Next Generation Secure multimodal wireless communicator

Jeffrey Jonas

December 2004

NJIT ECE 684: Professor Lopes

 

Abstract

Wireless communications has matured from a curiosity to a serious business tool. PDAs have totally replaced Daytimers and notepads. But security has been lacking or weak, making such automation untrustworthy for critical applications. By adding strong security and authentication, these tools will facilitate trustworthy electronic methods for commerce, financial transactions, medical data, even prescriptions.

 

Detailed description

 

This is an exciting time for the cellular phone, wireless communication and PDA communities! Cellular phones and PDAs are merging and melding in a variety of ways. Pagers have evolved from simple "beepers" to receiving numeric messages, to text messages, to bidirectional messaging. Palm's Treo is a PDA evolved into a cellular phone. RIM (Research In Motion) makes the Blackberry device: originally a bidirectional alphanumeric pager, it evolved into a PDA and now a cellphone.

 

Focusing on the text-only (non-voice) devices, a variety of services are offered: web (WWW/html), email, SMS, instant-messaging and linking amid them.

 

In CIS 786 (Ubiquitious/Pervasive Computing) we critiqued movies and televisions shows for "the future as we saw it". Space 1999 was dead-on with the concept of the com-link: a device that's a doorlock, universal remote control, wireless/cellular picturephone. (even Star Trek didn't envision that: the communicator was always separate from the tricorder and tricorders were specialised devices too!). Comlinks are already here with the way cellphones are being used not just for placing calls but for identifying the user for things like paying for items. As PDAs and CellPhones continue to merge and melt,

I foresee more permission-based ID schemes, such as a slot for inserting ID cards as required

by different applications (as opposed to the "universal remote" idea of the PDA containing all permissions and privileges at once).

form factor

When I worked at GoAmerica (a wireless middleware vender), I had a BlackBerry and got to appreciate why it's the preferred business tool.

         it's as small as a pda

         no external antenna (or minimal antenna, a far cry from Walkie-talkies)

         the "thumb" keyboard is EXTREMELY intuitive to use, has TERIFFIC tactile feedback; far faster than using a PDA's "grafitti" keystrokes or an on-screen keyboard.

         the scroll wheel pushes to click, like the scroll wheels now on computer mice.

 

That's why I'd license the RIM Blackberry keyboard, scroll wheel and interface software instead of reinventing it. There are many imitators but none work as well.

 

Security basics

 

There are 3 basics to security: authentication, authorization & identification

1.        identification: who are you

2.        authentication: prove it

3.        Authorization: are you allowed to do that? For example: cell phones users are usually NOT authorized to change certain carrier-specific settings; operating systems administrator accounts have higher privilege than user's accounts.

 

The four categories of authenticating information are:

1.        What you know: a password or PIN

2.        What you do: e.g., how one signs one's name or speaks;

3.        What you have: e.g., a token such as a key or a certificate such as a driver's license.

4.        What you are: that's getting into biometrics: fingerprint, retina scan, iris scan, hand geometry, facial recognition, etc. The idea is to verify something that is unique about you that's

hard to forge, spoof or alter.

 

For low to medium security: just one authentication is enough.

For higher security: use 2 categories. Possessing the PDA may count as "what you have", but for higher security, an ID card such as a SmartCard would be better.

 

I'm an advocate of SmartCards because they are not just memory cards: there's a CPU inside with a cryptographic unit. A SmartCard can carry my private cryptographic key for encrypting messages and signing documents but since it's built into the hardware, there is no way for me to accidentally reveal that key (the primary way private key systems fail is accidental exposure of the private key). Cellular phones already use SmartCards for identifying the phone: that's the tiny SIMM card that's usually behind the battery. But it does not identify the PERSON using the phone.

 

The Intel IXP425 is intended for secure applications because it has a cryptographic accelerator built in. That way, ALL communications in and out of the PDA can be encrypted, as well as data on removable modules. But that's only part of the cryptographic system. Key management is critical to achieve useful security.

 

Let me "fast forward" and assume you're familiar with secure systems: existing cellphones and PDAs can establish secure channels but can't prove identity. E-commerce requires digital signatures for non-repudiation (so I can't deny I placed an order). There are several devices to assist with that: fingerprint readers, SmartCard readers. They can be built into the device, or plugged in via USB or an expansion slot.

