Australian security breakthrough with portable IT devices
The significance of the development can be seen in a recent survey of consumers in the US, UK and Japan which showed that almost four out of five consumers were knowingly using unprotected devices and another 15 per cent were unsure of their device’s security levels.
Known as a Trust Extension Device (TED), the CSIRO development consists of software loaded onto a portable device, such as a USB memory stick or a mobile phone. It is able to minimise the risk associated with performing transactions in untrusted and unknown computing environments.
“The problem is that trust is currently tied to specific, well-known computing environments,” says CSIRO ICT Centre’s Dr John Zic.
“TED makes that trust portable, opening the way for secure transactions to be undertaken anywhere, even in an internet café.
“The concept behind TED is that an enterprise issues a trusted customer with a portable device containing a small operating system, as well as a set of applications and encrypted data.
“This device creates its own environment on an untrusted computer and, before it runs an application, it establishes trust with the remote enterprise server. Both ends must prove their identities to each other and that the computing environments are as expected.”
Once the parties prove to each other they are trustworthy, the TED accesses the remote server and the transaction takes place.
“The idea is that the person or organisation issuing the device runs their own computing environment and applications within the TED,” says Dr Zic.
The CEO of the Council of Small Business of Australia, Tony Steven, told ASM
the new CSIRO development should enhance security for small business around Australia.
“Economies of scale have meant that big business has had a big advantage over small business for quite a while. However technology is ensuring the imbalance is addressed to some degree,” he said.
“This new (TED) will assist small businesses who often operate outside an office to compete with security issues large business can already offer. Government clients are often the most sensitive.”
Cost will always be the main issue so any tenderer who may be successful will need to be mindful of the price-sensitive nature of smaller business owners, he said.
Focus groups run by the Centre for Networking Technologies for the Information Economy, funded by the Australian Government, suggested developing a device to facilitate trusted transactions and provide authorised people with access to confidential and private information.
For instance, banks could use a technology like TED to provide authorised customers and employees with access to financial data, or conduct financial transactions over the internet.
“The idea is that the person or organisation issuing the device runs their own computing environment and applications within the TED,” says Dr Zic.
“Wherever you go, whichever machine you run on, you and the issuer can be confident both parties are known to each other, cannot engage in any malicious acts, and that the transactions are trusted.”
Dr Zic said the next development with TED related to the facilitation of secure transactions or interactions between a number of different people such as a medical scenario involving exchange of information between doctors and patients.
The CSIRO breakthrough comes at a time when global ICT security giant, McAfee, reports that mobile ICT devices are well on their way to surpassing the functionality of PCs, and users have become increasingly reliant on them in their day-to-day lives.
About the author: Ernie Davitt in the National Affairs Editor of Australian Security Magazine.