Transcript
1
Data Security Issues in the Data Security Issues in the Cellular Revolution- Discretix Cellular Revolution- Discretix
View View
July 6th, 2005Aharon Aharon - Chairman of the Board
2
AgendaAgenda
Corporate overview Product offeringMarket trends and strategySummary
3
ObjectivesObjectives
Cellular data security – what’s all about
Get familiar with the buzzwordsUnderstand possible solutions and their complexityCheck your travel habitsHave some fun
4
Picture 1
Belize a former British Colony, Central America
Similar size to Israel, 270,000 peopleJungles, Rain Forests, Beaches, Islands
5
Discretix at a GlanceDiscretix at a Glance
ProductPortfolio
• Secure Mobile and Secure Flash• Hardware, Firmware, Infrastructure Software, Device Toolkits• Built upon strong intellectual property (15 patents)
• US Headquarters; Fully-owned subsidiary in Israel• Focus on robust security in low resource environments• Strongly financed by tier-one VCs:Founded 2000
6
Baseband & Application Processor / FlashBaseband & Application Processor / FlashBaseband & Application Processor / FlashBaseband & Application Processor / Flash
Discretix TractionDiscretix Traction
CustomerCustomerss
PartnersPartners
SecuritySecuritySpecialisSpecialis
tt
7
Discretix Customers: Worldwide Discretix Customers: Worldwide Devices Penetration (handsets and Devices Penetration (handsets and flash cards)flash cards)
•Flash storage cardssold globally
•All cards formFactors
•Used by key OEMsand retail stores(handsetmanufacturers,carriers. SIs)
•Application Processorand Baseband
• Japan dominance(50% of NTT DoCoMoFOMA, strong in PDC)
•Very strong in Asia•Tier-one Europe
and US OEMs
•Application Processor•SonyEricsson
Smartphones soldglobally
•ApplicationProcessor andBaseband
•50% of Samsungmobile (GSM)
•European andAsian OEMs
•Baseband(GSM, EDGE,WCDMA)
•Sold globally(Sony EricssonSharp, TLC,Amoi,Bellwave, Flextronics,HTC, Lite-On)
In 2006 over 33% of handsets will include Discretix inside In 2006 over 33% of handsets will include Discretix inside
•Baseband (2G,2.5G, 3G)
•50% of Samsungmobile (GSM)
•China, Korea andEurope OEMs
•Embeddedmemeory
•40% of globalembedded flashmarket
8
Picture 2
Guatemala – Tikal
9
Growing ThreatsGrowing Threats
Malicious messaging(SMS/MMS/Java)
Viruses
Handset malfunctioning
Theft and Fraud
Bluesnarfing
Denial of Service
Network malfunctioning
SpamCostly consequences:
Handset replacementsDevice downtime – airtime lostLegal settlements
10
““We chose the EMP U100 platform… for it's We chose the EMP U100 platform… for it's securitysecurity, … , …
and small size.” and small size.” Masafumi Matsumoto, Group GM, Sharp Masafumi Matsumoto, Group GM, Sharp
CorporationCorporation
““We chose the EMP U100 platform… for it's We chose the EMP U100 platform… for it's securitysecurity, … , …
and small size.” and small size.” Masafumi Matsumoto, Group GM, Sharp Masafumi Matsumoto, Group GM, Sharp
CorporationCorporation
It’s time for Security!It’s time for Security!
