Towards a Flexible, Multi-Level Security Framework for Mobile Devices
Clarke NL, Karatzouni S, Furnell SM
Proceedings of the 10th Security Conference
Las Vegas, USA, 4-6 May
The mobile device has become a ubiquitous technology that is capable of supporting an increasingly large array of services, applications and information. Given their increasing importance, it is imperative to ensure that such devices are not misused or abused. Unfortunately, a key enabling control to prevent this, user authentication, has not kept up with the advances in device technology. Although frequently reported as weak and insufficient, Personal Identification Numbers (PINs) are still the predominant form of authentication. Moreover, this form of authentication is point-of-entry only; thus failing to re-establish the authenticity of the user beyond power-on. This paper proposes the use of transparent, continuous biometric authentication of the user: providing more secure identity verification; minimising user inconvenience; and providing security throughout the period of use. It is also recognised that not all services, applications and information have the same security requirements and the paper proposes an approach for establishing what level of security to provide based upon individual services and applications. The Personal Security Model (PSM), Simple Risk Assessment Model (SRAM) and Organisational Risk Assessment Model (ORAM) are three techniques for establishing the security requirements for individual services and applications based upon the responsible stakeholder (i.e. end-user or organisation) and their associated level of knowledge.
This publication is available for on-line download (PDF).
Request a copy
Please complete the following form (required fields indicated with *)
Please only submit the form once, it may take a few seconds to process.
Centre for Security, Communications and Network Research (CSCAN), Room A304 Portland Square, Plymouth University, Plymouth, PL4 8AA, United Kingdom
Telephone: +44 (0) 1752 586234, Fax: +44 (0) 1752 586300, Email: email@example.com