NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

mobile devices

Unified Security Framework

Piecemeal add-on security solutions for handheld devices often present problems in software integration, usability, and administration. As an alternative, a unified framework has been developed and is under implementation, which addresses the following security aspects:

  • User Authentication - Strong user authentication is the first line of defense for an unattended, lost, or stolen device. Multiple modes of authentication increase the work factor for an attacker; however, very few devices support more than one mode, usually password-based authentication.
  • Content Encryption - With sufficient time and effort an authentication mechanism can be compromised. Content encryption is the second line of defense for protecting sensitive information.
  • Policy Controls - When a device is active, various attacks can occur. Policy rules, enforced for all programs regardless of associated privileges, protect critical components from modification, and limit access to security-related information.

The framework also supports multiple policy contexts (e.g., restricted and unrestricted, or low, medium, and high) among which a user can choose to operate. A set of grant-style policy rules defines a policy context. One or more authentication steps can be required for any policy context. A cryptographic repository can optionally be made available for use within a policy context.

Authentication Mechanisms

Existing desktop authentication solutions are often inappropriate for handheld devices. Obstacles include device limitations such as computational speed, network connectivity, battery capacity, and supported hardware interfaces. Any inconvenience due to a cumbersome peripheral attachment, lengthy authentication process, or error-prone interaction discourages use. Handheld devices also have unique features (e.g., power-on/off behavior) that need to be addressed when asserting an authentication mechanism.

Several types of authentication modules, which match the capabilities and limitations of handheld devices, are being developed for the security framework. They include visual authentication, proximity beacons, and novel forms of smart cards.