feature article
Subscribe Now

Mobile Lockdown

Securing the Wireless World

In 1979, I was pretty sure I could unplug a phone in the top floor of a 7-story building, throw it out the window, go down and pick it up from the sidewalk, carry it into a different building, plug it in, and get it to work properly on the first try.  I’d pick up the receiver, hear a dial-tone, punch (or dial) in the number of my buddy across town, and we’d be connected and talking.  I’d never conceive of the need to call customer support for a problem with my phone.

My expectations for my computer in 1979 were very different.  In a pristine environment with a clean power supply, I’d delicately connect and double-check everything using my pre-EE super-powers.  Data was stored on an audio cassette, and I’d employ masterful tuning skills in finding exactly the right recording and playback levels to give me some chance of recovering my data once saved.  My default expectation was that my computer wouldn’t work at all.  If I managed to coax something like functionality out of it, I was very proud indeed.

Starting from roots like these, our expectations are formed for devices like telephones and computers.  Throughout their history, computers have been complicated, unreliable, clunky, and obscure.  We assume from the beginning that we’ll need to be on the phone with someone who knows more than we do, getting technical assistance for whatever problem we’ve bumped into most recently.  In any given day, we’d never be willing to bet more than a small sum that we would have reliable computer operation for the entire day.  Our expectations were low, and computers have historically done little to change them.  While things have arguably gotten gradually better, we still harbor no illusions that a computer (particularly participating in a global network) is a rock-solid dependable system.

Our expectations of the telephone are coming from the other end of the spectrum and moving in the opposite direction.  With the migration from landlines to cell phones, we’ve shifted from die-hard dependable communication within fixed boundaries to a platform with a plethora of issues including sketchy carriers, bad reception spots, unintelligible signals.  With the addition of advanced features, we’ve also given up the simple 13-button interface (12 keys and a hook) to a complex, menu-driven, modal interface with innumerable capabilities and almost infinite impetus for consumer confusion.

Neither of these networks has been immune from abuse and security concerns.  Even the most rudimentary adolescents of old quickly found ways to take advantage of the anonymity provided by the phone network.  “Is your refrigerator running? … Well, you better go and catch it!”  From prank calling to phone phreaking, the hostile attack exploiting the vulnerabilities of the network goes back to at least the 1950s with the phone system.  With computer networks, hacking and virus attacks have been with us almost since we first started connecting computers together.

Today, we sit at the juncture of these two technological threads.  Devices with cultural roots that go back to the telephone are now taking on computing and networking roles migrated from the computer network world.  In both of these communities, security measures have always proved inadequate to stop determined vandals, criminals, and subversives, but here at this historic intersection, the problems are particularly prickly.  Providing security for mobile embedded systems is a substantial technical and cultural challenge and one that will be a significant barrier to the proliferation of key capabilities in connected mobile devices. 

“Mobile devices face unique security challenges,” says Adrian Turner, CEO of Mocana.  “We are moving toward a world where non-PC devices are connecting to the network at an incredible pace, and soon networked non-PC devices will outnumber both PCs and servers.”  Those unique security challenges include things like a heterogeneous computing architecture, a variety of operating systems, small memory footprints, limited storage, limited processor power, and transient network connectivity, with the device continually moving between networks.  “The antivirus model used on PCs won’t work on a handset,” Turner continues.  “The registry of known viruses is too large to reside on handsets, pattern-matching is impractical, and you aren’t protected against zero-day attacks [attacks for which solutions are not yet known].” 

Indeed, before customers can have telephone-like confidence in their new, super-connected mobile devices, significant security challenges must be overcome.  The scenario of losing your mobile device or having it fall into malicious hands is much more likely than with PCs.  Before the phone-frightened public will be willing to trust these devices for their most important transactions or expose themselves to certain perceived risks, the embedded industry will have to produce a far better track record than the networked-PC folks have managed thus far.  This most likely involves a level of cooperation and standardization not yet evident in the industry.

