The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.
And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.
What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?
The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using 'measurement-bound' encryption. This presentation describes how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I demonstrate measurement-bound encryption in action. I also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.
This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Learn how your government plans to keep its own secrets and how you can protect yours.