Welcome!

Related Topics: Microservices Expo, Mobile IoT, Containers Expo Blog, Agile Computing, Cloud Security, SDN Journal

Microservices Expo: Article

Securing Mobile Networks with Trustworthy Systems

Public and private organizations should seek out vendors that prioritize continued innovation

In our increasingly connected world, the number of mobile phones will exceed the world's population by 2014. Users expect to be able to run diverse applications on these devices at work, home, and practically anywhere else. We assume secure access to any information we need, with an expectation of seamless mobility and a high-quality user experience.

Security is a primary concern, but at the same time users don't want security to get in the way of their experience. Users want to simply be able to find an application in an app store, and then download and use it without having to be concerned about whether it's a trusted application.

Today, the customer chooses a product based on a vendor's ability to fulfill the customer's need, the price point, and vendor attributes such as viability. The "trust" market transition introduces three other essential criteria: the vendor's trustworthiness and transparency, the product's trustworthiness and integrity, and the vendor's commitment to and understanding of security issues. Taken together, these criteria can help a company determine the most trustworthy system for its mobile network.

The Network Is Square One
Fortunately, it is possible to address the hidden risks of choosing a vendor and to reduce the known risks of operating a mobile infrastructure. This ideal - a "trustworthy system" - can be achieved through vendor inspection, delineation between assumed and verifiable trust and, ultimately, a network security infrastructure more advanced than the one in which we operate today.

Mobile device security begins with the network. Networks should be based on verifiably trustworthy network architectures built on secure software and hardware that are backed by prudent supply chain security practices. These elements enable an intelligent network to engage the service provider's access policies and challenge the trustworthiness of mobile devices attempting to access network resources. In turn, mobile device manufacturers and vendors should focus on building verifiable trustworthiness and transparency with regard to their processes and technologies to allow for the creation of secure mobile networks.

Trusted Environments Within Devices
Fortunately, there are many useful ways to ensure that mobile devices are trustworthy. One particularly effective approach is to build a trusted environment within the devices. This is accomplished by partitioning mobile phones and tablets in a logical and secure way, such that they become, in effect, multitenant devices. This enables:

  • The service provider to provide radio service without fear that the user will tinker with security elements within the device, potentially compromising the network's security.
  • The manufacturer to provide secure booting of the device with an initial signed image that can be upgraded over time.
  • The user to run third-party applications without fear of affecting the other device elements.

Industry collaboration and standardization initiatives will make this vision a reality. For instance, the GlobalPlatform organization is developing secure Trusted Execution Environment specifications for mobile devices. A verifiable root of trust is built sequentially from the time a user boots up the hardware (phone), through the loading of the operating system, to the activation of individual applications within this trusted environment.

GlobalPlatform has been working to get mobile device manufacturers moving in the same direction in terms of standardizing a single trusted architecture for mobile devices. The Trusted Computing Group, another standards organization, has been collaborating with GlobalPlatform and working to bring mobile device manufacturers into alignment along common standards of trustworthiness.

Standards for Success
The network's primary role in the context of mobile security and trustworthiness is in the access-control realm. In support of this role, organizations should ensure that their network infrastructures enforce security-policy compliance on all devices that attempt to gain access to the network. Network administrators should use best practices to authenticate, authorize, evaluate, and remediate wired, wireless, and remote users before they can gain access to the network and its resources.

By using protocols such as device posturing, organizations can classify devices that attempt to gain network access and understand who the user is and what policies should be enforced based on the information that is captured from the device and by the authentication of the user. In order to secure the corporate network, the network needs to understand the level of trustworthiness in mobile devices. The convergence of mobile platforms to a common trusted architecture will make the problem easier for network administrators. Once the network discovers and classifies devices, then it can immediately determine whether the device is compliant to a certain common standard.

Government organizations are helping drive common standards by asking vendors to support standards and move away from proprietary solutions. They are also identifying specific standards and certifications upon which they would like to see mobile devices manufactured. Given this push, there will eventually be a convergence to one standardized, secure and trustworthy ecosystem and architecture. At that point, government agencies and other institutions will be able to verify the trustworthiness of a particular device based on its certificates and then allow or deny access based on its assessment of the device's trustworthiness.

Virtualization's Role
Currently, efforts are being made to extend the concept of virtualization in servers to virtualization in mobile devices through hypervisors, providing a more flexible environment to implement a multiple stakeholder model. Cloud and other forms of virtualization provide extended storage, improve resiliency, increase efficiency, and reduce costs; but they also introduce additional security risks. Managing and mitigating these risks demands a new level of planning, user education, and security procedures to create a trustworthy system for securing mobile networks.

Looking Ahead
The importance of selecting a vendor that can ensure trust throughout the entire mobile system cannot be overstated. Taken together, trustworthy systems combine verifiably trustworthy hardware, software, firmware and, as appropriate, the resulting services built upon them, demonstrating in a provable manner the trust and risk management required for today's standards of security and reliability.

Trust is not guaranteed. It must be proven on a continuous basis. Public and private organizations should seek out vendors that prioritize continued innovation to ensure resiliency in customer networks through visibility and transparency while partnering with customers to prepare for any and all threats.

More Stories By Rafael Mantilla Montalvo

Dr. Rafael Mantilla Montalvo is a Principal Engineer at Cisco Systems. He holds a B. Sc. in Electrical Engineering from the Instituto Politécnico Nacional and an MS and PhD in Electrical Engineering from Stanford University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Latest Stories
StarNet Communications Corp has announced the addition of three Secure Remote Desktop modules to its flagship X-Win32 PC X server. The new modules enable X-Win32 to safely tunnel the remote desktops from Linux and Unix servers to the user’s PC over encrypted SSH. Traditionally, users of PC X servers deploy the XDMCP protocol to display remote desktop environments such as the Gnome and KDE desktops on Linux servers and the CDE environment on Solaris Unix machines. XDMCP is used primarily on comp...
SYS-CON Events announced today that StarNet Communications will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. StarNet Communications’ FastX is the industry first cloud-based remote X Windows emulator. Using standard Web browsers (FireFox, Chrome, Safari, etc.) users from around the world gain highly secure access to applications and data hosted on Linux-based servers in a central data center. ...
SYS-CON Events announced today Telecom Reseller has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
SYS-CON Events announced today that Adobe has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. Adobe is changing the world though digital experiences. Adobe helps customers develop and deliver high-impact experiences that differentiate brands, build loyalty, and drive revenue across every screen, including smartphones, computers, tablets and TVs. Adobe content solutions are used daily by millions of co...
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
Pulzze Systems was happy to participate in such a premier event and thankful to be receiving the winning investment and global network support from G-Startup Worldwide. It is an exciting time for Pulzze to showcase the effectiveness of innovative technologies and enable them to make the world smarter and better. The reputable contest is held to identify promising startups around the globe that are assured to change the world through their innovative products and disruptive technologies. There w...
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
SYS-CON Events announced today that Hitrons Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Hitrons Solutions Inc. is distributor in the North American market for unique products and services of small and medium-size businesses, including cloud services and solutions, SEO marketing platforms, and mobile applications.
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
SYS-CON Events announced today that eCube Systems, a leading provider of middleware modernization, integration, and management solutions, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. eCube Systems offers a family of middleware evolution products and services that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics. In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
Enterprises have forever faced challenges surrounding the sharing of their intellectual property. Emerging cloud adoption has made it more compelling for enterprises to digitize their content, making them available over a wide variety of devices across the Internet. In his session at 19th Cloud Expo, Santosh Ahuja, Director of Architecture at Impiger Technologies, will introduce various mechanisms provided by cloud service providers today to manage and share digital content in a secure manner....