MOBILE DATA SECURITY

G.ARUN KUMAR

1. Introduction

Mobile devices, such as laptops and PDAs, make it possible for workers to access information anywhere. However, enhanced mobility means data can travel outside the boundaries of LAN firewall. The use of mobile devices to access information has made it easier for users to be more productive by making data available outside the enterprise.

2. Implementing Security Procedures

Five common problems encountered with mobile data are :

interception of data transmissions. authentication of users. rogue access to data. lost devices. Protecting existing security investments.

1. 2.

3.
4. 5.

3. Solving mobile data security problems

It is important to find and address the weakest link in the security system. Addressing an area of weakness could Include encrypting data on the device, encrypting data communications, password- protecting devices, incorporating user login mechanisms, or implementing.

3.1. Protecting data transmissions

When data is being transmitted, we want to ensure that it is secure from end to end. Secure data transmission has the following features

: Confidentiality : Communications should remain private. Integrity : No one should be able to change the data, regardless of
whether they are able to see it.

Authentication : we have to ensure that we know who we are

are communicating with the correct server.

communicating with on the other end and avoid a man-in-the-middle attack. Clients connecting to the enterprise system should know that they

3.1.1. Communication
architecture

Only the physical layer is responsible for actually placing data onto the wire or over the air and all other layers provide some well-defined level of functionality, such as error detection, correction, and encryption.

3.1.2. Digital certificates

A digital certificate is an electronic document that identifies a person or entity and contains a copy of their public key. Digital certificates confirm to a standardized file format that contains the following information : Identity information, such as the name and address of the certificate owner. Public key. Expiry date. One or more digital signatures, to prevent modification of the certificate.

1. 2. 3. 4.

3.1.3. Digital signatures

A digital signature provides a means to detect whether a document has been altered. A digital signature is also used to verify that the certificate represents the person or company that it claims to represent.

3.2. Protecting against unauthorized users

1.

We have to be certain that only authorized clients can connect to server and that client are connecting to the correct server. Verifying that the correct entities are involved in data transmission is even more difficult in message systems because hand- shaking protocols cannot be used.

2.

3.2.1. Only the chosen may enter

A password should be required before a mobile user can synchronize with a back-end database or browse information stored on a company server; no exceptions.

3.2.2 Rights and privileges

Define what clients can and cannot do.

Depending on the application, specific rights and permissions are configured on a per-user basis.

3.3 Protecting against rogue access to data

In some cases, services on a mobile device may respond to requests for data.

These services can be exploited to gain access to the device's contents.

3.3.1. Preventing rogue access to data

On laptop computers, you can use a personal firewall, such as Black ICE or Zone Alarm to help prevent rogue access to your data.

3.3.2. The enemy within

Often the biggest threat to the security of our corporate systems and data are our own users, who disable security mechanisms and configurations in order to save a few seconds when logging in or synchronizing data.

3.4. Protecting data on lost devices

1.

Mobile devices are small and expensive, so they are easily lost or left in taxis, and are a favorite target for thieves. If you dont want the new owner to have access to your corporate systems or view sensitive data, precautions must be taken

2.

3.4.1 Persistent data needs persistent protection

There are two precautions that that you can take to prevent disclosure of the data stored on a mobile device:

Encrypting sensitive data and

Encrypting the entire file system (this may be useful when using data outside of a database, such as in a spread sheet).

4. Conclusion

Security is about minimizing risk, not eliminating it. This means identifying the weakest links in our system and then designing an appropriate solution that takes into account the associated risks and costs to protect the mobile data.

5. REFERENCES

Bernard Sklar, Digital communications, Second edition, Pearson Education.

Diffie, W., and Hellman, M.E., Privacy and Authentication: Introduction to Cryptography, Proc.IEEE, Vol.67, no.3, Mar.1979, pp.397-427 Websites:
www.informit.com www.howstuffworks.com www.veriozn-learning.com