Five partners from industry and academia have joined forces in the Secure Embedded Platform with advanced Process Isolation and Anonymity capabilities (SEPIA) European research project, to define security standards for next generation mobile devices, including high-end cell phones and tablet devices. SEPIA brings together ARM, Brightsight, Giesecke & Devrient (G&D) and Infineon Technologies, and is coordinated by Graz University of Technology (Austria).
As financial services, such as banking and payment, become increasingly accessed from mobile devices, it becomes critical to provide secure, certified cell-phone platforms to ensure such sensitive applications are efficiently protected from security threats.
From a technical viewpoint, the SEPIA project will be based on a mobile platform combining ARM® TrustZone® technology, which creates a protected area in advanced systems-on-chip, and the high-security MobiCore© operating system developed by G&D. The interplay between TrustZone and MobiCore ensures that if online services incorporate security sensitive functions it is not possible for malware on the phone to manipulate username and password entries via the keypad or data output on the display.
Infineon is contributing next-generation technology to allow secure storage of user credentials and passwords, while Brightsight will develop novel and cost-effective certification methods that allow mobile platforms to be certified incrementally. The Institute for Applied Information Processing and Communications (IAIK) of Graz University of Technology is responsible for the scientific aspects of the project, including techniques to preserve anonymity and the development of security mechanisms for future cell phone processors.
The SEPIA project receives funding from the European Union’s FP7 scheme. It supports Europe’s foothold as a leading innovator in the sphere of mobile technology and will make it easier to establish cross-platform, common security concepts and reduce time-to-market.