KIRAS Security Research

2012

SeCom

Secure IT-Services on Mobile Devices

Mobile devices like smartphones or tablets are of increasing importance in nowadays information society. The application of mobile devices enables a user to access sensitive information from almost everywhere. Along this convenience goes the risk that data stored and processed on mobile devices may not enjoy the same level of protection as on a conventional desktop computer in a secure environment. Leakage of information from a transmission, theft or loss of the mobile device is a non-negligible security risk. Even though such risks may be bearable for an enterprise in certain situations concerning only non-sensitive information, high-security applications require immediate action in any case of potential information loss. Currently, only few solutions tackling such issues in the high-security domain seem to exist.

Goal of the study is thus an evaluation and discussion of applications of mobile devices like smartphones or tablets in the high-security domain. In this connection, the center of attention is secure transmission and storage of text and images. Moreover, the study will consider the particular properties of operating system and platforms (Android, iOS, Blackberry) towards their adequacy for high-security communication. Hence, all security considerations will be based on the security level “EU confidential”, the second-most restrictive security guideline given by the EU.

Existing security concepts and architectures will be evaluated and potential extensions towards high-level security will be discussed. In particular, the study will look at SIM- and MicroSD-cards for usage as hardware security modules, since these offer security features that cannot be realized in pure software. Another aspect of interest is applications of virtualization on mobile devices and access to sensitive data via VPN connections. Goal of the study is to support a user-friendly highly secure transmission and storage of sensitive data on mobile devices.

Project leader
DI Dr. Stefan Schauer
AIT – Austrian Institute of Technology GmbH

Other Project or Cooperation partner
Alpen-Adria Universität Klagenfurt
Contact: DDI Dr. Stefan Rass

oja.at GmbH
Contact: Martin Ess

Bundesministerium für Inneres
Contact: Dipl.Ing. Robert Gottwald, MSc

Bundesministerium für Landesverteidigung und Sport
Contact: Markus Christian, MA

Contact
DI Dr. Stefan Schauer
Lakeside B10a
9020 Klagenfurt
Tel: 050550-4055
Mobil: 0664 825 14 55
Fax: 050550-4190
E-Mail: stefan.schauer@ait.ac.at
Homepage: www.ait.ac.at

print