Article two in a series of two brought to you by Embedded AMS
Vitally important required security on devices
The five use cases that will be vitally important for security on devices now and in the near future are content protection, payment, image verification, user authentication, and electronic ID.
One of the traditional use-cases driving security requirements on devices is content protection. For example, making sure the latest Netflix show cannot be extracted from your device. Streaming providers and content owners, such as movie studios, require higher levels of security for rendering higher resolutions. Protecting 8K content in the future will be even more important, but also challenging because of the added complexity of protecting video on different tiers and different types of devices.
As the mobile phone becomes integral to people’s every-day life, more use cases are moving towards this device. One such example is mobile payment, as seen through the emergence of Google Pay, Samsung Pay, and LG Pay.
Payments made via a mobile wallet are more secure because they generally include authentication of users through biometric verification. This lowers the risk of fraud for the consumer, credit card networks and banks. However, it also provides security challenges because of the variety of implementations currently on the market, with some being more secure than others. Moreover, it could be difficult for a credit card network or bank to gain confidence in the security of transactions when they can’t review every mobile device implementation.
Therefore, a more scalable approach for secure payment transactions might be needed for the ecosystem.
Many security attacks come from exploiting old software. As a result, there has been a massive push led by Google and its partners to provide timely updates on devices. To deliver these system updates, devices need to be able to verify the origin of these updates. Moreover, devices check at boot-time that the image being booted is authentic and that no third-party has injected any malicious code since the last boot – this is known as Secure Boot. Also, image verification, both via Secure Boot and when applying system updates, are essential to a secure Android ecosystem. Another compelling security reason is making sure devices cannot be downgraded to an older, vulnerable version – otherwise known as rollback prevention – which requires secure non-volatile storage.
As smartphones have evolved and more personal information is stored on them, having a locking mechanism has become necessary. However, entering a passcode hundreds of times a day quickly can be jarring. The industry has quickly managed to get rid of this problem thanks to fingerprint scanners and face unlock schemes. The secure processing and storage of these credentials are required for all these user authentication features, as they are the gatekeepers to all of the user data. The threat surface for biometrics is very large as the whole pipeline must be secure (from the sensor to the communication channels and processing). However, as the technology matures, biometrics are now being used to authenticate the user for multiple types of applications.
New Security Methods
Today, fingerprint and facial recognition are used to authenticate the user for mobile payment transactions for a variety of application logins including retail, finance, health and even online games. In the future, it will be used for electronic IDs. To keep attackers at bay, a recent security method from Google has introduced increasing delays between failed attempts. The Weaver API introduced in Android Pie provides that functionality, requiring secure non-volatile storage to store the number of failed attempts between boots.
Embedded AMS extracted he article from an ARM blogpost. Click on the link https://community.arm.com/developer/ip-products/security/b/security-ip-blog/posts/security-on-devices to read the full article.
Embedded AMS, and embedded software engineering consultancy keeps you informed and educated on the latest trends in embedded software development and programming, follow the Embedded AMS’ LinkedIn page www.linkedin.com/company/embeddedams to stay updated.
About Embedded AMS
Embedded AMS specialises in strategies to help you get a head start in your embedded software development. At Embedded AMS we assist you to realise your embedded industrial and IoT applications by bringing these applications’ microcontrollers to life. We do this by implementing high-end algorithms and mathematics in software, stabilising C/C++ and Python code, validated with an automated test setup.