Centre for Security, Communications and Network Research

Plymouth University

Towards a Flexible, Multi-Level Security Framework for Mobile Devices

Clarke NL, Karatzouni S, Furnell SM

Proceedings of the 10th Security Conference

Las Vegas, USA, 4-6 May

2011

The mobile device has become a ubiquitous technology that is capable of supporting an increasingly large array of services, applications and information. Given their increasing importance, it is imperative to ensure that such devices are not misused or abused. Unfortunately, a key enabling control to prevent this, user authentication, has not kept up with the advances in device technology. Although frequently reported as weak and insufficient, Personal Identification Numbers (PINs) are still the predominant form of authentication. Moreover, this form of authentication is point-of-entry only; thus failing to re-establish the authenticity of the user beyond power-on. This paper proposes the use of transparent, continuous biometric authentication of the user: providing more secure identity verification; minimising user inconvenience; and providing security throughout the period of use. It is also recognised that not all services, applications and information have the same security requirements and the paper proposes an approach for establishing what level of security to provide based upon individual services and applications. The Personal Security Model (PSM), Simple Risk Assessment Model (SRAM) and Organisational Risk Assessment Model (ORAM) are three techniques for establishing the security requirements for individual services and applications based upon the responsible stakeholder (i.e. end-user or organisation) and their associated level of knowledge.

This publication is available for on-line download (PDF).