U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Mobile Security and Forensics

Mobile Devices

Unified Security Framework

Piecemeal add-on security solutions for handheld devices often present problems in software integration, usability, and administration. As an alternative, a unified framework has been developed and is under implementation, which addresses the following security aspects:

  • User Authentication - Strong user authentication is the first line of defense for an unattended, lost, or stolen device. Multiple modes of authentication increase the work factor for an attacker; however, very few devices support more than one mode, usually password-based authentication.
  • Content Encryption - With sufficient time and effort an authentication mechanism can be compromised. Content encryption is the second line of defense for protecting sensitive information.
  • Policy Controls - When a device is active, various attacks can occur. Policy rules, enforced for all programs regardless of associated privileges, protect critical components from modification, and limit access to security-related information.

The framework also supports multiple policy contexts (e.g., restricted and unrestricted, or low, medium, and high) among which a user can choose to operate. A set of grant-style policy rules defines a policy context. One or more authentication steps can be required for any policy context. A cryptographic repository can optionally be made available for use within a policy context.


Authentication Mechanisms

Existing desktop authentication solutions are often inappropriate for handheld devices. Obstacles include device limitations such as computational speed, network connectivity, battery capacity, and supported hardware interfaces. Any inconvenience due to a cumbersome peripheral attachment, lengthy authentication process, or error-prone interaction discourages use. Handheld devices also have unique features (e.g., power-on/off behavior) that need to be addressed when asserting an authentication mechanism.

Several types of authentication modules, which match the capabilities and limitations of handheld devices, are being developed for the security framework. They include visual authentication, proximity beacons, and novel forms of smart cards.

Contacts

Andrew Regenscheid
andrew.regenscheid@nist.gov

Rick Ayers
richard.ayers@nist.gov

Topics

Technologies: mobile

Applications: forensics

Created June 08, 2016, Updated June 22, 2020