Decentralize security for mobile devices: Blockchain the workable solution?

Steven Sprague, Cofounder and CEO of Rivetz reveals a viable solution when it comes to decentralizing security. He claims that there is great promise for creating the security of mobile devices with blockchain technology

The world was introduced in the first commercial cell phone in 1983 with the launch of the Motorola DynaTAC 800x, which was at a height of 13 inches, weighed 1.75 pounds and took 10 hours to recharge. At the dawn of the mobile phone industry, it was incredibly simple for hackers to clone the identity of a phone and charge all types of charges to their account.

In recent decades, the furniture has gone through a metamorphosis of the "brick" of the 80s up to the compact and feature-rich smartphone of today. Now, mobile is the king – people all over the world use their mobile devices not only to communicate but also to read news, get directions, listen to streaming music, check bank accounts, conserve resources and much more .

As we increasingly rely on our mobile devices, new avenues of attack continue to emerge. Much of our sensitive personal information and digital resources, such as company data and bank account and credit card numbers, are accessible through our mobile devices. They have become treasures for the attackers.

Blockchain and security of mobile devices

There is great promise for creating the security of mobile devices by combining secure enclaves, also known as "roots of trust", with blockchain technology. Blockchain is a distributed register technology that protects a digital transaction through complex mathematical algorithms. Because of the strength of this math, the transaction can only be created by those who hold a valid private key.

Private keys have been developed as a means of protecting our digital transactions. A private key is a cryptographic code that allows a user to prove who he is – in other words, it is a digital signature that says that the user is, in effect, the one who is performing a digital transaction.

Private keys are used to protect a variety of transactions on mobile devices, including messaging, cryptocurrency, and more. Here's the negative: if an attacker steals your private key, you can impersonate yourself and then access and abuse your digital data and resources. The spread of mobile devices has made them some of the largest repositories for private keys.

The biggest challenge in decentralized computer security is that we can not prove that the transaction was designed. If an attacker steals your private key and transfers $ 5,000 to a third person, there is no way to prove that the attacker, and not you, has executed the transaction. Rivetz guarantees an expected transaction by establishing that it occurs from a known device, in a known condition, with an authorized user, under the required conditions. Rivetz performs "device attestation" to ensure that a user's devices are in a "known" condition by performing regular integrity checks to ensure the integrity of the device. The integrity of each device is recorded on the blockchain so that future health checks can be compared with the baseline, establishing that such devices are in a condition that the user intended.

While the advent of the Internet led to digital frauds and identity attacks, innovative industry leaders joined to combat that fraud and formed organizations such as the Trusted Computing Group (TCG). TCG has developed specifications that have become the standard for device protection, as well as data and identity on such devices, such as personal computers and laptops.

Trusted computing uses hardware to protect users. Ensures that a device behaves consistently in the intended manner, protected by a secure enclave or by a "trusted root" embedded in the device hardware. A trusted root is isolated from the operating system (OS) software of the device, allowing it to execute code that can not be seen by the operating system. One such trusted root developed by Global Platform is the Trusted Execution Environment (TEE), which enables reliable computing technology for mobile devices. TEE is already integrated into the hardware of over 1 billion mobile devices. Today, most of the private keys are generated within the software, which is much more susceptible to attack than the hardware. The TEE is able to protect a user's private key within the device's hardware, a much safer method than performing these operations in the standard software.

A single security system may not be sufficient to protect against the variety of cyber attacks possible today. It is more urgent than ever to provide multilevel protection of digital resources through two or more security domains. In this way, even if an attacker breaches a security point, the other must still be compromised, offering an additional layer of protection for important digital resources, regardless of whether it is personal information or money earned hard.

One of the most ubiquitous roots of trust is the identity form of the subscriber, or SIM card. The SIM is a secure hardware environment and was created to combat mobile fraud and protect the device's identity. With the pervasiveness of TEE and SIM, Rivetz saw an innovative opportunity to use these isolated roots of trust to work together to protect mobile users. In collaboration with ElevenPaths, the telecommunications security unit of Telefónica, the world's third largest mobile airline with over 300 million subscribers, Rivetz uses both the TEE and the SIM to protect our private keys – introducing the Dual Roots of Trust.

The solution exploits the TEE together with the SIM used by Telefónica. With Dual Roots of Trust, Rivetz enabled apps generate private keys in hardware, then cryptographically distribute those private keys between the TEE and the SIM. This provides integrated security from both the mobile operator and device manufacturers to create decentralized key protection.

By distributing a private key through these two trusted roots, hackers should violate both secure systems to steal a single private key. As a further security feature, two different entities – or independent control plans – help the user control their private keys. Through a special application authorized to perform activities within the TEE, the user retains control of the secrets stored in the TEE. If your mobile device is lost or stolen, a simple interaction with your mobile carrier can disable the SIM, permanently or temporarily until the device is found. So even if a thief has your device, you stay in control and your private keys are still safe.

The Rivetz solution has an unlimited number of use cases, such as sensitive work apps, mobile wallets, social media accounts and mobile banking services. One of the most exclusive applications of Dual Roots of Trust is the ability to demonstrably monitor specific applications on a device. This feature is particularly useful for businesses. Suppose that a company has an app that owns Rivetz employees use to work on their personal devices. If an employee is terminated or goes away, the company has the option of revoking access to that app on the personal device of the former employee with Dual Roots of Trust.

Because our mobile devices have become more important to our daily lives and contain so much of our personal and private data, we need better ways to protect ourselves. The solution lies in the roots of trust that already exist on millions of mobile platforms: the SIM and the TEE are two of the most common security enclaves. Dual Roots of Trust is the next step to ensure the security of our resources.

Steven Sprague

Cofounder and CEO
Rivetz
[email protected]
https://rivetz.com
www.twitter.com/rivetzcorp

* Note: this is a commercial profile