Privacy is essential for secure mobile devices

Authors:
P. A. Karger;G. S. Kc;D. C. Toll
Affiliations:
IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY;Google, Inc., New York, NY;IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY
Venue:
IBM Journal of Research and Development
Year:
2009

Citing 10
Cited 1

Security Analysis of IKE's Signature-Based Key-Exchange Protocol

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Gummy and Conductive Silicone Rubber Fingers

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Verification of a Formal Security Model for Multiapplicative Smart Cards

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Real 802.11 Security: Wi-Fi Protected Access and 802.11i

Real 802.11 Security: Wi-Fi Protected Access and 802.11i
Enhancing security and privacy in biometrics-based authentication systems

IBM Systems Journal - End-to-end security
Picking Virtual Pockets using Relay Attacks on Contactless Smartcard

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Security and Privacy Issues in E-passports

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Privacy and security threat analysis of the federal employee personal identity verification (PIV) program

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
The Caernarvon secure embedded operating system

ACM SIGOPS Operating Systems Review
Practical attacks against WEP and WPA

Proceedings of the second ACM conference on Wireless network security

Implementing a high-assurance smart-card OS

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper contradicts the commonly held view that privacy and security of data must sometimes be sacrificed for the sake of national security. We demonstrate that for specific examples of real mobile devices, such as mobile phones, Wi-Fit, electronic passports, and electronic government-employee ID cards, lack of sufficient attention to privacy actually harms the intended national security applications. We then present as a case study the Caernarvon high-security smart-card operating system developed by IBM, to show the feasibility of harmonizing personal privacy and security requirements with national security needs.