As more and more confidential and sensitive data makes it way to mobile devices there is an increasing need to improve its security (e.g. lock the phone or remotely wipe its data if its stolen). The focus of this post however is to review the efforts of Trusted Computing Group (TCG) to improve mobile device security of say, data stored on your device or to prevent thieves from assigning a new number to a stolen device, a common problem in Pakistan and elsewhere. However the security of wireless data in transit is not in scope here.

TCG is a non-profit organization which was formed to develop open standards for hardware-enabled trusted computing and security technologies (building blocks and software interfaces across multiple platforms). Naturally it started with PCs and then moved on to other platforms. The TCG approach for mobile devices means that the operating system, platform, and application level functionalities, as well as SIM cards etc, interact in a secure, trusted manner. The TCG specifications enable trust in the mobile phone equipment itself.

TCG started working on how to extend the group’s PC security spec to the cellphone environment with its multiple stakeholders including users, carriers, OEMs and content providers. After 3 years of work, Trusted Computing Group rolled out Mobile Trusted Module (MTM), its standard for cell phone security in September 2006. The spec is intended to help make it easier to protect mobile data and applications, although several hurdles lay ahead for broadly adopting it. The 100-page document is available at this page in TCG site. The 4-page overview is an easier read but does not provide technical details.

About 50 companies worked to define the Mobile Trusted Module (MTM) spec. However, two of the largest cellphone chip makers—Texas Instruments and Qualcomm—did not participate in developing the spec. The only carriers involved in the work were Vodaphone and France Telecom. It was supported by Motorola, Nokia, and Samsung on the handset side and Intel on the processor side. It is believed that handset makers will start delivering MTM-enabled devices by early 2008.

Information Week reports that:

MTM specifications will create an industrywide approach to developing mobile devices that includes stronger security, ensures data privacy, and reduces the risk of malware-ridden mobile devices infecting company networks. This protection will be a boon to businesses like Visa and MasterCard, which want customers to pay for purchases using mobile handsets that contain radio frequency chips that can be read at the point of sale.

The draft MTM specification is designed to supply the core framework, commands, and control specifications needed to provide the security building blocks within a mobile phone or one embedded in a PDA. The draft specification is designed to be complementary with existing mobile phone components, including subscriber identity modules and universal integrated circuit cards, and with specifications from industry organizations such as the Third Generation Partnership Project, Open Mobile Alliance etc.

Many of the MTM’s specs are already implemented in some phones such as the popular BlackBerry by RIM. For more than two years, RIM has offered Content Protect to protect data stored locally on BlackBerry devices. RIM has also given administrators the tools to remotely lock or wipe lost and stolen devices so their data can’t be accessed by thieves.  Further technical description is ahead.

MTM spec allows multiple (2) roots of trust. A root of trust is a key or certificate typically expressed as a number that can only be obtained by a calculaiton using information private to a system or user. Local roots of trust can support multiple users of a single handset. Remote roots of trust can allow a carrier, OEM or application provider to prove they are trusted enough to modify or “reimage” the handset’s operating system or other key software.

Like the existing PC spec, the MTM can use protected memory to store digital keys, certificates and passwords and support integrity checks of the device to measure its health and whether its state has changed.

Those tasks are handled with the same underlying RSA key cryptography for verifying digital certificates and the SHA-1 hashing algorithm employed by the existing PC spec. However, the spec uses those techniques differently to support multiple roots of trust locally and remotely.

Other Resources
For an overview of mobile security guidelines which should be followed by enterprise users see this article.

Advertisements