Future of Mobile Security at Uplinq 2014

Future of Mobile Security at Uplinq 2014

September 18, 2014, Uplinq 2014, San Francisco, CA – At the session “Shared Responsibility in the Mobile Security Ecosystem”, five industry experts including Paul Kocher, Chief Scientist of Cryptography Research Division of Rambus; Coby Sella, CEO of Discretix; Rajiv Dholakia, VP Product Management of Nok Nok Lab; Dror Nadler, SVP, Sales and Strategic Alliances of Cellrox and Steve Singer, VP, WW Field Applications Engineering of the Mobile and Networking Security Division, INSIDE Secure, were discussing the current trends in security for mobile products. The panel was moderated by Asaf Ashkenazi, director of product management for Qualcomm Technologies.

The state of security today is pretty bad and the trends are scary – said Paul Kocher. He stated that fundamentally we do not know how to make complex software secured. We are going to see dynamic growth of different devices; growth in the value of the information and the network as well, which means more and more complexity. More devices equal more things to attack, more value equal more rewards for attackers if they are successful and more complexity means more bugs and opportunities to attack.

Kocher made these statements from a position of being in the industry for over 15 years and starting in software security. He started in software cryptology and found the software was messing it up, then the training was messing it up, and he decided that this route for cryptology was not going to save the day. He then moved over to hardware based security that can be optimized for the key use cases. That is the solution he has been providing for the semiconductor industry and mobile devices for several years.

He continued – threats that we see right now will not match the threats that we are going to see next year. Right now we are only 2-3 bugs away from a compromised software solution space. We are going to see more reasons and abilities to break into the system. Kocher does not believe that software program will find the solution for it. Based on his extended experience, he recommended giving up on the software solution, as it is a moving target; and build hardware that can be robust for these key use cases: main application, communication, and identity. He is optimistic that the prices for transistors continue to falling. As we add more cores and more area, we can devote a larger portion of that to security which will enable us to deal with some of the problems that not required the perfection in software programming.

Dholakia, who represented the software company perspective, mentioned that even though the trends are pessimistic, it is good to look at the consequences from two dimensions. One is the security dimension and the other is the business dimension where security eventually cost a friction. There are ways to shape software. We have a once in a lifetime opportunity to reshape the devices that we carry with us or slap around our wrist, to allow them to have the security characteristics that are more robust than anything that we dream of carrying with us. That makes him optimistic.

Singer noted that the mobile VPN is one of the areas of expertise for INSIDE since the mid nineties. They have taken security component and add layers above it; some of them are specifically around authentication. Our mobile devices are the gateways into a larger access, so the use of VPN authentication of who the end point is, is instrumental. One solution space area that his company does is to run all these functions within their protected silo/trusted execution environment. Singer pointed out that the audience could see the demo specifically highlighting that capability, which was showcased at the expo hall of Hilton hotel where the Uplinq conference took place. 
He stated that gives them two silos approach: one thing is authentication components; the other is data encryption. Their solution for authentication is, it is something that typically happens once, but if the data is constantly and dynamically being processed we need another “envelope” to provide another level of security and validate that the algorithms are running properly. In that case the area of focus is around certified libraries. The next area of security is a device by itself that can be stolen, and the contents of the flash can become valuable for someone else. Finally the other points of challenge in security are the applications by themselves. Gartner did the report that shown that 75% of current apps do not effectively and properly address the security.

Nadler talked about the need to virtualize a device to gives it the ability to have multiple operating systems on the device. Just as the virtualization in servers was the way to be cost effective, while in mobile devices is all about usage.

Sella mentioned that when we talk about breaches, lots of them are user oriented, such as problems like poor passwords. Qualcomm built a very good solid platform with a lot of security capabilities. The challenge is to create a streamlined users experiences and also to harness the right type of financial incentives for security. Discretix was one of the first companies pointing out the importance of security of the mobile end point devices. 

The latest Terry Gilman film

The latest Terry Gilman film

What is the reason for human existence? What brings us happiness? The latest Terry Gilliam film, “The Zero Theorem”, might not give us a definite answer, but searches for one with spectacular and remarkable visual images. Gilliam, as always, is funny, witty, provocative, smart and surprising.

In a futuristic London, Qohen Leth , a computer genius, works on a mysterious project. Qohen, who talks always as “we”, identifies himself as a non-separated part of collective in the world, where everything is controlled. Big Brother, here called “Management”, is watching every step and all activity.

Qohen lives in isolation, in a burnt-out chapel, but his solidarity is disturbed by visits of flirtatious Bainsley and Management’s son, Bob. Qoen is desperately searching for love and is anticipating a phone call that will provide him the definitive answer. The Zero Theorem was shot in Bucharest, and a few other places in Romania, and brings dark and wrecked Ceausescu dictatorship era memories.

Christoph Waltz, a two time Academy Award winner, gives another extraordinary performance. This time he plays, an eccentric programmer, Qohen Leth, who is consumed by existential fears and angst. The mysterious project that he has been frantically working on is delegated by Management (Matt Damon). The role of Qohen’s sexual desire, Bainsley, a young gorgeous seductress, is adoringly played by French actress Melanie Thierry, and the role of Bob is wonderfully acted by Lucas Hedges (Moonrise Kingdom) and reminds us of Michael J. Fox, from “Back to the Future”. The always superb Tilda Swinton also co-stars as Dr. Shrink-Rom, the computer psychologist.

The amazing thing about Terry Gilman is that he doesn’t need to search for well known actors to work for him. They want to work with him. He is a member of the Monty Python team, as well as co-director of their feature films , “Monty Python and The Holy Grail” (1975), “Monty Python’s Life of Brian” (1979); and the sole director of “Jabberwocky” (1977). His post Monty Python films include “Brazil” (1985) which was given two Academy Awards nominations, and “The Adventure of Baron Munchausen” (1988), which was given four Academy Award nominations. Gilliam made his next three movies in the US: “The Fisher King” (1991), “Twelve Monkeys” (1995), and “Fear and Loathing in Las Vegas” (1998). In 2000, he went to Spain and shot “The Man Who Kill Don Quixote” (2002) and “The Brothers Grimm” (2005).