TekPlus - Why the Interest in Mobile Phone Security?

Figure 1.1 shows the suitability of the different biometric technologies to mobile devices. Generally, behavioral biometrics is sufficient for low-to-moderate security applications and physical biometrics for high-security applications.

In discussing the use of biometrics we also fail to appreciate the fact that mobile devices are able to store more and more information, this may be personal, corporate or other equally sensitive data. It is not only the mobile phone account that needs to be protected but also the device and data stored on the device as well. The security of mobile devices goes far beyond that of the provision of biometric solutions and extends to the provision of anti-virus software, access control software, encryption software on the device itself and sufficient back-end security as provided by the service provider delivering a mobile solution. So if governments are going to have an opinion on mobile device security then they need to look at the wider threat that mobile devices can suffer and the entire infrastructure that supports them.

So in order to provide real security and make the theft of mobile devices less attractive, theft of data stored on devices, damage to data, unauthorized access to mobile operator and enterprise networks mobile device manufacturers etc, mobile operators and users all have their part to play in ensuring end-to-end security is achieved. It is not simply the mobile phone that needs protecting, but all the components that make up the mobile network from back end infrastructure through to the device.

Huge Increases in Mobile Phone Theft Forces the UK Government to Take an Interest in Handset Security

Security is an issue we all have a vested interest in and it is something that governments continue to grapple with in attempting to reduce crime and misdemeanors, however it is unusual for governments to call for companies to improve the security features of their products. This is exactly what has happened in the UK where the government has asked mobile phone manufacturers to improve the security features of their mobile phones so that they are more difficult to use once stolen. This is a direct result of the huge increase in mobile related street crime, one third of street crime involves the theft of a mobile phone; a mobile phone is stolen every 3 minutes on average.

It is not just the mobile phone security features that are important it is the way mobile phones are used as well, users must also be educated as to when and how to use them without drawing attention to themselves and the phone. If we flash an expensive phone around we are bound to draw attention to ourselves, in the same way that we are more likely to have a wallet or purse stolen if someone sees where we place it on our person. It may also be as simple as using hands-free headsets, with the phone staying safe in our pocket; many mobiles are stolen out of the hand of the people when in use. Mobile phone users must be wise and cautious about using their mobile phone. We can learn from those glamorous women that wear fake diamond jewellery outdoors and leave the gems at home, we do not always need to take our expensive mobile phone with us, we can pop the SIM card into a different less sought after model (is this sign of things to come??). This is all well and good but does not diminish the impact that a stolen mobile phone can have on a customer and the operator in terms of inconvenience and lost revenue. No-one wishes to lose out financially and so added security features would appear to diminish the negative impact a stolen mobile phone, and biometrics may fill this gap and become a useful solution. In addition, we should not only consider mobile phones in this discussion but also lap top computers, PDAs and other mobile devices that are becoming more common and more attractive items.

What Biometric Solutions are Available?

Security systems use biometrics for two basic purposes: to verify or to identify users. Identification tends to be the more difficult of the two uses because a system must search a database of enrolled users to find a match. The biometric that a security system employs depends in part on what the system is protecting and what it is trying to protect against.

Physical lock-downs can protect hardware, and passwords are the most popular way to protect data on a network or a mobile device. Biometrics, however, have the potential to increase the ability to protect mobile devices, the device itself and the data it stores. Using biometrics also allows a hierarchical structure of data protection, making the data even more secure: Biometrics adds another level of security, in so much as a smart card or security token could also provide this added level of security. Many banks have already researched the ability to better authenticate customers and ensure non-repudiation of on-line and mobile banking, trading, and purchasing transactions. Point-of-sales (POS) system vendors also pursued cardholder verification methods, which would enlist smart cards and biometrics to replace signature verification.

Problems with Biometrics

for Mobile Devices A major problem with biometrics is how and where to store the user's template. This template stores the subscriber’s personal characters; its storage introduces privacy concerns. However, if the template is stored on a centralised database, this leaves the template open to attack. Storing the template on a smart card does enhance individual privacy and increases protection from attack, however this requires users to manage and control their templates.

Biometrics solutions are likely to become an increasing feature of many mobile devices, since they can now be more readily added to smart cards. Vendors are able to build a fingerprint scanner into a device that verifies information stored on the smart card, Applied Biometrics and Fingerprint Cards have developed such technology. This provides strong security since cardholders must authenticate themselves to the card. Once this is done the person can have access to PKI (Public Key Identifier), biometrics provides a solution to protect PKI stored on smart cards. Biometrics can also be used to protect private-keys stored on smart cards. PKI is open to attack, it has to be portable and this can be difficult to protect, so biometrics can be added to protect them.

Most applicable biometric solutions for the mobile device market include fingerprint, signature and voice recognition systems. The small footprint of these technologies makes them suitable for small electronic devices. Fingerprint verification once required large equipment but now biometric fingerprint technology is available that runs on mobile device platforms, battery and CPU power.

Figure 1.1 Mobile Devices and Suitability of Biometrics

VIEW POINTS

Ref:TP0039A02V01

Why the Interest in Mobile Phone Security?