Motivation of the project
In the last years, mobile phones and other mobile devices have become more and more our companions and belong to the working equipment of many people. In many areas of our business and private life, various activities are not possible any more without mobile phones. With this trend, a stronger complexity of systems goes along, which influences the security and trustworthiness of mobile systems. The end user expects that data and communications channels are protected from unauthorized access. Such security requirements can only be satisfied if the mobile device makes available prerequisites for securing such a channel appropriately.
However, from the perspective of service providers, operators, and manufacturers, mobile phones operate in "hostile" environments. Under some circumstances, the end users, for example, may be interested in manipulating the functionality of the device in order to commit fraud, depending on the their intentions. For example, stolen devices may copy data encrypted via SSL or VPN technology trustworthily and securely, but these data may be forwarded to an attacker by manipulated software. This way, an attack, which is interesting for industrial espionage, might be possible.
The market demands increasingly integrated solutions, which are more complex due to the challenges to be addressed. On the other hand, these solutions are subject to a strong cost pressure. Flexibility and reuse of applications and modules is an important factor here. In particular, this applies to IT security. Security as a service is an important prerequisite for reuse and quality.
VOGUE concentrates on the development of an integrated security platform which allows mobile devices to access different IT systems in a trustworthy manner such as applications spanning whole supply chains and enterprise networks. Such a platform consists of soft- and hardware. The solutions to be implemented shall use the standards of Trusted Computing, which describe at their heart a trust anchor. VOGUE is based on the hardware properties of Trusted Computing and mobile devices and makes available a software architecture, which helps to achieve stronger trust in the devices by the service providers. The security mechanisms can be used on different mobile platforms. In particular, SMEs will have methods and tools at hand which sustainably increase trust of possible customers in novel sensitive applications by means of the results of the VOGUE project. With the help of the scenario "Mobile access of an external to an enterprise network", the increased security provided by the VOGUE solution will be proven.