Man with smartphone in range of sensor network

Sensor sensibility: How it can help make smart phones secure

Fourth of four parts

As developers find more uses for increasingly powerful smart phones — from acting as sensors that collect and process all kinds of data to situational awareness tool for first responders  — security inevitably becomes a concern.

In this series

Smart phones as sensors: locating snipers, or parking spots

Agencies see a lot of potential in using sensor networks made up of smart phones for any number of military and civilian uses. Read more.

Take a picture, and 4D app gives you the details

Hybrid 4-Dimensional Augmented Reality, developed at Virginia Tech, can give responders situational awareness, detail what's inside a building or tell how something works. Read more.

When smart-phone technology hits the wall

Even smart phones have their limits, but developers are finding ways to build sophisticated sensors than can connect to phones and expand mobile networks. Read more.

Agencies are touting the basic steps for securing smart phones, vendors are adding high degrees of physical and logical security and government security standards have been updated to cover mobile devices.

But greater functionality also could require a commensurate approach to keeping phones and data secure. In one case, developers are working on tools to use smart-phone sensors — which are being used in many of these new projects — to keep them safe by triggering enforcement of security rules.

Jules White, professor of electrical and computer engineering at Virginia Tech, is developing systems that can look at the risk on a device and allow someone to have access to information when they are in a specific room or context.

The system, called OptioCore, is a customized overlay of the Android operating system that, when combined with OptioMDM mobile device management software, can set rules for when employees can access data, what data they can access and whether they can take that data with them.

“We were working on a system where it could automatically detect when you’d entered a specific room and give you access to specific information when you’re in that room and, the moment that you left that room, [it would] ensure that none of that information was cached on your device,” he said.

Other rules for controlling access could include time of day, what other applications are running on a device at the time, even a user’s proximity to a fixed point.

It would enforce the rules using Near Field Communication (NFC) plus a tether.  “The phone is tethered to a Bluetooth or other signal that’s being broadcast in the location,” White explained.  “Then you have to keep the cryptographic exchange going with the beacon to prove that you’re still there. If you miss a beat in that exchange with the room, it knows that you’re no longer there and it cuts off access.”

White says his team is also developing context-based control over information on a device. “We developed a security layer for Android so that you could write rules like, ‘If somebody’s on my corporate network we are going to automatically shut off access to all non-corporate apps,’” he said.

Expanded uses for mobile devices, as well as the potential security concerns, may just be getting started. But finding ways to use new functionality not just for data collection and distribution but as a means of securing them could help agencies make the most of their potential.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above