Elliptic curve cryptography for mobile devices
Páginas: 14 (3265 palabras)
Publicado: 24 de marzo de 2012
Elliptic Curve Cryptography for Mobile Devices
Robert Gallant Certicom Corp. December 20, 2004
Abstract For next generation mobile systems to deliver desktop-like experiences to the mobile user, similar features must be implemented in much less memory and computing power than in a typical desktop computer. Elliptic curve cryptography provides robust, standardized cryptography especially suitablefor resource-constrained environments. This paper discusses security issues relevant to the wireless environment, gives a brief overview of ECC, and discusses the benefits of ECC in the wireless environment.
1
Introduction
Next generation mobile phone systems are expected to deliver desktop-like features to the mobile user. Online gaming, multimedia, pay-for-view content, and commercialtransactions on mobile devices are regularly touted. A key obstacle is avoiding what is happening on the desktop, with worms, phishing attacks, trojans, and the like beginning to cause serious security concerns for the average user. The legacy of ’functionality before security’ is coming home to roost. The extent to which these concerns stall online commerce remains to be seen, but there is definitecause for concern. It is possible to counter many security threats, but it requires forethought and the proper tools. Complicating the issue is the fact that security is not inherently valued; Security becomes an issue only when the lack of it raises risks to an intolerable level. Security in digital networks usually means cryptography. A challenge is that cryptography usually requires considerablecomputations, but mobile devices have considerably less computing resources than a typical desktop computer. Manufacturers and developers are often left with a quandary: a system with weak security will not protect stakeholders (nor many business models) in the long run, but strong security has a tangible cost in terms of longer latencies and less battery life that can result in much less favorableuser experiences. Elliptic curves provide robust, standardized cryptography especially suitable for resource-constrained environments. This paper discusses mobile security with a focus on elliptic curve cryptography.
1
Certicom Corp.
2
Security as Risk Management
It is easy to believe security is a checkbox item that can be solved by advanced algorithms and mathematics. If only it were sosimple. An honest discussion of security begins with the admission that no system can be totally secure – it’s more a question of which threats are prevented. Understanding a systems security begins with determining what assets we are trying to protect. From there we can consider the range of threats to those assets. Determining effective countermeasures involves balancing cost considerations andthe level of risk we are prepared to live with. The answers to these questions are not always obvious. The mobile environment is complex and multiple players have their own assets and motives. Sometimes the resulting security requirements are in conflict. Let us consider the requirements from a number of perspectives. Consider what is of value to the end user of a mobile smart phone. Clearly thevoice and data services offered by the phone are key, and their regular availability to the user is paramount. Some users want their voice communications to be confidential. When using a phone for financial transactions, it is certainly expected that any sensitive information sent (such as a banking password or credit card number) is protected during transit. Any personal user data stored on thesedevices (a list of personal contacts, for example) is expected to be appropriately protected. A similar end user concern regards privacy – for example the increasing concern around phones being used to track the whereabouts of owners and around phones being used as surreptitious monitoring devices. The manufacturers and operators of the phone infrastructure must be concerned about the end users...
Robert Gallant Certicom Corp. December 20, 2004
Abstract For next generation mobile systems to deliver desktop-like experiences to the mobile user, similar features must be implemented in much less memory and computing power than in a typical desktop computer. Elliptic curve cryptography provides robust, standardized cryptography especially suitablefor resource-constrained environments. This paper discusses security issues relevant to the wireless environment, gives a brief overview of ECC, and discusses the benefits of ECC in the wireless environment.
1
Introduction
Next generation mobile phone systems are expected to deliver desktop-like features to the mobile user. Online gaming, multimedia, pay-for-view content, and commercialtransactions on mobile devices are regularly touted. A key obstacle is avoiding what is happening on the desktop, with worms, phishing attacks, trojans, and the like beginning to cause serious security concerns for the average user. The legacy of ’functionality before security’ is coming home to roost. The extent to which these concerns stall online commerce remains to be seen, but there is definitecause for concern. It is possible to counter many security threats, but it requires forethought and the proper tools. Complicating the issue is the fact that security is not inherently valued; Security becomes an issue only when the lack of it raises risks to an intolerable level. Security in digital networks usually means cryptography. A challenge is that cryptography usually requires considerablecomputations, but mobile devices have considerably less computing resources than a typical desktop computer. Manufacturers and developers are often left with a quandary: a system with weak security will not protect stakeholders (nor many business models) in the long run, but strong security has a tangible cost in terms of longer latencies and less battery life that can result in much less favorableuser experiences. Elliptic curves provide robust, standardized cryptography especially suitable for resource-constrained environments. This paper discusses mobile security with a focus on elliptic curve cryptography.
1
Certicom Corp.
2
Security as Risk Management
It is easy to believe security is a checkbox item that can be solved by advanced algorithms and mathematics. If only it were sosimple. An honest discussion of security begins with the admission that no system can be totally secure – it’s more a question of which threats are prevented. Understanding a systems security begins with determining what assets we are trying to protect. From there we can consider the range of threats to those assets. Determining effective countermeasures involves balancing cost considerations andthe level of risk we are prepared to live with. The answers to these questions are not always obvious. The mobile environment is complex and multiple players have their own assets and motives. Sometimes the resulting security requirements are in conflict. Let us consider the requirements from a number of perspectives. Consider what is of value to the end user of a mobile smart phone. Clearly thevoice and data services offered by the phone are key, and their regular availability to the user is paramount. Some users want their voice communications to be confidential. When using a phone for financial transactions, it is certainly expected that any sensitive information sent (such as a banking password or credit card number) is protected during transit. Any personal user data stored on thesedevices (a list of personal contacts, for example) is expected to be appropriately protected. A similar end user concern regards privacy – for example the increasing concern around phones being used to track the whereabouts of owners and around phones being used as surreptitious monitoring devices. The manufacturers and operators of the phone infrastructure must be concerned about the end users...
Leer documento completo
Regístrate para leer el documento completo.