Mobile Security - How Vulnerable is it?

According to Global mobile Suppliers Association, the worldwide mobile phone subscriptions have passed the 2 billion mark in 2006. Currently, there are over a thousand commercial mobile networks and over two thousand different mobile phone models worldwide. To provide security for these complex network systems and devices is not an easy task. The threats against voice-centric mobile networks and services are used to be minor compared to those against wired networks. However, mobile security is becoming an increasingly important concern due to the move to 3G and data-centric applications such as the web, multimedia communication and voice over IP. The areas of concern include, but are not limited to, information confidentiality, data integrity and service availability.

One of the most significant threats against mobile security is malware such as viruses, worms, and Trojans. These malicious programs can access services via multimedia messages, Bluetooth, or WiFi connections, and as a result can cause undesirable consequences. More specifically, they may:

• Increase your service bill without the owner¡¯s knowledge. For example, a Trojan hidden in a game can send SMS messages to expensive toll numbers.
• Destroy or steal critical information such as emails, personal account numbers and passwords.
• Attempt to spread to other phones, causing disturbance.
• Disturb a mobile or wireless network.

Other threats to mobile networks include disclosure of information transmitted over air links, man-in-the-middle attacks, denial of service, and attacks against the network infrastructure. We have seen security threats targeting not only the transport mechanism, but also services, applications, and infrastructures.

In this seminar, we invite top industry domain experts to share their vision on mobile security:

• Could mobile security become an urgent issue in the near future?
• Is the market for mobile security solutions real?
• Will investors look to invest in new mobile security products?
• Is mobile security of more importance in the Asia market?
• Who has the most concerns, end users or service providers?
• How much impact is it to the network, to enterprises and to the service providers?
• How well are the mobile networks, enterprise management systems and mobile devices equipped against security threats?
• How to protect confidential information inside a stolen mobile device or in the service providers¡¯ network?
• How do security problems affect business and end user usage? For example, who will pay airtime usage for security software updates?
• How much does it cost end users to add new security measures?
• Are there new business opportunities for solution providers?

Date: January 13, 2007

Time: 1:00 - 4:00 pm (Registration starts at 12:30 pm)

Venue: Pillsbury Winthrop Shaw Pittman LLP
2475 Hanover Street
Palo Alto, CA 94304

Light refreshment will be provided.

Moderator:

Dr. Chenxi Wang, Associate Professor, Carnegie Mellon University. Principal Scientist, KSR. Inc.

Panelists:

Dr. James Kempf: Research Fellow, Docomo USA labs. IETF working group chairs for SEND and Seamoby Dr. Wen-Pai Lu: President, Silicon-Valley China Wireless Technology Association

Robert McCormack: President, Mustang Ventures

John Muir: Managing Partner, Trusted Strategies

Breaux A. Walker: Managing Director, East Peak Advisors

Language: English

Fee:
Regular member: Free
Associate member: $20 RSVP, $25 at the door
Non-member: $20 RSVP, $25 at the door

RSVP:
rsvp@svcwireless.org with the following subject line: "1/13: Your Name"

Contact and More Information:

Yuan Tian, yuan.tian@svcwireless.org

Jenny Oshima, jenny.oshima@gmail.net

Speaker Bio:

Moderator

Dr. Chenxi Wang, Associate Professor of Carnegie Mellon University, is a recognized researcher in information and network security. Dr. Wang also serves as principal scientist at KSR. Inc. While at CMU, Dr. Wang spearheaded a number of highly recognized research effort, including serving as the PI for an ITR research award and Co-PI for a NSF-funded CyberTrust research center at CMU's CyLab. Her research project on malware, Coral, was selected as the PaCSCI award winner for commercialization by the Pittsburgh Technical Collaborative Council in 2005. She authored and co-authored over 20 original research papers on computer and network security. Her work on adaptive scanner detection received the best paper award at the 2006 International Conference of Applied Cryptology and Network Security. Dr. Wang serves on the technology advisory board for TriCipher Inc. She was an expert consultant for HP, Lucent, Emerson, and MountainWave. Dr. Wang received her Ph.D. with honors in 2001 from the University of Virginia. From 1996 to 1997, She held a research associate position at Citigroup. Apart from her academic and industry endeavors, Dr. Wang is an expert witness consultant for the Federal Trade Commission against online malware vendors.

Panelists:

Dr. James Kempf has been active in systems and software research, with occasional dips into product development, in Silicon Valley since 1983. Prior to his current position, Dr. Kempf worked at Sun Microsystems for 13 years, where he was involved in a variety of research projects among them in 1994 a prototype of a SPARC-based tablet computer with early 802.11 support. Dr. Kempf has been active in a variety of standards organizations and industry fora, including chairing the Mobile Wireless Internet Forum (MWIF) IP in the RAN working group. In 1998, Dr. Kempf became active in the Internet Engineering Task Force (IETF), and from 2002 through 2004 served on the Internet Architecture Board. Dr. Kempf has chaired three working groups at IETF, including the Secure NEighbor Discovery (SEND) working group, which developed a protocol to secure IPv6 against the equivalent of ARP spoofing. In addition to SEND, Dr. Kempf has been involved in security research at DoCoMo Labs USA on location privacy and address authorization for multi-host addresses, such as multicast addresses. Dr. Kempf's research interests include wireless Internet security, advanced routing algorithms, and new Internet architectures.