Security is an essential building blockfor any application
Enables revenue generating applications Prevents revenue leakage
Safeguards against attacks Reduces operational expenses
11
Picture 3
Barcelona - Gaudi
12
Mobile Client Security NeedsMobile Client Security Needs
FirmwareOver The Air
Update
DeviceManagement
Firewall,VPN Anti-Virus
Anti-Spam
EnterprisesMobility
Commerce& Payment
Digital RightsManagement
(DRM)
Device SecurityDevice Security
Phone &SIM Lock
Protection
13
Standards Committees Standards Committees MappingMapping
Carrie
rs
Hard
ware
Ap
plic
atio
ns &
Sch
em
esDRMDRM Commerce/Commerce/
BankingBanking
Motorola, Orange, GEMPLUS,
T-Mobile, Bitfone
Motorola, Orange, GEMPLUS,
T-Mobile, Bitfone
CMLAWarner Brothers,
mm02, Intel, Nokia,
Matsushita, Samsung,
Real Networks
CMLAWarner Brothers,
mm02, Intel, Nokia,
Matsushita, Samsung,
Real Networks
DRMDRM
Vodafone Orange,
TelefonicaT-Mobile
Vodafone Orange,
TelefonicaT-Mobile
Device MgmtDevice MgmtIndustry Bodies
Industry Bodies
14
Picture 4
Costa Rica - Arenal
15
DRM Market Projections
Schemes Current: OMA Emerging: Windows Media, CPRM Future: DVB-H/T, FairPlay
Digital Tech Consulting (DTC): “Some 300 Million Mobile DRM Phones Will Ship in ‘09…,
license revenues from DRM technologies will likely surpass $500 million by 2009.”
Juniper Research projections for 2009: Mobile music market – $9.3B Mobile gaming market – $19.3B Mobile Video market - $5B
16
Phone (IMEI) & SIM Lock Protection
Vodafone (Tim Wright):“Vodafone Group is loosing Euro 150m per year due to device theft problems. Most OEMs fail to implement robust security.”
Vodafone formal requirements:“Device shall support reprogramming protection, SIM Lock and IMEI protection that are of equivalent strength to that provided by appropriate use of hardware security modules.”
17
Simple IMEI and SimLock Simple IMEI and SimLock CrackCrack
18
Commerce & Payment
Mobile phone based services are rapidly expandingPhone embedded security provides smart card equivalent security at a lower costContactless technology drivenLeading services:Felica (Japan)
E-commerce, Transportation, ID authenticationMoneta (Korea)
E-commerce, e-money, m-Bankingpaypass (US)
E-commerce
19
Anti-Virus
The problem is growing faster than expectedKnown viruses to dateSymbian: Cabir, Skulls, Metal Gear, SEXXXY.sis, Gavno.a
WinCE: Duts.A, BradorPalm source: Phage.Dropper
20
Device Management
From OMA DM Specification: “Every session MUST employ robust end-to-end
security between the client and the DM server, including mutual authentication and data encryption, either by using an adequate transport layer mechanism or by implementing application level security.”
“Provisioning, storage and maintenance of the credentials on servers and on devices SHALL be done securely.”
OTAFF prioritiesMaintaining Mobile Device IntegrityFOTA Security
21
Picture 5
Costa Rica - Arenal
22
Security StakeholdersSecurity Stakeholders
Req
uire
men
ts
23
Operators’ Security Operators’ Security RequirementsRequirements
OMA DRM music service
OMA DRM music pilots
Phone theft protection
Over The Air updates
Mobile commerce
IPSec for VoIP
Security cannot be added as a magic Security cannot be added as a magic dust –dust –
it must be part of the phone it must be part of the phone infrastructureinfrastructure
24
Possible Security Solutions Possible Security Solutions
Client security can be:Software onlyCombined software and hardware
“Don't trust magic security words like "256-bit AES.“The devil is in the details, and it's easy to screw up security.”
