The National Cyber Security Alliance (NCSA) has declared October as the National Cyber Security Month. Since 2001 businesses, governments and individuals have been endorsing this campaign to remind everyone about the increasing security threats in the on-line world and to encourage the protection of the cyber infrastructure.

Elliptic has recently launched Ellipsys Trust Framework (ETF), a proven comprehensive solution for the most difficult security challenges faced today by manufacturers and system providers – implementing cost-effective cryptographic protection of high-value assets.

The Ellipsys Trust Framework is based on  a highly flexible set of products that work in tandem and can be adapted to any target application or platform to provide the trust and protection required in devices and systems.

Three main products form the core of the ETF solution:

Ellipsys-SB : Secure Boot – a bootstrap loader that can greatly enhance the security of embedded systems by cryptographically verifying (and optionally decrypting) that the code being loaded and executed is authentic and has not been tampered with.

Ellipsys-CA : Certification Authority – a secure server based set of applications and tools to generate, use and manage security credentials. It provides a trusted, managed environment to generate, inject, transport, archive and revoke keys and certificates to ensure protection in the supply-chain.

Ellipsys-VSM : Virtual Security Module – provides a software-friendly security module – a software smartcard – that allows the embedding and binding of a virtually unlimited number of keys in embedded system environments.

When will they learn?  Even after years of cat-and-mouse games between Apple and hackers to control what software can run on Apple hardware platforms, Apple still thinks “security by obscurity” can provide them with ultimate control.  Or thought so, until the recent iOS 4.1 jailbreak.  It appears that this hack goes right to the lowest level of firmware to finally leave the system open in a way that it can’t be closed again.  At least not without a significant hardware revision.  Apple, of course, is not alone… similar hacks affected devices from Sony, Motorola, Nintendo, Nokia and numerous others.

“We see this sort of thing all the time: somebody cooks up their own clever software scheme to lock down a device, but these are ultimately doomed to fail.  Software can provide, at best, some obfuscation that slows hackers down.  Even some of the hardware-assisted schemes are vulnerable.  This is a system-level problem and it really takes a system-level design to provide a solution,” says Elliptic CTO Mike Borza.  “Real solutions don’t have to cost a lot, but they do require some thought and planning early in the design and development process.  Too often we see attempts to build a bolt-on solution as an afterthought, and most of these have predictable results.”

If you want to  learn more about what an Ellipsys Trust Framework solution can do to secure your embedded system design, contact Elliptic Technologies.

The National Institute of Standards and Technology (NIST) has just released the final version of the three-volume report NISTIR 7628 “Guidelines for Smart Grid Cyber Security”. The report includes an analytic framework, strategies and requirements for securing the next generation Smart Grid infrastructure.