Mobile Device Encryption Systems

The initially consumer oriented iOS and Android platforms, and the newly available Windows Phone 8 platform start to play an important role within business related areas. Within the business context, the devices are typically deployed via mobile device management (MDM) solutions, or within the bring-your-own-device (BYOD) context. In both scenarios, the security depends on many platform security functions, such as permission systems, management capabilities, screen locks, low-level malware protection systems, and access and data protection systems. Especially, the latter play a crucial rule for the security of stored data. While the access protection part is related to the typically used passcodes that protect the smartphone from unauthorized tempering, the data protection facility is used to encrypt the core assets – the application data and credentials. The applied encryption protects the data when access to the smartphone is gained either through theft or malicious software. While all of the current platforms support these systems and market these features extensively within the business context, there are huge differences in the implemented systems that need to be considered for deployment scenarios that require high security levels. Even under the assumption, that the underlying encryption systems are implemented correctly, the heterogeneity of the systems allows for a wide range of attacks that exploit various issues related to deployment, development and configuration of the different systems. In order to address this situation, this paper presents an analysis of the access and data protection systems of the currently most popular platforms. Due to the important influence of the developer on the security of the iOS Data Protection system, we also present a tool that supports administrators in evaluating the right choice of data protection classes in arbitrary iOS applications.