We have what they want,
*MOVING FORWARD TOWARD EMBEDDED SECURITY
By Sean Corcoran
While privacy concerns have dealt significant setbacks to some
embedded-security systems in the past few years, portions of the security
industry haven't given up on having infosec features built directly into
devices.
At a symposium sponsored by the Consortium for Efficient Embedded Security
(CEES) in Boston earlier this month, security architects, application
developers and users defined the need for standardized interoperable
security solutions as wireless devices and services continue to expand
"There is an immediate and growing need for standardization efforts to
address basic questions around system architectures, security ownership
and trusted models, and CEES is working hard to make secure systems
leveraging efficient embedded security a reality," says Daniel Lieman,
chairman of CEES.
Industry experts say the ideal embedded system will be transparent.
Security chips or pieces of software will be built into a device, and the
encryption and decryption of files, folders and messages will be done
automatically. If done correctly, experts say hackers won't be able to
assume a user's identity simply by swiping your user name and cracking
your password. They would have to steal the device, too.
Embedded security isn't new, however, and some features have already hit
the market. Last year, for example, IBM began selling some of its PCs with
a security chip embedded in the motherboard that protects electronic
communications by securing a user's private key.
But experts say a worrisome lack of strong and efficient industry
standards could ultimately jeopardize the large-scale deployment of
embedded-security devices. "In one sense it's a race, with a lot of
companies trying to get something out there to capture a market share, but
there really isn't a set of good standards," says Lieman director of
evangelism and standards at Ntru.
At the symposium, more than 35 companies--from Adobe to Zucotto
Wireless--discussed the best way to standardize trust models and system
architectures.
"As part of the CEES symposium, we examined the challenges of embedded
security and the development of trust associated with the process to
better shape our understanding of device ownership," says Burt Kaliski,
chief scientist at RSA Laboratories, the research center of RSA Security
Inc.
CEES, whose charter members include Intel, MasterCard International and
Sony, has set a goal of early next year for producing a series of
efficient embedded-security standards that complement existing security
and cryptography standards, says Lieman.
Once standards are established, the trick is going to be getting companies
to implement them as they design their embedded-security systems. To
accomplish this, Lieman is working to get companies on board now, before
the market becomes even more fragmented.
"The best way is to make sure all the people you want to promote the
standards--all these people who need to implement something--are involved
in making these standards. So, in the end, it all works together and it is
a secure system," says Lieman.
Marty |
