Overview
Français
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Virginie GALINDO: Standard expert &&&&&&& Innovation, Gemalto SA, La Ciotat, France
INTRODUCTION
The world of cell phones is constantly evolving, in terms of the players involved, the technologies involved in manufacturing mobile equipment, and the business models it enables. In just a few decades, the cell phone has gone from being a simply practical tool, enabling us to receive and make phone calls while on the move, to a tool for work, social contact and managing our daily lives. The use of this object has been democratized, reaching a penetration rate of 50% in Europe in 2015 according to eMarketer, inducing new behaviors in users. Who would have thought that we could make a bank transfer from a cell phone, or book a vacation, by entering our credit card details on the same object, sometimes in a public place? So it's worth asking ourselves how much we can trust it. How can we assess the level of security of such a technological object? How can conventional cell phone architectures secure the deployment and use of mobile applications? In this article, we cover the issues surrounding security in advanced cell phones (known as smartphones). We cover the economic and technological aspects, and draw on advances in standardization work relating to the component and application domains that enter into cell phone usage.
We begin by detailing the sensitive uses of smartphones. We list the various economic players present on the market, as well as the technologies they promote. To better understand the need to protect smartphones, we outline the possible risks and vulnerabilities associated with the use of mobile applications. After outlining the architecture of a cell phone, we cite the technologies implemented in cell phones to enhance confidence in this equipment. We take a detailed look at the mechanisms of runtime environments, guaranteeing a degree of control over the runtime environment of advanced mobiles such as Android or iPhone. We then review the list of technologies that, when integrated into a mobile, can act as security relays, such as secure chips (SIM cards or embedded secure elements) or Trusted Execution Environments (TEEs). Finally, we identify new trends in technology and usage, which represent the challenges of tomorrow's connected world.
A glossary of the main terms used is provided at the end of the article.
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Cell phone security
Market and players
Bibliography
- (1) - The trusted execution environment delivering enhanced security at a lower cost to the mobile market. - Livre blanc édité par GlobalPlatform.
Also in our database
Software tools
Source code for a TEE on Linux using ARM ® TrustZone ® technology (compatible with GlobalPlatform TEE System Architecture specifications) https://github.com/OP-TEE/optee_os
Events
TEE Seminar (annual seminar organized by GlobalPlatform, bringing together all players using TEE technology) http://www.teeseminar.org/
GSMA Mobile World Congress (annual international trade show organized by the association of cell phone operators) http://www.mobileworldcongress.com/
...Directory
EuroSmart smart card manufacturers' association http://www.eurosmart.com/
Organizations
National Agency for Information Systems Security http://www.ssi.gouv.fr
SIM Alliance http://simalliance.org
GlobalPlatform http://www.globalplatform.org
...
The Ultimate Scientific and Technical Reference
