Wireless Security White Paper
8
A concern with smart cards (and certain other encryption devices) is their vulnerability to power
analysis attacks if they fall into the wrong hands. Such attacks involve device power
measurements and their analysis while the smart card is in operation. Mathematical analysis of
the differences in power consumption during different operations of the smart card can make
possible the decryption of the smart card’s information. Other types of attacks include replay and
micro-probing. Such vulnerability notwithstanding, smart cards are an important tool in
improving authentication on mobile devices, making them less likely to be misused if they fall
into the hands of strangers.
Biometric Technologies
Biometric devices use physical traits such as fingerprint, iris, face, and voice to identify an
individual. Fingerprints are an accurate trait to use for computer-based identification, and
solutions developed for fingerprints are currently the most cost-effective and easy to use.
Compaq partners with Identix, a leader in biometric identification technology, to produce
Compaq Fingerprint Identification Technology (FIT) for the commercial market. A tiny camera
in the Fingerprint Identification Reader captures an image of the fingerprint of a device's
legitimate user. The information then goes through some complex algorithms to convert the
image into a unique "map" of minutiae points (unique data points that describe the fingerprint).
This map of minutiae points (not the actual fingerprint) is then encrypted and stored within the
network. The user places a registered finger on the reader attached to his or her PC in order to log
on to the network. The information is then extracted and compared to information on the
computer. If the comparison is a sufficient match, the user is allowed to log in.
Where mobile devices are concerned, Compaq FIT is currently available only for Compaq
Armada and Evo notebook computers. For more information on Compaq FIT,
see
http://www.compaq.com/products/notebooks/security.html
or
http://www.compaq.com/products/quickspecs/10103_div/10103_div.HTML
.
Multi-factor Authentication
Multi-factor authentication is one of the best ways to improve security at the device level.
Corporations sensitive to security breaches are moving quickly to at least two-factor
authentication – choosing two types of authentication as requirements for accessing data. Such
security requires the user to authenticate him one’s self in more than one way in order to improve
security. The means of authentication may include the following:
•
Something the user knows (password)
•
Something the user has (tokens -- smart card)
•
Who the user is (biometrics -- fingerprint identification)
Requiring at least two types of authentication is dramatically more secure than requiring only
one.
File System Security
While desktop operating systems such as Windows 2000 offer an encrypted file system, this is
not yet common on mobile platforms. If the data on a mobile device is sensitive, it is worth
investigating security software that can encrypt such information. FileCrypto for PocketPC from
F-Secure Corporation of Helsinki, Finland provides such encryption for mobile devices.