Abstract
There are numerous initiatives to use mobile devices as so-called “trusted pocket signers” to produce electronic signatures. The actual signature is generated by means of a conventional signature card. The mobile device serves as the card reader, storage device for the document to be signed and as a display for the signature application. The operating system used on the mobile device has thus a pivotal importance to ensure the integrity and accountability of the electronic signature. Also mobile devices are used to provide mobile workers with access to the corporate backend. We examined the currently available mobile operating systems in regard to their security and conclude that not a single one is secure enough for "trusted" signing and only partially for secure backend access. We show two possible ways of how to make mobile devices more secure and possibly to enable something close to “what you see is what you sign”.
Chapter PDF
References
Bundesamt für Sicherheit in der Informationstechnik (2003): “BSI-DSZ-CC-0216-2003” at: http://www.bsi.bund.de/zertifiz/zert/reporte/0216a.pdf
esigl999]_DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures
H. Fedderath: Digitale Signatur und Public Key Infrastruktur, http://www-sec.uni-regensburg.de/security/5PKI.pdf
Fox, D.; Horster, P. (1999): “Datenschutz und Datensicherheit“ in DuD, Verlag, Braunschweig, p. 194
R. MacDonald, S. Smith, J. Marchesini, O. Wild: Bear: An Open-Source Virtual Secure Coprocessor based on TCPA, http://www.cs.dartmouth.edu/~sws/papers/msmw03.pdf
Mobile Electronic Transactions http://www.mobiletransaction.org/index.html
Palm Website, http://www.palm.com
PDASecure — The encryption software, http://www.pdasecure.de/
PDA Defens Website, http://www.pdadefense.com/
Pearson, S., et al. (2002): “Trusted Computing Platforms — TCPA Technology in context“, Prentice Hall PT., New Jersey, p. 5
B. Pfitzmann, C. Stüble: PERSEUS: A Quick Open-Source Path to Secure Electronic Signatures, http.//www.perseusos.org/
Windows Mobile — based Pocket PCs, http://www.microsoft.com/windowsmobile/products/pocketpc/default.mspx
Symbian OS — the mobile operating system, http://www.symbian.com
TCPA — Trusted Computing Platform Alliance, http://www.trustedcomputing.org/home
WinTesla v.5.31 Nokia Service Software for Windows, http://ucables.com/nokia/service/wintesla.html
European IST Project „Wireless Trust for Mobile Business“ (WiTness), www.wireless-trust.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Murmann, T., Rossnagel, H. (2005). How Secure are Current Mobile Operating Systems?. In: Chadwick, D., Preneel, B. (eds) Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 175. Springer, Boston, MA. https://doi.org/10.1007/0-387-24486-7_4
Download citation
DOI: https://doi.org/10.1007/0-387-24486-7_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24485-3
Online ISBN: 978-0-387-24486-0
eBook Packages: Computer ScienceComputer Science (R0)