Bruce Schneier, Oct ‘04
25
Device Security TrendsDevice Security Trends
The market is moving toward more trusted devices, based on hardware security cores
OTA and DM technologies increase handset vulnerabilities
TrustedEnvironment
Symbian security frameworkSymbian standard security hardware interfaceApplication authentication framework
OS
Trusted Mobile Platform Organization specifications for Trusted Device (Based on TCG) by:
Requires a security hardware architectureDefines 3 applicable trust classes
Hardware
26
Why Hardware-based SecurityWhy Hardware-based Security
Extremely hard to create Root of Trust in software
Real key protection can be done only in hardware
Software countermeasures have limited capabilities
Software hacks are easily distributedProtect the device most vulnerable assets:
the firmware and its credential (keys)
Security
User experience is keyOff loads CPU and Bus to handle applicationsImproves power consumptionSoftware overhead cannot enable robust and
secure boot verifications
Resources &Performance
27
Picture 6
Athens – Acropolis
28
Root of TrustRoot of TrustSecret CryptoKey, RNG, Secure BootSecret CryptoKey, RNG, Secure Boot
CryptoCell Modular CryptoCell Modular ConfigurationConfiguration
Hardware Crypto EnginesHardware Crypto Engines
Security Middleware Layer - CRYS FirmwareSecurity Middleware Layer - CRYS Firmware
Software Crypto EnginesSoftware Crypto Engines
SecureSecureStorageStorageSecureSecureStorageStorage
DeviceDeviceMgmt.Mgmt.DeviceDeviceMgmt.Mgmt.
DRMDRMAgentAgentDRMDRM
AgentAgent
IMEI & IMEI & SIM LockSIM Lock
ProtectionProtection
IMEI & IMEI & SIM LockSIM Lock
ProtectionProtection
IPSecIPSec(VPN)(VPN)IPSecIPSec(VPN)(VPN)
Java &Java &STIPSTIP
SecuritySecurity
Java &Java &STIPSTIP
SecuritySecurity
SecureSecureBootBoot
SecureSecureBootBoot
29
Cou
nte
rmeasu
res
Cou
nte
rmeasu
res
Cou
nte
rmeasu
res
Cou
nte
rmeasu
res
CryptoCell™ Security Building BlocksCryptoCell™ Security Building Blocks
SecureStorageSecureStorage
IMEI & SIM LockProtection
IMEI & SIM LockProtection
DeviceDeviceToolkitsToolkitsDeviceDevice
ToolkitsToolkits
MiddlewareMiddlewareMiddlewareMiddlewareSSL / TLSSSL / TLS
WTLSWTLSSSL / TLSSSL / TLS
WTLSWTLSWIMWIM
TokenTokenWIMWIM
TokenTokenCertificateCertificateHandlingHandling
CertificateCertificateHandlingHandling
PKI Engine PKI Engine RSA, ECC, DSS, DHRSA, ECC, DSS, DH
PKI Engine PKI Engine RSA, ECC, DSS, DHRSA, ECC, DSS, DH
Symmetric EngineSymmetric Engine3DES, AES, RC4, C23DES, AES, RC4, C2Symmetric EngineSymmetric Engine
3DES, AES, RC4, C23DES, AES, RC4, C2Hash EngineHash Engine
SHA-1/2, MD5, HMACSHA-1/2, MD5, HMACHash EngineHash Engine
SHA-1/2, MD5, HMACSHA-1/2, MD5, HMACDigitalDigitalRNGRNG
DigitalDigitalRNGRNG
SecretSecretCryptoKeyCryptoKey
SecretSecretCryptoKeyCryptoKey
Att
ack
Att
ack
Resis
tan
tR
esis
tan
tA
ttack
Att
ack
Resis
tan
tR
esis
tan
tHW BlocksHW BlocksHW BlocksHW Blocks
Integrity Integrity ValidationValidationIntegrity Integrity
ValidationValidation
Device Management
Device Management
Hardware Abstraction LayerHardware Abstraction LayerHardware Abstraction LayerHardware Abstraction Layer
Secure StorageSecure StorageSecure StorageSecure Storage Cryptographic SchemesCryptographic SchemesCryptographic SchemesCryptographic Schemes OBKGOBKGOBKGOBKGPRNGPRNGPRNGPRNG
IPsecIPsec(VPN)(VPN)IPsecIPsec(VPN)(VPN)
KeyKeyManagementManagement
KeyKeyManagementManagement
CRYS API CRYS API CRYS API CRYS API PKCS #11 PKCS #11 PKCS #11 PKCS #11 Symbian CryptAlgSymbian CryptAlgSymbian CryptAlgSymbian CryptAlg MS CAPIMS CAPIMS CAPIMS CAPI
