Five basic requirements for mobile security and privacy

Security is a basic feature of any public communication infrastructure whether fixed or mobile; it must provide user confidence and economic opportunity and must protect the values of society. Security of information and communications plays a fundamental role in ensuring that citizens realise benefits from these services. Security establishes a proper environment for the protection of privacy and confidentiality for the conduct of all aspects of personal, economic and administrative activity carried out over networks.

The potential for mobile commerce to develop as a new and additional economic sector emphasises the need for security and privacy. Free flow of trusted commercial data over mobile communication networks provides new opportunities for economic activity. Furthermore, commercial users need to be able to establish trust between themselves and the entities - human or automated - in organisations with which they are doing business.

Already most communication of sensitive data on fixed networks is subject to some protection. However, because of the dynamic topology and connectivity, security is fundamental to the successful operation of all aspects of wireless systems and must be given consideration in all new research and development undertakings in this field. It must be an essential part of the architecture in terms of placement of functionality, protocols and mechanisms - what goes on where and how.

The following standard security issues need to be addressed in many new contexts.

1. Privacy: keeping information confidential; preventing disclosure to unauthorised users.

2. Access control: permitting only authorised users to access specified information and services.

3. Integrity: providing assurance that information has not been tampered with during handling.

4. Authentication: providing proof of the credentials [1] of the originator of information or a participant in a service.

5. Non-repudiation: preventing a participant in a service or transaction from denying having taken some specific action.

Security for Mobility Chris J. Mitchell 2004