Delivery in day(s): 4
CSI6218 Wireless and Mobile Computing Security Proof Reading Services
Mobile applications run on devices having functionalities for running an application. Mobile devices are used for personal communication that makes mobile application and security risks of mobile different. Mobile application security is the scope of protecting the mobile applications from different security risks like malware, hackers, spoofing and more. it is important to secure mobile application in organization network as its threat to a mobile application can lead to leakage of important and personal information. Different techniques are needed for a secure mobile application
Key components of Mobile application security
Malicious applications:Malicious mobile applications are increasing day by day. Common types of malicious applications are Trojan, phishing sites, spyware, and hidden processes. These applications if got installed in mobile than the malicious developers will easily access the hospital data includes patient personal information and more (Canfora, Mercaldo & Visaggio, 2013).
OWASP mobile threat Model:Mobile threat model includes spoofing, repudiation, and denial of service, tampering, information disclosure and elevation privilege. Mobile threat model platforms vary with extent. It needs to consider more remote web services, device insecurity, and integration of platform (Jain & Shanbhag, 2012).
Figure 1 Threat model
The risks that hospital management may suffer in associating different portable devices are;
1. Data storage may be insecure.
2. Authentication and authorization may become poor.
3. Data may leak through side channels.
4. Personal and important data disclosure.
5. Session handling may be inappropriate.
Mobile security Testing methodologies
Different types of analysis can be used for testing mobile application assessment the types of analysis are;
Running application debugging is done for devices in the hospital network.
Traffic analysis is done for hospital network.
Remote services of the hospital like HTTP, SOAP are then analyzed.
1. The applications on the hospital devices are extracted.
2. Application packages are received from developers.
3. Reviewing source code of an application
4. Then reverse engineering is performed.
5. Disassembling takes place.
6. At last, patching is done (Spreitzenbarth, Schreck, Echtler, et.al. 2015).
All the applications run as a mobile user. It is handled by Seatbelt which is an XNU sandbox kernel extension. The different application runs on different directories of mobile. An application present in the directory is loaded through the container (Spreitzenbarth, Freiling, Echtler, et.al., 2013).
Advanced research/investigation is demonstrated.
For the Bradford hospital, the employees are deciding to connect different portable devices on their network. To address this challenge, many types of research are made by researchers in exploring the different type of strategies for the security of a mobile application. Several work emphases on detection, analysis, and evaluation of malicious applications including different methods functional on system security. Additional work emphases on the designs built for data security improvement (Lin, Huang, Wright, et.al., 2014).
Moreover, mobile application security may not only concentrate on mobile application and data. For new settings different mobile platform is used. Mobile botnets are increasing and are an example of vulnerabilities identified at some point. Further, as the shift from mobile platform to devices like smartwatches is anticipated that the risk increases. It is more challenging for communities that provide security on mobile application security as it could have a greater impact on the system security research as the whole (Anderson, Burford, and Emmerton, 2016).
With the number of application available worldwide, most of the users are unacquainted of the upcoming security risk with applications. Strategies need to be closely researched and implemented to stay away from the security risks (Hardinge, Rutter, Velardo, et.al., 2015).
As the applications between client and server are growing rapidly in transforming the businesses like Bradford hospital and its patient for interaction with each other and handling data on a go anywhere. But the application development is typically determined by functionality and its design, and security is overlooked more often. If the security is also considered then there is much vulnerability associated with it. The new updates in the mobile application are the opportunities for new vulnerability to be presented.
Security testing is done by the experts for providing the level of security to hospital mobile application. Hospital mobile Application security tests contain;
Client-side application security analysis
Server-side application compliance audit
In client-side tools and methodologies like OWASP is used for security analysis. It includes;
1. Vulnerability search manually.
2. Mobile application automated examination.
3. The attack vector is searched systematically.
4. A probability of fraud transactions is analyzed.
In server-side compliance with hospital security and hospital best practices are monitored. For both side applications, the same technology that is the grey box and white box security are carried. As the black box simulates the attack by an unauthorized person and white box simulates the architecture and source code analysis. The white box is time-consuming and detects more vulnerability.
The following results after testing are;
1. List of all vulnerabilities is found
2. Code demonstrating how vulnerabilities can be exploited.
3. Recommendations for resolving vulnerabilities.
4. Advice on improving security by configuration and setting of equipment.
5. Recommendation on sensitive software updates and security actions.
There are numerous findings based on hardware and software characteristics of the mobile application that are;
Communication with a data source
Error notification (Flora, Wang & Chande, 2014)
Presentation compares and contrasts existing case studies
The Royal children hospital has implemented the mobile application. It was not easy for hospital management to implement a mobile application in the network as there were numerous challenges the royal children hospital have faced (Baysari & Westbrook, 2015).
