Trusted Computing

[awk]

Establishing Mobile Security

By Janne Uusilehto, head of product security at Nokia.
December 24, 2006

http://www.drdobbs.com/dept/security/196701910?pgno=1

Once implemented correctly, the newly developed Mobile Trusted Module (MTM) specification can protect against theft and malicious attacks as end users send, receive, store and handle sensitive data.

An industry-wide open standard for mobile phone security promises to enable mobile phone information security assurance. Developed by the Trusted Computing Group's(TCG) Mobile Phone Work Group (MPWG), the Mobile Trusted Module (MTM) specification goal is to establish trust in a platform's ability to protect its information and functional assets, and to validate that protection capability.

Members of the Mobile Phone Work Group contributed a considerable amount of effort to develop the specification, based on a very clear vision of future mobile communications. They view the specification as an enabler to the growth of third party service providers and the means to significantly influence the market place. The ultimate benefits to consumers are improved protection from theft and malicious attacks as they send, receive, store and handle sensitive data. Mobile equipment suppliers and network providers now have a critical tool to build trust.

Aside from a little cosmetic fine tuning, the Mobile Trusted Module (MTM) specification is essentially 99 percent final, based on the 0.9 version published in Sept. 2006. As a result, every company in the mobile technology community should start considering how to proceed to take advantage of the MTM specification and to implement improved security in their next-generation products.


Establishing trust

While the Mobile Trusted Module is very new, it has its basis in the well-established efforts of the (TCG). TCG members develop and promote open, vendor-neutral, industry-standard specifications for trusted computing building blocks and software interfaces across multiple platforms, peripherals and devices. Member companies include handset makers, service provides, silicon suppliers, and others.

Targeting more secure computing environments without compromising functional integrity, privacy, or individual rights, TCG's primary goal is to help users protect information assets such as data, passwords and keys from external software attacks and physical theft. To achieve this, TCG's Trusted Platform Module (TPM) specification, versions 1.1b and 1.2, provide the foundation of trust for the efforts of the other TCG work groups. The TPM specification has been widely implemented in integrated circuits (ICs) that have been installed in some 50 million personal computers, and is now shipped in virtually every enterprise PC. With the Mobile Trusted Module (MTM) specification, the Mobile Phone Work Group has extended the TCG specifications to support mobile phones.


For entire article click on this link:
http://www.drdobbs.com/dept/security/196701910?pgno=1