 

Now to put the pieces together: by offering 2 part authentication, the PDA not only sends transactions, but uses that information to undeniably prove WHO sent the request. The message can be electronically signed to prove who sent it. Even if the message is not encrypted, it can be transmitted securely using AES (the new encryption standard that's replacing DES and 3DES) and verified using SHA-1.

 

Hospitals are exploring WiFi for replacing clipboards with laptop and tablet PCs. Paper charts have a signature area to track who added notes, and when. There are checkoffs for treatment, medication and such. If that's to be all-electronic, then an electronic-signature is required to prevent anyone from just entering data to anyone's chart. There must be some machine-readable way to prove WHO was using the PC when the data was entered. User IDs and passwords are insufficient. Some insurance companies are already demanding stricter data assurance by using fingerprint readers on PCs. SmartCard ID cards would be ideal because everyone has an ID card anyway, and they'll work while wearing gloves, or when your hands are dry. (my cousin is a cardiologist and her hands get chapped from scrubbing, thus interfering with the fingerprint reader!).

 

My doctor has a PDA in his pocket for looking up symptoms, perhaps for tracking billing and scheduling.

If the PDA had similar capabilities to assure who is holding it, then it would be possible to replace the prescription pad with an e-Rx since there would be a clear audit trail who issued the prescrition and when.

 

I foresee a trememdous COLLABORATION of devices: pda (id/authenticate/audit) -> fixtures / lab equipment / dispensers where the PDA augments the ID card to provide a secure interface to sensitive equipment, preventing unauthorizedor accidental alteration.

Intended market

Business and professional people are the intended market because they require rugged devices that work all the time and they're willing to pay for it. It's not "price sensitive" like the consumer market. They want products that let them conduct business, not things that "look pretty". The financial and medical areas are the first focus since theyre most likely to appreciate the security aspects and be early adopters.

 

Components

Part

Part number

Supplier

cost

 

 

 

 

CPU

IXP425

Intel

$40.00

Peripheral CPU

PIC 18f4550

Microchip

$5.00

PCI to PCMCIA ctrl

PCI1410

Texas Instruments

$5.00

Bluetooth transceiver

BSN6030

Texas Instruments

$4.00

SDRAM

MT48LC128M4A2

Micron

$9.00

Power regulator

 

Maxim

 

GSM module

GSM12

Nokia

 

Screen assembly

 

Toshiba

 

48 MHz XTAL

 

 

 

5v 1F Supercapacitor

PB-5R0V105

PowerStor

$1.00

USB A, B connector

 

 

$0.50

NiMh battery

 

 

$8.00

RIM keyboard, thumbwheel

 

 

 

 

Manufacturing cost: $100

MSRP: $400

 

To ensure privacy, there's an optional privacy screen filter similar to that used by ATMs. There are several available technologies such as holograms that are visible only to the side to obscure the screen, or a plastic that blurs from the side for security.

 

 

Block Diagram


Physical Layout

 

Front view: the look and feel licensed from RIM Blackberry

 

 

Internal layout:

frontmost layer: keyboard, LCD

center layer: PCB

rearmost layer: batteries, connectors, slots

 

diagram B: component placement, rear view

 

Detailed Specifications

 

The IXP425 is an extremely integrated CPU ideal for mobile devices: low power, direct interfacing to SRAM and many devices. The new and unique feature is the hardware cryptographic accelerator. The IXP425 is already deployed in single board computers for embedding, and in network devices such as secure routers.

 

Despite all the on-chip controllers, the IXP425 is only USB 1.1 (12 Mb/s) A PIC 18f4550 is used to offer USB 2.0 (480 Mb/s). It also offloads the "slow speed" devices from the main CPU: serial port, IrDA, barcode reader. The PIC goes into "sleep" mode when none of its interfaces are in use, resulting in further power saving.

 

A JTAG connector near the battery compartment allows upgrades, debugging and other development in the field. The JTAG connector is intentionally hard to reach because it is not for casual use. A tamper sensor is triggered by opening the case because this is a possible way to circumvent security, but its essential for hardware and software development, which customers are encouraged to perform.

 

Until there is in-house microwave and cellphone expertise, the GSM cellphone functionality will be a module such as the Nokia 12 GSM module.

citing http://press.nokia.com/PR/200306/908010_5.html

 

The Nokia 12 is a compact and intelligent GSM module for machine-to-machine, mobile-to-machine and machine-to-mobile (M2M) applications and other wireless solutions that can be integrated into devices during assembly.

 

While it is usually more expensive to buy modules instead of building it yourself, there are many immediate advantages

         the FCC approval is transferable with the module

         faster time to market

Board space permitting, TI's BSN6030 offers a ROM-based Bluetooth baseband controller.

