Article Preview
TopIntroduction
In recent years, mobile phones have left the era of being closed embedded communication devices, increasingly turning into “hand-held multimedia computers”. In addition to providing reliable, basic communication services (voice calls, SMS), contemporary handsets often provide the integrated services of music players, digital cameras, GPS navigators and gaming devices. The possibility to download and execute 3rd-party applications on the mobile platform makes handsets remarkably similar to personal computers in terms of openness and configurability.
A little-recognized fact is that this service convergence has stimulated device manufacturers to include advanced hardware- and operating system security features in their devices – this has been needed to balance user expectation and the strict regulatory requirements on the reliability of communication devices against virus and mal-ware threats that follow from introducing device openness.
Thus, there are hundreds of millions of deployed handset devices in the world today that are e.g. capable of protecting keys, assuring code integrity or making digital signatures using hardware-based features. Although these features today primarily are used to provide the necessary assurance that the handset in all possible scenarios will handle incoming and outgoing calls in an uninterruptible and reliable way, the mechanisms can as well in parallel be used for the benefit of 3rd party applications. As this happens, the role of trust modeling and trust management will play the crucial role of linking the security mechanisms to user perception and/or activity.
The traditional driver for platform security on handsets is the regulatory environment. Devices that participate in radio communication typically undergo testing to determine that the device keeps within the bandwidth allocated for the communication and that the transmission power does not exceed what is deemed safe for the user. For licensed bands also the conformance to protocol is a regulated activity. In practice this implies that both hardware and software are tested, and the approved license also includes the expectation that no (application) software installed at a later time can modify the tested and approved device features. This situation clearly motivates the need for software integrity as well as some degree of isolation or integrity guarantees for configuration data that affects the communication.
Another important driver for handset security features is the business ecosystem in which phones often are sold. Communication service providers (operators) may sell below cost / subsidize end-user devices as a part of a long-term communication contract, where the assumption is that the monetary loss at the time of device sale is recaptured as communication revenue. In this setup the operator clearly requires some technical assurance that the device actually is used for communication, using the service provided by the operator in question. Constraints and enforcements related to this so called SIM Lock need to be properly rooted in hardware-assisted platform security services, since the breaking of the device lock feature by definition is a lucrative business opportunity. Digital rights management (DRM) for music and video is by nature a very similar security service.
Unfortunately the state of the art in handset trust mechanisms is that they are widely deployed, but manufacturer- or even product-specific. This is not acceptable for 3rd-party solution providers. Given a consistent, cross-platform secure trust infrastructure for handsets, at least the following services could bring clear benefits to users:
- •
Payment- and banking services is a specific field that has high security requirements, both in terms of protecting / isolating secrets (or value), and in terms of trusted interfacing. Payment services also resonate well with the mobility and the personal aspect of a handset.
- •
Authentication and access control of all sorts, whether to get access to web pages, company networks, one’s car or one’s apartment could be made both more convenient and more secure, if credential handling in the device is founded on a well-established trust infrastructure.
- •
More traditional user applications like mail clients, calendars, etc. can benefit from application-specific (or shared) secure storage - to address data privacy or to store secrets e.g. related to software licenses or session control.