What if you were required to manually enter a password each time you wanted to use a program on your computer? This is exactly the kind of measure all technology users should consider taking up in order to protect against a complex cyberspace, prey to attacks from all sides, according the the MEDEA+ Trusted Secure Computing (TSC) project.
The MEDEA+ Trusted Secure Computing project, part of Europe's EUREKA technological advancement program, set out to develop a family of components and software able to efficiently secure computing, communication, and multimedia devices. The innovations developed in the project embrace integrity management, user identification/authentication, as well as privacy management.
A trusted security device is a piece of hardware or component relied upon for a computer’s security. Current security and privacy methods are mainly based on specific add-on software or specially tailored protection hardware, but the TSC project went much further. “Protection mechanisms must be present in all system layers from basic hardware, to the basic input/output system (BIOS) and including the operating system” says Jean-Pierre Tual, the project’s leader and Director of Industrial Relations at Gemalto. Moreover, the components developed in the project have been designed for compatibility with future generations of online connected personal devices — this includes everything from personal digital assistants, TV set-top boxes, Internet services, professional radio, personal video recorders and mobile phones.
Originally launched in mid-2007, the project had two main objectives: To develop a family of embedded silicon components enforcing secure and trusted computing, and to propose a European alternative to US-initiatives related to trusted computing standards while keeping interoperability with some already existing approaches. The TSC project established a solid industrial and academic partnership and the Consortium’s ability to cover a wide variety of areas equally and comfortably enabled the project to reach its objectives with rather limited resources.
"It is very satisfying to now have more than ten different applications making full use of components for securing and enforcing privacy in numerous applications or services, pertaining to a large set of day to day activities, in both personal and professional areas" said Tual. Demonstrators were able to display, for example, direct transcoding of digital-rights information from Blue-ray to DVD recorders, file-transfer control in entertainment networks and anonymity management in a 3G mobile phone. Philips and Gemalto, two of the major industry players involved in the project, have already included the new technology in their general offerings.
Millions of people are regularly downloading applications onto their smartphones. It is essential, whilst making the most of a selection of applications, to guarantee the safety of the vast amount of personal information that a smartphone is able to hold. The mobile, anonymous, access-control services (MACCS) system developed by Orange and Gemalto enables mobile-phone users access to a higher level of security. This privacy enhancing solution also finds applications in other fields such as ticket-based services including transport or cultural and events. The corresponding market is expected to explode from 2011 onwards.
The exploitation of TSC results is well on its way: at the moment, about 90% of laptops are equipped with a trusted processor module (TPM), and TSC has helped STMicroelectronics, one of the main partners in the project, to maintain its leadership in a market in which European Union countries hold over a 70% market share. STMicroelectronics also plans to sell the new TPM solutions to most personal computer (PC) manufacturers from Asia and the USA.
Interestingly, many partners in the project, mainly French and Spanish, will exploit project results in their multilevel security systems targeting not only private companies, but also the public sector through e-government and e-services applications. The hardware modules developed by Bull, another project participant, will be used in the coming years for the delivery of electronic passports.