ARM Holdings’ recent deal with Giesecke & Devrient to develop a multi-layer security architecture may sound like a pact with little impact on smartbook realms. After all, ARM already offers its Trustzone security environment to go from tamper-proof circuits at the physical layer to IPsec at transport layer. Why would the addition of G&D’s Mobicore OS mean much to mobile devices? Doubters, I have a word for you: Cavium.
When Cavium Networks launched its processor business six years ago, it was hoping for a secure network-processing business at the core of transport networks, for routers and switches and packet inspectors, oh my. As it turned out, its multiple layers of encryption and trust became a model for other standard microprocessors. When combined with the trusted-domain work of the Trusted Computing Group, the security processor became a general IT model.
It’s about time. For three decades, through debates over public-key encryption and the Data Encryption Standard, through the rise and fall of Pretty Good Privacy, through hundreds of publicized hacker attacks ranging from lone rogues to major nations, security experts have tried to lecture companies about the necessity of inherently secure architectures. Only in the last five years or so have they been treated seriously.
In many respects, the mobile client must be a site of security enforcement even more than the enterprise data center. Mobile clients create ad hoc links to a Virtual Private Network through transient Wi-Fi or Bluetooth connections. Newer mobile clients will rely on cloud-based OS environments like Chrome, where almost no storage of applications takes place locally, and the vast bulk of data, perhaps sensitive data, must traverse the cloud. The graphic above, from VoIP security expert Sipera, shows just a few of the potential insecure points in a mobile network.
If we listen to the promises for Near Field Communications touted by the NFC Forum, embedding NFC wireless controllers into a smartphone or smartbook will raise security concerns yet again. Hardware standards for the SIM portion of NFC have been adopted by Global Platform, the smartcard coalition, an organization which ARM recently joined.
In the NFC/Global Platform model, the handheld device could be the primary transaction-processor for credit cards and micropayment data. While the NFC model assumes banking establishments will take primary responsibility for verifying the node called a Secure Element within a smartbook, credit-card providers will pressure manufacturers to make sure the hardware is secure on at least five communication layers, and perhaps secure up to and including the application. The G&D Mobicore fits nicely within the NFC architecture, since a second virtualized operating system is created within the handheld device to handle secure transactions.
So you think ARM Trustzone and G&D Mobicore is tangential to mainstream smartbook interests? Au contraire. Don’t leave home without it.
Loring
