The FORWARD project blog » presentation

Are smartphones secure?

Hermann Helmreich — Mon, 25 Jan 2010 12:54:30 +0000

Today’s smartphones are no more normal mobile phones, they are small personal computers. Therefore threats for smartphones are the same as for personal computers. The only difference form this point of view is that personal computers generally use Microsoft Windows as operating system, whereas there are a wide variety of mobile platforms. Due to this fact mobile platforms are harder to attack.

But the biggest danger for a mobile phone is one that is not one for personal computers: You can lose your mobile phone. This is not only a danger for smartphones but also for all mobile devices containing personal information. Another danger for smartphones is leaving them unattended or loaning it to people because they can install spyware on your smartphone. Additionally to spyware there are mobile viruses, worms and Trojans threatening your smartphone. They can spread using e-mail or via SMS.

Generally speaking, web-based and e-mail attacks are as possible with smarthones as they are with personal computers. Wi-Fi and Bluetooth are two technologies which can be dangerous too. Wi-Fi can be attacked by a man-in-the-middle attack and Bluetooth is also a target for attacks. A good discussion of Bluetooth security you can find here: part1, part2. Here you can find a FAQ on how to use your smartphone securely. Another interesting article about smartphone security can be found here.

FORWARD at the ICT Days 2009 in Sofia

Edita Djambazova — Thu, 05 Nov 2009 13:10:58 +0000

From 28th to 31st of October 2009 at Inter Expo Center – Sofia, Bulgaria, the Days of Information and Communication Technologies 2009 were held. The event combined specialised exhibition ICT Expo and an interesting seminar program.
ICT Expo offers a platform for comparing the current industrial trends and product presentations. The aim of ICT Expo is to acquaint visitors with the latest innovations in all fields of information and communication technologies – server solutions, PC assembly components, personal and mobile computers, peripherals and network solutions, card technology, business process management, learning & knowledge solutions, telecommunication equipment, financial solutions, multimedia products, business management software and information safety, innovations from Bulgarian software developers.
The seminar programme included a forum where the business representatives had the opportunity to get acquainted with the new state administration, to discuss the state of the branch in crisis conditions.

As part of the seminar programme the FP7 EU project FORWARD was presented along with another EU funded project PSIRP. In a half-hour presentation Edita Djambazova from IPP-BAS described FORWARD’s goal, objectives, and results. Some of the emerging security threats identified during the project were discussed. The established security community around ICT-FORWARD was outlined as one of its important achievements.

Cloud Storage: are my data safe?

alvanos — Mon, 26 Oct 2009 17:17:53 +0000

Earlier this month T-Mobile Sidekick users experienced an outage that left most of them without access to their personal data. Contacts, calendar entries, photographs and other personal information were stored in Danger service provider, a Microsoft subsidiary. As a result most of users personal data are still inaccessible. Moreover looking recent outages people start worrying about the security of their data stored to the cloud storage.

Earlier this year, in 16th ACM Conference on Computer and Communications Security (CCS ’09), RSA researchers presented a technique called high-availability and integrity layer (HAIL) that provides availability and integrity in the cloud. HAIL extends the basic principles of RAID, using many cloud storage providers, to achieve higher level of typical approaches. HAIL does this by striped the file and keeping additional redundant information across multiple cloud storage providers. Using a earlier techniques created from the RSA labs, Proofs of Retrievability (PORs) like mechanism, HAIL forces each provider to prove the existence and the integrity if the file. In case of an error, client uses the redundant information stored in the provider and other providers to reconstructs the file. A sort description of HAIL can be also found here.