Abstract
In the interconnected world that we live in, traditional security barriers are
broken down. Developments such as outsourcing, increased usage of mobile
devices and wireless networks each cause new security problems.
To address the new security threats, a number of solutions have been suggested,
mostly aiming at securing data rather than whole systems or networks.
However, these visions (such as proposed by the Jericho Forum [9] and IBM
[4]) are mostly concerned with large (inter-) enterprise systems. Until now, it is
unclear what data-centric security could mean for other systems and environments.
One particular category of systems that has been neglected is that of
consumer mobile phones. Currently, data security is usually limited to a PIN
number on startup and the option to disable wireless connections. The lack of
protection does not seem justified, as these devices have steadily increased in
capabilities and capacity; they can connect wirelessly to the Internet and have
a high risk of being lost or stolen [8]. This not only puts end users at risk, but
also their contacts, as phones can contain privacy sensitive data of many others.
For example, if birth dates and addresses are kept with the contact records, in
many cases a thief will have enough information to impersonate a contact and
steal his identity.
Could consumer mobile phones benefit from data-centric security? How
useful is data-centric security in this context? These are the core questions we
will try to address here.
Original language | Undefined |
---|---|
Publisher | University of Twente |
Number of pages | 12 |
Publication status | Published - 2008 |
Keywords
- IR-59617