Mobile devices play an ever more critical role in our personal and professional lives today. They are increasingly used to access banking, location-based services, and social networking sites. Protecting peopleâs security, privacy, and identity on these devices is therefore a mounting concern. At present, however, there is no common security level across cell phone platforms and the technology varies widely. Set up to run for three years, the SEPIA research project aims to address this by developing new security enhancements and certification methodologies for mobile device platforms.
Herbert Reul, chair of the European Parliament committee on Industry, Research and Energy, confirms: âSEPIA addresses an ever more pressing security problem that is receiving increased attention on the European level, especially regarding mobile applications like eBankingâ.
For the consumer, SEPIA should allow execution of security-critical applications such as electronic banking, location-based services, and social networking on cell phones, while ensuring that personal and confidential data such as usernames, passwords, location, and banking and payment details are stored and processed within a separate trusted environment. The expected outcome of SEPIA is that these security-critical applications will run in a protected and isolated environment, alongside other services such as games and software downloads, without risk of being affected by viruses, Trojans, or other malicious software.
From a technical viewpoint, the SEPIA project will be based on a mobile platform combining ARMÂ® TrustZoneÂ® technology, which creates a protected area in advanced systems-on-chip, and the high-security MobiCoreÂ© operating system developed by G&D. The interplay between TrustZone and MobiCore ensures that if online services incorporate security-sensitive functions - for instance payment transactions - it is not possible for malware on the phone to manipulate username and password entries via the keypad or data output on the display.
Drawing on its expertise in hardware-based security, Infineon is contributing next-generation technology to allow secure storage of user credentials and passwords, thus adding further security to the new mobile platform. Brightsight will develop novel and cost-effective certification methods that allow mobile platforms to be certified incrementally, thus achieving short time-to-market cycles. The Institute for Applied Information Processing and Communications (IAIK) of Graz University of Technology is responsible for the scientific aspects of the project, including techniques to preserve anonymity and the development of security mechanisms for future cell phone processors.
The SEPIA project receives funding from the European Unionâs FP7 scheme. It supports Europeâs foothold as a leading innovator in the sphere of mobile technology. SEPIA will make it easier to establish cross-platform, common security concepts and SEPIAâs new approach to security evaluation will reduce time-to-market.