Future consumer mobile phone security: a case study using the data centric security model

In the interconnected world that we live in, traditional security barriers are\ud broken down. Developments such as outsourcing, increased usage of mobile\ud devices and wireless networks each cause new security problems.\ud To address the new security threats, a number of solutions have been suggested,\ud mostly aiming at securing data rather than whole systems or networks.\ud However, these visions (such as proposed by the Jericho Forum [9] and IBM\ud [4]) are mostly concerned with large (inter-) enterprise systems. Until now, it is\ud unclear what data-centric security could mean for other systems and environments.\ud One particular category of systems that has been neglected is that of\ud consumer mobile phones. Currently, data security is usually limited to a PIN\ud number on startup and the option to disable wireless connections. The lack of\ud protection does not seem justified, as these devices have steadily increased in\ud capabilities and capacity; they can connect wirelessly to the Internet and have\ud a high risk of being lost or stolen [8]. This not only puts end users at risk, but\ud also their contacts, as phones can contain privacy sensitive data of many others.\ud For example, if birth dates and addresses are kept with the contact records, in\ud many cases a thief will have enough information to impersonate a contact and\ud steal his identity.\ud Could consumer mobile phones benefit from data-centric security? How\ud useful is data-centric security in this context? These are the core questions we\ud will try to address here