Transcript Discretix Corporate Presentation

Data Security Issues in the Cellular
Revolution- Discretix View
July 6th, 2005
Aharon Aharon - Chairman of the Board
1
Agenda
Corporate overview
Product offering
Market trends and strategy
Summary
2
Objectives
Cellular data security – what’s all about
Get familiar with the buzzwords
Understand possible solutions and their complexity
Check your travel habits
Have some fun
3
Belize a former British Colony, Central America
Similar size to Israel, 270,000 people
Jungles, Rain Forests, Beaches, Islands
Picture 1
4
Discretix at a Glance
• US Headquarters; Fully-owned subsidiary in Israel
Founded 2000
Product
Portfolio
• Focus on robust security in low resource environments
• Strongly financed by tier-one VCs:
• Secure Mobile and Secure Flash
• Hardware, Firmware, Infrastructure Software, Device Toolkits
• Built upon strong intellectual property (15 patents)
5
Discretix Traction
Baseband & Application Processor / Flash
Customers
Partners
Security
Specialist
6
Discretix Customers: Worldwide Devices
Penetration (handsets and flash cards)
• Embedded
memeory
• 40% of global
embedded flash
market
• Flash storage cards
sold globally
• All cards form
Factors
• Used by key OEMs
and retail stores
(handset
manufacturers,
carriers. SIs)
• Application Processor
• SonyEricsson
Smartphones sold
globally
• Baseband (2G,
2.5G, 3G)
• 50% of Samsung
mobile (GSM)
• China, Korea and
Europe OEMs
• Application
Processor and
Baseband
• 50% of Samsung
mobile (GSM)
• European and
Asian OEMs
• Baseband
(GSM, EDGE,
WCDMA)
• Sold globally
(Sony Ericsson
Sharp, TLC,
Amoi,
Bellwave,
Flextronics,
HTC, Lite-On)
• Application Processor
and Baseband
• Japan dominance
(50% of NTT DoCoMo
FOMA, strong in PDC)
• Very strong in Asia
• Tier-one Europe
and US OEMs
In 2006 over 33% of handsets will include Discretix inside
7
Guatemala
– Tikal
Picture 2
8
Growing Threats
Handset malfunctioning
Malicious messaging
(SMS/MMS/Java)
Theft and Fraud
Viruses
Bluesnarfing
Spam
Costly consequences:
Handset replacements
Device downtime – airtime lost
Legal settlements
Denial of Service
Network malfunctioning
9
It’s time for Security!
Security is an essential building block
for any application
Enables revenue generating applications
 Prevents revenue leakage
Safeguards against attacks
 Reduces operational expenses
“We chose the EMP U100 platform… for it's security, … and
small size.” Masafumi Matsumoto, Group GM, Sharp Corporation
10
Barcelona
- Gaudi
Picture 3
11
Mobile Client Security Needs
Firmware
Over The Air
Update
Device
Management
Digital Rights
Management
(DRM)
Device
Firewall,
VPN
Security
Anti-Virus
Anti-Spam
Phone &
SIM Lock
Protection
Commerce
& Payment
Enterprises
Mobility
12
Standards Committees Mapping
Carriers
DRM
Device Mgmt
Industry Bodies
CMLA
Warner
Brothers, mm02,
Intel, Nokia,
Matsushita,
Samsung,
Real Networks
DRM
Commerce/
Banking
Vodafone
Orange,
Telefonica
T-Mobile
Applications &
Schemes
Industry Bodies
Motorola, Orange,
GEMPLUS,
T-Mobile, Bitfone
Hardware
13
Costa
Rica - Arenal
Picture 4
14
DRM Market Projections
Schemes
 Current: OMA
 Emerging: Windows Media, CPRM
 Future: DVB-H/T, FairPlay
Digital Tech Consulting (DTC):
 “Some 300 Million Mobile DRM Phones Will Ship in ‘09…, license
revenues from DRM technologies will likely surpass $500 million
by 2009.”
Juniper Research projections for 2009:
 Mobile music market – $9.3B
 Mobile gaming market – $19.3B
 Mobile Video market - $5B
15
Phone (IMEI) & SIM Lock Protection
Vodafone (Tim Wright):
 “Vodafone Group is loosing Euro 150m per year due to
device theft problems. Most OEMs fail to implement
robust security.”
Vodafone formal requirements:
 “Device shall support reprogramming protection, SIM
Lock and IMEI protection that are of equivalent
strength to that provided by appropriate use of
hardware security modules.”
16
Simple IMEI and SimLock Crack
17
Commerce & Payment
Mobile phone based services are rapidly expanding
Phone embedded security provides smart card
equivalent security at a lower cost
Contactless technology driven
Leading services:
 Felica (Japan)

E-commerce, Transportation, ID authentication
 Moneta (Korea)

E-commerce, e-money, m-Banking
 paypass (US)

