Future consumer mobile phone security: a case study using the data centric security model

In the interconnected world that we live in, traditional security barriers are\ud broken down. Developments such as outsourcing, increased usage of mobile\ud devices and wireless networks each cause new security problems.\ud To address the new security threats, a number of solutions have been suggested,\ud mostly aiming at securing data rather than whole systems or networks.\ud However, these visions (such as proposed by the Jericho Forum [9] and IBM\ud [4]) are mostly concerned with large (inter-) enterprise systems. Until now, it is\ud unclear what data-centric security could mean for other systems and environments.\ud One particular category of systems that has been neglected is that of\ud consumer mobile phones. Currently, data security is usually limited to a PIN\ud number on startup and the option to disable wireless connections. The lack of\ud protection does not seem justified, as these devices have steadily increased in\ud capabilities and capacity; they can connect wirelessly to the Internet and have\ud a high risk of being lost or stolen [8]. This not only puts end users at risk, but\ud also their contacts, as phones can contain privacy sensitive data of many others.\ud For example, if birth dates and addresses are kept with the contact records, in\ud many cases a thief will have enough information to impersonate a contact and\ud steal his identity.\ud Could consumer mobile phones benefit from data-centric security? How\ud useful is data-centric security in this context? These are the core questions we\ud will try to address here

Exploring the adoption of physical security controls in smartphones

The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone user’s data from unauthorized physical access. We conducted a survey to measure their adoption and the rea-sons behind users’ selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access

Strategically Addressing the Latest Challenges of Workplace Mobility to Meet the Increasing Mobile Usage Demands

During this post-PC era, many organizations are embracing the concept of IT consumerization/ Bring-Your-Own Device (BYOD) in their workplace. BYOD is a strategy that enables employees to utilize their personally-owned mobile devices, such as smart phones, tablets, laptops, and netbooks, to connect to the corporate network and access enterprise data. It is estimated that employees will bring two to four Internet-capable devices to work for personal and professional activities. From increased employee satisfaction and productivity to lower IT equipment and operational expenditures, companies have recognized that mobile devices are reasonably essential to their own success. However, many organizations are facing significant challenges with the explosion of mobile devices being used today along with provisioning the appropriate supporting infrastructure due to the unprecedented demands on the wireless and network infrastructures. For example, there is not only a growth in the number of wirelessly connected devices but the amount of bandwidth being consumed on the enterprise networks as well which is furthermore driven by increased usage of video and enterprise applications. Managing mobility and storage along with securing corporate assets have become difficult tasks for IT professionals as many organizations underestimate the potential security and privacy risks of using wireless devices to access organizational resources and data. Therefore, to address the needs and requirements of a new mobile workforce, organizations must involve key members from the Information Technology (IT), Human Resources (HR) and various business units to evaluate the existing and emerging issues and risks posed by BYOD. Then a mobile strategy should be developed by taking into consideration the enterprise objectives to ensure it aligns with the overall organizational strategy. There are various solutions available to address the needs and demands of an organization, such as Distributed Intelligence Architecture, network optimization, monitoring tools, unified management and security platforms, and other security measures. By implementing a suitable mobile strategy, organizations can ensure their particular enterprise network and wireless architecture is designed for highly scalability, performance and reliability. They must also evaluate their existing policies and procedures to ensure appropriate security and privacy measures are in place to address the increasing mobile usage demands and potential liability risks. By taking these factors into consideration, our team has analyzed the current BYOD issues for Educational Testing Service (ETS), which is a non-profit organization based in Princeton, New Jersey. Our findings have revealed a few major technical concerns relating to inadequate network and wireless infrastructure and the lack of a unified management and security platform. Thus, the team has recommended for ETS to implement Distributed Intelligence Architecture, network optimization and Enterprise Mobility Management (EMM) to address and resolve their current issues and risks. In conclusion, companies are beginning to seize this transition in order to become competitive and productive in the workplace; however the unprecedented demands on the corporate network and risk to data security are critical aspects that need to be evaluated on an on-going basis. With this analysis, organizations can review, evaluate and implement the proposed solutions and best practices to address the most common BYOD-related issues that companies are facing these days. However, organizations should continually research the latest technologies that may be available and implement solutions that specifically meet their issues

