from encrypted mobile phones even if the device is switched off. The android version is a bit more complicated than the iPhone. The encryptions of mobile devices by default were not required until the launch of Marshmallow version 6.0. The different manufacturers use various techniques in implementing the encryption in mobile phones. In some phones, key generation is used where the passcode is required while accessing any information or switching on the mobile device. In other phones, the manufacturers use file-based encryption through which only a few of the files can be accessed without passwords. It is noted herein mobile security assignment that 80% of Android Nougat is fully encrypted mobile devices. As new software and applications are developed, there is an increased risk posed to data theft from mobile phones. Today most of our individual information related to banks and credit cards is stored in mobile phones. Lack of mobile phone encryption can easily lead to leakage in such data and information crucial for individual users.

Figure 1: Mobile Phone Encryption
Source: [17]

Mobile technologies are evolving very quickly and developing services to support global mobile systems (as well as mobile phones). One of the services mentioned in the mobile security assignment that come with it is the Multimedia Messaging Service (MMS), which was developed after Short Messaging Service (SMS), which can be used to transmit image data. Messages sent through MMS media do not reach the recipient directly but through the mobile operator's server. In the context of the application, even in the case of Mobile architecture, but operators such as multimedia service providers can review and find the content of messages sent by customers. Other problems might arise as a result of people's actions. Thus, a secure system is necessary to protect data. However, encryption does not prevent data from being registered or altered. Encryption does not protect sensitive communications. There are many limitations, including low memory, limited computing power and variety to improve the compatibility of different devices. Data processing complexity is becoming a major problem. As the importance of encryption increases, many methods can be found. Among these methods examined in the context of mobile security assignment, there is a simple mathematical operation, but there is also a method that reduces the complexity of theory. In order to obtain reliable algorithms, studies were conducted on digital images that are encrypted by various researchers, but digital images are implemented. Research into digital imagery and its use has also been extensively studied within this mobile security assignment. With emerging technologies and methodologies of mobile phone encryption, there are new and complex mathematical models. These mathematical models are devising complex encryption codes to prevent hackers from entering into mobile data and information.

WiFi encryption
Wireless networks or WI-FI requires authentication, encryption for maximum protection. WEP (IEEE802.11) was the original and secured algorithm for the wireless networks but it was substituted by WPA which is encrypted by strong technology named “Temporal Key Integrity Protocol with MIC” (“Message Integrity Check”). WPA and WPA2, both of them are security ciphers that generate unique key sessions in each session and occasionally change the key for reducing the network intruder that interrupts for decoding the keys. The users of WIFI should avail WPA 2 which is the most secured encryption method. As per the investigation on mobile security assignment, usage of Wi-Fi has expanded dramatically with currently major railway stations, bus stations and other public places having free Wi-fi connectivity. However, high security often impacts performance and processing time.

Figure 2: Wi-Fi Encryption Methods
Source: [1]

Under the present circumstances elaborated herein mobile security assignment, usually tasks done offline, is now done online. This paradigm shift has led to personal data, be stored online by individuals. In such circumstances avoiding uncertainty exercise of privacy, integrity and data breaches is the focus. The problem, however, is that also; add when adding a wireless network. As wireless networks become more and more popular, security is the most important consideration in such a network. The overall goal is for improving security measures in the protocol that is better than the current operation. With the greater usability of Wi-fi is associated the greater risks and challenges associated with it. Appropriate Wi-Fi encryption technologies can prevent hacking and theft related to it.

The research on mobile security assignment signifies that WEP protocol is the major segment of the “IEEE 802.11 standard” for protecting “WLAN networks”. The basic functionality of the “WEP protocol” is to enable data security across wireless networks in a similar manner. As wireless networks have a lack of physical connections within users and wireless network users within the network range for receiving data. The feasible manner to protect the network was developing protocol which would lead to the protocol to work upon the second layer of the “OSI model” then deliver data protection while transmitting. To protect data transmitted within communicating parties, WEP makes use of a shared secret key of 40 to 140 bits. WEP protocols can be implemented through “Cyclic Redundancy Code” (CRC) message is calculated and then added onto the original message.

