Security in Mobile Technology
The new publication from Assosecurity, distributed with the magazine e-Gov, focuses on the security of networks and mobile devices, an increasingly important sector, in line with the previous publications on the issue of digital identities.
The increasing spread of networks (both cabled and wireless) and the increase in potential network connections, both in geographic and numerical terms, has led to a considerable rise in potential connections for users, who can now access the resources of the net at any time and from any place, using distributed access points. This is certainly advantageous, but it also entails a series of problems that administrators have to tackle, be they companies or public bodies.
Thanks to the analysis and in-depth research initiated by the Istitituto di Informatica e Telematica of the CNR in Pisa and developed in collaboration with the Laboratorio ICT of Regione Piemonte and CSP - Innovazione nelle ICT, this publication aims to present, albeit without claiming to be exhaustive, the state of the art in the Mobile Security sector, as emerges from an ample number of case studies.
Chapter 1 offers a definition of the current ICT scenario in terms of the various aspects of mobility (hardware, software, users), while Chapter 2, dedicated to networks, protocols and devices, focuses on the characteristics of the communications systems and technologies currently in use, highlighting their reciprocal differences, the critical areas in a mobile/nomadic environment, and the application protocols which support mobility. Exploring the technical implications in greater detail, the subsequent chapters focus mainly on three different types of devices: notebooks (Chapter 3), palmtops (Chapter 4) and smartphones (Chapter 5), with a description of strategies and solutions for the ensuring the security of information. We chose the devices that are more at risk of theft and security threats due to their increasing degree of portability and manageability, as well as their mobility and connection capacity. These devices are advanced enough to give users the opportunity to carry out normal work remotely, and they must therefore be able to protect the information stored on them. The study examines data encryption in terms of hardware, software and biometrics, in Linux and Windows environments for notebooks, and Java ME Java Wireless for smartphones. As well as encryption systems, much attention is dedicated to security in the context of authentication, both by means of the classic password system, and in terms of the more innovative biometric detection systems, also taking into account the most recent developments in the field of digital identity authentication and secure e-voting processes.
The study aimed to assess the best solutions/strategies and countermeasures which can be implemented to prevent risks of attack, and solve the security problems inherent in the portable nature and usage of these devices.
It is possible to request a copy of the publication, by contacting the Assosecurity office.
