Discretix’ Hagai Bar-El will present an internal information security services framework for vehicular environments. The frame-work consists of a logical toolbox a set of logical modules that are installed in a variety of embodiments (e.g., controllers) and which provide security functionality that vehicular applications often require. The framework also includes several enablers, which are higher-level security functions that are integrated into vehicular applications. These enablers use the aforementioned tools to provide for many typical use-cases, such as secure logging, secure code update, and secure feature activation. The purpose of the toolbox is to provide some of the common security functions at the highest e ective abstraction level, and to implement these functions securely in well suited environments. This detachment of security functions from the applications that use them shall allow vehicular application developers to reduce the breadth of security know-how that they shall possess, as well as to reduce the attack surface of their applications.
Posts Tagged ‘DRM’
Intra-Vehicle Information Security Framework – 7th escar conference
Monday, November 23rd, 2009The need for content and platform protection and the “cost” of poor security
Thursday, November 12th, 2009Recent reports indicate widespread pirating of iPhone games.
Piracy is a fact of life, however at these levels its places a massive question mark over the viability of mobile game developers. When properly implemented digital rights management (DRM) is effective in ensuring a sustainable business for the developer community, offering attractive usage models and encouraging the legal usage of the content.
In order for DRM to be effective it must be incorporated into the device from the ground up. DRM needs to have a “root of trust” in the application processor hardware, moreover the DRM application must be tightly integrated into the device OS. The device firmware and OS should also be better protected, with verification mechanisms, deployed at boot and run time. These embedded security mechanisms together with secure execution environment, secure key storage and robust crypto engines will also limit “Jailbreak” attacks.
It is estimated that the cost of fixing a security problem grows by a factor of 10 for each successive phase of the product life cycle. While eliminating security breaks entirely is close to impossible, designing security into the system from the start creates a solution that is far more effective and ultimately significantly cheaper in the long run.
iPhone doesn’t neither does Droid
Monday, November 9th, 2009Verizon are doing level best to expose the weaknesses of the iPhone in the current “droiddoes” campain. Both the Apple iPhone and Motorola Droid devices are packed full of features, but both do not do security. The ability to install applications on the device – something common to all smartphones – comes with huge security risks, for individual subscribers, service providers and enterprises.
Limiting subscribers to downloading applications from approved app stores, certainly mitigates some of the risk. However there are several well known and freely available cracks online that will effectively bypass almost any restrictions and protection mechanisms.
Just in case the simple man on the street felt he had nothing to lose, vulnerabilities of the operating system pose other threats, placing the end-user at risk. Viruses and the trojan horse can reveal and/or modify personal information. These viruses can grab personal payment information such as credit card numbers, illegally obtain contact information from our private phone book stored on the mobile phone, and access our home network using a mobile device’s WiFi capabilities.
As smartphones become more prevalent and entrenched in our work and home lives, their security requirements increase as well. Without such safeguards in place, people will never feel safe using smartphones, thereby preventing these powerful innovations from ever reaching their full potential.
Welcome to Discretix’ Blog dedicated to embedded security
Tuesday, October 27th, 2009Since Discretix was founded the world of embedded security has evolved and grown in ways that few thought possible. Embedded security cuts across a wide spectrum of markets, playing a critical role in their development. As the market continues to evolve at a rapid pace, this blog will allow us to share relevant information, news and announcements with our customers and partners. We welcome your feedback and comments and look forward to being part of a productive dialog about the issues facing our industry.