The words of Atkinson et al (2018) examined in the mobile security assignment stated that in the closed world scenario, the detection showed 84% accuracy that overcomes the data limitations of WiFi. On the contrary, 67% accuracy suffers in the open-world due to which the personal information and other data can be easily encrypted through WiFi. Despite the security regulations New Zealand has been the prime victim of cybercrimes. With more research and solution developed around Wi-Fi encryption methodologies as discussed in the mobile security assignment, there is a scope to prevent data breach and theft. This will enable secure connection to users.

Past Security Breaches
Despite huge investment in technology, organizations and individuals are plagued with the breaches. In recent times, the use of mobile devices has become crucial [16]. The devices like mobile phones and laptops have become essentially important for users that contain many critical data like electronic data, credit card and bank details with their passwords. These data cannot be erased even if the devices are formatted or data is deleted. The breaching of the data by the unauthorized user can cause great loss to the organizations as well to the individuals. In this regard, in New Zealand, the TU ORA Compass health organization that operates in New Zealand confirmed that up to 1 million medical patients (2002- 2019) might be impacted due to hacking of their computer systems [8]. The website of the medical organization was hacked in August 2019. After hacking, the organization converted to offline operations and launched an investigation. However, the information included medical enrolment, patient’s data about different diseases and services that involved mental health counselling. The argument raised on this mobile security assignment depicts that data breaches related to patient data have been a major challenge in the healthcare industry. 

Organizations like Inland Revenue, Z Energy and vector been victims of cybercrimes. In the year 2017, 3500 files of Inland Revenue departments were protected as the tax department of New Zealand was targeted of the crypto securing attack. The department had been receiving several phishing emails that targeted customers or attempted to obtain money or other information. However, the files were encrypted and no losses were made.

In November 2017, 63, 724 million people were impacted by the data breach of Cambridge Analytica, the scandal involved collection of personally identifiable data that was used in influencing voter opinions in favour of the politicians that hired these hackers. Many organizations built their IT systems which are highly encrypted and cannot be breached easily. The organizations of New Zealand should also adopt highly encrypted IT Systems for storing their data.

Can you provide information of latest development within this mobile security assignment in detail?
Encryption is important for ensuring data security. The development of Marshmallow version 6.0 confirms data encryption in all Android phones. However, human error is the major cause behind data breaching [4].

Hu et al (2017) stated that disk encryption is used frequently for securing confidential data on mobile phones. However, disk encryption involves high energy that burdens the battery capacity of mobile devices. All the smartphones are not built up with sufficient battery requirements, thus, disk encryptions burden the operational capacity of the phones when large data is being protected. The authors of this article used to prepare this mobile security assignment developed new software named Kernel- level disk encryption (Populus). Thus, about 98% of the encryption computation by Populus was not directly connected to plain text/ciphertext. Thus, the authors were able to accomplish computation before the consistent supply of power is obtainable. Cryptoanalysis was conducted and it is found that that state-of-art technique failed to dismantle Populus that has computational complexity. The energy consumption of Populus was compared to that of dm-crypt which is a disk encryption software designed for Android and Linux. Therefore, research outcomes showed that Populus consumed less than 50-70 of energy as compared to dm-crypt.

In the works of Chakraborty et al (2017), it was stated that full drive encryption is essential for mobile phones. These devices contain sensitive data that can be easily stolen or lost. Dickens et al (2018) discuss that the usual method to FDE is the AES block cipher in XTS mode is sluggish than unencrypted storage. Dickens et al (2018) state that authenticated encryption-based stream ciphers is faster than AES contexts. The stream ciphers are exposed to cyber- attacks which are mitigated by on-drive metadata that further ruins the performance of the device. The devices like mobile phones use solid-state storage accompanied by Flash Translation Layers that operate similarly to Log-Structured File systems that further include Trusted Execution Environments (TEEs) which secures storing areas. Dickens et al (2018) suggest Strong Box which is a stream cipher layered with FDE and also replaces dm-crypt. Dm- crypt is a Linux FDE unit that is created on AES-XTS. In this regard, StrongBox includes system design and on-drive data structures for exploiting LSF’S. StrongBox is implemented and its performance is tested under LSFS. Thus, the reading performance of devices like mobile phones is improved by approximately 2.36 while it also offers strong integrity. There needs to be currently more research that can enable protection of user data and information, prviding secure access.