E-commerce
18
Anti-Virus
The problem is growing faster than expected
Known viruses to date
 Symbian: Cabir, Skulls, Metal Gear, SEXXXY.sis, Gavno.a
 WinCE: Duts.A, Brador
 Palm source: Phage.Dropper
19
Device Management
From OMA DM Specification:
 “Every session MUST employ robust end-to-end security
between the client and the DM server, including mutual
authentication and data encryption, either by using an
adequate transport layer mechanism or by implementing
application level security.”
 “Provisioning, storage and maintenance of the credentials
on servers and on devices SHALL be done securely.”
OTAFF priorities
 Maintaining Mobile Device Integrity
 FOTA Security
20
Costa
Rica - Arenal
Picture 5
21
Security Stakeholders
Requirements
22
Operators’ Security Requirements
OMA DRM music service
OMA DRM music pilots
Phone theft protection
Over The Air updates
Mobile commerce
IPSec for VoIP
Security cannot be added as a magic dust –
it must be part of the phone infrastructure
23
Possible Security Solutions
Client security can be:
 Software only
 Combined software and hardware
“Don't trust magic
security words like
"256-bit AES.“
The devil is in the
details, and it's easy to
screw up security.”
Bruce Schneier, Oct ‘04
24
Device Security Trends
Hardware
OS
Trusted
Environment
 Trusted Mobile Platform Organization specifications
for Trusted Device (Based on TCG) by:
 Requires a security hardware architecture
 Defines 3 applicable trust classes
 Symbian security framework
 Symbian standard security hardware interface
 Application authentication framework
 The market is moving toward more trusted devices, based
on hardware security cores
 OTA and DM technologies increase handset vulnerabilities
25
Why Hardware-based Security
Security
Resources &
Performance





Extremely hard to create Root of Trust in software
Real key protection can be done only in hardware
Software countermeasures have limited capabilities
Software hacks are easily distributed
Protect the device most vulnerable assets:
the firmware and its credential (keys)




User experience is key
Off loads CPU and Bus to handle applications
Improves power consumption
Software overhead cannot enable robust and secure
boot verifications
26
Athens
– Acropolis
Picture 6
27
CryptoCell Modular Configuration
Secure
Storage
Device
Mgmt.
IMEI &
SIM Lock
Protection
DRM
Agent
IPSec
(VPN)
Java &
STIP
Security
Secure
Boot
Security Middleware Layer - CRYS Firmware
Hardware Crypto Engines
Software Crypto Engines
Root of Trust
Secret CryptoKey, RNG, Secure Boot
28
CryptoCell™ Security Building Blocks
Device
Toolkits
Secure
Storage
Middleware
Device
Management
SSL / TLS
WTLS
Countermeasures
PKCS #11
DRM Agent
OMA DRM v2.0
WM-DRM 10; CPRM
IPsec
(VPN)
Symbian CryptAlg
Secure Storage
IMEI & SIM Lock
Protection
Java MIDP 2.0
STIP
Key
Management
Certificate
Handling
WIM
Token
MS CAPI
OpenSSL
CRYS API
Cryptographic Schemes
PRNG
OBKG
OS Abstraction Layer
Context Management and Input Alignment
HW Blocks
Attack
Resistant
Hardware Abstraction Layer
PKI Engine
RSA, ECC, DSS, DH
Symmetric Engine
3DES, AES, RC4, C2
Hash Engine
SHA-1/2, MD5, HMAC
Digital
RNG
Secret
CryptoKey
Integrity
Validation
29
Rome
– Coliseum
Picture 7
30
Market Trends & Strategy
31
Handset Sales
684M handsets sold in 2004
 Increase of about 30% from
Q4 '04 Handsest Shipments Market Share
2003
Strong replacement sales in
Others
Nokia
20%
mature markets
33%
Sony Ericsson
6%
Rapid uptake in emerging
LG
markets
7%
Motorla
Motorola, Sony-Ericsson
Siemens Samsung
16%
11%
7%
& LG increased market share at
the expense of Nokia, Siemens
and Samsung
Chinese, Taiwanese OEMs, ODMs
32
Handsets and Memory Trends
Handsets are driving growth in removable and
embedded memory
Over 60% of the phones sold in Europe by 2008
will have a slot for a memory expansion card
By 2008 typical 3G phone will have 128MB of
embedded storage, typical 2.5G phone - 64MB
More than 10% of handsets will include HDDs of
4GB+ (sub 1.8”)
Most handsets will support multiple DRM
systems for music, video and other content
33
Our Vision
Content
Security
Infrastructure
Security
Application
Security
Infrastructure
Security
Cryptography
2002
2003
2004
2005
2006
34
Cambodia
– Angkor
Picture 8
35
Alliances Strategy - 1
Carrier grade
Content
back-end
Server
Charging
Delivery
Methods
Embedded
Software
Device
Hardware
End-to-end Security
Client
Value chain requires end-to-end solutions
Robust security is the cornerstone of any
application
 DRM
 Protected Storage
 Device Management and Over-The-Air updating
36
Alliance Strategy - 2
Jointly sell Device Toolkits
 Even on ‘competing’ hardware
Technical alliances
 ‘Intimacy’ with open and real time Operating Systems
Standards Committees
 Act as security advisers
Carriers
 Assist in security needs definition
37
Summary
Superior
Security
with
• Minimal BOM
• Highest performance
• Shortest time-to-market
Security
across
the entire
value chain
• Hardware
• Firmware
• Infrastructure software
• Device toolkits
Complete
Solution
• Field proven
• Certified
• Implemented in multiple environments
38
Vietnam
– Sapa
Picture 9
39
Thank you for your attention!
www.Discretix.com
40