Mobile Handset Security: Securing Open Devices and Enabling Trust
By David Rogers, Industry Relations Manager, OMTP Limited
As open mobile terminals become more prevalent across the user-base, developers want to be able to create innovative applications with access to all the features of the handset. Finding a balance which allows developers to cultivate the mobile community, yet which prevents malicious actions by a minority is a difficult yet necessary task.
DRM Implementation on Symbian 9.x Platform
By Motty Alon, Software Products Line Manager - Discretix
Presentation given at the Symbian Smartphone Seminar, October 2006.
A Foundation for Secure Mobile DRM Embedded Security
 By Craig Heath - Symbian, Alexander Klimov - Discretix
Digital Rights Management(DRM) is a compelling reason to enhance security of mobile phones against attacks by the phone holder. DRM systems allow content owners to specify and control the usage policy for their content; such systems are crucial for the entertainment industry and for secure information handling in corporate environments.
Challenges in Designing Content Protection Solutions
By Hagai Bar-El
This essay lists some of the challenges that are encountered when developing content-protection
products.
The focus is on the "designing" part, rather than on general difficulties of content protection,
such as: legal issues, scheme design issues, fair-use issues, marketing issues, user
acceptance, moral considerations, etc. Enough can never be written on all these subjects,
although more than enough has already been. In this essay, I deal mostly with the decision
points and the difficulties that are encountered by someone who tries to make a living off
designing and implementing content protection products. Our main focus is security.
The Sorcerer's Apprentice Guide to Fault Attacks
By Hagai Bar-El, Hamid Choukri, David Naccache, Michael Tunstall, Claire Whelan
The effect of faults on electronic systems has been studied since the 1970s when it was noticed that radioactive particles caused errors in chips. This led to further research on the effect of charged particles on silicon, motivated by the aerospace industry who was becoming concerned about the effect of faults in airborn electronic systems. Since then various mechanisms for fault creation and propagation have been discovered and researched. This paper covers the various methods that can be used to induce faults in semiconductors and exploit such errors maliciously. Several examples of attacks stemming from the exploiting of faults are explained.
Finally a series of countermeasures to thwart these attacks are described.
Security Made Solid with Non-Volatile NOVeA - A Virage Logic white paper
By Ophir Shalitin
The increased interest in security stems from two main factors: First, the need to reduce
threats and damage resulting from security breaches and second the opportunity to deploy
new revenue-generating applications.
Challenges of Standardizing Renewable Broadcast Security
By Hagai Bar-El
An important component of a secure broadcast scheme is a renewability mechanism.
This mechanism enables the system to cope with successful attacks that are
widely perceived to be inevitable. When standardizing a broadcast security
scheme one needs to address not only the technical issues, such as secure
delivery and update, but also the conceptual difficulty of overcoming the
inherent unsuitability of standardization processes for providing timely
response to attacks. This paper discusses some of the challenges of both types
and suggests ways to overcome them.
Secure Flash Card Applications Hit the Horizon
I.Q. Information Quarterly
New high-processing-power flash-card applications require a high level of
security as well as high performance. This leads to a disruptive change in the
architecture of the flash card and USB drive.
End-To-End Security for Firmware Updates - Whitepaper, v1.1
(An OTA Flash Forum White Paper)
To ensure successful firmware and feature updates, an operator's network must be secure from end-to-end and include secure sessions between each network element. Protection of corporate applications, network elements and devices is very important. This document discusses end-to-end security and considers all network elements involved in firmware updates.
Securing New Revenues through Secure Storage
In the mobile space, even the base-line handsets support new, more advanced applications that require protection. These applications range from entertainment-oriented ones that enforce copyrights to personal secure storage that protects sensitive user information from prying eyes. In addition, high-end phones and Smartphones may be used for corporate communication, carrying sensitive corporate information that must be well protected.
Mass storage devices gain increasing popularity with average capacity per device growing steadily (to over 300 Megabytes in 2007). As with handsets, these devices must also protect sensitive consumer or corporate information they carry.
DRM ON OPEN PLATFORMS - MAY BE POSSIBLE AFTER ALL
An essay presented at the 2nd IEE Secure Mobile Communications Forum, September 23, 2004.
The essay, jointly written by Hagai Bar-El & Yoav Weiss, describes the minimal changes required for a typical open platform to make it capable of running DRM schemes securely, without violating its essential openness properties.
Firmware Update Security
The Need to Protect Updates - A presentation by Hagai Bar-El, Discretix's Information Security Analyst, given at the The OTA Flash Forum Meeting, August 20, 2004
- Protecting update files
- The need for receipts
- Biggest challenges
Downloadable Content - Security and Robustness
Downloading mobile applications carries a serious security risk, read how a combination of OSE's real time operating system and Discretix's CryptoCell can be used to protect the stability and reliability of the mobile device.
Security Implications of Hardware vs. Software Cryptographic Modules
Cryptographic modules can be implemented either by hardware or by software. Whereas software implementations are known for being easier to develop and to maintain, when it comes to cryptographic modules or security-related applications in general, software implementations are significantly less secure than their hardware equivalents. The reason for this is mostly the fact that software solutions make use of shared memory space, are running on top of an operating system and are more fluid in terms of ease of modification.
Strength Assessment of Encryption Algorithms
This paper presents the results of a study undertaken to research some of the most commonly used encryption algorithms firstly to identify as many of their weaknesses and vulnerabilities as possible, and secondly to identify the aspects of these weaknesses that can be avoided by correct implementation.
Using Public Key Cryptography in Mobile Phones
As mobile networks expand their bandwidth, mobile phones, as with any other Internet device, become substantially exposed to Internet security vulnerabilities. Public key cryptography is a primary concept in implementing wireless device security. Many papers have been written about public key infrastructure, this paper does not delve into the deeper mechanisms of PKI. Instead, it describes the applicative use of PKI in current and future mobile phone applications, and shows how Discretix CryptoCell efficient, lightweight and standard-compliant implementation of cryptographic algorithms, enables wireless devices to become PKI-enabled.
Introduction to Side Channel Attacks
This document introduces Side-Channel attacks and is intended to assist in the decision making of how to protect cryptographic modules against such attacks. The document is divided into two parts: The first part presents Side-Channel attacks and provides introductory information about such attacks. The second part presents known methods for protection against such attacks with a brief effectiveness assessment, if such is available. This document is mainly intended for people who are considering the use of cryptographic modules and who need to compare several options with respect to their security.
Known Attacks Against Smartcards
This document analyzes, from a technical point of view, currently known attacks against smart card implementations.The purpose of this analysis is to give the necessary background for the assessment of the mechanisms that can enhance the security of smart cards. This document is mainly intended for people who are considering the use of cryptographic modules and who need to compare several options with respect to their security.
Cryptographic Hardware and Embedded Systems
(Discretix innovation and enhanced Montgomery Multiplication.)
During CHES* 2002 conference, Session 2: Finite Field and Modular Arithmetic 1, at the Cryptographic Hardware and Embedded Systems conference, held in San Francisco Bay (Redwood City) U.S.A , Prof. Shay Gueron, Discretix' algorithm group manager, presented the principals behind Discretix innovation and enhanced Montgomery Multiplication.
|