According to Banerjee et al (2017), technical advancements have revolutionized sharing and storing data. Our smartphones have become warehouses for the storage of personal information. The data in mobile phones and other devices are stored in unencrypted format due to which privacy is breached by hackers. Banerjee et al (2017) have proposed a lightweight and computationally effective protocol named Cloak. It is a stream cipher that uses an outward server for generating and dispensing cryptographically secured Pseudo-random numbers. Three versions of Cloak have been referred that s- Cloak, R0 Cloak and d-Cloak that varies according to the key selection process. Thus, Cloak performs encryption/decryption operation within the mobile phones for data security. Therefore, the messages or other data are shared between the mobile phone and server with identity verification. Additionally, Cloak is evaluated on smart devices and Amazon web services. Thus, the Cloak is capable of protecting against devices against cyber-attacks.

Yang et al (2017) discussed that recent research on Android smartphones considered in the context of mobile security assignment majorly focuses on evidence retrieval from “Nand flash memory”. Prevalent placement of “Nand Flash encryption” and the rise in the malware infections that majorly exist in in the key memory of smartphones have necessitated the requirement for forensic education. The main forensic technique of Android is rarely implemented because they need the solution of several usability restraints that include root privilege escalation, additional custom kernel and bypass of screen lock.

It can be said in this mobile security assignment that there are no developments in acquiring the data from the main memory of smartphones. Yang et al (2017) have developed a tool named AMD which is capable to acquire content from the main memory of Android smartphones as well as smartwatches. To develop AMD, the firmware protocol was updated by reverse engineering of Android bootloader. The experiment was done devising a method for accessing memory data via firmware update protocol. The results showed that AMD overpowers the restriction of main memory acquisition and is capable to obtain information from the main memory of smartphones and other devices for forensic investigation.

 Muslukhov et al (2016) discussed that Due to the advanced technical innovation, confidential and sensitive data like business documents, emails and other data stored in smartphones. This exposes the various risks that might occur when the phone is stolen. Thus, for mitigating, risk manufactures of smartphones have designed data encryption that utilizes locking passwords for protecting the data encryption key. Muslukhov et al (2016) state that many users do not lock their devices or put easy 4-digit passwords for locking the phone. Due to this, data-at-rest becomes unsuccessful against the potential attacks that hacks the phone by guessing the passwords. Muslukhov et al (2016) have designed a Sidekick system that utilizes a wearable device for decoupling data encryption and smartphone locking. The system was tested and the results showed that Sidekick can run on an 8-bit system-on -chip while utilizing 4kb/20kb RAM or ROM. It permits data encryption key fetching fewer than 2 seconds which lasts for a year on a single coined-cell battery.

Izzo et al (2019) argued that technological advancements have influenced the social lifestyles of individuals like students, lecturers. Thus, Kartikadarma, Listyorini, and Rahim (2018) suggested that smartphones should be used for educational purposes in many universities and institutions. The authors designed an “Android-based RC4” that is “cryptographic simulation” developed for education in universities. RC4 raises the benefits of Android-based mobile phones while initiating learning attitudes in students. RC4 was tested and found that it met the criteria of validity, effectiveness, and realism in enhancing the learning curriculums of the students.

This section of mobile security assignment helps us to understand that new development for protecting data breach. Thus, it can be said that using smartphones opens our data to various hackers that can use for it for criminal purposes. Therefore, individual should be cautious while verifying and sharing phone data to external and unknown sources. The device may not seek the users permission but downloading or sharing phone’s personal data should be limited to avoid the usage by hackers. 

Recommendations
Mobile phones are transformed into smart devices that ease the daily routine of individuals and organizations. However, mobile phones are the storage of data that can be used by an unauthorized user. As mentioned above within this mobile security assignment there have been several cyber-attacks in New Zealand due to which many individuals have been impacted? Thus, it can be stated herein mobile security assignment that humans have to be cautious while using smartphones, websites and other online sources. Any email, message or call requiring about the bank details should be avoided as the financial institutions do not require bank account details on call. The organizations in New Zealand should utilize the help of cyber experts for maintaining the data of huge customers safe from potential hackers. It was reported that New Zealand has been the victims of cybercrimes that tried attacking or already obtained data from government or organizational database. Thus, the need for cyber experts arises that can help in solving such serious issues.

