Consumer Electronics Security

In 2005, Paris Hilton’s T-mobile Sidekick II (and the local hosts that served it) was compromised by a Massachusetts teenager, who promptly posted the entire contents of Ms. Hilton’s address book on the Internet. Hilton’s address book contained a Hollywood “Who’s Who” list of telephone numbers and email addresses for high-profile celebrities, including Christina Aguilera, Ashlee Simpson, Vin Diesel, Anna Kournikova, Eminem and Lindsay Lohan.

Common Security Issues with Consumer Electronics

Consumer Electronic Security

The fact is that consumer electronics, largely because of their ubiquity and their closeness to us, have become the guardians of much of our most sensitive business and personal information. Their enormous storage capacities mean that we can literally carry our life and work around with us, and more and more, people do.

And it wasn’t just Paris’ address book that was hacked. All of her files, notes and photos stored on the device were also available to the attacker. So while most of your customers’ smartphone files won’t be so titillating, they’ll certainly still be sensitive, private, and in the case of enterprise devices, often considered intellectual property. Unauthorized disclosure of any of this information can cause your company a lot of legal headaches. So it’s worth your while to design with security in mind, from the very beginning. Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Common Security Issues with Consumer Electronics

Most consumer devices share a common set of security threats. So providing the essential data security features that address these threats will be paramount to the success of your device. Some of the very real attacks faced by consumer electronics include:

Credit card fraud
Even grandmothers understand that you shouldn’t order products electronically without encrypting your credit card number, but every day, thousands of more credit card numbers are available for sale on the ‘net. Credit card numbers can be “sniffed” straight from device memory or easily intercepted during non-encrypted transactions.

Eavesdropping
Virtually all business and personal communications remain unencrypted. So it’s easier than you might think to eavesdrop on private conversations, or conduct industrial espionage by recording sensitive business traffic from consumer electronics.

Identity theft
Consumer electronics devices play a central role in most cases of identity theft. While there is certainly a role for educating users, there’s a lot that the device designer can do to prevent identity theft.

Data destruction/vandalism
Getting “bricked” is the deepest, darkest fear of the owner of any consumer device: what was once a $400 piece of cutting-edge technology is now a very expensive paperweight, thanks to network malware. Simple security measures built into the device firmware can prevent most data destruction and device vandalism.

“Zombie”-fying
In one of the scarier attacks, hackers and automated malware can assume control of your devices without the user ever realizing it. Your device becomes a “zombie” or a “bot”: all of the computational resources, bandwidth, network permissions and database logins of the device now belong to someone else, and that someone else is usually focused on going after even bigger targets with networks of millions of unwitting zombie devices.

If you don’t address these issues at the device level, consumer and enterprise lawsuits will almost certainly target your company, seeking damages for your failure to implement commonly understood device security measures. Those technologies include:

A secure browser
A Virtual Private Network client to secure data communications between the device and a private network
FIPS validated cryptography
Malware and virus protection
Scalable and secure firmware updating and secure boot capabilities
Robust certificate handling features to authenticate devices, network services, and individuals to each other

We understand, more than anyone, that consumer electronics developers must balance these security features, performance and battery efficiency effectively. That’s why we’re here. Mocana's Device Security Framework components, including the “Nano” product line, is the best-performing and more cost-effective standards-based device security software family available. Mocana’s products allow consumer electronics developers to build the security features that enterprises and savvy consumers demand. Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Electronic Device Examples
Mocana Products	GPS	Home Alarms	Wifi Routers	Smart- phones	Printers Scanners	DVRs	Game Consoles	Cameras
NanoCert	•	•	•	•	•	•	•	•
NanoDefender
NanoSec			•	•	•
NanoSSH	•	•	•	•	•
NanoSSL	•	•	•	•	•	•	•	•
NanoWireless	•	•	•	•	•	•	•	•

Mocana FIPS Certified Crypto Libraries
Standard in all configurations of the NanoPhone Suite, your fully-stocked cache of state-of-the-art crypto algorithms, including ultra-optimized implementations of RSA, AES, Blowfish, Diffie-Hellman, 3DES, DSA and dozens of others.

NanoCert™
Leverages mature technologies such as the Public Key Cryptography Standards (PKCS), specifically PKCS #10 and PKCS #7. Mocana internal HTTP implementation code provides the client-server transport protocol. Certificate management utility functions in the Mocana crypto library provide extremely efficient key generation and management, certificate parsing, encoding and decoding, and certificate store functions.

NanoDefender™
Mocana’s patent-pending new anti-malware product, is a device-based intrusion detection system that is designed to instantly detect and shut down malware or viruses before they have a chance to spread throughout the network or hijack data — and it does so while eliminating “false positives.”

