Weitere ähnliche Inhalte Ähnlich wie Using Hardware Security with Android Apps (20) Using Hardware Security with Android Apps1. Sequitur Labs Inc. Proprietary ©2014
BUILDING HARDWARE SECURED
ANDROID APPS
Abhijeet Rane
VP Marketing, Sequitur Labs Inc.
2. Sequitur Labs Inc. Proprietary ©2014
OVERVIEW
Our Vision
Develop enabling technologies and
solutions to better secure and manage
connected devices of today and the future.
PCs Tablets IoT
2
SmartphonesServers
3. Sequitur Labs Inc. Proprietary ©2014
WHY DOES IT MATTER? EVERYONE IS AT RISK.
Business enablers: Mobile + Devices +
Cloud
New devices and use cases
Changing IT and information consumption
environment for end users and enterprises
Changing and diverse security and
manageability requirements
Traditional IT perimeter has vanished
The promise of mobility can only be
realized if TRUST exists between users,
services and devices
Trusted Mobility™ = creating a new
“Fabric of Trust” from Device to Cloud
$5.5 million
U.S. average cost of data breach.
3
4. Sequitur Labs Inc. Proprietary ©2014
WHY DOES IT MATTER? EVERYONE IS AT RISK.
Laptop(s) Theft
Snapchat Android app
hack
Data interception
Plain text passwords
stored on device
Root Causes of
Breach
Data Compromised
or Lost
Names, SS#,
Driver licenses
4.6M
usernames/phone #
Names, Account #’s,
Routing #’s
Contact Lists, Music
Laptop(s)
Theft
User passwords
(source: viaforensics analysis)
4
5. Sequitur Labs Inc. Proprietary ©2014
HARDWARE ROOT OF TRUST IS THE RIGHT SOLUTION FOR
PROTECTING ENTERPRISE INFORMATION ASSETS
MarketAccessibility
Relative Degree of Security
H
HL
Device Virtualization
Containers
App Wrapping
Dual Persona
Sandboxing
Encryption
SSL
Hardware
Root of Trust
Trusted Execution
Environments
Secure elements
TPM
5
6. Sequitur Labs Inc. Proprietary ©2014
Trustonic TEE
Trustonic
Trustonic Microkernel
Trustonic Driver
Kernel Module API
Trustonic Driver Kernel Module
Trustonic Driver
Trustonic Driver
API
6
TRUSTZONE AND THE TEE
ARM provides the reference
design for the TrustZone to be
incorporated by
SoC manufacturers
Device OEMs
Trustonic provides a Trusted
Execution Environment
(TEE)
Protects against software attack
from open/Rich OS
Provides scalable and secure
environment for apps like user
auth, anti-malware, transactions
Two separate domains, normal
and secure
Extends across entire system
Secure
Processing path
On/off-chip memory
I/O and display
Increasingly available on
devices
8. Sequitur Labs Inc. Proprietary ©2014
DEVELOPING TEE SECURED APPS
Requires developers with systems level development experience
Requires learning new platform primitives
Involves high initial and ongoing expenditure
8
Purchase TEE-
SDK
Train
developers on
TEE platform
Negotiate pilot
agreement with
Trusted
Application
Manager
(TAM)
Developer
training
session at TAM
location
Start
developing app
Include TAM
activation code
in app
Complete app
development
Negotiate
commercial
agreement with
TAM
Distribute app
on app store
Manage billing
relationship
with TAM
(Monthly
charges)
PROBLEM: Developing TEE secured apps is not economical for the
majority of enterprises
$$$ $$$ $$$ $$
$$$
$
$$$
$
9. Sequitur Labs Inc. Proprietary ©2014
DeadBolt™ – DEMOCRATIZING THE TEE
Trustonic and Sequitur Partnership
A suite of Trusted Applications
utilizing the Trustonic TEE
Secure file system and data storage
Secure data-at-rest
TEE-SSL
Provides a secure
communications channel to
Cloud services/data centers
Developers access TrustZone and
TEE via a library**
Allows developers to utilize the TEE
using familiar developer tools
.JAR file
SDK and Customer Portal
** - requires devices to have the ARM TrustZone and Trustonic
Trusted Execution Environment (TEE)
9
10. Sequitur Labs Inc. Proprietary ©2014
DEVELOPING TEE SECURED APPS WITH DeadBolt™
Does not require developers with systems level development experience
Does not require learning new platform primitives
Significantly lower cost of initial and ongoing investment
Rapid time to market
10
Start developing app
Download and include
DeadBolt™ in your
app
(development license)
Complete app
development and
testing
Get activation license
for commercial
distribution
Publish app on public
or private app store
$$
Sequitur simplifies the development and commercial activation of a TEE secured app
Sequitur
Developer
Portal
11. Sequitur Labs Inc. Proprietary ©2014
DeadBolt™ - KEY BENEFITS
Enterprise
Developers
Enterprise
ISVs/SIs/
Consultants
Device OEMs
Reduce time to
market and cost
Easily leverage
hardware based
security
Deliver new value
to customers
Deliver secure
application
platforms
11
12. Sequitur Labs Inc. Proprietary ©2014
For more info please visit
http://www.seqlabs.com
12