Tuesday, March 1, 2016

The right to build real security. thoughts on Apple and FBI


Lessons in REAL Encryption

Apple’s Tim Cook versus the FBI is surely the top trending story line in the cyber-security market. The first lesson is the near brilliant PR spin being put forth by Apple. The international press coverage is making it seem that Apple is fighting the good fight and that the iPhone is so safe and secure even the FBI can’t break it (and needs Apple’s help now!). This scenario exposes a major problem with cyber-security and that the supply chain never really tells the whole story.

Apple is not built on an open source model and we are led to believe by them that it is secure. Apple has repeatedly told this story to governments and users alike around the world and it has resulted in huge sales of their market leading product. It is certainly not in their best interest to show the world, even if in the name of of fighting terrorism, that they can provide the “hack” to crack it wide open in just a matter of days. If they can break it then what says the hackers wont stop until they find the same path?  Then what happens?

The Past Provides Guidance

Back in the day I was involved in the development of software to manage self-encrypting hard drives. This was an at the time market-leading technology where the encryption of the data was done by the drive controller. This software helped initialize and setup the user’s password. The most important question we always asked the engineers was “can you break into the system you have just built?”.  

Data at rest is when the system is discovered turned off and is locked (like an iPhone recovered from a crime scene). There are always two discussions when it comes to breaking in to access that data. First is “can you break the system when in use if you infiltrate the setup or during unlock (for example the password was captured/seen when it was being entered”.  The second is “can you recover the system after it is locked?”. 

Two Scenarios  to Consider

Should Apple help to defend the nation if they can? In an ideal world Apple would be happy to have their engineers “help” the FBI all without forcing their hand via the courts. Instead Apple has bent to the marketing challenges that result if their engineers can indeed unlock the phone.  If their engineers unlock the phone we fast gain a better understanding of how real the claims are from Apple that “the iPhone is SAFE”. While Apple fighting this makes for great headlines and online debate  it may come down to them being forced by the courts. If this phone gets unlocked it proves that there is indeed a weakness in the Apple design that needs to be fixed immediately. This is not much different than the Snapchat claims that the messages go away but really did not which resulted in action from the FTC.

Should Apple build solutions even their engineers can’t break?  The answer to this is YES. It is the responsibility of market leading product companies to build great products with valid claims. The technologies exist for Apple to build truly secure phones (and not just marketing spin.).

Data at rest is a simple challenge in a mobile device.  Locking of a phone should be so strong that even the Apple engineers can not break it. In the end this comes down to a political issue. Should citizens have the right to bear military grade technology to protect their rights to privacy and even right to peaceful assembly?  There should not be a back door for the government or even for Apple. The back door is installed by the owner of the device to either manage or maintain their access. Corporate Mobile Device Management is a sanctioned back door. Raise the quality of protection and clearly articulate the risks for the buyer of the device.

 

Security needs to be REAL!

The future designs of these systems needs to reach the point where even the engineers “can’t break” the solution. The SED drives are a good example. The engineers who built trusted drive management software built a solution where if an individual user configured their drive there was absolutely no way to recover if the password was unknown. This is a solution that is present on millions of PCs today. It may be possible to re-flash drive software and disable the locking mechanisms but the encryption keys would be destroyed. Any recovery without hardware modification would be next to impossible. The claim has always been that SED drives cannot be broken by software/malware and that the hardware is tamper resistant. Physically attacking a single chip to break the keys may be possible but would destroy the drive in the process and take a near prohibitive amount of time and resources.  This is what a customer needs to understand when they protect their data with an SED drive.

It is still early in this debate

The changes in devices and how we communicate around the world are changing the network. The result is that the ability to LISTEN is going away…perhaps within a decade if not sooner. This shift is driven by the move to mobile and IoT where the devices connect to services based on identity and the network simply provides transport.  This switch away from the network being smart to the network being just transport will not be comfortable. We will have to find new ways for electronic surveillance and control. It is in our best interest as citizens to constrain government and industries right to listen and watch all the time but we will ultimately need a balance to provide the security and protection we hope for.

Wednesday, December 2, 2015

The best security is security that is embedded from day one



“Consumers don’t care about safety and security.”

