End-user security in mobile telecommunications: Policy perspectives anda research agenda

Abstract

The recent advances in mobile technologies have brought about increased functionality, however this increased functionality in turn increases the vulnerability of mobile networks, services and users. In such an environment supplying secure mobile services requires a high degree of coordination among a variety of industry players including equipment manufacturers, application developers, operating system developers and service providers. The scale of the challenge can be assessed by merely observing the difficulties faced by administrators of fixed organizational networks in their attempts to maintain virus-free networks in a context where the end users are to some degree under their control. In this light it is easy to imagine that providing secure services to end users in a highly decentralized public mobile network environment will certainly be a challenge. The complexity such services entail raises questions about whether or not service providers will be able to deliver and even more challenging offer security quality of service guarantees. Whether or not secure mobile services will be offered is a function of both supply and demand. While certain measures can be taken to assist the traditional market mechanisms that face challenges when high degrees of coordination are required there may also be a role for public policy. As both a component of critical infrastructures and as a licensed use of the public spectrum with public interest obligations, there may be a basis for public policy mechanisms to be employed to facilitate the supply of such services. In this paper we address these issues by first exploring factors affecting the supply and demand of security technologies and services. This is followed by a review of the policy context and recent developments in the U.S. and Europe. Information from these synopses are then combined with findings from our companion report "The Delft UMTS Testbed and End-user Security Features: to suggest a research agenda that if implemented will answer fundamental questions concerning the future of end-user mobile security.