 

RAM

According to http://www.theregister.co.uk/2001/02/12/micron_launches_lowpower_sdram/ several companies are competing for the JEDEC (Joint Electron Device Engineering Council) upcoming standard. The leading contender is Infineon's "Mobile-RAM": 128Mb (16MB) in 8Mb x 16 configuration. Micron's "BAT-RAM" is not considered as technically capable. Samsung has announced "UtRAM", its low-power DRAM technology. For now, the Micron chip is the winner for higher capacity, but the design may have to change if JEDEC chooses another, or as Intel tunes their IXP425 RAM interface to specific chipsets.

 

The IXP425 directly supports from 8 to 256 Mbytes of SDRAM memory. The main limitations are board space, power when running and power for battery-backup.

 

Tamper sensor, JTAG

Since this may contain sensitive information, the JTAG connector is inside the case. Opening the case triggers a tamper switch which erases the RAM (at least by removing power, perhaps triggering a CPU function too) just like crypto modems, desktop PCs. Unfortunately this is only effective once, for a clever hacker will note the position of the JTAG connector and drill thru the case for subsequent access, or defeat the tamper switch.

Operating system

 

The Embedded Linux system is preferred for many reasons.

         it is already ported to the IXP425 with full support for the cryptographic unit

         many mobile devices are already using Embedded Linux

         Linux is fast to support new devices, such as the cryptographic chips and USB devices

         Linux is open source, allowing full security auditing to assure compliance with standards and expose vulnerabilities (or more preferably, verify proper security)

         Linux supports all standard security methods: Certificates, SSL/SSH, IPsec, VPN

         it enables the owner to modify the system as needed. The large scale "enterprise" users will appreciate the ability to configure their devices for their particular needs.

         it's royalty free

 

There are drawbacks, though. Many desirable business applications are available only for specific systems such as Windows CE, Palm OS, RIM OS.

 

The C++ programming language preferred for clarity of code and methods. Object Oriented Programming is a mature technology that makes it easier to share building-blocks such as libraries and classes of objects.

 

Java is a good choice too since there are many embedded versions, particularly with SmartCards running Java applets and the need for supporting Java even for micro web-browsers.

 

E-books and databases tend to be in a vender-neutral form, so it's reasonable to import such files either directly or after a one-time conversion. My physician keeps his PDA in his pocket and apparently has a

Physician's Handbook in electronic form. No more books, and easier to keep updated!

 

Marketing

Competition Analysis

http://www.rim.net/

http://www.blackberry.com/

 

Research In Motion (RIM) is a leading designer, manufacturer and marketer of innovative wireless solutions for the worldwide mobile communications market. RIM's portfolio of award-winning products are used by thousands of organizations around the world and include the BlackBerry┬ wireless platform, software development tools, and software/hardware licensing agreements.

 

They have achieved a significant market share of the business market with ergonomic, rugged designs and good human-interface. Instead of competing, we license their technology and compete on our "value added".

 

http://www.palmone.com/us/products/smartphones/treo650/

The Palm Treo 650 has a color screen, touch-screen and keyboard.

 

Our product is better due to not just a faster CPU but significantly more processing power per cycle. Admittedly, PalmOS has free development environments for developing applications, but PalmOS has many deficencies and is far from a real-time OS. Embedded Linux has already surpassed PalmOS for supporting background tasks and real time scheduling, and Linux is getting new features almost daily.

 

http://www.pdabuyersguide.com/Dell_axim_X30.htm

lists and compares many PDAs


 

Advertising

 

The internal name for the project is Stealth-Ferret. We need a cute logo of a fuzzy ferret hiding his secrets. Here are some marketing ideas:

 

 

As a proud member and Embedded Linux advocate, use the logo in all advertising!

 

Business travelers are the target audience. (Consider the the ads already inside airports and train stations for business communications and services). Emphasize the PRIVACY and SECRECY aspects.

 

1.        There are currently ads for Fidelity trading on web enabled phones. Co-brand with them for "Fidelity prefers Ferretronix's Stealth-Ferret to assure your privacy and security".

2.        What you say is secret. How we secure it isnt
The Stealth-Ferret keeps all your messages from snooping: whether SMS, e-mail, Instant-messaging or web browsing. We're proudly use the embedded Linux system for reliability, support, open standards and open source. So look under the hood and tinker with the engine; were not afraid. In fact, we encourage it!