DRM AgentOMA DRM v2.0
WM-DRM 10; CPRM
DRM AgentOMA DRM v2.0
WM-DRM 10; CPRM
Java MIDP 2.0STIP
Java MIDP 2.0STIP
Context Management and Input AlignmentContext Management and Input AlignmentContext Management and Input AlignmentContext Management and Input Alignment
OS Abstraction LayerOS Abstraction LayerOS Abstraction LayerOS Abstraction Layer
OpenSSLOpenSSLOpenSSLOpenSSL
30
Picture 7
Rome – Coliseum
31
Market Trends & StrategyMarket Trends & Strategy
32
Handset SalesHandset Sales
684M handsets sold in 2004 Increase of about 30% from
2003
Strong replacement sales inmature markets
Rapid uptake in emerging markets
Motorola, Sony-Ericsson& LG increased market share atthe expense of Nokia, Siemens and Samsung
Chinese, Taiwanese OEMs, ODMs
Q4 '04 Handsest Shipments Market Share
Nokia33%
Motorla16%
Samsung11%
Siemens7%
LG7%
Sony Ericsson6%
Others20%
33
Handsets and Memory TrendsHandsets and Memory Trends
Handsets are driving growth in removable and embedded memoryOver 60% of the phones sold in Europe by 2008 will have a slot for a memory expansion cardBy 2008 typical 3G phone will have 128MB of embedded storage, typical 2.5G phone - 64MBMore than 10% of handsets will include HDDs of 4GB+ (sub 1.8”)Most handsets will support multiple DRM systems for music, video and other content
34
Our VisionOur Vision
2002 2003 2004 2005
Cryptography
Infrastructure Security
Content Security
Infrastructure Security
Application Security
2006
35
Picture 8
Cambodia – Angkor
36
DeviceDeviceHardwareHardwareDeviceDeviceHardwareHardware
EmbeddedEmbeddedSoftwareSoftwareEmbeddedEmbeddedSoftwareSoftware
DeliveryDeliveryMethodsMethodsDeliveryDeliveryMethodsMethodsChargingChargingChargingChargingContentContentContentContent
Alliances Strategy - 1Alliances Strategy - 1
Value chain requires end-to-end solutionsRobust security is the cornerstone of any applicationDRMProtected StorageDevice Management and Over-The-Air updating
Carrier gradeCarrier gradeback-endback-endCarrier gradeCarrier gradeback-endback-end
End-to-end SecurityEnd-to-end SecurityEnd-to-end SecurityEnd-to-end Security ClientClientClientClientServerServerServerServer
37
Alliance Strategy - 2Alliance Strategy - 2
Jointly sell Device ToolkitsEven on ‘competing’ hardware
Technical alliances ‘Intimacy’ with open and real time Operating Systems
Standards CommitteesAct as security advisers
CarriersAssist in security needs definition
38
SummarySummary
SecuritySecurityacrossacross
the entirethe entirevalue chainvalue chain
SecuritySecurityacrossacross
the entirethe entirevalue chainvalue chain
• HardwareHardware• FirmwareFirmware• Infrastructure softwareInfrastructure software• Device toolkitsDevice toolkits
• HardwareHardware• FirmwareFirmware• Infrastructure softwareInfrastructure software• Device toolkitsDevice toolkits
• Minimal BOMMinimal BOM• Highest performanceHighest performance• Shortest time-to-marketShortest time-to-market
• Minimal BOMMinimal BOM• Highest performanceHighest performance• Shortest time-to-marketShortest time-to-market
SuperiorSuperiorSecuritySecurity
withwith
SuperiorSuperiorSecuritySecurity
withwith
CompleteCompleteSolutionSolution
CompleteCompleteSolutionSolution
• Field provenField proven• CertifiedCertified• Implemented in multiple environmentsImplemented in multiple environments
• Field provenField proven• CertifiedCertified• Implemented in multiple environmentsImplemented in multiple environments
39
Picture 9
Vietnam – Sapa
40
Thank you for your attention!
www.Discretix.com
top related