MOBILE DATA ENCRYPTION AND ACCESS CONTROL TOOLS

There are two main classes of technology that are most relevant to mobile devices and other three classes. These are summarized in the Table 1.

Encryption

Robust OS-level authentication systems prevent unauthorized access to the laptop’s operating system. However, if the hard drive is removed to another machine, or if boot-up from a floppy disk is enabled in the stolen machine, the files can be accessed. Unless a hard drive lock option is available and implemented, the only way to protect files from this type of attack is to encrypt them. Encryption requires the use of a digital key to encrypt and decrypt the data. In “symmetric”

systems, the same key is used for both encryp-tion and decrypencryp-tion. In Public Key Infrastructure (PKI)-based applications, asymmetric encryption is used, with two keys: a public key for encryption and a private key for decryption.

In many current encryption products, the keys are stored on the hard drive, making them vulner-able to attack. Encryption experts such as RSA Security recommend protecting keys by storing them in tamper-resistant hardware devices that can handle cryptographic functions internally and do not permit the keys to be exported outside the hardware. This is the basis of cryptographic cards and tokens, as well as IBM’s Embedded Security Subsystem (ESS), available in ThinkPad laptops.

ESS consists of a built-in cryptographic security chip, which supports key storage, encryption and digital signatures, and a downloadable software component that provides the user and administra-tive interface and the interface to other applica-tions. Because critical security functions take place within the protected environment of the chip, not in main memory, and not relying on the hard drive to store cryptographic keys, the system is more secure than software only solutions.

Identity, Authentication and Authorization

Authentication is the first step in any cryptography solution. Because unless the device knows who is using it there is no point in encrypting what is being stored on it. The whole purpose of encryp-tion file system is to secure the stored informaencryp-tion, without the authentication an unauthorized user can access the information. The whole idea of authentication is based on secrets.

On any computer system, the user presenting identity is the starting point to establishing what rights and privileges, or authorization, if any, is granted the user. Obviously, if an unauthorized person can falsely authenticate him or herself as someone who is trusted, all security measures are irrelevant. The goal of strong authentication systems is to ensure the person authenticating is exactly, and in all cases, the person who should be authenticating.

User authentication is needed in order to iden-tify users. All the authentication mechanism uses Table 1. Laptop security technologies

Technology Principle

Encryption Protect data

User authentication Confirm the authorized user; prevent unauthorized access

Physical locking devices Prevent theft

Monitoring and tracing software Locate and assist in recovery of stolen computers

Alarms Prevent theft

one of three possible things (Chen, 2000) to base identification on:

1. Secret based methods such as Passwords, PIN codes, pass phrase, secret handshakes, 2. Token based methods based on physical etc token owned by the user such as id badge, (physical) key, driving license, uniform, etc 3. Biometrics methods based on user’s physi-cal characteristics (Evans 1994) such as fingerprints, voiceprints, facial features, iris pattern, retina pattern, etc.

Secret-Based Methods

The simplest and the cheapest form of authentica-tion mechanism that is used by many computer operating systems, a user authenticates himself/

herself by entering a secret password known solely to him/her and the system (Kahate 2003). The system compares this password with one recorded in a Password Table, which is available to only the authentication program. The integrity of the system depends on keeping the table secret. This technique is called the clear text password. There are several disadvantages to this scheme. First, it depends for its success on the correct operation of a very large part of the operating system--the entire access control mechanism. Second, the System Administrator can know all of the passwords.

There is no reason why he should know them, or even be able to know them. Third, an unauthorized person, even if obtained for a valid purpose, may inadvertently see any listing of the Password Table.

Fourth, anyone who can obtain physical access to the computer, such as an operator, may well be able to print the file. A final disadvantage is that it cannot be implemented at all in an environment whose file system security does not protect against unauthorized reading of files.

The clear text password has been enhanced by a password scheme, which does not require secrecy in the computer. All aspects of the

sys-tem, including all relevant code and databases, may be known by anyone attempting to intrude.

The scheme is based on using a function H that the would-be intruder is unable to invert. This function is applied to the user’s password and the result compared to a table entry, a match be-ing interpreted as authentication of the user. The intruder may know all about, and have access to the table, but he can penetrate the system only if he can invert H to determine an input that pro-duces a given output. Most of operating system in the market uses this type of authentication;

some of them with some enhancement, Palm OS can automatically lock the device on power off, at a specific time, or after a certain period of inactivity (Clark 1990). The major drawback of password systems is indeed the threat of capture of user id and associated password – in a widely used system, for example a bank’s ATM network, the user’s password (PIN code) is static for, in many cases, the lifetime of the cardholder’s ac-count. These problems with the password make it unsuitable for the laptop devices which has low physical security and always vulnerable to thefts. The one who steals the laptop for the data has enough time to use any attack strategy to compromise the password such as:

