While security in general is increasingly well addressed, both mobile security and multimedia security are still areas of research undergoing major changes. Mobile security is characterized by small devices that, for instance, make it difficult to enter long passwords and that cannot perform complex cryptographic operations due to power constraints. Multimedia security has focused on watermarks and the creation of digital evidences; as we all know, there are yet no good solutions to prevent illegal copying of audio and video files. In this chapter we focus on addressing the attributes of security, trust, and privacy on mobile devices and multimedia applications.
Traditionally, there are three different fundamental attributes of security: confidentiality, integrity, and availability (CIA). Following Avizienis et al. (2004), security as well as dependability define the requirements of a reliable system (cf., Figure 1). In their opinion every system may fail, but can still be regarded reliable, if the frequency of failures is acceptable. Moreover only authorized actions should be served by a trusted system.
Dependability and security attributes (Avizienis, 2004)
Security can also be seen as the summary of hardware, information, communication, and organizational aspects (Olovsson, 1992). Hardware security encompasses all aspects of physical security and emanation. Compromising emanation refers to unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or automated systems equipment (NIS, 1992).
Information security includes computer security and communication security. Computer security deals with the prevention and detection of unauthorized actions by users of a computer system (Gollmann, 1999). Communication security encompasses measures and controls taken to deny unauthorized persons access to information derived from telecommunications and ensure the authenticity of such telecommunications (NIS, 1992).
Organizational or administration security is highly relevant even though people tend to neglect it in favor of fancy technical solutions. The most appropriate security measurements can be bypassed; for instance, by a successful social engineering attack on a user inside the system, who tells an attacker the necessary passwords (Thornburgh, 2004; Maris, 2005).
Both personnel security and operation security pertain to this aspect of security.Top
Whether a system is “secure” or not merely depends on the definition of the requirements. As nothing can ever be absolutely secure, the definition of an appropriate security policy based on the requirements is the first essential step to implement security.
Key Terms in this Chapter
UMTS: Universal Mobile Telecommunications System (UMTS), a packet-based connection protocol, is the defacto standard for today’s Internet connections on mobile phones. UMTS makes it possible to hold video-conferences or watch Internet television.
Pseudonymization: Pseudonymization is a technique where all attributes that can be used to identify a certain person are exchanged with a so-called pseudonym. Computing of this pseudonym is based on a secret-key algorithm.
Bluetooth: Bluetooth is based on an unlicensed short-range radio frequency to establish communication channels between different devices within the PAN (cf., PAN).
Digital Watermarking: Digital watermarking is a technique with the aim to assure the authenticity and therefore protect the copyright of an electronic artifact by embedding hidden information.
GPRS: General packet radio service (GPRS) is a service for mobile devices, which operates in combination with GSM (cf., GSM). This standard is packet-based and provided the first useable Internet application for users depending on mobility.
Digital Evidence: The term digital evidence encompasses any and all digital data that can establish that a crime has been committed or can provide a link between a crime and its victim or a crime and its perpetrator (Casey, 2004 AU42: The in-text citation "Casey, 2004" is not in the reference list. Please correct the citation, add the reference to the list, or delete the citation. ).
WLAN: A wireless LAN or WLAN is a network, which operates over the air; in other words, without cables.
Pan: A personal area network (PAN) is a wired or unwired network which is normally used by one person and operates within a few meters. Common applied communication channels are bluetooth or infrared.
GSM: The global system for mobile communications (GSM) is the most popular standard for mobile phones worldwide.
Security Policy: A security policy is the ruleset which defines the security constraints under which a certain system is allowed to operate and interact. In other words, all restrictions and permissions for persons, objects, information-flows, and data storage are defined there.