Essay Sample on Mobile Application Architecture

Introduction

With the technological advancement and the widespread use of mobile phones, I see this platform as the most appropriate to launch the application on. The app will be an android application and will run on an android mobile or tablet of any size. The application has a huge potential of increasing sales due to more customers gaining access to its use (Bhaskar, Raju, Paladugu & Reddy, 2013).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The end-user presents the weakest part of the system. The end-user is always the target for any by cyber attackers. Thus, to prevent attackers from exploiting the weak link, the design will implement complex web encryption security measures (Hacini, 2013).

Accidental disclosures, deliberate penetrations as well as physical attacks present common vulnerabilities to a network. Accidental disclosures occur due to software or hardware crashes or ignorant decisions from the user. HTTPS and VPN connection will be employed. A physical attack refers to the dangers modelled by users on physical infrastructure or environments. These attacks require design and implementation of a physical security program

Despite implementing web authentication in design, other security features will also be implemented. A traditional password will still be utilised. A two-level authentication will be incorporated in the design to offer additional security (M & G, 2012). Upon being launched, the application will be made available on Google-play for any interested parties to download and install.

The application will be designed in such a way that entry points in all trust boundaries ensure data is validated explicitly. No assumptions will be made on any data since this could later turn out as a source of the security breach.

The application will run on all Android devices. Additionally, Wire-shark network protocol analyser will be incorporated as part of the system to enable detection of abnormal activities in the system protocol analysers. The Android device will run on SQL server but will seek cloud computing services for data backup (Chondamrongkul & Chondamrongkul, 2017).

Application Requirements

Being an online store application, the company will greatly increase its sales since the application will ensure more customers are reached (Kumar, 2016). The application will be simple and easy to use one since it will be designed in a way that it minimises chances of customer frustrations due to complex features. The application is intended to store company on goods on sale at the online store as well as client data such as the login details and the client's card and mobile payment options (Kumar, 2016). The application also intends to incorporate third-party sellers who may be willing to sell their products in the online store; thus third-party data will also be stored by the application.

To speed up the company will implement the cloud computing technology to store information from other companies. Being cheaper to acquire and easier appropriate for storage of complex data, the company believes that this alternative will prove very effective. To ensure cloud storage and data exchange, a cloud provider will give companies access to copy a directory to the cloud in form as a backup that will be utilised on the mobile application. This will ensure very effective cooperation with the outside companies . Apart from other partner company's data, the company also intends to seek cloud computing services to back up their data. This will ensure little data loss will be experienced in case of a disaster (Nyambo et al., 2016). No personal data will be sent to the company databases apart from the data regarding the geographic location, contact data and the sales information.

To ensure secure data exchange between the systems, the application will employ the Virtual Private Network (VPN) technology. A VPN provides a protected connection mechanism for all the data and information that is transmitted between networks and mobile device applications. Mobile VPN's guards the privacy, honesty, entree, and accessibility of delicate information (Spyrou, Samaras, Pitoura & Evripidou, 2004). No third party can alter the security properties of a VPN (Noor, Abbas & Shahid, 2018). No outsider can alter any information including the provider. The provider can only make changes on the path The difference between mobile VPN's and other VPN's is it links users to web browsers and IPsec VPN's

Compared to a non-jail broken device, a jailbroken device can be more susceptible to infections by malware such as viruses besides making it easier for the operating system to be compromised. Additionally, most jailbroken devices can install a secure shell server that can be employed by exploited by attackers to launch an attack. Considering the sensitivity of the data as well as the functionality of the application, the developers will in

corporate a feature in the application that will block execution of applications from jailbroken devices (M & G, 2012). This ensures the security threats associated with running applications on jail broken applications are minimized since these applications are regarded as threat agents.

Threats to Mobile Applications

Regardless of how secure and protected the device is, the chances of being attacked are always high. Thus, it is always important that the device safety is always taken into consideration while designing applications.

Human interaction raises the chances of unauthorized access to the device. The interaction can lead to a device being stolen from the user thus resulting in unauthorized access to the application (Chondamrongkul & Chondamrongkul, 2017). Thus a stolen device user is a very big threat to the security of the mobile application since human beings interact daily and so chances of a device being stolen on accessed by third parties are high. Stolen device user refers to an owner who is attempting to gain unauthorized entree to a device that is attempting to gain memory related discrete data of the owner of the device they authoritatively possess (Altalbe, 2013). To mitigate this, the application is designed in such a way that after four minutes of inactivity, the app locks itself automatically and requests that the user enters a password to access the application features.

