4th Annual Mobile Security 2008

A chance to get to know your peers before the start of the conference and set a relaxed, informal and friendly atmosphere

• Mobile malware has the potential to spread beyond a single operator’s network – how are GSMA members collaborating to develop and incident handling process for mobile security threats?
• Working across the wider mobile ecosystem to deliver a collaborative set of guidelines to deploy in the event of large breach in security
• Is the industry dealing ready for a large scale threat?

• Evaluating the current and future challenges for mobile application security
• What is the current status of mobile security?
• Reviewing specific incidents, damages and evaluating current risks
• What needs to be done within operators and across the industry in order to address risks to application security

• Highlights from Mobile Security Report 2007, published by Informa Telecoms & Media and McAfee
• Number of reported mobile malware incidents per network since 2005
• The reported impact of incidents on Mobile Operator business functions
• The cost and methods used for disinfection and device recovery
• Key concerns of mobile operators re future threats developments

• How are mobile threats evolving?
• Are handheld platforms about to be deluged by a storm of new and different types of attacks?
• Examining the security threat posed by:
• New applications and mobile advertising
• Consolidation of operating systems
• Convergence of communications platforms offering multiple access points for hackers

• Identifying different security risks, vulnerabilities and how attacks might be committed in an IMS environment
• Predicting the future risks that NGN networks and services present – what can be done to protect against these threats?
• What can operators do to minimise against security threats when introducing new IP based services?
• To what extent will the and IP based environment pose new requirements for security professionals?

• What are the current security threats and vulnerabilities?
• Which protection is available for the network and the customers' devices respectively?
• Should Operators implement malware protection in their networks or the customers' devices, or both?
• How can this be done, and how can operators future-proof their security architecture?

• What new security risks can mobile operators expect to encounter as they migrate to IP-based networks and new services?
• What are the security vulnerabilities within the IP / IMS infrastructure and new generations of handsets / end userdevices?
• How will IP-based technologies affect the way in which security solutions are deployed on the network and handset?
• Will IP based networks significantly increase the threat of security attacks?

Invited Panellists:

• Taking a holistic view of security as it impacts the people, processes, and policies that impact network operations
• Reviewing technology-specific network security standards and implementations for operators
• Examining the intentional and unintentional security risks as wireless networks expand capabilities through IP-based services and connections to external networks
• Case study - applying security in specific deployment scenarios

• Next generation networks and devices threat vectors
• Examining old and new threat vectors within next generation networks - Radio resources, Radio access, IP
• Examining old and new threat vectors with in next generation Devices - SIM, Data cards, OS etc.
• What are the effects of threats on mobile operator users, the network and services – from the operator’s perspective?
• What are the effects of threats on mobile corporate and personal users - from their perspective?
• Evaluating critical security features and solutions including:
• Network
• Handset
• Data

• Protecting enterprise investment in mobility by mitigating security threats
• Establishing a trusted environment for the subscriber base
• Reducing concerns about proprietary information and sensitive data falling into the wrong hands
• Remotely disable lost, misplaced, or stolen devices

• Introduction to secure virtualization
• Isolated multiple Execution Environments and protection against all software attacks
• Scalable mobile platform for value added services secure deployment
• Case study: Leverage GPL software and Protect business critical proprietary code

• Case Study - Nordea Bank’s standard remote access solution
• Challenges in planning for delivering a seamless mobile VPN as hosted service for the financial industry
• Ensuring that encryption of sensitive and secure tunneling never break
• What are the challenges to offering a secure seamless mobility solution across Symbian, Windows Mobile and Windows platforms?
• Symbian vs.. Windows Mobile - challenges and opportunities in delivering secure seamless mobility across platforms

• Do we need OS platform security?
• How real are the threats?
• Who gains or loses?
• The bad guys vs. the users and service providers
• How does this affect application developers?
• Is it working?
• Are existing measures effective?
• How much of the cost should developers bear?

• What types of spam currently exist and are they serious security threats for operators?
• Costs of SMS spam and spoofing to the operator
• Operator case studies:
• spam detection in live deployments
• fraud cases based on SMS spoofing
• Examining regional variations in SMS spam and spoofing

• How should operators respond to an increasingly dynamic threat environment and third party attackers?
• What types of mobile messaging threats exist?
• mobile-to-mobile
• email to mobile
• fixed email access from mobile devices
• Examining the economics of spam
• What are the senders' motives and methods to increase revenue, lower expenses and enter new markets?
• Lessons from email abuse - what can we expect to see in mobile?
• Examining "innovations" used to stay one step ahead of security vendors

• Providing access to content, while providers ensure the content is secure from illegal copying Customer need and service usability
• Developing trusted solutions for delivering mobile music
• Considering different approaches to Digital Rights Management (DRM)

