Sensor sensibility: How it can help make smart phones secure
- By Patrick Marshall
- Feb 07, 2013
Fourth of four parts
As developers find more uses for increasingly powerful smart phones — from acting as sensors that collect and process all kinds of data to situational awareness tool for first responders — security inevitably becomes a concern.
Agencies are touting the basic steps for securing smart phones, vendors are adding high degrees of physical and logical security and government security standards have been updated to cover mobile devices.
But greater functionality also could require a commensurate approach to keeping phones and data secure. In one case, developers are working on tools to use smart-phone sensors — which are being used in many of these new projects — to keep them safe by triggering enforcement of security rules.
Jules White, professor of electrical and computer engineering at Virginia Tech, is developing systems that can look at the risk on a device and allow someone to have access to information when they are in a specific room or context.
The system, called OptioCore, is a customized overlay of the Android operating system that, when combined with OptioMDM mobile device management software, can set rules for when employees can access data, what data they can access and whether they can take that data with them.
“We were working on a system where it could automatically detect when you’d entered a specific room and give you access to specific information when you’re in that room and, the moment that you left that room, [it would] ensure that none of that information was cached on your device,” he said.
Other rules for controlling access could include time of day, what other applications are running on a device at the time, even a user’s proximity to a fixed point.
It would enforce the rules using Near Field Communication (NFC) plus a tether. “The phone is tethered to a Bluetooth or other signal that’s being broadcast in the location,” White explained. “Then you have to keep the cryptographic exchange going with the beacon to prove that you’re still there. If you miss a beat in that exchange with the room, it knows that you’re no longer there and it cuts off access.”
White says his team is also developing context-based control over information on a device. “We developed a security layer for Android so that you could write rules like, ‘If somebody’s on my corporate network we are going to automatically shut off access to all non-corporate apps,’” he said.
Expanded uses for mobile devices, as well as the potential security concerns, may just be getting started. But finding ways to use new functionality not just for data collection and distribution but as a means of securing them could help agencies make the most of their potential.