NanoSec™(Client):
Designed from the ground up for use with IP connected devices, it also includes support for IKEv2. IPsec is a standard for securing (IP) Internet Protocol communications by encrypting and/or authenticating all packets at the network layer. The Client is standards-based and interoperates with IPsec enabled devices on the network.

NanoSSH™(Client):
Designed for logging into and executing commands on a networked computer and provides secure encrypted communications between two untrusted hosts over an insecure network. The SSH Client is standard-based and interoperates with SSH Servers.

NanoSSL™(Client):
Provides endpoint authentication, protecting against eavesdropping, message forgery and interference. The Client is standards-based and interoperates with any SSL Server. Both are commonly used for securing remote device management via a web browser.

NanoWireless™ Mocana delivers a standards-based, full featured, IEEE-compliant WPA2 client software solution that is easy to use. The Mocana NanoWireless solution is uniquely architected with an asynchronous core to fully leverage hardware acceleration, is portable and has a small footprint. Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Mocana’s Device Security Framework for Consumer Electronics

Mocana’s Device Security Framework is an extensible software framework that secures all aspects of device data and communications for any connected device. It is especially well-suited to securing consumer electronics.

The Device Security Framework includes device-resident security software as well as security capabilities delivered across the network. It provides modular support for different open standards-based device security protocols and other sophisticated device security capabilities.

Mocana’s Device Security Framework delivers the following device security services in a managed, holistic way:

FIPS-validated cryptography.
Secure remote access to network services from the device, or vice versa
Secure data communications between devices.
Device identity management. Authentication of devices and device applications onto the network.
Wireless authentication and encryption. Sophisticated key management and certificate handling.
Advanced connection-handling.

Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Mocana Technology Features and Benefits for Consumer Electronics Developers

We know that developers working on consumer electronics platforms are on ultra-compressed development cycles. You don’t have a lot of time to think about, let alone build from scratch, security features that have been optimized to maximize performance and battery life for portable and home implementations. That’s why we’ve built the Device Security Framework. Now, you don’t need to be a crypto expert to make the design decisions required to build high-performing security applications in your consumer electronics environments. Mocana’s DSF components all share a common API and crypto library that hides the complexity of cryptography and reduces the risks of inexperienced developers introducing new security holes into your own code.

Dramatically Reduce Time to Market
With development cycles cut in half, don’t waste valuable time building security from scratch. The DSF is the culmination of six years of development work backed by our decades of experience in the security industry. We’ve already done all the painstaking optimization work for you, resulting in our products’ incredibly small footprints and best-in-class performance. Our implementations of protocols like IPSec and SSL can run in less than 50KB of memory, yet are 2x-4x faster than open source implementations — and they’re exhaustively tested for interoperability. Now, you can focus on what’s important to your business — getting your killer consumer electronics apps to market first.

No Need to Sacrifice Performance for Security
Consumers and corporate users need security but they expect superfast performance in elegantly designed devices. So you don’t want to let computationally-intensive crypto operations suck all the Wow! factor or battery power out of your gadget.

Many device security architectures are synchronous, which severely limits the number of cryptography jobs that can be offloaded to silicon at any one time. Synchronous architectures also severely limit the way that completed cryptography jobs can be propagated back up the stack. Because Mocana’s DSF features an asynchronous, event-driven architecture, cryptographic jobs are easily offloaded to different CPU cores or silicon channels, fully enabling today’s multi-core processors to do your application’s work in parallel.

At the heart of the DSF is an asynchronous core that leverages our patented Mocana Acceleration HarnessTM — a software layer that virtualizes and manages crypto offload from software to hardware speeding up crypto operations by as much as 400%, depending on the hardware platform to allow the best power and performance.

Tested and Supported by Actual Humans. When it comes to security, you can’t cut corners. But with Mocana, you can significantly reduce your testing efforts because we’ve done a significant amount already. All of the DSF components are pre-optimized and exhaustively tested so you can focus on what’s important — getting to market ahead of your competitors. We’ve invested an enormous amount of money into our testing infrastructure that runs 24x7 against thousands of code scripts so you don’t have to. Another benefit of choosing Mocana is our built-in verification process. While other programs only have one error code, “-1”, our developer suite ships with over 1,000 unique code errors built-in so you can pinpoint bugs instantly. Because we’ve done the rigorous testing and our support organization is available 24/7/365, you can have enterprise grade security in weeks, not months. Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Common Security Issues with Consumer Electronics

Electronic Device Examples

Mocana’s Device Security Framework for Consumer Electronics

Mocana Technology Features and Benefits for Consumer Electronics Developers