Appendix
Taken from Security Guidance for Critical Areas of Mobile Computing, V1.0
The following are countermeasures to mitigate major authentication threats as described in the attack trees below. The threat is followed by the countermeasures. Some are security policy elements, which can be implemented by device administrators, some can only be addressed by app developers, and some can only be addressed by OS developers.
Authentication Bypass
The most common methods of authentication bypass are all possible because of developer errors. However, an enterprise information technology department can test software for vulnerabilities.
▪ SQL Injection—Implement escaping of reserved SQL words and characters such as ‘, =, OR, etc.
▪ Direct URL request—Access control system not applied beyond gateway resources. Access control should be applied to all resources.
▪ Session-ID prediction—Insufficient session-ID unpredictability; session-IDs should be randomly selected from a large space.
▪ Buffer overflow—Errors in memory management and address space predictability. Techniques such as ASLR (Address Space Layout Randomization) can be used to mitigate.
▪ Open-device—Always enforce use of device lock.
Valid credentials from device not owned by user – relevant attacks and countermeasures include:
▪ Password brute force
▪ Enforce password rules
▪ Throttle authentication attempts (limited failed authentication attempts). Throttling should be cloud based, not device based (otherwise physical access can defeat it).
▪ Use context/behavioral anomaly detection (location, language, who-you-know, voice, etc.), where possible
▪ Username space brute force
▪ Enforce password rules
▪ Use context/behavioral anomaly detection (location, language, who-you-know, voice, etc.), where possible
▪ Phishing
▪ User awareness, contextual authentication support, 2-factor authentication
▪ Man in the Middle (MITM), replay, and network compromise
▪ Use unpredictable one-time session tokens or time-stamps to prevent replay.
▪ Verify public key infrastructure certificates of web services
▪ Always transmit credentials using secure socket layer/secure shell
Valid credentials from user-trusted device—relevant attacks and countermeasures include:
▪ Physical access to storage (allows attacker to circumvent PIN throttling)
▪ Use secure, tamper-proof hardware (e.g., secure micro-SD) to store credentials. Always ensure credentials are encrypted using a private key, which is password protected by a high entropy password (this should usually be the device unlock PIN to ensure minimum usability cost).
▪ Always use disk encryption for all sensitive data on mobile memory.
▪ Enforce password rules for unlock PINs (use ASCII, entropy, more than 6 digit, dictionary resistant). Bear in mind that unlock pins often also give access to (decrypt) encryption keys, such as disk encryption keys and other credentials stored on the device. User-to-device authentication is therefore especially important.
▪ Do not use insecure biometric device unlock mechanisms without liveness detection, such as face recognition, for sensitive applications.
▪ Never store passwords in plain text—use salted hash
▪ Decommissioning/loss/theft procedures should be in place (e.g., remote-kill, locate, lock)
▪ Always enforce use of PIN-lock.
▪ One time password (OTP) theft/relay
▪ Do not use OTP generators on same device as primary login (e.g., Google authenticator)
▪ Ensure all antimalware measures are in place on primary and secondary device (e.g., personal computer and mobile phone)
▪ Malware on device
▪ Take all possible measures to ensure malware does not reach the device (e.g., disallow jailbreak, use app-whitelist + pretest enterprise apps).
▪ Use mobile device management software with jailbreak detection/other healthcheck support
▪ Never store passwords in plain text—use salted hash
▪ Side channel attacks (e.g., smudge attack, accelerometer attack)
▪ App and OS developers should block access to accelerometer during password entry
▪ Use of PIN is more secure than pattern.
▪ Use reverse patterns (covering the same digit more than once) where possible (although this is not allowed on Android), wipe screen regularly.
▪ Near-field communication authentication failure (e.g., relay attack)
▪ Use time-bounding protocols to prevent relay attacks
User->Device specific attacks include:
▪ Biometric spoof
▪ Do not use biometric device-lock or other biometric systems, which operate without any sophisticated liveness detection.
▪ No pin-lock
▪ Enforce pin-lock
▪ Data not encrypted
▪ Enforce disk encryption
General advice: Authentication strength inevitably involves a trade-off between security and usability or user cost, as well as deployment cost. You should weigh up the risk to the assets accessible via your mobile devices (this includes assets in the cloud) against the user cost involved. Try to minimize user involvement while providing an adequate level of security for the assets involved.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.