Even in today’s worried world where malware or worse is just one click away that sentiment echoed above is all too prevalent. The problem is that it is just not true…at least outside the realm of technology.

Take for instance a car with a five-star safety rating. It clearly has an advantage over a car with a one-star safety rating. Ask any consumer assuming all other items are equal and without fail they choose the five-star rating. The same holds true for many products and services when safety and security are part of the “standard build” of the offering. The pleasure of driving a classic car on the road easily outweighs the risks of driving a 1964 model year car with no safety systems other than the archaic seatbelts that would likely break in any accident. Never mind it is a convertible with no roll bar.  But as a consumer it is not that we do not care about automotive safety but that we simply have no choice with a vehicle like this. The safety systems were not built in and it is not like they can be added.

The user is not only vulnerable but gullible

When it comes to downloading some exciting new app users so often opt to install it with absolutely no regard to security and privacy.  Look at all the Facebook-centric apps that offer to scan your wall and contacts to create some crazy graphic or statistic.  Friends left and right will not only like and share it but opt in for the cool app as well all while ignoring the adherent risks and likely privacy breach.

Computing in its many forms has evolved from something used now and then to a “can’t live without” service. For many years we have had the luxury of ignoring safety and security systems because the loss was just an annoyance but today it stops productivity, communication, and commerce. The risks have grown incrementally since the advent of the PC in the 80’s but have skyrocketed in complexity and severity since the launch of mobile. The market is long past due for security to be built in. The ongoing relationship between the user and their services/devices sets up a dynamic for security to increase the value of that relationship as well. The simpler yet stronger the security becomes the more valuable the services can be that the user takes for granted.

Security is no longer someone else’s problem.  

The best place to protect information is as close to point -of-use as possible. The first line of defense today is the application itself. Apps need to take advantage of the most advanced cyber-security controls available. The protection of keys and encryption are a great first step but what really matters most is the secure creation and consumption of data. Data that is protected end to end and provides the assurance that its integrity and confidentiality are fully intact is critical to the future of computing. The solution exists today with TEE (trusted execution environment) which provides apps with a safe and secure space to process, present, and transmit sensitive data.

Isolated higher assurance computing capability has been around for many years on servers with highly managed operating environments.  Only highly trained operators and isolated known computing  in the form of HSMs (Hardware Security Modules) are allowed to process the most sensitive data assuring that even an admin can’t perform an insider attack.  This HSM model is about to come to the client side with Rivetz providing a new model of computing.  The Rivetz solution provides the app vendor an environment where they can trust that keys and sensitive operations are executed in a measurable space.  The inherent value of integrating trusted computing directly into the application allows the value of the services to increase exponentially. The result will be simplicity for the user and the overall value for the network of users will rise. The return on investment grows as the installed based grows. 

A strategy to implement security is the new norm

Every application vendor today must have a strategy for building and integrating stronger security into their apps while taking advantage of the unique feature sets that different devices have to offer. Technologies that enhance the user experience with seamless security at the forefront will dramatically increase and protect the value of an installed base of subscribers. Built in security is no longer an option but a must-have competitive advantage.

Platform hardware security is available in multiple forms today and yet none has evolved into a new global standard. The result is that app vendors will have to make provisions to support more than one solution on top of the legacy software-only platforms. It is no longer enough to trust the OS vendors to maintain the integrity of the mobile environment. The OS has no liability to their investors or their users if (and sadly more often when) said users data is compromised. Going forward every app must have a strategy to integrate hardware security support lest they be the app that caused the next big data breach.

 

 

Saturday, October 3, 2015

NFC helping to build over the top identity, payment and loyalty

In a traditional payment model the user taps a card on a Point of Sale (POS) terminal.  The full payment is then executed by the terminal and delivered back to the register as a completed transaction.  A market led disruption of this seemingly archaic (and certainly not secure by todays standards) model is fast bubbling up and NFC (Near Field Communication) is sure to play a significant role.

The days of the simple token in the hands of the user (the credit or ID card) is going to be replaced by the smartphone acting as the POS terminal under the control of the user. The monopoly that has long resisted and even prevented change in the payment network has been centered on control of the POS terminal. NFC, connectivity and security residing in the phones will fast change that. As NFC continues to gain a stronger foothold it will provide a simple yet modern way to deliver unique and secured transactions from one device to another while ensuring secured messaging between the devices.

