An Architecture for Secure Mobile Devices

Abstract

Mobile devices such as smart phones have become one of the preferredmeans of accessing digital services, both for consuming and creatingcontent. Unfortunately, securing such mobile devices is inherentlydifficult for a number of reasons. In this article, we review recentresearch results, systematically analyze the technical issues ofsecuring mobile device platforms against different threats, and discussa resulting and currently unsolved problem: how to create an end-to-endsecure channel between the digital service (e.g. a secure walletapplication on an embedded smart card or an infrastructure serviceconnected over wireless media) and the user. Although the problemhas been known for years and technical approaches start appearingin products, the user interaction aspects have remained unsolved.We discuss the reasons for this difficulty and suggest potentialapproaches to create human-verifiable secure communication with componentsor services within partially untrusted devices.

Publication
Security and Communication Networks