Go to any part of India, and it is hard not to find a cell phone. If there is one revolution that has truly taken off in India, it is the mobile revolution. Indeed India has the fastest going mobile population in the world.So while we seem to be truly addicted to our Nokias and Motorolas, we are also completely oblivious to the challenges and the dangers it presents. The biggest challenge is data loss. I remember Swapnil Raje, a dear friend of mine, who had lost his mobile phone, was disconsolate not because of the hi-end cell but for the low end SD card that had pictures of all the wonderful places that he visits and other personal data. We could argue till doomsdays, about how and why should you back up the data on the phone, but the reality is no one really does. It is here that MOSES could come to our aid.
This is the third part of the 6 series on TR35, in this piece I wrote on Anand Raghunathan and his endeavor to make mobiles much secure. He is a proud IIT’ian and is surely making his almameter swell with pride as well.
*************************
MOSES’ second coming
This time to make mobile devices more secure; lest you think it to be blasphemous, we are talking about Anand Raghunathan and his team at NEC Labs have invented MObile SEcurity processor System (MOSES).
From fridges that place order for fruits over the Internet, to cars that pay toll tax wirelessly or phones that perform bank transactions, computers, rather embedded chips have become an integral part of our lives in ways we can barely imagine. Little wonder the phenomenon is called as ubiquitous computing. All these chips in myriad of products have made our lives more easier and if these companies are to be believed more productive. Yet, at the same time they also make us more vulnerable. The risk is often as grave as the convenience it offers. And the risk is from the small piece of code that infringes our PC and wrecks havoc on the system, a virus.
Rich Skrenta, a programmer by vocation is credited for creating the first computer virus “to appear in the wild”. In 1982, Skrenta created “Elk Cloner” that attached itself to Apple DOS operating system. The whole thing started of from a prank and has become a problem of mammoth dimensions. Every year billions of dollars are lost due to problems caused by computer viruses and more billions are spent protecting against them. It is an ending war fought on the PC front. And now, the war could just get murkier.
Device independent viruses are an eventuality many fear and few comprehend. Increasingly, the devices we use are communicating with each other in myriad ways through means like cables, Blue-tooth or even infrared. The phone connects to the MP3 player, the player to the PC, the PC to the phone, the phone to television. With the increase in this interconnect the threat levels also grow manifold.
What if a virus infected one of the devices, it could easily spread to other connected gadgets. Till now, there have been viruses that infect PCs and there have been bugs that attack mobile phones. But with the same OS running on our PC and PDA, the chances of a debilitating virus attack on both are quite a possibility. As more and more chips are being embedded into devices, the chances are increasing that a bug in one could affect another. There has been a lot of work done by software companies to safeguard against such attacks. Somehow, things seem to be spiraling a bit out of control.
Anand Raghunathan is a scientist working with NEC-Labs (America) for the past nine years or so. He has been grappling with idea of making mobile devices more secure. Raghunathan and his team are responsible for a paradigm shift in the battle with malicious code. He has invented a supplementary processor, called as MOSES (MObile SEcurity processor System) to safeguard critical data on a mobile device. This supplementary processor refurbishes security by separating it from the rest of the procession power.
“MOSES is a flexible hardware and software solution that can be integrated into chips for mobile appliances, and used to deploy a wide range of security functions. MOSES is based on the philosophy that any effective security solution must be based on a foundation that is isolated from, and not subject to the same vulnerabilities as, the system that is to be secured,” says Raghunathan, before adding, “at the core of MOSES is a separate processor that can execute a device’s most sensitive functions in an isolated manner, rendering them secure from arbitrary software attacks including compromises of the operating system. Functions that can be executed on MOSES include cryptographic algorithms, key generation and management, and verification of the operating system, applications, and communications firmware that execute on the mobile appliance.”
For his work, Raghunathan was recently awarded the prestigious TR35 Award. It is an award given annually by MIT’s Technology Review to a selection of 35 of the world’s leading high-tech innovators under the age of 35. “I feel very fortunate to be a part of this group. I have followed the TR35 and TR100 lists in the past, and of course did not imagine that I would be selected for this honor,” says Raghunathan modestly.
The genesis of MOSES happened around six years back, when Raghunathan and the team started examining the issue, especially from the perspective of mobile appliances like cellphones and PDAs. “We observed that mobile appliances were starting to evolve from simple devices that were used to perform a single function (e.g., make telephone calls) to highly complex, networked, multi-functional devices that contain our personal data, identity, and even our purchasing power. It was clear from looking at mobile application trends that information security would be an important problem. Today, a wide range of mobile applications and services are security sensitive, including mobile commerce (shopping, bill payment, and banking), location-based services, playback of copyrighted content, connection to corporate networks, etc.,” he says.
According to estimates over 1 billion handsets will be sold in 2006 alone, many of them capable of performing mobile commerce, and communicating with nearby Bluetooth-enabled devices. Even in developing countries, mobile appliances are far more pervasive (e.g., India has six times more mobile phones than PCs), making them an attractive platform to bridge the “digital divide”. Due to their widespread use, the consequences of security attacks on mobile phones can be catastrophic.
“The first mobile phone virus, Cabir, was first discovered two years back, and has since affected thousands of users across over 20 countries. We have really seen only the tip of the iceberg in terms of software attacks on mobile phones. There is also an emerging concern that, due to technologies such as Bluetooth, viruses can hop from cell phones to other electronic systems such as automotive electronics or home appliances,” says Raghunathan. He cites the instance of certain cases, where virus has been found to jump from a mobile phone to a car system. MOSES has already made an appearance in mobile phones and could be soon found RFID tags, set-top boxes, and automotive systems.
Raghunathan holds 20 U.S. patents in the field of integrated circuit and chip design. He did his schooling in Hyderabad, Visakhapatnam, and Pune and his undergraduate degree was from IIT Madras. “I feel especially proud of my association with IIT-M, and the opportunity to interact with and learn from the people I met there,” he says.
In ancient Egypt, Moses protected the Hebrews from the wrath of the Pharaohs. Moses then was a protector, and thanks to Raghunathan, still is, albeit on the small device that you tag along all day.
Shashwat DC