In a modern payment environment the POS device is no longer the only component that is connected to the network. This over the top connectivity brings the potential for huge disruption to the monopoly on terminal networks. The meteoric rise in Bitcoin is a great example of how simple integration of technology into the cash register enables the register to securely initiate and safely complete transactions.  A simple message like “Please send this much money to this address” creates a transaction ID that can then be delivered to a secure smartphone over NFC.  The smartphone presents the transaction for user confirmation rather than relying on the point of sale terminal. The register can then receive a secure message from the public Internet that the transaction is complete and the funds have indeed been transferred, the payment network is no longer needed.

The shift from a network of potentially “hackable” terminals bogged down with PCI compliance to an identity based model with secure signed messages is not only enormously more efficient but far safer. It will open new models and new relationships with the customer.  Moving the transaction system to the consumer has the potential to deliver both privacy and control of “big data” into the hands of the customer.

Once the customer’s device has a direct relationship with the retailer’s systems so much more becomes possible. From basic supply chain integrity as tracking of products from production to consumption becomes practical. With every transaction the user can easily build an inventory of every item ever purchased and know where it was purchased. This can become the consumer’s data and not just the retailers. It is great that Target, for instance, knows how many pens and pencils you have purchased over the years but yet the user (the consumer) does not. Smartphones make possible the real-time collection of their purchase data and systems can then push it to household management programs and more.

A personal register of what we buy is a very powerful set of data and it will need world class protection. Because the user’s device is involved it would be trivial to provide methods for encryption of these data elements so only an authorized device can retrieve and use the data. The users can easily share the keys within a household so that brand preferences and shopping lists and reminders can easily be shared. In addition, when an Item is purchased it can be enrolled within the household’s network of other things. With more devices becoming network aware the process of enrollment can then start at the point of purchase.

NFC is going to play a huge role in this going forward.  These new over the top payment networks will enable a new surge in creativity in how we purchase and interact with retailers. It is time to move away from the idea of payment networks of old and move to a model of transactions, currencies, secure data, and messaging.  Tapping will be how we connect.

Wednesday, September 9, 2015

Mobile Security is a feature every user wants



Today millions of new smart devices include the most advanced state-of-the-art security standards. Every app and service provider should fully exploit the embedded protections delivered by the latest generation hardware.  In today’s mobile market safety, whether that means protection of your identity, your data, your messaging, or your transactions, is on the list of top features that influence the consumer on their mobile phone choices.

There is a strong transition from security being an afterthought to security being built-in.  Built in security delivers safer phones, a core desire for the consumer. Safety as a feature will influence buyers in their decisions and entice users to upgrade earlier. Built-in security technology provides consumers with a higher quality experience and better value in the services offered.   Buyers of technology know that not every device is going to be the same and competition will drive the safety market. For years mobile users have upgraded for better resolution, improved camera functionality, significant memory upgrades, improved touch screens, greatly enhanced audio, and even new and improved case designs or colors. The time is now for consumers to upgrade for better safety.

It is time to take safety seriously

In years past mobile users have felt that safety and security, whether simple passcodes or more advance biometrics or multi-factor security protocols, slows down access.  In enterprise level deployments of mobile technology, it is the oft annoying and cumbersome standards deployed by IT that make user experiences terrible and forces these users to look for shortcuts to bypass the process (and thus exposing that mobile access to the dreaded breach).
The latest generation of mobile technology will greatly improve the user experience and make daily life more manageable.  Safety will be the new standard but not succumb the reluctant user to a series of dreaded steps that forces them to look for shortcuts.  The technologies that will deliver this today include:

TEE (Trusted Execution Environment Embedded Technology)

TEE provides the tools for every app to have secure isolated execution of authentication, authorizations, encryption, and messaging. It prevents malware from stealing the keys that define the user’s identity. Latest generation mobile phones support Global Platform TEE, Trustonic, and/or other proprietary TEE environments.  Rivetz is working to simplify developer’s integration of TEE and give users the information they need to make the right choices. TEE is at the heart of modernizing the safety in devices separating the really sensitive data and process from the flexibility and extendibility of the operating system. TEE provides the model for strong certification and validation of the safety that provides the users with the confidence the solutions achieve the protections they assure.  

