Mobile Internet Services & Security Challenges

Kim Hongsun, AhnLab

Business platforms such as smart phones, social networks, and cloud computing environments are emerging as strong drivers for innovating industry ecosystems, business processes and even personal lifestyles. New technologies and creative ideas are constantly being experimented with on these platforms. However, as these platforms indicate the use of open and innovative services, there is an inevitable growth of both intentional and unintentional threats. This keynote speech begins with an analysis of the paradigm changes in the perspectives of business models, platforms and technologies. It then identifies potential security challenges and business risks, and offers comprehensive recommendations for making security practices effective and reliable.

Countering Cyber Threats Through Greater Private-Public Partnerships

Philip Victor, IMPACT

As cyber threats continue to escalate in frequency and variety, greater cooperation among nations is required. There is a compelling need for private-public partnerships to enhance skills, expertise, resources, technology and experiences. This presentation will explore how IMPACT, as the world's first comprehensive United Nations-backed platform for public-private partnership, will share its initiatives and recommendations for strengthening these partnerships to further enhance a nation's capacity to prevent, defend against and respond to cyber attacks.

Security Implications and Considerations for Femtocells

Marcus Wong, Huawei

Femtocells allow mobile network operators to expand and stretch their network footprints rapidly at a fraction of the cost of traditional deployments using large macro cells. Though the femtocell is perceived to be low-cost customer premises equipment, its security capabilities go beyond those of traditional base stations. The customer-premises nature of the device means easy accessibility for home-based recreational hackers, while direct IP connectivity means exposure to the full range of Internet-based attacks. For these reasons, additional security requirements and measures need to be taken into consideration. This presentation will examine in full the security implications and issues surrounding femtocells.

Motorola AirDefense Services Platform End-to-End - Wireless Enterprise Security

Ronald Van Kleunen, Motorola

How do organisations protect themselves against Wireless attacks, Rogue Access Points (AP) in the office and ensure end-to-end compliancy with international Security standards?

Motorola AirDefense Services Platform (ADSP) is a solution driven and vendor agnostic solution which applies to any wireless WiFi-network that need to be secured end-to-end.

Ronald will have a live demo during his session.

Bluetooth Technology - A Technology Close to You

Eric Choi, Bluetooth SIG

Bluetooth SIG is focusing on security and proximity applications. Bluetooth Low Energy technology in a wide range of new applications will take security and proximity to smaller devices powered by coin cell batteries, enabling low energy links between PCs, cars, and more.

Common future implementations of Bluetooth proximity and security applications will range from convenience functionalities, such as using a mobile phone to avoid losing a device or object, to more sophisticated interactions with door locks and even targeted proximity marketing.

Remote File Inclusion (RFI) Attacks on My Honeypot!

Adli Wahid, CyberSecurity MY

The Malaysia CERT operates a national distributed honeypots network as part of its proactive security monitoring initiative. The honeynet provides additional information for making security assessments. In this presentation, Adli Wahid will discuss MyCERT's web honeypots that have been picking up Remote File Inclusion (RFI) attacks. Data captured from the honeypots will be used as case studies and provide more insights on motives and techniques used by the attackers. Adli will also discuss about how MyCERT deal with attacks on the honeypots.

Using IP Location Techniques to Assist in Attack Detection

Conrad Labonte, Andrew Corp.

Technology now allow users to access content in many ways compared to the previously fixed 'known user/address'. This session will examine what is required to identify the location of IP users where the subscriber's identity and physical location are unknown due to the new business models. It will discuss ECRIT and i3 tracking of physical location of an IP session and how this is useful to financial, intelligence and law enforcement agencies, as well as telecom carriers.

Mobile Security as a Service

Lin Yu, NetQin

This presentation will discuss the current status of mobile security and its emerging trends, with special reference to China. The user's requirements are classified in three levels: anti-malware, anti-spamming, and privacy protection. Accordingly, NetQin provides a total mobile security solution to address these issues. The talk will conclude with a brief introduction to NetQin.

Securing a Smartphone in an Open World: the Trusted Execution Environment

Christophe Colas, Trusted Logic

Wireless devices, and particularly smartphones, being more and more open, are subject to increasing threats. At the same time, as these devices have richer functionality, they are used for more-added value services, having to manage sensitive data that needs to be protected. Examples of such services are mobile financial services, access to enterprise services and access to premium content.

In order to protect while keeping the openness, the mobile industry has developed an innovative solution, which is currently ramping up: the Trusted Execution Environment (TEE). The TEE is a secure area of the mobile platform that allows execution of sensitive software in isolation from the main OS of the phone. This isolation is provided by hardware security technology being implemented in all recent mobile phone chipsets. It enables, for instance, security of the user interface of a mobile phone for a payment transaction.

The purpose of this presentation is to give more insight on the Trusted Execution Environment including its benefits, its uses and the standardization processes on wireless security.

Cloud Based Mobile Security

Zou Shihong, NetQin

Driven by the rewards of illegal activity, more and more mobile malware has appeared within a short time. It is a great challenge to detect and analze new malware as soon as possible. This presentation will discuss how NetQin achieves this goal efficiently by means of a Security Cloud with a huge user base. It will include several case studies that show the power of the Security Cloud.

Evolving Wi-Fi Security in an Interconnected World

Henry Ptasinski, Broadcom

Wi-Fi is no longer just for browsing the Web from your laptop. With the increasing diversity of Wi-Fi-enabled devices, the proliferation of innovative new Wi-Fi applications, and the growing complexity of network topologies in the connected home, securing Wi-Fi networks becomes more challenging. This presentation will provide an overview of new Wi-Fi Alliance certification programs and initiatives, with an emphasis on how the Wi-Fi Alliance is helping to secure the connected home of the future.

Endpoint Security: A Step Beyond

Mark Daigle, Where-PRO

Real-time factor(s) beyond endpoints can be leveraged to provide endpoint security. This session explores how mobility has actually enabled new opportunities to control and monitor factors beyond the endpoints. Attendees will learn how to achieve new levels of visibility wherever mobile security is required.

Security Concerns for Mobile Commerce

Charles Landry, Syniverse

This session will provide attendees with an overview of the numerous security-related issues found throughout the mobile commerce operation, and will define a framework for combatting these issues successfully. Mr. Landry will examine security concerns that are top-of-mind for consumers and categorize them as they relate to the mobile channel (the network) or the mobile device (operating systems, applications). In specifically addressing the threat landscape in Asia today, including risks and countermeasures, this presentation will explore strategies for balancing user experience with security requirements. Attendees will learn the importance of best practices for both operators and aggregators, as well as the key role that consumer awareness plays in securing the mobile transaction.