There have been a number of high-profile hacks recently, evidently demonstrating that hiding and using secrest on the Internet is still really difficult. From the $5 million in bitcoin lost at Bitstamp to the Sony hack, it is clear that a new approach to the problem is required. Recently, I was at CES, and the IoT is moving along at breakneck speed, with barely and afterthought for cyber security. All of the things end up controlled by a smartphone or PC. The integrity of the connection from your computing device to your house, car or medical equipment will need the same peer-to-peer security that bitcoin requires. So how should we all be approaching the problem? All private keys should be protected by tamper-resistant hardware — a device, not the operating system. Smart cards or USB tokens are great solutions, but the embedded trusted execution environment provides the built-in solution we all desire. It also provides the tamper-resistant security to match that of a SIM module, but it is not controlled by the carrier. In addition to access, the instruction sent to a cloud service or another device should be encrypted (for privacy) and signed (for integrity), assuring that the intended action is not corrupted. This critical step is mostly overlooked on today’s systems. Protecting the instruction assures that the intended action is actually what happens. Instructions are critical interactions between the client and the cloud. Rivetz leverages the trusted execution environment to assure the formation of the highest quality instructions. Trusted user input and output is by far the hardest piece of the puzzle. This is where an uncorrupted presentation of the intended transaction to the user and the proper collection of the user’s consent is executed. Secure display in combination with a secure PIN or secure biometrics is ultimately required to be fully effective. The technology to do this is just now being integrated but is not available on most platforms. Intel has been at the forefront of trusted display for a number of years. Rivetz is now demonstrating the trusted user interface on Intel and on some Samsung Galaxy Note 4 phablets released in December.
Continue Reading: Cyber Security and Blockchain – AlleyWatch