• Telecom Italia Z-SIM Use Cases - Z-SIM as a hub of interaction between user and objects
• Enabling trusted interaction between user and objects
• Evaluating challenges related to user authentication and content protection

• What is the role of the mobile operators in the mobile payments ecosystem?
• Comparing plastic card vs. mobile network security
• Why would banks trust mobile operators and vice versa?
• Exploring generic technology options for transaction conduct - voice, SMS and USSD
• The future is NFC - but will it be mobile?
• The future is WPKI - but will it be payments?
• Lessons learned from operating the national mobile payment scheme 7 years

• With no widespread mobile epidemic, how big of a threat is mobile malware for operators?
• What is the the threat from a greater penetration of open operating systems and wider support for multiple runtime environments on proprietary closed devices
• Can the industry expect the problem of mobile malware will continue to grow? What will drive the growth of mobile malware in the coming years?
• What actions need to be taken by operators to protect their business and their customers from current threats and from potential threats?
• Developing a multi-tiered approach to address the malware threat including:
• security mechanisms within the network and devices
• having business processes in place to handle malware incidents

• Malware (both on the mobile device and on PCs) can potentially be used to perpetrate a wide range of mobile telecoms fraud
• Case studies on existing examples of fraudulent malware
• A look at possible future fraud scenarios
• Examine the potential impact of fraud perpetrated through malware
• What can be done to manage the fraud risk?

Drinks Reception
An exclusive drinks reception, giving you the chance to discuss the topics from the conference in a more informal manner with speakers and delegates

• Understanding new threats and risks and how the industry is planning on addressing them, including:
• Developing a handset security roadmap
• Analysis of the impact of mobile malware
• Producing security algorithms and implementation strategy
• Carrying out risk assessments of emerging services
• Developing operator guidelines for secure 3G and IMS

• Case Study
• How can operators protect their business against the negative fallout from a mobile security incident?
• Minimising the impact on consumer confidence in order to battle churn
• Protecting your brand image to retain credibility
• Important steps to restoring consumer confidence

• Casy Study: Vodafone
• Ensure that all execution environments have the appropriate security policies
• Protecting by default sensitive APIs banning unidentified applications to use them
• Deploying mechanisms to revoke signed content

• What is the traditional role if corporate security at a mobile operator?
• Security regulations and legal security compliance
• Developing internal standards and guidelines for security incidents
• Assuming a new role in corporate security as a partner of business, management and IT operations
• Integrating security risk management in a mobile operator’s process framework
• Making security transparent (ALE, ROSI,TCO)
• Integrating Security (Risk Management, Development, Operations)
• Security as an additional business enabler
• Facing customers needs

• Managing multiple identities in a logical way
• How will customer information be collected from IP and IMS services?
• Fraud detection - identifying the use of services that are not provisioned for the customer
• Identity mapping - what are the challenges of integrating new IP and IMS identities in order to link the services and transport layers?
• Evaluating fraud & risk types in IP & IMS

• The stages in the device security lifecycle
• Unique security challenges posed by digital content, network lock, and IMEI hacks
• Security strategies to combat hacking of mobile devices
• Security strategies to minimize the business impact of a successful attack

• An introduction to security and trust within OMTP
• What threats do mobile platforms come under and how can the mobile industry deal with these?
• Recommending an Advanced Trusted Environment to secure open mobile platforms

• As mobile handsets and PDAs become increasingly complex, how can the SIM card be used to provide protection against manipulation by unauthorised users?
• Reviewing the cryptographic capabilities implemented by current Java Cards
• State of the art of RSA and Elliptic Curve Cryptography
• How can these cryptographic capabilities, along with open APIs, help companies, goverments, etc. to deploy secure mobile services
• Examples of PKI applications currently developing at Telefónica Moviles

• Analyzing the current conditions leading to the 2010 system-on-chip(SOC) from the security point of view
• What are the main market trends and usage models?
• What types of security architectures are likely to thrive in the next generation of electronics devices?
• Examining current open industry problems in security - where is further R&D necessary in order to secure future handsets?

• Business & Technical Requirements
• Current attack vectors spotted in real hacking cases
• Case Study: 3 - Approaching issues from attacker's perspective

• Regulatory and legal concerns over un-restricted access to content.
• Worldwide variations in customer expectations and acceptance parameters.
• Preventing exploitation, protecting privacy and promoting personalisation.
• Network protection vs. handset protection?

• Evaluating the emerging threat of Java viruses for mobile operators
• With so many Java-enabled smartphones and feature-phones, what is being done to ensure they are secure?
• Should operators be more worried about Java being used to compromise devices, as opposed to smartphones using open operating systems and third party applications?