The Android platform is notoriously unsecure. But did you know that many Android devices have hardware security built that you can use to secure data, user identities and much more? Millions of popular devices such as the Samsung S4 and S5 have this capability. Most developers and even CIOs are unaware of this option but if your organization is diving into mobile app development or you are an Android app developer this presentation will give you the basics of how to utilize hardware based security when developing your app.

1. Sequitur Labs Inc. Proprietary ©2014
BUILDING HARDWARE SECURED
ANDROID APPS
Abhijeet Rane
VP Marketing, Sequitur Labs Inc.

2. Sequitur Labs Inc. Proprietary ©2014
OVERVIEW
Our Vision
Develop enabling technologies and
solutions to better secure and manage
connected devices of today and the future.
PCs Tablets IoT
2
SmartphonesServers

3. Sequitur Labs Inc. Proprietary ©2014
WHY DOES IT MATTER? EVERYONE IS AT RISK.
 Business enablers: Mobile + Devices +
Cloud
 New devices and use cases
 Changing IT and information consumption
environment for end users and enterprises
 Changing and diverse security and
manageability requirements
 Traditional IT perimeter has vanished
 The promise of mobility can only be
realized if TRUST exists between users,
services and devices
 Trusted Mobility™ = creating a new
“Fabric of Trust” from Device to Cloud
$5.5 million
U.S. average cost of data breach.
3

4. Sequitur Labs Inc. Proprietary ©2014
WHY DOES IT MATTER? EVERYONE IS AT RISK.
Laptop(s) Theft
Snapchat Android app
hack
Data interception
Plain text passwords
stored on device
Root Causes of
Breach
Data Compromised
or Lost
Names, SS#,
Driver licenses
4.6M
usernames/phone #
Names, Account #’s,
Routing #’s
Contact Lists, Music
Laptop(s)
Theft
User passwords
(source: viaforensics analysis)
4

5. Sequitur Labs Inc. Proprietary ©2014
HARDWARE ROOT OF TRUST IS THE RIGHT SOLUTION FOR
PROTECTING ENTERPRISE INFORMATION ASSETS
MarketAccessibility
Relative Degree of Security
H
HL
Device Virtualization
Containers
App Wrapping
Dual Persona
Sandboxing
Encryption
SSL
Hardware
Root of Trust
Trusted Execution
Environments
Secure elements
TPM
5

6. Sequitur Labs Inc. Proprietary ©2014
Trustonic TEE
Trustonic
Trustonic Microkernel
Trustonic Driver
Kernel Module API
Trustonic Driver Kernel Module
Trustonic Driver
Trustonic Driver
API
6
TRUSTZONE AND THE TEE
 ARM provides the reference
design for the TrustZone to be
incorporated by
 SoC manufacturers
 Device OEMs
 Trustonic provides a Trusted
Execution Environment
(TEE)
 Protects against software attack
from open/Rich OS
 Provides scalable and secure
environment for apps like user
auth, anti-malware, transactions
 Two separate domains, normal
and secure
 Extends across entire system
 Secure
 Processing path
 On/off-chip memory
 I/O and display
 Increasingly available on
devices

7. Sequitur Labs Inc. Proprietary ©2014 7
A HEALTHY ECO-SYSTEM IS FORMING AROUND THE
TEE

8. Sequitur Labs Inc. Proprietary ©2014
DEVELOPING TEE SECURED APPS
 Requires developers with systems level development experience
 Requires learning new platform primitives
 Involves high initial and ongoing expenditure
8
Purchase TEE-
SDK
Train
developers on
TEE platform
Negotiate pilot
agreement with
Trusted
Application
Manager
(TAM)
Developer
training
session at TAM
location
Start
developing app
Include TAM
activation code
in app
Complete app
development
Negotiate
commercial
agreement with
TAM
Distribute app
on app store
Manage billing
relationship
with TAM
(Monthly
charges)
 PROBLEM: Developing TEE secured apps is not economical for the
majority of enterprises
$$$ $$$ $$$ $$
$$$
$
$$$
$

9. Sequitur Labs Inc. Proprietary ©2014
DeadBolt™ – DEMOCRATIZING THE TEE
 Trustonic and Sequitur Partnership
 A suite of Trusted Applications
utilizing the Trustonic TEE
 Secure file system and data storage
 Secure data-at-rest
 TEE-SSL
 Provides a secure
communications channel to
Cloud services/data centers
 Developers access TrustZone and
TEE via a library**
 Allows developers to utilize the TEE
using familiar developer tools
 .JAR file
 SDK and Customer Portal
** - requires devices to have the ARM TrustZone and Trustonic
Trusted Execution Environment (TEE)
9

10. Sequitur Labs Inc. Proprietary ©2014
DEVELOPING TEE SECURED APPS WITH DeadBolt™
 Does not require developers with systems level development experience
 Does not require learning new platform primitives
 Significantly lower cost of initial and ongoing investment
 Rapid time to market
10
Start developing app
Download and include
DeadBolt™ in your
app
(development license)
Complete app
development and
testing
Get activation license
for commercial
distribution
Publish app on public
or private app store
$$
 Sequitur simplifies the development and commercial activation of a TEE secured app
Sequitur
Developer
Portal

11. Sequitur Labs Inc. Proprietary ©2014
DeadBolt™ - KEY BENEFITS
Enterprise
Developers
Enterprise
ISVs/SIs/
Consultants
Device OEMs
Reduce time to
market and cost
Easily leverage
hardware based
security
Deliver new value
to customers
Deliver secure
application
platforms
11

12. Sequitur Labs Inc. Proprietary ©2014
 For more info please visit
http://www.seqlabs.com
12