Tiny tool gives security a big boost

IBM Corp. has developed new technology, dubbed Secure Blue, that puts encryption capabilities on microprocessor chips, providing added security to data stored on mobile units like laptops, PDAs and smart phones.

Secure Blue is hardware-based encryption that protects code and data without the need for additional software agents, said Guerney Hunt, senior manager, distributed infrastructure at the IBM T.J. Watson Research Center in Yorktown Heights, N.Y. Embedded on the microchip, Secure Blue’s cryptographic circuitry occupies only about 2.5 per cent of the chip area, he added.

Secure Blue uses a parallel technique to that of the standard block chaining cryptographic algorithm, explained Hunt. Block chaining encryption involves encrypting sets of information, taking that encrypted block and feeding it in as a seed for encrypting the next set of data.

In parallel, Secure Blue encrypts as much memory as desired without passing information from one part of the encryption to the next part, and “without significantly [affecting] the performance of the microprocessor,” Hunt said.

If a password-activated device with Secure Blue capability, for instance, gets lost or stolen, confidential information in that device could never be read by an unauthorized individual, said Hunt. If a device is accessed in an unauthorized manner, the encrypted information will activate and the unauthorized intruder will only see encrypted data, rendering it useless, he added. IBM has been working with a number of equipment manufacturers to integrate Secure Blue into their microprocessor design, said the IBM executive.

The identities of these manufacturers, however, were not disclosed due to existing non-disclosure agreements. Hunt, however, said that some mobile devices in the market already have Secure Blue built into them.

IBM’s Secure Blue technology may be far from “revolutionary” but it’s definitely a big boost to security as far as certain verticals are concerned, according to Dan Olds, analyst at Portland, Ore.-based Gabriel Consulting Group Inc.

“It’s a very good, very solid, strong device, but it’s going to start out in pretty well-defined markets,” said Olds.

The analyst said the healthcare, financial and government sectors are among the industries that would benefit well from Secure Blue where the challenges of protecting information are “acute.” “[Secure Blue] is the kind of technology that can stop [the risk of data theft] in its tracks.”

A recent global survey by the Economist Intelligence Unit revealed that over 60 per cent of companies were holding back deployment of mobile technology because of security concerns. Of the companies that use mobile technology, only nine per cent have incorporated mobile security to their information security architecture, the survey added.

Secure Blue may be the first hardware-based encryption technology “that goes to the lengths of anti-tamper and anti-reverse engineering” functionalities, said Olds. “It’s also unique in that [Secure Blue is] in a form factor of a microchip as opposed to an add-in card. It’s very high security for small devices.”

The encryption key is inside the device’s processor and unauthorized individuals would not be able to get that key without destroying the device, said Hunt.

“The manufacturer can make the device look out for [unauthorized access] and then have [the device] erase the key, in which case the information will be lost,” explained Hunt.

QuickLink 062564

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now