‘Making products secure’ – the Gemalto way0
There are many companies that claim to secure your digital services, networks, servers and even whatever you have hosted in the cloud. With recent high profile security breaches fresh in our minds, it’s hardly surprising that investment has been flooding into cyber security start-ups, with early-stage funding for the sector rising almost 60 per cent last year according to the Financial Times.
But how can you tell whether a product or service is actually secure though, and what do experts do to ensure this security? This is where client security and personalization services come into effect, and where our security standards are hugely important.
Gemalto invests heavily in research and development processes to ensure our products adhere to the highest security standards. Let’s follow the cycle and journey of such a product and how it’s made secure. The secure element starts its life as a silicon chip built through a wafer fabrication procedure. It’s then loaded with a “Transport Key” prior to leaving the fab. At every point during the entire life cycle of this Secure Element, key management will be under strict control every time the SE is moved from birth, to personalization centers, then to the user’s appliance. At each step, stakeholders will use keys to install software such as an Operating System or applications. Throughout the process, Gemalto never loses sight of the way these secure element keys are handled; there’s no chance of unknown interference. This level of precision, process-wise, would be impossible to achieve for an entire device Operating System where many stakeholders can install their software pieces, leading to a lack of control over the entire lifecycle of the device.
You might be wondering: ‘what’s in a secure element?’ It’s more than a vault; it’s a complete computation platform where users’ credentials, certificates, cryptography algorithms and applications are securely stored, and also executed locally. This notion of local execution is the key for optimal security and goes far beyond secure storage. “What happens in SEs stays in SEs”… Sounds familiar right? There are numerous barriers Gemalto puts up to ensure a secure element is impenetrable; these can be split into hardware and software.
– The normal layout of the chip itself is changed to protect it against being compromised if someone gains physical access
– We also ensure side- channel attacks that home in on electrical current consumption do not provide hackers with insight into the algorithms stored in the SE. We do this by hiding the power signal and electromagnetic emissions from the chip (obviously I can’t reveal to you how we do this).
Software features include:
– Application software obfuscation, making code reverse engineering close to impossible
– Verification techniques for data integrity checks, ensuring that the code embedded on the SEs is exactly as it should be
– Counter-measures against cryptoanalysis, making the elements virtually impossible to ‘hack’ through traditionally cryptographic techniques, including brute force and more sophisticated attacks
We believe it is important to protect both the software and the hardware so we have measures in place to protect our secure elements from technical, physical and mathematical attacks. Cryptography is, in essence, a mathematical problem that is yet to be solved. With a number of different barriers, it’s less likely that all of them will be compromised at the same time. However, security isn’t something that stands still – we have to continually evolve our own security standards, measures and processes to stay ahead of cyber fraudsters and hackers.