While security in general is increasingly well addressed, both mobile security and multimedia security are still areas of research undergoing major changes. Mobile security is characterized by small devices that, for instance, make it difficult to enter long passwords and that cannot perform complex cryptographic operations due to power constraints. Multimedia security has focused on watermarks and the creation of digital evidences; as we all know, there are yet no good solutions to prevent illegal copying of audio and video files. In this chapter we focus on addressing the attributes of security, trust, and privacy on mobile devices and multimedia applications.
TopIntroduction
Traditionally, there are three different fundamental attributes of security: confidentiality, integrity, and availability (CIA). Following Avizienis et al. (2004), security as well as dependability define the requirements of a reliable system (cf., Figure 1). In their opinion every system may fail, but can still be regarded reliable, if the frequency of failures is acceptable. Moreover only authorized actions should be served by a trusted system.
Figure 1. Dependability and security attributes (Avizienis, 2004)
Security can also be seen as the summary of hardware, information, communication, and organizational aspects (Olovsson, 1992). Hardware security encompasses all aspects of physical security and emanation. Compromising emanation refers to unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or automated systems equipment (NIS, 1992).
Information security includes computer security and communication security. Computer security deals with the prevention and detection of unauthorized actions by users of a computer system (Gollmann, 1999). Communication security encompasses measures and controls taken to deny unauthorized persons access to information derived from telecommunications and ensure the authenticity of such telecommunications (NIS, 1992).
Organizational or administration security is highly relevant even though people tend to neglect it in favor of fancy technical solutions. The most appropriate security measurements can be bypassed; for instance, by a successful social engineering attack on a user inside the system, who tells an attacker the necessary passwords (Thornburgh, 2004; Maris, 2005).
Both personnel security and operation security pertain to this aspect of security.
TopBackground
Whether a system is “secure” or not merely depends on the definition of the requirements. As nothing can ever be absolutely secure, the definition of an appropriate security policy based on the requirements is the first essential step to implement security.