TUI (Trusted User Interface)

TUI provides embedded protection for the entry of a user PIN number to lock an identity key to a specific user.  This technology prevents misuse of the user’s credentials in the event that a phone is either compromised, loaned out, or even stolen. TUI is available today on select Samsung phones and is on the product roadmap for many others handset providers. Smartphone buyers today should make this a requirement on their mobile features checklist. This is by far the best cyber identity solution readily available in a device today. Intel is supporting a similar feature in their Ultra-books but, in current form, has limited interfaces.
Secure Display is another feature of TUI that ensures what is displayed on the screen actually came from the app and is not compromised by malware. It assures that what you see on screen is the actual message/content that will be safely delivered. This is ideal for private messaging, payments, and identity management.

Biometrics

This is the best marketing feature on a phone because you can actually touch it and see it work! There is still much work to be done in biometrics to deliver on the promise of true safety. In today’s environment a Trusted User Interface secure PIN is far stronger but in time biometrics will catch up. Features like hardware matching, Secure Sensor path, and liveness detection will continue to evolve over next generation devices. The same will be true for facial recognition where a camera in the device will be required to assure the images came from the sender and not compromised by malware.

NFC (Near Field Communication) and BLE (Bluetooth Low Energy)

While technically speaking not a security technology per se NFC and BLE both can be used for the delivery of data and credentials over a short distance. Providing the user with a simple physical representation of the safety that smart devices can deliver. Simple identity can be more private, personal data can be protected, Real identity can be assured, and secure sharing is possible. Secure devices are not only holders of secure data but also the receivers of that data providing protection for a full transaction.  Every app should embrace simple NFC support for loyalty, identity, form fill, and SIMPLICITY. Devices that embrace NFC and BLE provide the first effective mobile Identity interface.

Final Thoughts

Not every mobile phone will have every feature illustrated above.  Utilizing key aspects of some or even all these advanced safety features will fundamentally shift user’s habits. Evolution in technology does not happen overnight but the mind shift towards simplifying yet strengthening security and safety requires market leadership to not only embrace safety but drive safety and market safety.


Safety first will require everyone to participate and provide a strong market differentiator for those who lead. Manufactures need to embed the technology at the chip level. Marketers need to position and sell the safety benefits to the user.  And, App developers need to fully exploit the safety made possible by this built-in technology. Users will fast learn to appreciate the result and expect nothing less.  Collectively this will make the global markets safer while derailing the disruptions caused by malware. 

Sunday, April 26, 2015

What is Trustless?

Shelly riffs off what many others have identified as the true innovation of Bitcoin, the Block Chain. We see here the recurring role of the Internet to co-opt entire institutions and their function, but this one is trickier. The essence of the innovation requires that no one company, government or cabal be leading the charge.

Amazon upended book stores (and, yes, pet food delivery). Wikipedia outclassed the Encyclopedia... The Block Chain can replace contracts and transactions, but only by virtue of there being no "Block Chain, Inc". The promise is to replace trust in institutions with trust in mathematics. Essentially, cryptographically signed data, corroborated by an unassailable network of globally peered servers, replaces transactional fact recorded on paper in a cabinet in a legal office.

Society can gain incredible efficiencies from this (though I suspect that dis-intermediating lawyers is going to be even harder than the long running campaign to modernize media distribution.) It is envisioned that machines could contract with other machines. International trade barriers could crumble.

It is not, however, a "trustless world." Our trust shifts. To interact with the Block Chain we need to employ devices that perform the requisite math. We have to trust our "terminals" to deliver our instructions to the Internet. Devices become our trusted partners. 


Friday, February 27, 2015

Demo of Rivetz with BitPay

This demo uses two Galaxy 4 phones. One set up as a BitPay Point of Sale terminal. The other equipped with Rivetz and our demo wallet app Rosie. Bitcoin held in the secure hardware of the device is used to pay for a small charge. Trusted User Interface ensures user confirmation


Thursday, February 26, 2015

Rivetz chooses Intercede’s MyTAM service to secure Bitcoin wallets and e-commerce transactions

PRESS RELEASE

Lutterworth, UK/Boston, MA – Cybersecurity expert Intercede today announced that app development toolkit provider Rivetz has signed up to its MyTAM service to protect customers’ Bitcoin wallets, e-commerce apps and messaging services on the Android platform. By loading an app into the secure Trusted Execution Environment (TEE) already present on many leading devices, the app, along with data and transactions made by it, is protected against threats that may be present on the handset. 