Conclusion
In recent times, the use of mobile devices has become crucial. The devices like mobile phones and laptops have become essentially important for users that contain many critical data like electronic data, credit card and bank details with their passwords. These data cannot be erased even if the devices are formatted or data is deleted. Many of the mobile phone manufacturers are using high-end data encryptions that protect the device from cyber-attacks. The breaching of the data by the unauthorized user can cause great loss to the organizations as well to the individuals. Hence, the mobile security assignment aimed to understand how the data encryption works, and new developments for protecting data breaching. The report has been prepared by researching and referencing works of different authors to obtain information about mobile security. Thus, it can be concluded from the above discussion on mobile security assignment that many advancements have taken place to reduce the cybercrimes that occur due to data breach of individuals and organizations. It is also noticed from the above analysis on mobile security assignment that humans have to be alerted to avoid that error that allows hackers to obtain personal and misuse them.

References
[1] J.S. Atkinson, J.E. Mitchell, M. Rio, G. Matich, Your WiFi is leaking: What do your mobile apps gossip about you?. Future Generation Computer Systems, 2018 Mar 1, Vol. 80, pp. 546-57.

[2] A. Banerjee, M. Hasan, M.A. Rahman, R. Chapagain, Cloak: A stream cipher based encryption protocol for mobile cloud computing. Mobile security assignment IEEE Access, 2017 Aug 25, Vol. 5, pp 17678-91.

[3] B. Burd, Android application development all-in-one for dummies. John Wiley & Sons, 2015 Jul 9.

[4] D. Chakraborty, S. Ghosh, C. Mancillas-López, P. Sarkar, FAST: Disk Encryption and Beyond. IACR Cryptology ePrint Archive, 2017; pp. 849.

[5] D. Craigen, N. Diakun-Thibault, R. Purse, Defining cybersecurity. Technology Innovation Management Review, 2014, Vol. 4(10).

[6] B. Dickens III, H.S. Gunawi, A.J. Feldman, H. Hoffmann, Strongbox: Confidentiality, integrity, and performance using stream ciphers for full drive encryption. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, 2018 Mar 19, pp. 708-721. DOI: 10.1145/3173162.3173183.

[7] Y. Hu, J.C. Lui, W. Hu, X. Ma, J. Li, X. Liang, Taming energy cost of disk encryption software on data-intensive mobile devices. Mobile security assignment Future Generation Computer Systems, 2017 Oct 9.

[8] T. Hunt, Up to 1 million New Zealand patients' data breached in criminal cyber hack, 2019. Retrieved from

[9] N. Izzo, A. Barenghi, L. Breveglieri, G. Pelosi, P. Amato, A secure and authenticated host-to-memory communication interface. InProceedings of the 16th ACM International Conference on Computing Frontiers, 2019 Apr 30, pp. 386-391.

[10] J. Jang-Jaccard, S. Nepal, A survey of emerging threats in cybersecurity. Mobile security assignment Journal of Computer and System Sciences, 2014 Aug 1, Vol. 80(5), pp. 973-93.

[11] H.A. Karimi, Universal navigation on smartphones. Springer Science & Business Media, 2011 Aug 4.

[12] E. Kartikadarma, T. Listyorini, R. Rahim, An Android mobile RC4 simulation for education. World Trans. Eng. Technol. Educ, 2018 Apr, Vol. 16(1), pp. 75-9.

[13] L. Kyei-Blankson, Practical applications and experiences in K-20 blended learning environments. IGI Global, 2013 Dec 31.

[14] D.D. Luxton, R.A. McCann, N.E. Bush, M.C. Mishkind, G.M. Reger, mHealth for mental health: Integrating smartphone technology in behavioral healthcare. Professional Psychology: Research and Practice, 2011 Dec, Vol. 42(6), pp. 505.

[15] I. Muslukhov, S.T. Sun, P. Wijesekera, Y. Boshmaf, K. Beznosov, Decoupling data-at-rest encryption and smartphone locking with wearable devices. Pervasive and Mobile Computing, 2016 Oct 1, Vol. 32, pp. 26-34.

[16] New Zealand Government, New Zealand’s cyber security strategy, 2019. Retrieved from

[17] J.R. Vacca, Cyber security and IT infrastructure protection. Mobile security assignment Syngress, 2013 Aug 22.

[18] S.J. Yang, J.H. Choi, K.B. Kim, R. Bhatia, B. Saltaformaggio, D. Xu, Live acquisition of main memory data from Android smartphones and smartwatches. Digital Investigation, 2017 Dec 1, Vol. 23, pp. 50-62.