The Supreme Digital Divide

Society has long struggled with the meaning of privacy in a modern world. This struggle is not new. With the advent of modern technology and information sharing, however, the challenges have become more complex. Socially, Americans seek to both protect their private lives, and also to utilize technology to connect with the world. Commercially, industries seek to obtain information from individuals, often without their consent, and sell it to the highest bidder. As technology has advanced, the ability of other individuals, institutions, and governments to encroach upon this privacy has strengthened. Nowhere is this tension between individual privacy rights and government security interests felt more acutely than within the context of the Fourth Amendment.Notwithstanding the long duration of this struggle, jurisprudentially, the nation is at a critical point. Traditionally, the touchstone for analyzing the boundaries of Fourth Amendment searches is reasonableness. Quite literally, therefore, the Supreme Court has the task of determining the unanswerable: What is reasonable? This task, combined with the modern realities of rapidly changing technology, increased use of government surveillance, and changing expectations and conceptions of privacy, as well as differing perspectives of privacy in a heterogeneous society, becomes an even further complicated endeavor.One of the significant realities in play at this critical juncture lies within the Court itself. This Article asserts that there is a new, different form of the digital divide — the divide between the perspective of the Court and twenty-first century realities — which negatively impacts Fourth Amendment jurisprudence. This Article focuses on two specific aspects of that gap, arguing that this gap in experience and perspective contributes to false presumptions by the Court, which then leads to less than optimal opinions. Such an approach creates a veritable house of cards in which the opinions themselves are weakened and erode over time. The potential of the Court to add crucial guidance in the area of privacy law in contemporary society is immense. That being said, any constructive impact is compromised when the validity of the opinions precludes their ability to withstand the test of time.This Article discusses the gap generally, with specific attention paid to the divide between the Court and technological realities, and the gap between the Court and the realities of modern policing and pressures on law enforcement. The author argues that these divides result in opinions purporting to determine what is reasonable in modern life, but which rest upon a set of inaccurate presumptions. By analyzing Riley v. California, in which the Court held that the police may not dispense with the warrant requirement to search arrestees’ cell phones incident to arrest, this paper demonstrates examples of this gap. In particular, the article explores three inaccurate presumptions made in Riley, arguing that they contribute to a failed jurisprudence in this critical area. The article concludes by offering concrete steps to close the digital divide and allow the Court to more effectively influence this critical area of the law and modern life

The Supreme Digital Divide

Society has long struggled with the meaning of privacy in a modern world. This struggle is not new. With the advent of modern technology and information sharing, however, the challenges have become more complex. Socially, Americans seek to both protect their private lives, and also to utilize technology to connect with the world. Commercially, industries seek to obtain information from individuals, often without their consent, and sell it to the highest bidder. As technology has advanced, the ability of other individuals, institutions, and governments to encroach upon this privacy has strengthened. Nowhere is this tension between individual privacy rights and government security interests felt more acutely than within the context of the Fourth Amendment.Notwithstanding the long duration of this struggle, jurisprudentially, the nation is at a critical point. Traditionally, the touchstone for analyzing the boundaries of Fourth Amendment searches is reasonableness. Quite literally, therefore, the Supreme Court has the task of determining the unanswerable: What is reasonable? This task, combined with the modern realities of rapidly changing technology, increased use of government surveillance, and changing expectations and conceptions of privacy, as well as differing perspectives of privacy in a heterogeneous society, becomes an even further complicated endeavor.One of the significant realities in play at this critical juncture lies within the Court itself. This Article asserts that there is a new, different form of the digital divide — the divide between the perspective of the Court and twenty-first century realities — which negatively impacts Fourth Amendment jurisprudence. This Article focuses on two specific aspects of that gap, arguing that this gap in experience and perspective contributes to false presumptions by the Court, which then leads to less than optimal opinions. Such an approach creates a veritable house of cards in which the opinions themselves are weakened and erode over time. The potential of the Court to add crucial guidance in the area of privacy law in contemporary society is immense. That being said, any constructive impact is compromised when the validity of the opinions precludes their ability to withstand the test of time.This Article discusses the gap generally, with specific attention paid to the divide between the Court and technological realities, and the gap between the Court and the realities of modern policing and pressures on law enforcement. The author argues that these divides result in opinions purporting to determine what is reasonable in modern life, but which rest upon a set of inaccurate presumptions. By analyzing Riley v. California, in which the Court held that the police may not dispense with the warrant requirement to search arrestees’ cell phones incident to arrest, this paper demonstrates examples of this gap. In particular, the article explores three inaccurate presumptions made in Riley, arguing that they contribute to a failed jurisprudence in this critical area. The article concludes by offering concrete steps to close the digital divide and allow the Court to more effectively influence this critical area of the law and modern life