Dr. Wen-Pai Lu started his security works from his research assignments on network security before the Internet era. Throughout his career, he was one of the founders of the LAN security standard in IEEE 802 (802.10 LAN Security standard) and served as the editor for the 802.10a. Currently, he is focusing on the mobile security architectural and design works, primary targeted to the mobile service providers. He has earned several industry security certifications such as CISSP, GSEC (GIAC Security Essential), GIPS (GIAC Intrusion Prevention) and GSNA (GIAC System & Network Audit)

He was very active in many standard communities such as in Open Mobile Alliance (OMA) developing mobile web services architecture and services. He also had been very active in Mobile Wireless Internet Forum (MWIF) where he oversaw the security activities in the Mobile Internet and leading the security task forces. He was also developing interfaces and architecture for Mobile Internet applications and services. In MWIF he was served as a co-chairman for the Proof of Concept (POC) and architecture working groups in MWIF and developing security solution for IP Radio Access Network (RAN) in all-IP mobile wireless network (4G and beyond). He was also active in ATM Forum, Frame Relay Forum as well as FDDI (ANSI X3T5) standard group. In ATM Forum, he was involved in the development of LANE. He is also an ATM Forum Ambassador for LANE and MPOA.

He has published over 16 technical papers in the technical journals as well as in the technical conferences with three distinct papers particularly published in the IEEE technical journals such as Transaction on Communications, and Transaction on Software Engineering.

Mr. Rob McCormack has been a Managing Director at Mustang Ventures since 2004. Rob has spent ten years in the venture capital industry with prior experience at Trident Capital, Integral Capital Partners and Morgan Stanley Venture Partners. Previously, Rob served as Director of Business Development and General Manager of the Capital Markets Group at Risk Management Solutions, the leading provider of catastrophe risk assessment software and services to the insurance industry, and as a Production Engineer in Japan at Murata Manufacturing, a multi-billion dollar manufacturer of electronic components. He received his B.S. in Electrical Engineering and M.S. in Industrial Engineering from Stanford University.

Mr. John Muir has more than two decades of entrepreneurial experience in information technology (IT) security companies. He currently serves as managing partner of Trusted Strategies LLC, a research and consulting firm that advises both developers of IT security products and investors in the security sector. As a co-founder of Enigma Logic Inc. in 1982, he helped develop the first software dynamic-password user authentication system suitable for large-scale deployment at organizations such as Citicorp, Boeing, Cisco, Federal Express and the US government and he was awarded a patent for advanced authentication technology.

After Enigma Logic was acquired in 1996 by Secure Computing Corporation, Mr. Muir served as Vice President of the Authentication Division. In 1998 Mr. Muir left Secure Computing to found Pointsec Mobile Technologies, the US subsidiary of publicly held Protect Data Group of Stockholm Sweden. Here he oversaw the development and marketing of the Pointsec encryption system for mobile computing devices such as notebook PCs, PDAs, and smart phones.

In addition to authoring numerous articles on network security and making presentations at various security conferences, Mr. Muir has developed security courseware for the National Center for Manufacturing Services (NCMS). A graduate of the University of California Berkeley in International Economics, Mr. Muir later received an MBA from Harvard Graduate School of Business Administration.

Mr. Breaux A. Walker Prior to joining East Peak Advisors, Breaux Walker was the Managing Partner of Daintree Partners, a boutique investment bank focused on the mobile, Internet, and software sectors. At Daintree, Mr. Walker advised the firm's clients on mergers, acquisitions, and financings in the US and China. Prior to founding Daintree, Mr. Walker was Senior Vice President of Business Development at Vytek Wireless, a Mobius Ventures and CIBC-backed wireless software and systems integrator. In this capacity, he managed business development activities across all Vytek divisions and developed revenue relationships with ISVs, integrators, and carriers. During his time at Vytek, Walker identified an acquisition that increased Vytek's revenues by 80 percent and lead to the company's successful sale to California Amplifier.

Prior to joining Vytek, Walker was the Vice President of Network Products and Carrier Relations at Mobilesys, a wireless software company. At Mobilesys, Walker was responsible for managing Mobilesys' core messaging network product and for building relationships with the global wireless carriers. He established mobile data revenue relationships with many of the leading wireless carriers.

Prior to joining Mobilesys, Mr. Walker was the Chief Operating Officer at iNeed.com, an Internet-based exchange targeting services companies. Breaux joined iNeed.com from USWeb/CKS where he was the Director of Mergers and Acquisitions. While at USWeb, he was a member of a team that completed over 50 acquisitions building the company into a leading Internet software and systems integrator. USWeb recruited Mr. Walker from CBVCOM, an Internet software services and development company he founded in Shanghai, China.

Walker was a pioneer of China's Internet and founded the Shanghai Internet User Group. Prior to founding CBVCOM, Walker was an investment banker with Merrill Lynch in New York. Walker has a BA from Wesleyan University in Middletown, CT and is fluent in Mandarin Chinese and Spanish.