To date, the mobile phone industry has kept somewhat of a lockdown, allowing only proprietary applications of known origin to participate in any security-enabled tasks.  Opening up the field for third-party applications in a multi-network environment makes the security challenge much more complex.  A system of certificates is required that is both solid and flexible, allowing a device to authenticate itself on multiple networks and providing the capability for the certificate to be voided, network access prevented, and user data secured or destroyed upon an event like the detection of a hostile attack or the loss of control of a device.

The solution to security concerns will have both a device-specific component that’s embedded (the mobile handset) as well as network applications.  “Security software has to be small with a high level of scalability and an event-driven asynchronous architecture,” Turner explains.  “For example, Mocana’s Device Security Framework includes embedded security software as well as security capabilities delivered across the network by network applications.  Mocana’s framework supports 15 different operating systems and 50 different CPUs.  It takes only a couple of hours to port to a new operating system.”  In the embedded mobile device world, the proliferation of platforms makes that kind of portability a requirement.

One of the key challenges of mobile security is the compute-intensive nature of cryptography.  The normal solution to this is to accelerate the crypto function in hardware where it not only can be completed faster; it also offloads the application CPU and consumes less power than in software-based crypto.  It is likely that crypto-acceleration IP will become standard on connected handsets. 

A second ancillary security concern for mobile devices is removable storage.  With a large number of mobile platforms now supporting removable media like SD flash cards, the security of the flash data becomes a concern as well.  The tradeoff between interoperability and sharing of data on the one hand, and security on the other, poses another significant challenge for the industry and for the end user.

Recently, we are seeing industry alliances between security-focused companies like Mocana and hardware and OS providers like Freescale and QNX.  These types of alliances will create the kind of cooperation needed to give a level of standardization to security in an industry that’s far from standardized.  With the current trends toward open-source handsets being deployed with third-party application software on multiple service networks from different service providers, some level of standardization is needed to gain an acceptable level of security amidst the chaos.  Our customers will demand it.

Leave a Reply

featured blogs
Nov 23, 2020
It'€™s been a long time since I performed Karnaugh map minimizations by hand. As a result, on my first pass, I missed a couple of obvious optimizations....
Nov 23, 2020
Readers of the Samtec blog know we are always talking about next-gen speed. Current channels rates are running at 56 Gbps PAM4. However, system designers are starting to look at 112 Gbps PAM4 data rates. Intuition would say that bleeding edge data rates like 112 Gbps PAM4 onl...
Nov 20, 2020
[From the last episode: We looked at neuromorphic machine learning, which is intended to act more like the brain does.] Our last topic to cover on learning (ML) is about training. We talked about supervised learning, which means we'€™re training a model based on a bunch of ...
Nov 20, 2020
Are you a lab instructor sitting at home right now? Have you completed some Cadence Online Training courses for your education and earned Digital Badges for personal promotion and spicing up your CV... [[ Click on the title to access the full blog on the Cadence Community si...

featured video

Product Update: Broad Portfolio of DesignWare IP for Mobile SoCs

Sponsored by Synopsys

Get the latest update on DesignWare IP® for mobile SoCs, including MIPI C-PHY/D-PHY, USB 3.1, and UFS, which provide the necessary throughput, bandwidth, and efficiency for today’s advanced mobile SoCs.

Click here for more information about DesignWare IP for 5G Mobile

featured paper

How semiconductor technologies have impacted modern telehealth solutions

Sponsored by Texas Instruments

Innovate technologies have given the general population unprecedented access to healthcare tools for self-monitoring and remote treatment. This paper dives into some of the newer developments of semiconductor technologies that have significantly contributed to the telehealth industry, along with design requirements for both hospital and home environment applications.

Click here to download the whitepaper

Featured Chalk Talk

Introducing Google Coral

Sponsored by Mouser Electronics and Google

AI inference at the edge is exploding right now. Numerous designs that can’t use cloud processing for AI tasks need high-performance, low-power AI acceleration right in their embedded designs. Wouldn’t it be cool if those designs could have their own little Google TPU? In this episode of Chalk Talk, Amelia Dalton chats with James McKurkin of Google about the Google Coral edge TPU.

More information about Coral System on Module