Embed Size (px)
DESCRIPTION
The Android platform is notoriously unsecure. But did you know that many Android devices have hardware security built that you can use to secure data, user identities and much more? Millions of popular devices such as the Samsung S4 and S5 have this capability. Most developers and even CIOs are unaware of this option but if your organization is diving into mobile app development or you are an Android app developer this presentation will give you the basics of how to utilize hardware based security when developing your app.
Citation preview
Sequitur Labs Inc. Proprietary ©2014
BUILDING HARDWARE SECURED ANDROID APPSAbhijeet Rane
VP Marketing, Sequitur Labs Inc.
Sequitur Labs Inc. Proprietary ©2014
OVERVIEW
Our Vision
Develop enabling technologies and
solutions to better secure and manage
connected devices of today and the future.
PCs Tablets IoT
2
SmartphonesServers
Sequitur Labs Inc. Proprietary ©2014
WHY DOES IT MATTER? EVERYONE IS AT RISK.
Business enablers: Mobile + Devices +
Cloud
New devices and use cases
Changing IT and information consumption
environment for end users and enterprises
Changing and diverse security and
manageability requirements
Traditional IT perimeter has vanished
The promise of mobility can only be
realized if TRUST exists between users,
services and devices
Trusted Mobility™ = creating a new
“Fabric of Trust” from Device to Cloud
$5.5 millionU.S. average cost of data breach.
3
Sequitur Labs Inc. Proprietary ©2014
WHY DOES IT MATTER? EVERYONE IS AT RISK.
Laptop(s) Theft
Snapchat Android app
hack
Data interception
Plain text passwords
stored on device
Root Causes of
Breach
Data Compromised
or LostNames, SS#,
Driver licenses
4.6M
usernames/phone #
Names, Account #’s,
Routing #’s
Contact Lists, Music
Laptop(s)
Theft
User passwords (source: viaforensics analysis)
4
Sequitur Labs Inc. Proprietary ©2014
HARDWARE ROOT OF TRUST IS THE RIGHT SOLUTION FOR PROTECTING ENTERPRISE INFORMATION ASSETS
Mark
et
Accessib
ilit
y
Relative Degree of Security
H
HL
Device VirtualizationContainers
App Wrapping
Dual Persona
Sandboxing
Encryption
SSL
Hardware
Root of TrustTrusted Execution
Environments
Secure elements
TPM
5
Sequitur Labs Inc. Proprietary ©2014
Trustonic TEE
Trustonic
Trustonic Microkernel
Trustonic Driver
Kernel Module API
Trustonic Driver Kernel Module
Trustonic Driver
Trustonic Driver
API
6
TRUSTZONE AND THE TEE
ARM provides the reference
design for the TrustZone to be
incorporated by
SoC manufacturers
Device OEMs
Trustonic provides a Trusted
Execution Environment
(TEE) Protects against software attack
from open/Rich OS
Provides scalable and secure
environment for apps like user
auth, anti-malware, transactions
Two separate domains, normal
and secure Extends across entire system
Secure
Processing path
On/off-chip memory
I/O and display
Increasingly available on
devices
Sequitur Labs Inc. Proprietary ©2014 7
A HEALTHY ECO-SYSTEM IS FORMING AROUND THE TEE
Sequitur Labs Inc. Proprietary ©2014
DEVELOPING TEE SECURED APPS
Requires developers with systems level development experience
Requires learning new platform primitives
Involves high initial and ongoing expenditure
8
Purchase TEE-SDK
Train developers on TEE platform
Negotiate pilot agreement with
Trusted Application Manager
(TAM)
Developer training
session at TAM location
Start developing app
Include TAM activation code
in app
Complete app development
Negotiate commercial
agreement with TAM
Distribute app on app store
Manage billing relationship with TAM(Monthly charges)
PROBLEM: Developing TEE secured apps is not economical for the majority of enterprises
$$$ $$$ $$$ $$
$$$
$$$$
$
Sequitur Labs Inc. Proprietary ©2014
DeadBolt™ – DEMOCRATIZING THE TEE
Trustonic and Sequitur Partnership
A suite of Trusted Applications utilizing the Trustonic TEE
Secure file system and data storage
Secure data-at-rest
TEE-SSL
Provides a secure communications channel to Cloud services/data centers
Developers access TrustZone and TEE via a library**
Allows developers to utilize the TEE using familiar developer tools
.JAR file
SDK and Customer Portal
** - requires devices to have the ARM TrustZone and Trustonic
Trusted Execution Environment (TEE)
9
Sequitur Labs Inc. Proprietary ©2014
DEVELOPING TEE SECURED APPS WITH DeadBolt™
Does not require developers with systems level development experience
Does not require learning new platform primitives
Significantly lower cost of initial and ongoing investment
Rapid time to market
10
Start developing app
Download and include DeadBolt™ in your
app
(development license)
Complete app development and
testing
Get activation license for commercial
distribution
Publish app on public or private app store
$$
Sequitur simplifies the development and commercial activation of a TEE secured app
Sequitur
Develo
per
Port
al
Sequitur Labs Inc. Proprietary ©2014
DeadBolt™ - KEY BENEFITS
Enterprise
Developers
Enterprise
ISVs/SIs/
Consultants
Device OEMs
Reduce time to
market and cost
Easily leverage
hardware based
security
Deliver new value
to customers
Deliver secure
application
platforms
11
Sequitur Labs Inc. Proprietary ©2014
For more info please visit
http://www.seqlabs.com
12
