Platform would protect smartphones from cyber criminals

Mar 06, 2014

Criminals don't have to pick your pocket to get what they want out of your mobile. But a certifiably secure operating platform is being developed by Swedish researchers so that consumers can be confident that their mobile data is safe.

Market analysts expect the next decade to see a significant expansion in the numbers of connected devices and machines.

But increased connectivity also presents an opportunity for criminals. Mads Dam, an expert in computer security at Stockholm's KTH Royal Institute of Technology, says that devices and modules will be exposed to increasingly sophisticated attacks by cyber criminals.

"People are going to place even higher value on products with verifiable security claims," says Dam, who is Professor of Teleinformatics at KTH's School of Computer Science and Communication.

While compact in size, mobile phones pose a huge security challenge, Dam says. "Android, for example, has more than 10 million lines of code and is executing on a computing platform with one billion transistors.

"So it's not surprising that securing this kind of system is difficult," Dam says. "The good news is that an end-to-end security guarantee is within reach."

Dam and his colleagues aim to publish a certifiably secure, trusted execution platform for operating systems. The idea is to outwit malware and other attacks on a device with a layer of software called a "hypervisor", which is designed to secure the interaction between the (OS) and the hardware.

"If the operating system asks for the camera to be turned on, the hypervisor can step in and verify whether that is really what the user wants," he says. "Or if the operating system wants to access a piece of memory that normally should be regarded as secure, it could step in and allow, or disallow, the request."

In fact, Dam says, a hypervisor-based solution could completely isolate different apps from each other, to create truly tamper-proof applications, for instance for banking or communication.

Such a platform could be made much smaller than the OS itself, he says. "We're talking about a factor of 1,000 to 10,000, which is sufficient to create mathematical models that can analyse the security of interaction between the OS and the hardware so well that we can formally guarantee the security of an operating system like Linux."

And it's not just mobile users that will benefit. In addition to mobile communications networks, the platform would be applicable in a wide range of areas including control systems for manufacturing plants, power stations, utilities and infrastructure. Other uses would be in vehicles, avionics and medical systems, cloud application platforms and also for devices in the internet of things.

The project partners, which include the Swedish Institute of Computer Science (SICS), propose publishing key components of the hypervisor as open source, in order to increase trust and allow de facto industry standardization of the security platform.

Dam says it will require more than a secure execution platform to secure devices from end-to-end, that is, from the user interface through the software stack, down to bits of silicon and back. Hardware and application platforms will have to be validated too. But the KTH team has made great progress during the last decade on tracing security from the application and to the execution platform and back, he says, and the hypervisor will be a vital tool to achieve this.

"Soon we will be able to engage industry and organisations with serious concerns, like banks, public organisations, defence and providers, and develop this space."

Explore further: A self-destructing phone isn't the last word in security

add to favorites email to friend print save as pdf

Related Stories

Enhancing security in Apple devices

Nov 06, 2013

A*STAR's Institute for Infocomm Research has helped to fix three security weaknesses in Apple's iOS mobile operating system.

NIST provides draft guidelines to secure mobile devices

Nov 01, 2012

The National Institute of Standards and Technology (NIST) has published draft guidelines that outline the baseline security technologies mobile devices should include to protect the information they handle. Smart phones, ...

Recommended for you

N. Korea suffers another Internet shutdown

1 hour ago

North Korea suffered an Internet shutdown for at least two hours on Saturday, Chinese state-media and cyber experts said, after Pyongyang blamed Washington for an online blackout earlier this week.

Sony's PlayStation 'gradually coming back'

1 hour ago

Sony was still struggling Saturday to fully restore its online PlayStation system, three days after the Christmas day hack that also hit Microsoft's Xbox, reporting that services were "gradually coming back."

Chattanooga touts transformation into Gig City

1 hour ago

A city once infamous for the smoke-belching foundries that blanketed its buildings and streets with a heavy layer of soot is turning to lightning-fast Internet speeds to try to transform itself into a vibrant ...

Uber broke Indian financial rules: central bank chief

1 hour ago

India's central bank chief lashed out at Uber, already under fire over the alleged rape of a passenger, saying the US taxi-hailing firm violated the country's financial regulations by using an overseas payment ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.