Automated programs are threats that occur without being detected, and they do not demand a lot of interaction from the personnel. Automated programs include malware on the device, malware on the program, malicious SMS and malicious applications. Malware on the device may include such can be in the form of a mobile application that has questionable activities. They act as the process and at time create malicious attacks (Ranjith Kanna Kanna, Sunkari & Chander, 2011). They can fake messages or even alter the internet history. A malicious application is the failure to find susceptible codes and attacks against the application store

Methods of Attack

Spoofing Attack

It refers to an attack which occurs as a result of a malicious party impersonating another device or user on a network with the aim of launching an attack against the host and steals data or spread malware that may help them bypass the access security of an application (M & G, 2012). These kinds of attacks include IP address spoofing attack, ARP spoofing attacks and DNS spoofing attacks (Malik & Syal, 2010). To ensure these attacks are fully comprehended, the designers will ensure they conduct an in-depth study of the IP packet construction since majority cyber-attack start from errors within the basic network designs.DNS spoofing attacks the main server leading to change of DNS entries into the attacker IP address (M & G, 2012) (Malik & Syal, 2010). This results in an email and web traffic being sent to the attacker. This impersonation is achieved through generation of a false email, web address or hyperlink.

Sniffing Attack

A sniffing attack on the context of IT security refers to a scenario where data is stolen or intercepted by employing a sniffer to capture network traffic. By using a sniffer application, the attacker can analyze the network and steal some information or even read the communications occurring in the network. It can lead to theft of sensitive information such as usernames, passwords, and bank cards details among other sensitive data. Sniffing attacks will be prevented through encryption. Encryption will ensure that in events where a network is being sniffed, the attacker will find it hard to make sense of any data being transmitted. When transferring data to the servers, the HTTPs protocol will be employed since they are more secure than HTTP protocols.

SQL InjectionThis attack is among the most dangerous and destructive attack that an application can be exposed to. In situations where data is sent to the servers unvalidated and unsanitized,, it is possible for a hacker to manipulate the query leading to the server returning completely different data from what was requested. SQL injection functions through taking advantage of a vulnerability in the system such as lack of proper data validation. It is most common to websites but also occurs to applications that use SQL databases and HTML since most applications use HTML for data display.

Detection of Cyber-Attacks

Tools such as Wireshark or other protocol analyzers will be employed in the analysis and identification of any suspicious activity within the network. Reports from the end user can also prove very helpful in the detection of any malware activity. In most cases, the user is the first person to detect abnormal behaviour in a system such as excessive pop-ups or unauthorised toolbars. File changes such as replacement, modification or file deletion and addition can be a clear sign of a database attack. Additionally, failure of some design future of denial of service access can act as a true indicator of an attack or an attempted attack.

Controls

Spoofing Attack Control

To prevent such attacks, the designers will implement two security features. One feature is the packet filtering feature, by including packet filters in the design, the IP address spoofing threat will be mitigated. The design will ensure the packets with a different IP address are filtered or blocked. The second feature that will be incorporated is the use of cryptographic network protocols. This will be achieved through the use of secure communication protocols such as Transport Layer Security (TLS), Secure Shell (SSH), HTTP as well as the secure HTTPS. These will boost security through ensuring data is encrypted before it is sent and also authenticated as it is received.

Sniffing attack -To prevent sniffing attacks, network encryption will be performed in such a way that it will ensure that data transferred between parties is unreachable by a third party. By employing encryption, it ensures that in case a sniffer intercepts data, he finds it unusable since it is protected through encryption (Cho, Yi, Shrestha & Seo, 2017). Hackers can thus not view any information being transferred between the interfaces.

SQL Injection Attacks

To ensure this kind of attack is eliminated, the experienced group of programmers and database design experts will ensure that the codes are designed in such a way that data input is validated before being sent to the SQL databases (Alazab & Khresiat, 2016). Additionally, the programmers will ensure proper codes are written to ensure proper error handling and reporting both in the server and in the lines of code, so that error messages are never sent to the servers.

Confidentiality demands and user security...