Conclusions

Here I presented the genearal threat model for handhelds and corresponding security policy. Various security components were evaluated with respect to Simputer and PalmOS devices. Passwords are the mainstay of the security hence they must be implemented carefully and perhaps in nontraditional way. The access control can be done innovatively according to the needs of the device as in Simputer. Malignant code can be checked with secure loading and digital signatures. Memories of these devices must be untamperable hence proper security must be incorporated in the hardware. New communication techniques pose an array of Security threats for which appropriate soluitons must be designed. Protocols are designers nightmare constantly posing new vulnerabilities, we can learn a lot from previous failures. Smart cards seems to offer a trusted computing base (TCB) and secure storage for some security critical operations along with added bonus of personalization!

Many embedded devices are presented in the market without evaluating the security aspects. Many security issues dealt here though not exhaustive can serve to evaluate an embedded system holistically to a fair extent. Here is a list of questions for analysing a device's security:

• Does it have a power-on password and is the password verification robust?
• Is there access control for local/ remote operation?
• Is there a way to check Malignant programs?
• Is Strong Encryption available for both wired and wireless links?
• Is Memory properly secured?
• Is there a cyrpto-processor and how vulnerable is it?
• Are the device protocols time/ tool tested?
• Is there any audit mechanism available?
• Does the device have access to updated information?
• Finally, how benign are the business processes running on it?