• Новости
• Блоги
• Аналитика
• Новости компаний
• В СНГ и в мире
• Анонсы

European Specialists to Define Security Standards for Smartphones

Five partners from industry and academia have joined forces in a European research project, SEPIA, to define security standards for next-generation mobile devices including smartphones and tablet devices. As financial services, such as banking and payment, become increasingly accessed from mobile devices, it becomes increasingly critical to provide secure, certified cell-phone platforms to ensure such sensitive applications are efficiently protected from security threats.

The SEPIA (Secure Embedded Platform with advanced Process Isolation and Anonymity capabilities) research project brings together ARM, Brightsight, Giesecke & Devrient (G&D) and Infineon Technologies, and is coordinated by Graz University of Technology (Austria). The project is co-financed by the European Union's Seventh Framework Programme (FP7). Set up to run for three years, the SEPIA research project aims to develop new security enhancements and certification methodologies for mobile device platforms.

Herbert Reul, chair of the European Parliament committee on Industry, Research and Energy, confirms: "SEPIA addresses an ever more pressing security problem that is receiving increased attention on the European level, especially regarding mobile applications like eBanking".

For the consumer, SEPIA should allow execution of security-critical applications on cell phones, while ensuring that personal and confidential data are stored and processed within a separate trusted environment. The expected outcome of SEPIA is that these security-critical applications will run in a protected and isolated environment, alongside other services such as games and software downloads, without risk of being affected by viruses, Trojans, or other malicious software.

From a technical viewpoint, the SEPIA project will be based on a mobile platform combining ARM TrustZone technology, which creates a protected area in advanced systems-on-chip, and the high-security MobiCore operating system developed by G&D. The interplay between TrustZone and MobiCore ensures that if online services incorporate security-sensitive functions - for instance payment transactions - it is not possible for malware on the phone to manipulate username and password entries via the keypad or data output on the display.

Drawing on its expertise in hardware-based security, Infineon is contributing next-generation technology to allow secure storage of user credentials and passwords, thus adding further security to the new mobile platform. Brightsight will develop novel and cost-effective certification methods that allow mobile platforms to be certified incrementally, thus achieving short time-to-market cycles. The Institute for Applied Information Processing and Communications (IAIK) of Graz University of Technology is responsible for the scientific aspects of the project, including techniques to preserve anonymity and the development of security mechanisms for future cell phone processors.

The SEPIA project receives funding from the European Union's FP7 scheme. It supports Europe's foothold as a leading innovator in the sphere of mobile technology. SEPIA will make it easier to establish cross-platform, common security concepts and SEPIA's new approach to security evaluation will reduce time-to-market.

Источник: Cellular news

Оставить свой комментарий:

Комментарии по материалу