NIST on securing mobile devices
This is a very technical draft paper concerned with trusted computing on mobile devices such as smart phones and notebooks. I suggest reading the Abstract first. There, the authors write and I quote: “Many mobile devices are not capable of providing strong security assurances to end users and organizations. Current mobile devices lack the hardware-based roots of trust that are increasingly built into laptops and other types of hosts.” (end_quote). As examples of mobile devices, the keywords include: smartphone and tablet.
It’s a draft document and NIST are inviting comments: “NIST requests comments on draft NIST SP 800-164 by December 14th, 2012. Please submit all comments to 800-164comments@nist.gov.” [9 days left].
The essential section for me was section 4 on roots of trust. This draft document, in my opinion, provides a counterpoint to those who say that BYOD in the company is just a fact of life …
My assessment: Doing a clean install of Linux on a desktop or laptop computer from trusted media (where digital signatures are validated) provides a higher level of assurance than the new world of smartphones and related mobile gadgets.
