Welcome!

Microservices Expo Authors: Elizabeth White, Gopala Krishna Behara, Sridhar Chalasani, Tirumala Khandrika, Liz McMillan

Related Topics: Microservices Expo, Mobile IoT, Containers Expo Blog, Agile Computing, Cloud Security, SDN Journal

Microservices Expo: Article

Securing Mobile Networks with Trustworthy Systems

Public and private organizations should seek out vendors that prioritize continued innovation

In our increasingly connected world, the number of mobile phones will exceed the world's population by 2014. Users expect to be able to run diverse applications on these devices at work, home, and practically anywhere else. We assume secure access to any information we need, with an expectation of seamless mobility and a high-quality user experience.

Security is a primary concern, but at the same time users don't want security to get in the way of their experience. Users want to simply be able to find an application in an app store, and then download and use it without having to be concerned about whether it's a trusted application.

Today, the customer chooses a product based on a vendor's ability to fulfill the customer's need, the price point, and vendor attributes such as viability. The "trust" market transition introduces three other essential criteria: the vendor's trustworthiness and transparency, the product's trustworthiness and integrity, and the vendor's commitment to and understanding of security issues. Taken together, these criteria can help a company determine the most trustworthy system for its mobile network.

The Network Is Square One
Fortunately, it is possible to address the hidden risks of choosing a vendor and to reduce the known risks of operating a mobile infrastructure. This ideal - a "trustworthy system" - can be achieved through vendor inspection, delineation between assumed and verifiable trust and, ultimately, a network security infrastructure more advanced than the one in which we operate today.

Mobile device security begins with the network. Networks should be based on verifiably trustworthy network architectures built on secure software and hardware that are backed by prudent supply chain security practices. These elements enable an intelligent network to engage the service provider's access policies and challenge the trustworthiness of mobile devices attempting to access network resources. In turn, mobile device manufacturers and vendors should focus on building verifiable trustworthiness and transparency with regard to their processes and technologies to allow for the creation of secure mobile networks.

Trusted Environments Within Devices
Fortunately, there are many useful ways to ensure that mobile devices are trustworthy. One particularly effective approach is to build a trusted environment within the devices. This is accomplished by partitioning mobile phones and tablets in a logical and secure way, such that they become, in effect, multitenant devices. This enables:

  • The service provider to provide radio service without fear that the user will tinker with security elements within the device, potentially compromising the network's security.
  • The manufacturer to provide secure booting of the device with an initial signed image that can be upgraded over time.
  • The user to run third-party applications without fear of affecting the other device elements.

Industry collaboration and standardization initiatives will make this vision a reality. For instance, the GlobalPlatform organization is developing secure Trusted Execution Environment specifications for mobile devices. A verifiable root of trust is built sequentially from the time a user boots up the hardware (phone), through the loading of the operating system, to the activation of individual applications within this trusted environment.

GlobalPlatform has been working to get mobile device manufacturers moving in the same direction in terms of standardizing a single trusted architecture for mobile devices. The Trusted Computing Group, another standards organization, has been collaborating with GlobalPlatform and working to bring mobile device manufacturers into alignment along common standards of trustworthiness.

Standards for Success
The network's primary role in the context of mobile security and trustworthiness is in the access-control realm. In support of this role, organizations should ensure that their network infrastructures enforce security-policy compliance on all devices that attempt to gain access to the network. Network administrators should use best practices to authenticate, authorize, evaluate, and remediate wired, wireless, and remote users before they can gain access to the network and its resources.

By using protocols such as device posturing, organizations can classify devices that attempt to gain network access and understand who the user is and what policies should be enforced based on the information that is captured from the device and by the authentication of the user. In order to secure the corporate network, the network needs to understand the level of trustworthiness in mobile devices. The convergence of mobile platforms to a common trusted architecture will make the problem easier for network administrators. Once the network discovers and classifies devices, then it can immediately determine whether the device is compliant to a certain common standard.

Government organizations are helping drive common standards by asking vendors to support standards and move away from proprietary solutions. They are also identifying specific standards and certifications upon which they would like to see mobile devices manufactured. Given this push, there will eventually be a convergence to one standardized, secure and trustworthy ecosystem and architecture. At that point, government agencies and other institutions will be able to verify the trustworthiness of a particular device based on its certificates and then allow or deny access based on its assessment of the device's trustworthiness.

Virtualization's Role
Currently, efforts are being made to extend the concept of virtualization in servers to virtualization in mobile devices through hypervisors, providing a more flexible environment to implement a multiple stakeholder model. Cloud and other forms of virtualization provide extended storage, improve resiliency, increase efficiency, and reduce costs; but they also introduce additional security risks. Managing and mitigating these risks demands a new level of planning, user education, and security procedures to create a trustworthy system for securing mobile networks.

Looking Ahead
The importance of selecting a vendor that can ensure trust throughout the entire mobile system cannot be overstated. Taken together, trustworthy systems combine verifiably trustworthy hardware, software, firmware and, as appropriate, the resulting services built upon them, demonstrating in a provable manner the trust and risk management required for today's standards of security and reliability.

Trust is not guaranteed. It must be proven on a continuous basis. Public and private organizations should seek out vendors that prioritize continued innovation to ensure resiliency in customer networks through visibility and transparency while partnering with customers to prepare for any and all threats.

More Stories By Rafael Mantilla Montalvo

Dr. Rafael Mantilla Montalvo is a Principal Engineer at Cisco Systems. He holds a B. Sc. in Electrical Engineering from the Instituto Politécnico Nacional and an MS and PhD in Electrical Engineering from Stanford University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Microservices Articles
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes how...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
As Enterprise business moves from Monoliths to Microservices, adoption and successful implementations of Microservices become more evident. The goal of Microservices is to improve software delivery speed and increase system safety as scale increases. Documenting hurdles and problems for the use of Microservices will help consultants, architects and specialists to avoid repeating the same mistakes and learn how and when to use (or not use) Microservices at the enterprise level. The circumstance w...
Containers, microservices and DevOps are all the rage lately. You can read about how great they are and how they’ll change your life and the industry everywhere. So naturally when we started a new company and were deciding how to architect our app, we went with microservices, containers and DevOps. About now you’re expecting a story of how everything went so smoothly, we’re now pushing out code ten times a day, but the reality is quite different.
Traditional IT, great for stable systems of record, is struggling to cope with newer, agile systems of engagement requirements coming straight from the business. In his session at 18th Cloud Expo, William Morrish, General Manager of Product Sales at Interoute, will outline ways of exploiting new architectures to enable both systems and building them to support your existing platforms, with an eye for the future. Technologies such as Docker and the hyper-convergence of computing, networking and...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...