There have been a number of high-profile hacks recently, evidently demonstrating that hiding and using secrest on the Internet is still really difficult. From the $5 million in bitcoin lost at Bitstamp to the Sony hack, it is clear that a new approach to the problem is required. Recently, I was at CES, and the IoT is moving along at breakneck speed, with barely and afterthought for cyber security. All of the things end up controlled by a smartphone or PC. The integrity of the connection from your computing device to your house, car or medical equipment will need the same peer-to-peer security that bitcoin requires. So how should we all be approaching the problem?
- All private keys should be protected by tamper-resistant hardware — a device, not the operating system. Smart cards or USB tokens are great solutions, but the embedded trusted execution environment provides the built-in solution we all desire. It also provides the tamper-resistant security to match that of a SIM module, but it is not controlled by the carrier.
- In addition to access, the instruction sent to a cloud service or another device should be encrypted (for privacy) and signed (for integrity), assuring that the intended action is not corrupted. This critical step is mostly overlooked on today’s systems. Protecting the instruction assures that the intended action is actually what happens. Instructions are critical interactions between the client and the cloud. Rivetz leverages the trusted execution environment to assure the formation of the highest quality instructions.
- Trusted user input and output is by far the hardest piece of the puzzle. This is where an uncorrupted presentation of the intended transaction to the user and the proper collection of the user’s consent is executed. Secure display in combination with a secure PIN or secure biometrics is ultimately required to be fully effective. The technology to do this is just now being integrated but is not available on most platforms. Intel has been at the forefront of trusted display for a number of years. Rivetz is now demonstrating the trusted user interface on Intel and on some Samsung Galaxy Note 4 phablets released in December.
- Attestation that the environment is in a known good state prior to the transaction being accepted is also a very critical step in the process. Attestation of the integrity of the device, its current condition and its capabilities are critical to assuring that a Known device with Known capabilities is requesting the transaction. This data will also play a critical forensic role if a cyber-security issue ever arises.
- To complete a high assurance transaction it is also critical to support a predetermined escalation path if any of the security systems do not execute correctly. Second devices and out-of-band security systems to confirm or allow transaction will play an important role to keep systems robust and reduce the risk for denial of service.
Rivetz is focused on bringing these high assurance tools to the app community to assure that any developer can have simple access to world-class cyber security tools. From bitcoin to door locks, the fundamental problem is the same, reliance on today’s operating systems to store a secret is broken. The hardware device manufacturers have invested billions of dollars to provide the protections we need but they are only useful if they are used.
Image Credit: CC by Yuri Samolilov
