Security in communications has become a high priority in many arenas. Wireless communication use has increased dramatically and these communications have a higher vulnerability to interception and attack. Security has also increased to protect this vulnerability and has focused mostly on issues external to the communications platform. The communications platform may be a computer, personal digital assistant (PDA), cellular phone and many others. The layers of security provided tend to handle issues at the network level, securing connection to the network as well as transmissions to, from and across the network. Very little attention has been paid to local links, defined here as links between devices.
In addition, as the use of electronics communication has increased, sensitive information may be vulnerable to attack within the platform. For example, many notebook computers use a wireless local area network (WLAN) card for communications. When this computer is used to perform authentication into a cellular network, the unprotected environment may allow a relatively inexpensive attack on sensitive authentication data. This risk increases with the increasing popularity of personal computers, most of which share almost all information about themselves.
Embodiments of invention may be best understood by reading the disclosure with reference to the drawings, wherein:
a-b show different views of an example of a device vulnerable to an intra-platform attack.
For example, a personal digital assistant (PDA) may use a local link to synchronize with a personal computer. If the personal computer is also connected to a wider network, the link is only local if the personal digital assistant does not use the personal computer to access the network. This local link could also be wireless
Two popular communication methods used primarily for local links are Bluetooth® and IrDA (Infrared Data Association). Bluetooth is a wireless radio standard for a fast-acknowledging, frequency-hopping, short distance radio connection in the ISM (Industrial, Scientific and Medical), unlicensed band of 2.4 Gigahertz (GHz).
An IrDA link is a link based upon infrared signals similar to those used on remote controls for televisions. The IrDA specification includes the necessary requirements for devices to communicate via infrared pulses. These are line-of-sight connections, and generally are effective up to 10-15 feet.
A major concern in these types of local links is security. Bluetooth is criticized due to flaws in its security, and the IrDA specification does not consider security. It is possible to deploy Transport Layer Security (TLS) based protocols to provide a trusted tunnel between the two devices using the local link. Transport Layer Security is set out in the Internet Engineering Task Force (IETF) Request for Comments 2246. A trusted tunnel, as defined here, is a connection between two devices that are known and authenticated to each other.
The TLS protocol is designed as a successor to the Secured Socket Layer (SSL) protocol that is widely in use. TLS is designed to be application independent and based upon a handshaking protocol in which the two devices exchange information that could be validated by either side. The application independence provides developers and system designers the ability to specify the particulars of the handshake process.
Embodiments of this invention define a general transport access layer (GTA) that is independent of the devices that use the local link. It is based upon the TLS and assumes that both end points of the tunnel are in a relatively secure location and that they both have security authentication capability. The GTA provides mutual authentication and establishes an encrypted, integrity-protected tunnel for data communications between devices on the local link.
Referring back to
In the example of
As can be seen in
One embodiment of a messaging process to perform the handshake is shown in
The server responds with the server certificate or other server authentication credentials at 22 in
In order to create the trusted tunnel, it is generally advisable that the keys be generated using platform tokens. A platform token is a unique identifier of that particular platform, such as a cell phone or notebook computer. One option would be to use a Trusted Platform Module. A Trusted Platform Module is a hardware component that implements the Trusted Computing Group specification for enhancing the security of the computing environment across multiple platforms and devices. Another option is to use the Media Access Control (MAC) address, which is a unique address for each node of a network. While a network is not being deployed in this particular communication link, most devices will have a unique identifier if one were to use a MAC address. Once the keys have been exchanged and the encryption cipher suite agreed upon, future data sent between the two devices is encrypted at 30 of
Embodiments of the invention may be implemented by providing instructions contained on an article of machine-readable media. The instructions, when executed by the machine such as the server, would cause the server to implement the methods of the invention.
In addition to addressing the problems with data being transmitted across local links external to the devices, there is also some vulnerability for data internal to a device.
The device 50, in this example a notebook computer, is used to transmit information from a SIM (subscriber identity module) card 52 in cell phone 12 through a wireless access point (WAP) 54 to a network 56. It must be noted that the SIM card is representative of many different kinds of smart cards and the scope of the invention is not limited to SIM cards. The network may be a network compliant with the GSM (Global System for Mobile communications). Assuming the information is encrypted as it leaves the notebook to the WAP and the network, vulnerability remains as data is transferred from the SIM card on a communications port of the computer to the wireless port. Malicious software residing in the notebook may capture this information and transmit it across the network to third parties such as identity thieves.
b shows a block diagram representation of an operating system generally in accordance with the Windows® operating system of Microsoft® Corporation. It must be noted that analogous structures to those discussed with regard to Windows exist on just about any operating system, and the scope of the invention is not limited to Windows operating systems.
In
Using a similar approach to the GTA for local links, it is possible to provide a system that uses a trusted tunnel between the two endpoints internal to the system. The endpoints may be drivers, such as Ring 0 drivers, or may be the peripheral hardware components, such as communication module connected to the system. As can be seen in
The trusted tunnel may be established using the GTA above, one implementation of which is the Transport Layer Security protocol, or the Secured Sockets Layer protocol. An embodiment of a method to establish the trusted tunnel of
Once authentication is complete, the two endpoints generate and distribute keys at 94. The keys are then used in encrypting communications between the endpoints at 96.
Another consideration is at which point the processor will locate the endpoints. As discussed above, it is desirable the tunnel begins and ends below Ring 0, or kernel, mode to raise the difficulty level of attacking the data. A location below Ring, 0 or kernel mode, may be inside the firmware or hardware of the communication devices. This results in data that is to be transmitted by the communication devices being encrypted before it is exposed to the main system memory. In this manner, data would be secure inside the platform for the majority of the areas of risk.
It is possible that the system could implement the methods of the invention by receiving instructions from an article of machine-readable media. The instructions, when executed, would cause the machine, in this case the device 50 or 70 as examples, to implement the methods of the invention.
Thus, although there has been described to this point a particular embodiment for a method and apparatus for securing data communications across local links and intra-platform, it is not intended that such specific references be considered as limitations upon the scope of this invention except in-so-far as set forth in the following claims.