3.        Cell phone manners: it's not just polite to use text on a train or bus but it keeps your messages from your competitors!

4.        WW2 "retro" look with old sayings "loose lips sink ships" showing a cell phone user telling company confidential information, surrounded by listening ears.

5.        << drawings of Mad Magazine's "Spy Vs. Spy" >>

a.        BEFORE: the Black spy listens into the White Spy's calls and gets the super secret recipe before the White Spy can enter the baking contest.

b.       AFTER: the White Spy uses the Ferretronix Stealth-Ferret PDA: Then the Black Spys spy-o-phone only gets garble-de-goo-fizz. The white spy smiles and eats his blue-ribbon-prize-winning cake.

6.        << photo of "Get Smart" using the cone of silence >>
DATA SECURITY DOESN'T HAVE TO BE PAINFUL.
Ferretronix's Stealth-Ferret is your own personal "cone of silence".

7.        Does Macy's Tell Gimbel's ? That's an old phrase for "don't tell your competitors!". (Macy's and Gimbel's were competing department stores next to each other in Manhattan). Maybe Gimbel's would still be in business today if they had used the Ferretronix's Stealth-Ferret to keep their plans secret.

8.        NOW IN COLORS
on the left: a photo of a conference room full of business people using identical looking Blackberries, StarTac phones, etc.
on the right: a photo of the same office but everyone's Stealth-Ferret is personalized with color cases, faceplates and background-screens.
"WHICH ONE IS MINE? the pretty one!"

9.        << photo on left: business user: guy in business suit, making a business call>>
<< photo on right: same person in loud hawaiian shirt, showing off his high-score to buddies at the bar >>
"WE DONT PLAY GAMES DURING OFFICE HOURS"
The Stealth-Ferret is a serious business tool. But all work and no play makes Jack a dull boy. Who says business technology has to be dull? The Stealth-Ferret: fun colors, fun stuff, serious security.

 

Special features: connectivity

The Card Bus (PCMCIA) slot and the USB port are competing for their roles. WiFi (802.11) adapters are available for both. Memory cards are available for both (the USB flash drives are more popular because they attach to more devices). RFID adapters are available for both too. As such, the PCMCIA slot may be omitted from some models to make it slimmer and eliminate the support chip.

 

The USB "A" connector (the flat one) is a MASTER: it controls other devices such as Flash memory drives, security dongles, WLAN interfaces, fingerprint readers, etc. It also provides power to the device. Devices such as http://www.Key-Computing.com/ or http://www.techabsorbed.com/gadgets/xkey.htm will be supported to encapsulate all data securely and provide more secure user authentication.

 

The USB "B" connector (the square one) is a SLAVE: it connects TO other devices. That's the port used to "hotsync" to the PC host. For true portability without the need for PDA specific drivers, the PDA may also appear as a USB drive to the host computer (similar to many digital cameras). If power is provided by the host, the PDA will operate from that power and recharge the battery if possible.

 

BLUETOOTH: secure mode preferred (if other end supports that) to prevent eavesdropping.

 

 

 

Future plans

 

1.        Find a way to add a SmartCard reader without making it too thick or sacrificing the PCMCIA slot.

2.        Integrate more wireless interfaces, using the raw components instead of modules to save space and lower cost.

3.        Monitor what low power SDRAM becomes the JEDEC standard.

4.        Monitor Intel's roadmap for the cryptographic series of X-scale CPUs.

5.        Add voice features for a full-fledged cell phone, via GPS and VoIP for least-cost routing.

6.        Explore the merits of the MEMS microphone.

7.        Add MP3, stereo sound, movie playback to complete with the high end entertainment cellular phones.

8.        Higher multimodal integration for talking anywhere, anyway

9.        Embrace UbiComp concepts such as location awareness. The Open Developers Forum will encourage customers to experiment with such concepts, and this product ought to be the preferred developers platform

10.     RFID mode 2 (or higher) transceiver

 

 

References

 

http://www.intel.com/design/network/products/npfamily/ixp425.htm

Intel 533 MHz IXP425 CPU has hardware acceleration for encryption (AES, DEC, 3DES) and authentication (SHA-1, DM5) but is also targeted for low power battery operated portable devices. PDAs, cellphones, portable terminals will quickly benefit from that. Embedded Linux development kits already exist to facilitate rapid prototyping of such infrastructures.

 

 

[jonas04]

Jonas, Jeffrey

Authentication Of People: term paper for NJIT ECE699: Information Assurance.

