Device-level security continues wireless growth

Until recently, a mobile device like a cell phone or smartphone was a virtually closed system. Now, many of the new smartphones, wireless personal digital assistants (PDAs) and other such mobile devices are approaching the openness of personal computers (PCs).

However, increasing openness means increasing security vulnerabilities. Chinks in the security armor can be introduced through new applications like microbrowsers that access the Internet, global positioning systems (GPS) for location-based applications, instant and multi-media messaging, and others. And, the integration of multiple wireless technologies like GSM/GPRS, Bluetooth and 802.11 wireless local area networking (WLAN) further complicates the security problem at the device level by offering new avenues of entry to hackers, viruses, identity thieves and content pirates.

Security software developed to run on a PC or server does not transfer very well to mobile, battery-operated handheld devices like cell phones or wireless PDAs. In addition, the computing and communications resources of mobile devices can be pushed to the limit by even the simplest PC security software because security programs are, by necessity, computationally intense.

As a consequence, manufacturers are finding that securing a mobile device effectively requires more than just loading more security software onto the system.

Until recently, most security systems addressed only two of the higher layers in computing and communications systems, the operating system (OS) and application layers. High-level OSs and associated middleware have provided security protection through functions such as software authentication, cryptographic software libraries and support for authentication and communication protocols. At the application layer, software developers have developed a host of security applications like encryption techniques, anti-virus protection, public key infrastructure (PKI) routines, certificate management infrastructure, authentication, virtual private network (VPN) client security and various biometric applications like fingerprint sensors and others.

Despite the wealth of security at the higher layers, another layer of security is needed for effective and efficient mobile device security. This third layer is on-chip or hardware-layer security that complements and empowers the layers above it while ensuring that all of the security features of a mobile system achieve their goals for speed, low power consumption and strong protection.

At the chip layer, certain foundational security capabilities can be embedded in hardware and not only better protect the device, its content and its operation, but also enhance the satisfaction and experience of the user. By embedding certain basic security algorithms in hardware, the demands for processor cycles placed on the system's host processor can be minimized. This would free up headroom on the processor to run other applications simultaneously while dramatically reducing power consumption.

In addition, the mobile device would be more secure because embedding security in hardware removes a set of vulnerabilities from systems that otherwise would rely solely on software security for their protection. It stands to reason that a mobile device with hardware and software working together to protect the its resources, operations and stored data would be more secure than one that has only software security programs.

Beginning at the most fundamental level of a mobile system - boot and flash storage where basic OS software integrity is maintained - on-chip or hardware-based security would reach up throughout the higher levels of the system and protect all of the critical functions of the mobile device. The following are some of the on-chip security functions that would protect the mobile device and lead to the perception of a "trusted" terminal.

Secure flash loading could involve mechanisms like an on-chip PKI authentication and integrity check of the flash loader whenever it is engaged. This builds in tamper resistance for critical software from the device manufacturer or service provider because only the manufacturer, service provider or an authorized party could load "authorized" code into flash or change programs that had been stored at the time of manufacture.

In addition, built-in security checks that are engaged every time the mobile device is turned on would verify that the device, its software and its resources have not been tampered with or altered in any way. On-chip PKI authentication and integrity checks of the bootloader during the booting-up process would ensure that only "authorized" code (provided and certified by the manufacturer or service provider) is used to boot up the system. Reaching up to the application layer, a secure bootloading process would mean that only "approved" drivers could be associated with applications, eliminating the possibility that a rogue driver could infect the system.

A secure execution environment would mean that only "trusted" code could run on the mobile device. Here again, an on-chip public key verification process forms the foundation for ensuring the authenticity of code before it is executed. Code stored off-chip from the system's processor must be decrypted and authenticated before it is executed. Other aspects of secure run-time operations include write-protection for boot sector storage and especially for critical software like the communications protocol stack, as well as shared memory space. Another potential gap in a secure execution environment can be closed by disabling all of the system's debug processes before the mobile device is shipped by the manufacturer.

With a hardware-based cryptographic engine and security accelerators, real-time encryption and decryption at data rates comparable to those of wireless local area networks (WLAN) is possible.

At the heart of every cryptographic engine is a random number generator (RNG). The RNG generates session keys that secure many aspects of the system's operations and communications. By implementing the RNG in hardware rather than a software-based pseudo-RNG, the mobile device is provided true randomness which is a prerequisite for robust security. In addition, a hardware RNG will execute much faster and consume less power than a software pseudo-RNG.

Accelerators for standards-based security operations such as DES, Triple DES, SHA-1 and MD-5 can be built into chip-level hardware to speed up security processing. In fact, a digital signal processor (DSP) executing public key client authentication and signing tasks can accelerate these processes by as much as 2.5 times over today's software-based methods.

Sunil Hattangady is Program Manager, OMAP Wireless Security at Texas Instruments, Inc. (Dallas, Texas)