Challenges faced by royal children hospital are;
Fragmentation of device:Mobile application needs a device with various features and functionalities. Security vulnerabilities identification is made performance testing difficult. This leads to low-quality application production.
Encryption was weak:Data from all the sources are accepted by the mobile application therefor if the strong encryption is missing. Then the attacker would easily alter the inputs like environment variables. And this leads to easy access to personal data by hackers.
Network diversity:During network emulators use a basic level of testing is provided but the royal challenge hospital needs real network testing (Ehrler, Wipfli, Teodoro, et.al. 2013).
Mitigation of the issues that hospital suffers
Fragmentation of device:The issue is identified using emulators and testing is done using real devices. This helps in security identification also.The targeted audience was identified using the device geography.
Encryption was weak:Strong encryption techniques were implemented by the network specialist in the royal challenge hospital network to protect the important records and data.
Network diversity:Using the cloud-based test service this issue was litigated and resolved. During Wi-Fi testing, many aspects were focused that is application functionality offline, the impact of Wi-Fi speed on the mobile application.
Positive and negative aspects
The mobile application has numerous aspects related to it. Implementation of a mobile application for Bradford hospital can have several positive as well as negative effects on Bradford hospital and its patients.
Many hospitals have turned to the mobile technology. Mobile technology brings many changes in a huge way. It improves the experience of the patient associated with Bradford hospital but also has some security risks associated with it (Ventola, 2012).
Positive impacts of Mobile Application in Bradford hospital are;
Helps patients to involve with their healthiness:Doctors are not always available to patients so, patients themselves can use self-reported data in health application. The patient remains engaged so as to bring their recorded data to an appointment. The mobile application provides the new way to patient managing their health and the way doctors give health recommendations.
Information accessibility is increased:The mobile application for the Bradford hospital will allow patients to track their health factors like blood pressure, weight, and their medication details. In future doctors can go through their health history in for future health appointments of the patient.
Convenient to use:The application is easy to use and can help patients use health services of Bradford hospital conveniently. It is convenient to put all patient record in one place. It eliminates the problem of waiting for data from the different department as all the data is present at single place.
Sets up the brand:The mobile application development of Bradford hospital increases the hospital branding. The advanced features like transparency and accessibility are added to the application for making the application more flexible for Bradford patients.
Bill payment will become easier:Payment is the stressful work for both patients as well as hospital staff so it will become through the application as a patient can pay directly via an application for hospital services (CignitiTechnologies, 2017).
Negative impacts of Mobile Application in Bradford hospital are;
Security of mobile application:As the mobile application contains all the Bradford patient record at one place and needs high security, it always has the risk of accessing data by an unauthorized person.
Security testing: If the security assessment of the mobile application of Bradford hospital is not done regularly then it may lead to security risks.
Upgrades and patching:If up-gradation and patching of the Bradford mobile application are slower than it is the big issue as the application fails to match the patients and hospital requirements.
Personal data leakage:If the security model implemented is not strong enough to protect the data and information of the Bradford hospital that all the personal information might leak from hospital database (Prgomet, Georgiou & Westbrook, 2009).
Proposed recommendations provided and justified
Here are some suggestions that why Bradford hospital needs a mobile application as it is the growing brand.
Treatment cost and time enhancement:The mobile application is based on cloud and sharing creates data entry, collection, and retrieval more efficient. This decreases the paperwork and the cost of storing data for the hospital and save times in accessing previous records, entering new record and more.
Easy accessibility to modern medical information:The data like medical treatments, drugs, technology are accessible easily by the patients and records of patients are easily assessable by the doctors while treating patients.
Better hospital management: The mobile application will help to manage Bradford hospital better. Both pharmacy and hospital are managed properly if Bradford implements a mobile application. The mobile application helps Bradford hospital to monitor protocols and the overall process of a hospital.
Better patient monitoring:A mobile application will help Bradford hospital in boosting the patient's engagement towards there help. Mobile application of Bradford hospital will improve the communication of patients, doctors and other staff members of a hospital. A mobile application will provide patients the facility of an online chat with doctors from anywhere worldwide. The emergency cases will be handled more effectively and quickly (O’Leary, Lohman, Culver, et.al. 2015).