• Try all possible passwords (combinatorial)

• Try many probable passwords (dictionary attack)

• Try passwords likely for the user

• Exploit access to the system list of passwords

• Ask the user

Token-Based Methods

In computer environment the user can use a something owned for access control. The most common method to achieve two-factor authenti-cation is by augmenting the standard user name and password, as ‘something you know’, through the use of or ‘something you have’. Usually some

form of electronic ‘token’. These tokens tend to fall into four main areas:

1. Magnetic or Optically read cards 2. Smart cards

3. Password Generators 4. Personal Authenticators

Magnetic or Optically Read Cards This is a prime example of the enhancement of the password by the addition of something owned. Commercially available physical access control systems where the card is used to log on to computer keyboard and allow it to communi-cate with its processor unit (‘soft’ lock). Attacks on such token are relatively straightforward.

Generally the magnetic strip variety conforms to well publish standard, and reader/writer units are commercially available. To duplicate a token is thus easy and quickly. Optical card are a little more difficult to forge – particularly since the writer mechanisms are not as freely available as their magnetic counterparts.

Smart Cards

Unlike magnetic or optical cards, smart cards retain their data within a protected environment inside the card. Smart cards have simple microprocessor architecture, a controlling program, which resident on the card, only permits data to be divulged from the card’s protected area once a valid PIN has been given to card itself. The smart card is more secure than magnetic or optical card since it is data cannot be freely inspected and duplicated but costing more.

Password Generators

Cryptographically based same size of credit card, but slightly thicker. Incorporate an LCD display, which displays a unique password for fixed time

Personal Authenticators

Hand held same size as mall pocket calculator, protected by unique user PIN. Two type are available – challenge/response and synchronized sequence. The former relies on the host system issuing a challenge to the user which the user types in to his/her authenticator, which then computes and displays a response. This response can be returned to the host computer for verification by an attached crypto-controller. The synchronized sequence device dose not requires a challenge but generates a sequence of cryptographically related session PIN’s (SPINS) which traced and verified at the computer in the same way. Main problem with ‘something the user has’ scheme is that it fetched for the authority at amount time that mean long-term authority; these remain in force until the user consciously revokes it. Even if fetched periodically, a user would be tempted to leave the smart card in the machine most of the time.

Biometric Based Methods

It is a permanent type of verification technique known as biometric authentication that is based on verification of personal physical characteristics.

Many researches have been carried out in this field, fingerprint (Intel. 2002), and voice verification, retinal scans, which are commercially available techniques. And some unexpected study of lip prints, head bumps and footprint. Biometrics can be used to augment ‘something you know’, such as a user ID and password, with ‘something you are’, namely something unique to your person, such as fingerprints, retinal or facial recognition.

Adding biometrics creates a second tier of iden-tity and authentication, which is easy for users to utilize. For example, identity and authentication can be improved through the use of the built-in biometric fingerprint scanner in some models of Acer, Compaq and MPC laptops as shown in Fig-ure 1. When the biometric identification devices

ing additional external hardware, the biometric scanner hardware and authorization software can be used earlier in the boot up process, denying access more quickly to invalid attempts to boot the system. Pre-boot identification and authenti-cation ensures no access will be gained through operating system or application vulnerabilities, or potentially other backdoors such as remote control software, keyboard loggers or viruses/worms that could be exploited after the system is booted. As an example, biometric identification and authen-tication could be implemented at the BIOS level as simply another form of BIOS password.

Choices in the BIOS such as ‘[text password]

off’, ‘[text password] on’, or ‘fingerprint’. The MPC laptop BIOS has additional features to protect against brute force attempts to disable the biometric authentication. After three invalid at-tempts to identify and authenticate, the BIOS will prevent you from attempting again without a reboot. If attempts are made to remove the boot password (text or fingerprint identification), the system will eventually hard lock and will require shipping the laptop to the vendor to unlock it.

Once the operating system is booted, options typically exist to use the stored biometric informa-tion or match it with a user ID/password for login purposes, as well as providing authorization to applications, which may not have native bio-metric or other application security. After market

hardware is available for those laptops, which do not have biometrics built-in, providing the fin-gerprint reader within a mouse or PCCard, for instance. Biometrics at this level will not secure the laptop hardware itself, but may provide ad-ditional software-only authentication services, such as the operating system login and/or indi-vidual program execution. The disadvantage with biometric authentication technique, it suffers from several usability problems. They have a large false negative rate, and are not easy to revocable – if someone has a copy of your thumbprint, you can-not easily change it. Also biometric authentication often requires some conscious action on the part of the user. The one exception is iris recognition (Negin, 2000).

SECURITY METHODS AND