In a recent paper titled Mobile Terminal Security, co-authors from Gemplus Innovation in France and Dublin City University in Ireland describe the vulnerabilities of mobile devices as follows:
[These devices] need essentially the same types of security measures as enterprise networks—access control, user authentication, data encryption, a firewall, intrusion prevention and protection from malicious code. [Yet] handheld devices and smart phones are often used precisely where they're most vulnerable—in public places, lobbies, taxis, airplanes—where risks include loss; probing or downloading of data by unauthorized persons; and frequently, theft and analysis of the device itself. Hence, in addition to logical security measures, mobile devices must [include] protective mechanisms against physical attacks.
Mobile devices are at risk both for the information they store and also for the information they transmit. PIN numbers, corporate passwords, bank account and credit card numbers are all at risk of theft if a device holding them is lost, stolen, hacked into or intercepted. The different connectivity approaches are attended by different degrees of risk. GSM, for example, provides one-way authentication—to the network but not from the network—which could allow someone to pose as the network and interact maliciously with the device. As well, GSM is not secured against active attacks.
Short-range standards such as Bluetooth make it possible for users to synchronize their wireless devices locally, but Bluetooth's PIN-based security mechanism has been shown to lack sufficient robustness for sensitive transactions of the sort being considered here. For its part, MeT recommends the use of near field communication (NFC) for mobile-device transactions. NFC is a standards-based, very short-range connectivity technology. Operating at around 13.56 MHz over just a few centimeters, it supports contactless identification and interconnection and conforms to ISO, ECMA, and ETSI standards.
Even so, given the need to protect both the data stored on the device and data in transmission, the most prudent approach is to embed security within the architecture of the device itself. As the authors of Mobile Terminal Security put it: "System architects should keep in mind that threats should be dealt with at the design level, the implementation level and the application use level." This has to be done in an interoperable way, transparent to the user and without having a negative effect on the performance of the device overall.
Back to basics
While it is a complicated challenge to balance stringent security needs with convenient, real-world usability, the good news is that the fundamentals of security—established practices used today in secure systems of all kinds still apply. In other words, there's no need to reinvent the wheel.
Transaction-based systems require three main features:
- Strong authentication. The system must be absolutely certain of who is participating in a given transaction.
- Non-repudiation. When a transaction is completed, there must be no way for either party to deny that it was executed willingly. This has historically been achieved through signed contracts or credit-card slips (where the signature on the slip prevents the purchaser from denying having made the purchase). In the digital world, the same method is employed via digital signatures.
- Confidentiality. Personal data on a device should be protected from casual access and data moving between devices during a transaction must be encrypted to avoid leaking private or transactional information.
Privacy protection is of paramount importance to many users of electronic transaction systems, in part because the possibilities for abuses of the system are fairly obvious. Examples include the unauthorized collection of personal data from a badly secured device; tracking a person's movements by charting the location of his or her phone; eavesdropping on transactions; and interfering to make a service unreliable.
