NIST provides draft guidelines to secure mobile devices

Nov 01, 2012

The National Institute of Standards and Technology (NIST) has published draft guidelines that outline the baseline security technologies mobile devices should include to protect the information they handle. Smart phones, tablets and other mobile devices, whether personal or "organization-issued," are increasingly used in business and government. NIST's goal in issuing the new guidelines is to accelerate industry efforts to implement these technologies for more cyber-secure mobile devices.

Securing these tools, especially employee-owned products, is becoming increasingly important for companies and government agencies with the growing popularity—and capability—of the devices. Many organizations allow employees to use their own and tablets, even though their use increases cybersecurity risks to the organization's networks, data and resources.

"Guidelines on Hardware-Rooted in Mobile Devices" defines the fundamental security components and capabilities needed to enable more secure use of products.

"Many current mobile devices lack a firm foundation from which to build security and trust," explains NIST lead for Hardware-Rooted Security Andrew Regenscheid, one of the publication's authors. "These guidelines are intended to help designers of next-generation mobile phones and tablets improve security through the use of highly trustworthy components, called roots of trust, that perform vital security functions." On laptop and , these roots of trust are often implemented in a separate security computer chip that cannot be tampered with, but the power and space constraints in mobile devices could lead manufacturers to pursue other approaches such as leveraging security features built into the processors these products use, he says.

The NIST guidelines are centered on three to address known mobile device security challenges. They are device integrity, isolation and protected storage. A tablet or phone supporting device integrity can provide information about its configuration, health and operating status that can be verified by the organization whose information is being accessed. Isolation capabilities are intended to keep personal and organization data components and processes separate. That way, personal applications should not be able to interfere with the organization's secure operations on the device. Protected storage keeps data safe using cryptography and restricting access to information.

To attain the security capabilities, the guidelines recommend that every mobile device implement three security components. These are foundational security elements that can be used by the device's operating system and its applications. They are:

  • Roots of trust, which are combinations of hardware, firmware and software components that are designed to provide critical security functions with a very high degree of assurance that they will behave correctly;
  • An application programming interface that allows operating systems and applications to use the security functions provided by the roots of trust; and
  • A policy enforcement engine to enable the processing, maintenance and policy management of the mobile device.
The authors of "Guidelines on Hardware-Rooted Security in ," Special Publication 800-164 (Draft) request comments to improve the draft. The publication may be downloaded from http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-164. Please submit comments by December 14, 2012, to 800-164comments@nist.gov.

Explore further: Android gains in US, basic phones almost extinct

add to favorites email to friend print save as pdf

Related Stories

NIST updates guidelines for mobile device security

Jul 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST ...

Protecting computers at start-up: New NIST guidelines

Dec 21, 2011

A new draft computer security publication from the National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

Wake-up call: Draft security pub looks at cell phones, PDAs

Jul 10, 2008

In recent years cell phones and PDAs—"Personal Digital Assistants"—have exploded in power, performance and features. They now often boast expanded memory, cameras, Global Positioning System receivers and the ability to ...

Build safety into the very beginning of the computer system

Apr 29, 2011

A new publication from the National Institute of Standards and Technology (NIST) provides guidelines to secure the earliest stages of the computer boot process. Commonly known as the Basic Input/Output System (BIOS), this ...

Recommended for you

Android gains in US, basic phones almost extinct

17 hours ago

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Under some LED bulbs whites aren't 'whiter than white'

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...