Mobile Terminal Security

The miniaturization of electronics and recent developments in biometric and screen technologies will permit a pervasive presence of embedded systems. This and the inclusion of networking capabilities and IP addresses in many handheld devices will foster the widespread deployment of personal mobile equipment. As mobile devices proliferate and their diversity grows, it is surprising to discover how few are appropriately secured against the risks associated with potential sensitive date exposure. Mobile equipment fulfills a steadily growing variety of functions: holding personal data, interacting with other devices in local environment, communicating with remote systems, representing the person by making decisions, and processing data according to pre-established policies or by means of auto-learning procedures, to name a few. From a software design perspective, modern mobile devices are real miniature computers embarking advanced software components linker, a loader, a Java virtual machine, remote method invocation modules, a bytecode verifier, a garbage collector, cryptographic libraries, a complex protocol stack plus numerous other specialized software and hardware components (e.g. a digital camera, a biometric sensor, wireless modems etc.). Consequently, mobile devices need essentially the same types of security measures as entreprise networks – access control, user authentication, data encryption, a firewall, intrusion prevention and protection from malicious code. However, the fundamental security difference inherent to mobile devices is the lack of physical access control. Mobile devices are designed for use outside the physical confines of the office or factory. Consequently, handheld devices and smart phones are often used precisely where