|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-9058F379-C495-4B22-B270-FF6A80E450B8" xml:lang="en"><title>Device |
|
13 security mechanisms</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <p>The list below contains some common device security mechanisms.</p> |
|
15 <section id="GUID-24AD1095-E039-46B5-A39A-1D814D697DA1"><title>Device protection</title> |
|
16 <p>The Symbian platform is not well equipped to protect against a physical |
|
17 attack (that is, when an attacker has physical access to the mobile device) |
|
18 because access to a device is controlled by the device lock feature, which |
|
19 is often not used. Other external methods of protection, like a PIN code or |
|
20 Subscriber Identity Module (SIM) locking, tend to provide protection only |
|
21 when accessing a cellular network, leaving the information content vulnerable. |
|
22 Without <xref href="GUID-A1ED2377-E196-423F-A5A2-1889C1CC3E05.dita">cryptographic |
|
23 protection</xref>, it is possible to gain access to the device's information |
|
24 storage with hardware-based methods (for example, wiretapping connectors and |
|
25 direct reading of memory chips).</p> |
|
26 </section> |
|
27 <section id="GUID-BE16A5D1-B580-4ED6-82D7-16B33B8EEADF"><title>Device authentication</title> |
|
28 <p>Sometimes, for security reasons, an application needs to identify the |
|
29 mobile device it is running on, for example, to use specific ciphering keys |
|
30 or to apply copy protection. Identification can be done by checking the device's |
|
31 International Mobile Equipment Identity (IMEI) code, which is unique in each |
|
32 device used in cellular networks. To retrieve the IMEI code, you can use, |
|
33 for example the <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/ETel_3rd_Party_API/CTelephonyClass.html#%3a%3aCTelephony%3a%3aGetPhoneId%28TRequestStatus%20%26amp%3b%2cTDes8%20%26amp%3b%29const" format="application/java-archive"><codeph>CTelephony::GetPhoneId</codeph></xref> method. For more information, |
|
34 see <xref href="http://wiki.forum.nokia.com/index.php" scope="external">Retrieving |
|
35 Phone's Manufacturer, Model & IMEI number in Symbian</xref> in the |
|
36 Forum Nokia Developer Community Wiki. There are different APIs for retrieving |
|
37 the IMEI code in different versions of SDKs. Refer to the SDK API or Symbian |
|
38 documentation for the proper method.</p> |
|
39 <p>Another way to get information about the running platform and the mobile |
|
40 device is to use the <codeph>HAL:Get()</codeph> method defined in <codeph>hal.h</codeph> header |
|
41 file. For more information and examples, see <xref href="http://www.forum.nokia.com/info/sw.nokia.com/id/61ae01cb-3c34-47f6-843e-485d4f56409b/S60_Platform_Identification_Codes.html" scope="external">S60 Platform: Identification Codes</xref> on Forum Nokia.</p> |
|
42 <p><b>User authentication</b></p> |
|
43 <p>When powering on the device, the user is authenticated in the <i>operating |
|
44 system level</i> with standard device authentication methods, such as a PIN |
|
45 code and security code requests. However, these features can be turned off |
|
46 by the user and are easily reset with special hardware. If an application |
|
47 needs to authenticate the user, it should be done in the <i>application level</i> by |
|
48 implementing a separate user name/password authentication mechanism.</p> |
|
49 </section> |
|
50 <section id="GUID-962E0183-0CBD-457D-B24C-C0BDB30A58A4"><title>Mobile hardware</title> |
|
51 <p>The Symbian platform attempts to ensure the integrity of data even in |
|
52 the presence of unreliable communication and a shortage of resources, such |
|
53 as memory, power, and storage.</p> |
|
54 <p>The user may detach removable storage media at any time, either intentionally |
|
55 or unintentionally. The platform has a built-in detach handling mechanism, |
|
56 but applications should still be prepared for a sudden loss of storage media |
|
57 to prevent data loss or corruption. To check the type of storage media (removable/fixed), |
|
58 use the <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aDrive%28%29" format="application/java-archive"><codeph>RFs::Drive()</codeph></xref> method. </p> |
|
59 <p>The device may shut down at any time, either by accident or because |
|
60 the battery runs out. Important data stored in nonpermanent memory should |
|
61 be written to permanent memory as early as possible. To query the battery |
|
62 level, use the <codeph>HAL::Get(EPowerBatteryStatus)</codeph> method. For |
|
63 information on how to retrieve system information, see <xref href="http://www.forum.nokia.com/info/sw.nokia.com/id/1bd6bf54-7886-43a5-8335-821bcb603049/S60_Platform_System_Information_Example_v2_0_en.zip.html" scope="external">S60 Platform: System Information Example</xref> on Forum Nokia.</p> |
|
64 <p>Even though internal storage is not physically protected, you can secure |
|
65 memory cards with password protection. If the locking option is used (method <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aLockDrive%28%29" format="application/java-archive"><codeph>RFs::LockDrive</codeph></xref>), memory card contents are protected |
|
66 with a password and cannot be read in any other device without it. Password |
|
67 locking is an extended functionality of the Multimedia card (MMC), and may |
|
68 not be compatible with all hardware and software configurations.</p> |
|
69 </section> |
|
70 <section id="GUID-9058F379-C495-4B22-B270-FF6A80E450B9"><title>Third-party solutions</title> |
|
71 <p>A mobile device can be protected with third-party security applications. <i>Antivirus |
|
72 software</i> can detect and quarantine any viruses that try to access the |
|
73 device, as well as restore infected files. Antivirus software is usually used |
|
74 together with <i>firewalls</i> to observe and protect both incoming and outgoing |
|
75 data connections. This enables monitoring of important data and prevents it |
|
76 from being sent out of the device. Firewall and antivirus software can also |
|
77 be part of an <i>intrusion detection system</i> that notifies the user whenever |
|
78 a malicious attempt is detected.</p> |
|
79 <p>Furthermore, there are applications you can use to encrypt existing |
|
80 files, manage passwords, and store information and data securely (in vaults). |
|
81 You can even cipher information in applications and connection methods which |
|
82 do not initially support ciphering (for example, short message service [SMS]).</p> |
|
83 </section> |
|
84 </conbody></concept> |