1 / 16

Are You Even Remotely Secure? The Mobile Device Dilemma

Are You Even Remotely Secure? The Mobile Device Dilemma. Steven Furnell Network Research Group University of Plymouth United Kingdom. Power on the move. Various devices Smartphones, PDAs, laptops Feature-rich High volumes of storage High levels of connectivity (Cellular, WLAN, WPAN)

elvis-yates
Download Presentation

Are You Even Remotely Secure? The Mobile Device Dilemma

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Are You Even Remotely Secure?The Mobile Device Dilemma Steven Furnell Network Research Group University of Plymouth United Kingdom

  2. Power on the move • Various devices • Smartphones, PDAs, laptops • Feature-rich • High volumes of storage • High levels of connectivity (Cellular, WLAN, WPAN) • Capable of supporting personal and business applications

  3. An unrecognised risk? • Sensitive data is stored in an inherently more vulnerable location BUT • Likely to receive less protection and the available options may be more limited • Attitudes towards protection are often different to the desktop

  4. A lack of security • One in three companies now have more than half of their staff using a mobile device • 60% of these do not have any form of encryption (Pointsec, 2007) • PDAs are already used by 63% of respondents (with a further 12% planning to use them) • only 12% considered them to be a high risk (Audit Commission, 2005)

  5. Sensitive data on the move • Over 80% of new and critical data is now stored on mobile devices (Gartner, 2006) • Survey of 104 IT professionals: • 78% had sensitive information (e.g. emails and passwords) on their mobile devices • only 62% of them were using techniques such as encryption, passwords or PINs (iAnywhere, 2006)

  6. Data versus security (Pointsec, 2006)

  7. A matter of personal perception? • “As a general user … there’s no data on there that I class that sensitive” • “The issue of security hasn’t arisen with this yet, but probably will do at some stage” • “I’m not sure that anybody would want to steal my information, I don’t perceive myself to be that important” (Karatzouni et al. 2007)

  8. The need for security • Mobile devices left in London Taxis in the 6 months to November 2006: • 54,872 phones • 4,718 PDAs • 3,179 laptops • 923 memory sticks (Pointsec Global Taxi Survey) • Phone theft accounts for 45% of overall theft on London Underground (British Transport Police) • On average companies admit to losing 5% of their mobile devices (Pointsec, 2007)

  9. A matter of policy? “Explicit requirements for mobile computing and teleworking access control exist but are not yet fully documented” “Organizations may not know how to address this risk or may not have agreed to the level of risk that these technologies pose and therefore the remediation strategies” (Ernst & Young, Global Information Security Survey 2006)

  10. Protection possibilities • Various opportunities, especially if the device is properly administered by the organisation: • Authentication • Encryption • Data transfer control • Firewall • Anti-virus • Remote wipe • Tracking software • Complicated by use of personal devices

  11. User authentication on mobile devices • Currently dominated by PIN-based methods • ineffective, unpopular and inconvenient • Survey of almost 300 mobile users: • 66% of respondents use the PIN • 45% retain the default PIN • 38% had to obtain a Personal Unblocking Key • 30% considered the PIN inconvenient • 25% were confident in the protection provided • 85% want additional security (Clarke and Furnell, 2005)

  12. PIN problems • “I always forget my PIN” • “I never turn my phone off so if I lost it, it would be on anyway” • “I don’t see any point using it myself cause I never turn my phone off” (Karatzouni et al. 2007)

  13. A matter of understanding? • On a smartphone, proper asset protection requires two PINs: • Device – to protect data • SIM – to protect account • However, many users: • do not appreciate the need for two PINs • fail to understand the difference • are unwilling to tolerate or manage two separate secrets

  14. A matter of convenience? • Alternatives that work on laptops are not so well-suited to phones and PDAs • Windows Mobile allows the ‘password type’ to be ‘Simple 4 digit’ or ‘Strong alphanumeric’ (i.e. at least 7 characters, including “a combination of upper and lowercase letters, numerals or punctuation”) • few users will wish to tolerate the latter • Biometrics are in relatively short supply • debuted on iPAQs in 2003, but only supported on one out of the eight current UK models

  15. Signature Recognition Service Utilisation Facial Recognition Keystroke Dynamics Voice Verification Future possibilities?

  16. Prof. Steven Furnellsfurnell@plymouth.ac.ukNetwork Research Groupwww.plymouth.ac.uk/nrg

More Related