May 2004, unpublished.

 

[jonas03]

Jonas, Jeffrey

Balancing Privacy and Trust With A Smart Card Based National Identity Card

paper presented for NJIT's CIS786 Pervasive Computing

Summer 2003, unpublished.

 

[jonas03a]

Jonas, Jeffrey

Introduction to Smart Cards

paper presented for NJIT's CIS786 Pervasive Computing

Summer 2003, unpublished.

 

[jonas03b]

Jonas, Jeffrey

Introduction to WiFi

paper presented for NJIT's CIS786 Pervasive Computing

Summer 2003, unpublished.

 

[lutz03]

Lutz, Robert Augmented Reality, paper presented for NJIT's CIS786 Pervasive Computing

Summer 2003, unpublished.

 

[RISKS]

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

http://www.risks.org

mirrored at

http://catless.ncl.ac.uk/Risks/23.19.html

http://www.csl.sri.com/users/risko/risks.txt

 

[SCHN96]

Schneir, B.

Applied Cryptography Second Edition

New York: Wiley, 1996.

 

[SCHN03]

Schneir, B.

Beyond Fear: thinking sensibly about security in an uncertain world

New York: Copernicus Books, 2003.

 

[SCHN04]

Schneir, B.

Crypto-Gram is a free monthly e-mail newsletter on computer security and cryptography from Bruce Schneier

http://www.counterpane.com/crypto-gram.html

http://www.schneier.com

 

[SCHNE03]

Bruce Schneier. Beyond Fear. Copernicus Books, 2003

 

other recommended reading

 

http://developer.netscape.com/tech/security/basics/index.html

How SSL Works

 

http://www.verisign.com/

Makes security products most notably they are the top level Certificate Authority

 

http://www.rsasecurity.com/

A major source of security software and devices such as SecurId tokens

 

http://en.wikipedia.org/wiki/Embedded_Linux

Embedded Linux

 

http://www.embedded-linux.org/

the Embedded Linux Consortium

 

http://www.bluemug.com/research/els/els.sht

This survey presents the state of embedded Linux as applied to consumer electronics devices, from wristwatches to PDAs to cellular handsets.

 

www.fellowes.com

Need to keep your sensitive information on your monitor private and away from onlookers? Try a Fellowes LCD privacy screen. Screen images become blurred from a side view so only you can view what's on your screen.

 

http://www.nullsoft.com/free/waste/network.html

Nullsoft Encrypts Communication with WASTE. Nullsoft has released a beta version of a new tool called WASTE designed to secure communication within small groups of users. The brainchild of Winamp creator Justin Frankel, WASTE utilizes encryption and public keys to keep sensitive data hidden from prying eyes. WASTE currently features instant messaging and chat capabilities, along with file sharing functionality with support for browsing and searching.

...

WASTE was not built for public sharing of data, but rather private trusted groups of 10 to 50 people. Privacy is a primary focus and all network links are secured with RSA and authenticated with public key hashes. WASTE messages are then sent within an encrypted channel, making it nearly impossible for a third party to spy on users communicating via WASTE

 

http://www.knowlesacoustics.com/

Munich,Germany, November 10, 2004

Knowles Acoustics has today announced its new ΓǣMiniΓǥ series of SiSonic├ silicon microphones, representing the smallest MEMS based surface mount microphones available in the world today. With a footprint of less than 18mm2, the device is ideally suited for applications where component density is at an absolute premium Γ such as Mobile Phones, Digital Still Cameras, and MP3 Players. Engineering samples are available today, with mass production scheduled for Q2, 2005. The ΓǣMiniΓǥ SiSonic can be seen at the Electronica trade show Γ Neue Messe Γ Munich 9-12 November (Hall B6, Stand 630).

 

http://www.linuxnet.com/

MUSCLE - Movement for the Use of Smart Cards in a Linux Environment.

MUSCLE is a project to coordinate the development of smart cards and applications under Linux. The purpose is to develop a set of compliant drivers, API's, and a resource manager for various smart cards and readers for the GNU environment.

 

http://www.secinf.net/websecurity/WWW_Security/Identification_Authentication_and_Authorization_on_the_World_Wide_Web.html

Identification, Authentication and Authorization on the World Wide Web Nice paper with many links, products and methods descriptions

 

http://www.maxking.com/titanium.htm

Titanium Card: Smartcard ISO 7816 Multi OS

Flash: 32 kB Eeprom: 32 kB

Crypto: RSA