For better mobile security implementation in the Bradford hospital
User authentication controls can be implemented:Inadequate security controls are the biggest risk for the purpose locking system is included in the application that can be done using implementation of the passcode that is only known to authorize the user.
Security program installation:Internet security software is needed to install in the Bradford hospital network for saving the mobile application from viruses and hackers.
Automatic lock implementation:It is implemented for the purpose if the device gets stolen or lost after a specific number of attempts application gets locked.
Regular updates:Bradford hospital operating system needs a regular update for security strategy. A policy should be built for notifying providers about important updates (Martínez-Pérez, De La Torre-Díez & López-Coronado, 2015).
In the report, mobile application security is discussed and understood in detail. Key components of the mobile application security are also discussed in detail. Malicious applications, OWASP threat model, mobile application risks and more are learned and understand from the assessment. Advance research and investigation is undergone in this assessment. Further, the Bradford hospital is compared with another hospital that has implemented the mobile application after mitigating all the risks occurred while implementation of a mobile application. Mobile application security methodologies have been implemented by the other hospital. Impacts of the mobile application are discussed for the Bradford hospital and some recommendations are made for the mobile application security risks for mitigating the risks and benefits of the mobile application are discussed for Bradford hospital network.
Anderson, K., Burford, O. and Emmerton, L., (2016). Mobile health apps to facilitate self-care: a qualitative study of user experiences. PLoS One, 11(5), p.e0156164.
Baysari, M. T., & Westbrook, J. I. (2015). Mobile applications for patient-centered care coordination: a review of human factors methods applied to their design, development, and evaluation. Yearbook of medical informatics, 10(1), 47.
Canfora, G., Mercaldo, F., & Visaggio, C. A. (2013, September). A classifier of malicious Android applications. In Availability, Reliability, and Security (ARES), 2013 Eighth International Conference on (pp. 607-614). IEEE.
CignitiTechnologies. (2017). 4 Top Challenges of Mobile Application Testing & How to Overcome Them. Cigniti Technologies. Retrieved 12 April 2018, from https://www.cigniti.com/blog/how-to-overcome-4-top-challenges-of-mobile-application-testing/
Ehrler, F., Wipfli, R., Teodoro, D., Sarrey, E., Walesa, M., & Lovis, C. (2013). Challenges in the implementation of a mobile application in clinical practice: the case study in the context of an application that manages the daily interventions of nurses. JMIR mHealth and uHealth, 1(1).
Flora, H. K., Wang, X., & Chande, S. V. (2014). An investigation of the characteristics of mobile applications: A survey study. International Journal of Modern Education and Computer Science, 6(6).
Hardinge, M., Rutter, H., Velardo, C., Shah, S. A., Williams, V., Tarassenko, L., & Farmer, A. (2015). Using a mobile health application to support self-management in chronic obstructive pulmonary disease: a six-month cohort study. BMC medical informatics and decision making, 15(1), 46.
Jain, A. K., & Shanbhag, D. (2012). Addressing security and privacy risks in mobile applications. IT Professional, 14(5), 28-33.
Lin, Y. D., Huang, C. Y., Wright, M., & Kambourakis, G. (2014). Mobile application security. Computer, 47(6), 21-23.
Martínez-Pérez, B., De La Torre-Díez, I., & López-Coronado, M. (2015). Privacy and security in mobile health apps: a review and recommendations. Journal of medical systems, 39(1), 181.
O’Leary, K. J., Lohman, M. E., Culver, E., Killarney, A., Randy Smith Jr, G., & Liebovitz, D. M. (2015). The effect of tablet computers with a mobile patient portal application on hospitalized patients’ knowledge and activation. Journal of the American Medical Informatics Association, 23(1), 159-165.
Prgomet, M., Georgiou, A., & Westbrook, J. I. (2009). The impact of mobile handheld technology on hospital physicians' work practices and patient care: a systematic review. Journal of the American Medical Informatics Association, 16(6), 792-801.
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., & Hoffmann, J. (2013, March). Mobile-sandbox: having a deeper look into android applications. In Proceedings of the 28th Annual ACM Symposium on Applied Computing (pp. 1808-1815). ACM.
Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., & Hoffmann, J. (2015). Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques. International Journal of Information Security, 14(2), 141-153.
Ventola, C. L. (2014). Mobile devices and apps for health care professionals: uses and benefits. Pharmacy and Therapeutics, 39(5), 356.