Could Kill Switches Kill Phone Theft? Surveying Potential Solution for Smartphone Theft

This paper analyzes the potential efficacy of current proposals to deter smartphone theft and the broader implications they may have

Better the devil you know:using lost-smartphone scenarios to explore user perceptions of unauthorised access

Smartphones are a central part of modern life and contain vast amounts of personal and professional data as well as access to sensitive features such as banking and financial apps. As such protecting our smartphones from unauthorised access is of great importance, and users prioritise this over protecting their devices against digital security threats. Previous research has explored user experiences of unauthorised access to their smartphone - though the vast majority of these cases involve an attacker who is known to the user and knows an unlock code for the device. We presented 374 participants with a scenario concerning the loss of their smartphone in a public place. Participants were allocated to one of 3 scenario groups where a different unknown individual with malicious intentions finds the device and attempts to gain access to its contents. After exposure, we ask participants to envision a case where someone they know has a similar opportunity to attempt to gain access to their smartphone. We compare these instances with respect to differences in the motivations of the attacker, their skills and their knowledge of the user. We find that participants underestimate how commonly people who know them may be able to guess their PIN and overestimate the extent to which smartphones can be g'hacked into'. We discuss how concerns over the severity of an attack may cloud perceptions of its likelihood of success, potentially leading users to underestimate the likelihood of unauthorised access occurring from known attackers who can utilize personal knowledge to guess unlock codes.</p

Bring your own device: an overview of risk assessment

As organizations constantly strive to improve strategies for ICT management, one of the major challenges they must tackle is bring your own device (BYOD). BYOD is a term that collectively refers to the related technologies, concepts, and policies in which employees are allowed to access internal corporate IT resources, such as databases and applications, using their personal mobile devices like smartphones, laptop computers, and tablet PCs [1]. It is a side effect of the consumerization of IT, a term used to describe the growing tendency of the new information technologies to emerge first in the consumer market and then spread into business and government organizations [2]. Basically, employees want to act in an any-devices, anywhere work style, performing personal activities during work and working activities during personal time [2]. There are several risks associated with BYOD [3, p. 63], and the big gaps in BYOD policies adopted by today\u27s organizations [4, p. 194] show that the solution to BYOD is not well understood. This article establishes a background to understand BYOD risks by considering conditions that increase the occurrence of these risks and the consequences of the risks occurring. It then aims to present the most commonly adopted BYOD solutions, their limitations, and remedies, as well as important policy considerations for successfully implementing them

Security attacks taxonomy on bring your own devices (BYOD) model

Mobile devices, specifically smartphones, have become ubiquitous. For this reason, businesses are starting to develop “Bring Your Own Device” policies to allow their employees to use their owned devices in the workplace. BYOD offers many potential advantages: enhanced productivity, increased revenues, reduced mobile costs and IT efficiencies. However, due to emerging attacks and limitations on device resources, it is difficult to trust these devices with access to critical proprietary information. Therefore, in this paper, the potential attacks of BYOD and taxonomy of BYOD attacks are presented. Advanced persistent threat (APT) and malware attack are discussed in depth in this paper. Next, the proposed solution to mitigate the attacks of BYOD is discussed. Lastly, the evaluations of the proposed solutions based on the X. 800 security architecture are presented