Mobile Device Encryption Systems

Abstract : The initially consumer oriented iOS and Android platforms, and the newly available Windows Phone 8 platform start to play an important role within business related areas. Within the business context, the devices are typically deployed via mobile device management (MDM) solutions, or within the bring-your-own-device (BYOD) context. In both scenarios, the security depends on many platform security functions, such as permission systems, management capabilities, screen locks, low-level malware protection systems, and access and data protection systems. Especially, the latter play a crucial rule for the security of stored data. While the access protection part is related to the typically used passcodes that protect the smartphone from unauthorized tempering, the data protection facility is used to encrypt the core assets – the application data and credentials. The applied encryption protects the data when access to the smartphone is gained either through theft or malicious software. While all of the current platforms support these systems and market these features extensively within the business context, there are huge differences in the implemented systems that need to be considered for deployment scenarios that require high security levels. Even under the assumption, that the underlying encryption systems are implemented correctly, the heterogeneity of the systems allows for a wide range of attacks that exploit various issues related to deployment, development and configuration of the different systems.In order to address this situation, this paper presents an analysis of the access and data protection systems of the currently most popular platforms. Due to the important influence of the developer on the security of the iOS Data Protection system, we also present a tool that supports administrators in evaluating the right choice of data protection classes in arbitrary iOS applications.
Type de document :
Communication dans un congrès
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.203-216, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_16〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01463828
Contributeur : Hal Ifip <>
Soumis le : jeudi 9 février 2017 - 17:23:50
Dernière modification le : jeudi 9 février 2017 - 17:37:20
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:45:31

Fichier

978-3-642-39218-4_16_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Peter Teufl, Thomas Zefferer, Christof Stromberger. Mobile Device Encryption Systems. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.203-216, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_16〉. 〈hal-01463828〉

Partager

Métriques

Consultations de la notice

52

Téléchargements de fichiers

77