The Trustonic TEE is a cryptographically locked, secure operating environment built into many leading Android devices at the point of manufacture. It protects applications and their associated content from malware, man-in-the-browser and other forms of software-based threats that are potentially active on devices.

By adopting Intercede’s MyTAM service, Rivetz’s development toolkit provides app developers with a simple-to-integrate tool for the storage, use and protection of private keys in the TEE. Rivetz customers are already using these tools to secure Bitcoin e-commerce platforms, benefitting from a model where security is built in. The Rivetz toolkit provides protection of the private keys and full use of the Trusted User Interface for the wallet apps. This end-to-end protection of transactions offers users the assurance that mobile transactions with cryptocurrency are secured.

The security of mobile banking and financial services is of great concern to the public, with an Intercede survey of 2,000 UK consumers in 2014 finding that 53 percent would never use mobile banking services due to a perceived lack of security.

Intercede CEO Richard Parris said: “Intercede is leading the way in enabling developers to protect their apps, and transactions made by them, on the Android platform. By using MyTAM to secure Bitcoin wallets in the TEE, Rivetz offers peace of mind to customers who are concerned about cyber- criminals stealing their Bitcoin assets.”

Steven Sprague, CEO of Rivetz, added: “By teaming up with Intercede and Trustonic to take full advantage of the TEE, we are offering our customers the opportunity to leverage the most advanced cybersecurity tools available to protect their services and offer end users a simple to use and very safe environment for e-commerce, messaging and storage.”

Intercede’s MyTAM service enables organisations - such as app developers, service providers, banks and media streaming companies - to load apps into the TEE, and runs on Intercede’s established market-leading security platform, which is already used by some of the world’s largest enterprises and public sector organisations. It provides a scalable and cost-effective solution for any size of deployment, from enterprise apps with thousands of users to consumer apps with millions.

ENDS

About Intercede:

Intercede is a software and service company specialising in identity, credential management and secure mobility. Its solutions create a foundation of trust between connected people, devices and apps and combine expertise with innovation to provide world-class cybersecurity.

Intercede has been delivering solutions to high profile customers, from the US and UK governments to some of the world’s largest corporations, telecommunications providers and information technology firms, for over 20 years.

Intercede’s MyID software is an identity and credential management system that enables organisations to create and assign trusted digital identities to employees, citizens and machines and in turn allows secure access to services, facilities, information and networks. MyID adheres to international standards, while remaining simple enough to be deployed onto consumer devices such as smartphones, tablets and other devices in the Internet of Things.

In 2015 Intercede launched MyTAM; enabling trusted applications to be loaded into a mobile device’s Trusted Execution Environment (TEE), providing hardware-level security for Android apps. The cloud-based service provides a cost-effective and convenient way for developers and corporations to protect their apps and users’ sensitive data.

For more information visit: www.intercede.com

About Rivetz
Rivetz Corp. (
www.rivetz.com) is focused on solving problems associated with consumers’ relationships with financial and other online services. Rivetz provides a safer and easier-to-use model for all users to protect their digital assets and online transactions using hardware-based device identity. The device plays a critical role in automating security and enabling the controls that users need to benefit from modern services. Rivetz leverages state-of-the-art cybersecurity tools to develop a modern model for users and their devices to interact with services on the Internet.

For more information, visit www.rivetz.com

About Trustonic
Trustonic integrates hardware-level security and trust directly into the devices through which we access today’s connected world. Trustonic simplifies user experiences in everything from mobile shopping and Internet banking to entertainment to collaborating in the workplace.

Trustonic technology is embedded in over 350m smart connected devices, and partners with market leaders such as Samsung, Qualcomm, Symantec, Gemalto and Good Technology. To learn more about Trustonic and how it’s making your connected world a better place visit us at www.trustonic.com


###
ENQUIRIES
Babel PR for Intercede:
Chris Donkin, Campaign Manager
T. +44 (0)207 434 5550