Noam Ben-Asher
ABSTRACT
Mobile phones are rapidly becoming small-size general purpose computers, so-called smartphones. However, applications and data stored on mobile phones are less protected from unauthorized access than on most desktop and mobile computers. This paper presents a survey on users' security needs, awareness and concerns in the context of mobile phones. It also evaluates acceptance and perceived protection of existing and novel authentication methods. The responses from 465 participants reveal that users are interested in increased security and data protection. The current protection by using PIN (Personal Identification Number) is perceived as neither adequate nor convenient in all cases. The sensitivity of data stored on the devices varies depending on the data type and the context of use, asking for the need for another level of protection. According to these findings, a two-level security model for mobile phones is proposed. The model provides differential data and service protection by utilizing existing capabilities of a mobile phone for authenticating users.
- Ben-Asher, N., Ben-Oved, A., Meyer, J.: Preliminary survey results --- project "Graded Security for Mobiles". Deutsche Telekom Laboratories 2009Google Scholar
- Botha, R., Furnell, S., and Clarke, N.: From desktop to mobile: Examining the security experience. Computers & Security, 28(3--4):130--137, 2009.Google Scholar
- Braz, C., and Robert, J.: Security and usability: the case of the user authentication methods. Proceedings of the 18th International Conference of the Association Francophone d'Interaction Homme-Machine, page 203. ACM, 2006. Google ScholarDigital Library
- Clarke, N., and Furnell, S.: Authentication of users on mobile telephones --- A survey of attitudes and practices. Computers & Security, 24(7):519--527, 2005.Google ScholarDigital Library
- Clarke, N., and Furnell, S.: Advanced user authentication for mobile devices. Computers & Security, 26(2):109--119, 2007.Google ScholarDigital Library
- Clarke, N., Furnell, S., Rodwell, P., and Reynolds P.: Acceptance of subscriber authentication methods for mobile telephony devices. Computers & Security, 21(3):220--228, 2002.Google ScholarDigital Library
- Clarke, N., Furnell, S., Reynolds P.: Biometric authentication for mobile devices. In: Proceedings of the 3rd Australian Information Warfare and Security Conference, Perth, Western Australia, 28--29 November 2002Google Scholar
- Dörflinger, T., Voth, A., Krämer, J.: "My Smartphone is a Safe!" The user's point of view regarding novel authentication methods and gradual security levels on smartphones. The International Conference on Security and Cryptography (SECRYPT) 2010, July 26--28, Athens, GreeceGoogle Scholar
- Furnell, S., Clarke, N., and Karatzouni, S.: Beyond the pin: Enhancing user authentication for mobile devices. Computer Fraud & Security, 2008(8):12--17, 2008.Google ScholarCross Ref
- IDC: IDC press release from 28 Jan 2010 at www.idc.com/getdoc.jsp?containerId= prUS22186410Google Scholar
- Imperva Application Defense Center: Consumer Password Worst Practices. Imperva 2010 at www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdfGoogle Scholar
- Jain, A. K., Flynn, P., Ross, A. A. (eds.): Handbook of Biometrics. Springer (2008) Google ScholarDigital Library
- Karlson, A., Brush, A., and Schechter, S.: Can I borrow your phone?: Understanding concerns when sharing mobile phones. Proceedings of the 27thinternational conference on Human factors in computing systems, pages 1647--1650. ACM New York, NY, USA, 2009. Google ScholarDigital Library
- Kowalski, S. and Goldstein, M.: Consumers' Awareness of, Attitudes Towards and Adoption of Mobile Phone Security. Human Factors in Telecommunication (HFT) 06, 2006.Google Scholar
- Leavitt, N.: Mobile phones: The next frontier for hackers. IEEE Computer, 38(4): 20--23, 2005. Google ScholarDigital Library
- McAfee, I.: Mobile Security Report 2009. Technical report, McAfee, 2009.Google Scholar
- Richardson, R.: CSI computer crime and security survey. Computer Security Institute, 2009.Google Scholar
- Riley, S.: Password security: what users know and what they actually do. Usability News, 8(1), 2006.Google Scholar
- Samarati, P. and De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. Lecture Notes in Computer Science, pages 137--196, 2001.Google Scholar
- Samuelson, W. and Zeckhauser, R.: Status quo bias in decision making. Journal of risk and uncertainty, 1(1):7--59, 1988.Google Scholar
- Shaw, K.: Data on PDAs mostly unprotected, survey finds. World Wide Web electronic publication, 2004.Google Scholar
- Sieger, H., Kirschnick, N., Möller, S.: Poster: User preferences for biometric authentication methods and graded security on mobile phones. Symposium on Usability, Privacy, and Security (SOUPS) 2010Google Scholar
- Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management and Computer Security, 8(1):31--41, 2000.Google ScholarCross Ref
- Tognazzini, B.: Design for Usability. Cranor, L. F., Garfinkel, S. (eds.): Security and Usability. Designing Secure Systems That People Can Use. O'Reilly (2005)Google Scholar
- Examined websites (as of early February 2011): Apple, Inc.: www.apple.com, LG Electronics, Inc.: www.lge.com, Motorola, Inc.: www.motorola.com, Nokia Corp.: www.nokia.com, Research in Motion Ltd.: www.rim.com, Samsung Electronics Co. Ltd.: www.samsumg.com, Sony Ericsson Mobile Communications AB: www.sonyericsson.comGoogle Scholar
Index Terms
- On the need for different security methods on mobile phones
Recommendations
Differences in users' state of awareness and practices regarding mobile phones security among EU countries
CIT'11: Proceedings of the 5th WSEAS international conference on Communications and information technologyAs a style statement and useful communication device, the mobile phone has become a vital part of daily life for the majority of population in the developed world. While we are enjoying the technological advances that mobile phones offer, we are also ...
Playing different games on different phones: an empirical study on mobile gaming
MobileHCI '08: Proceedings of the 10th international conference on Human computer interaction with mobile devices and servicesWith the growing popularity of mobile phone gaming, design issues with mobile phone games have become more important. Given the complexity of designing games for mobile phones, game developers must understand how mobile phone users' gaming experiences ...
A Survey on Multi-Factor Authentication Methods for Mobile Devices
ICSIM '21: Proceedings of the 2021 4th International Conference on Software Engineering and Information ManagementThe use of mobile devices worldwide has been on the increase. More and more people are using mobile devices to carry out activities on the Internet. The activities include checking emails, online banking, school, and work activities. However, mobile ...
Comments