Security Focus on

CONSUMER ELECTRONICS
Cellphones, iPods, digital cameras, set-top boxes, gaming systems... these devices pervade modern life. Mostly, they make our lives easier and more fun. But if theyre built without the proper security technology, our favorite gizmos and gadgets can seriously compromise our privacy, finances and even our personal safety.

In 2005, Paris Hiltons T-mobile Sidekick II (and the local hosts that served it) were compromised by a Massachusetts teenager, who promptly posted the entire contents of Ms. Hiltons address book on the Internet. Hiltons address book contained a Hollywood Whos Who list of telephone numbers and email addresses for high-profile celebrities, including Christina Aguilera, Ashlee Simpson, Vin Diesel, Anna Kournikova, Eminem and Lindsay Lohan. The fact is that consumer electronics, largely because of their ubiquity and their closeness to us, have become the guardians of much of our most sensitive business and personal information. Their enormous storage

capacities mean that we can literally carry our life and work around with us, and more and more, people do. And it wasnt just Paris address book that was hacked. All of her files, notes and photos stored on the device were also available to the attacker. So while most of your customers smartphone files wont be so titillating, theyll certainly still be sensitive, private, and in the case of enterprise devices, often considered intellectual property. Unauthorized disclosure of any of this information can cause your company a lot of legal headaches. So its worth your while to design with security in mind, from the very beginning.

Common Security Issues with Consumer Electronics

DATA DESTRUCTION CREDIT CARD FRAUD IDENTITY THEFT

Free evaluation at www.mocana.com/ evaluate.html

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104 415-617-0055 Phone 866-213-1273 Toll Free info@mocana.com www.mocana.com Copyright 2009 Mocana Corp. Security Focus on CONSUMER ELECTRONICS 1 ZOMBIEFICATION EAVESDROPPING

BRICKING

Common Security Issues with Consumer Electronics

Most consumer devices share a common set of security threats. So providing the essential data security features that address these threats will be paramount to the success of your device. Some of the very real attacks faced by consumer electronics include: Credit card fraud Even grandmothers understand that you shouldnt order products electronically without encrypting your credit card number, but every day, thousands of more credit card numbers are available for sale on the net. Credit card numbers can be sniffed straight from device memory or easily intercepted during non-encrypted transactions. Eavesdropping virtually all business and personal communications remain unencrypted. So its easier than you might think to eavesdrop on private conversations, or conduct industrial espionage by recording sensitive business traffic from consumer electronics. Identity theft Consumer electronics devices play a central role in most cases of identity theft. While there is certainly a role for educating users, theres a lot that the device designer can do to prevent identity theft. Data destruction/vandalism Getting bricked is the deepest, darkest fear of the owner of any consumer device:
Free evaluation at www.mocana.com/ evaluate.html

bandwidth, network permissions and database logins of the device now belong to someone else, and that someone else is usually focused on going after even bigger targets with networks of millions of unwitting zombie devices. If you dont address these issues at the device level, consumer and enterprise lawsuits will almost certainly target your company, seeking damages for your failure to implement commonly understood device security measures. Those technologies include: A secure browser A Virtual Private Network client to secure data communications between the device and a private network FIPS validated cryptography Malware and virus protection Scalable and secure firmware updating and secure boot capabilities Robust certificate handling features to authenticate devices, network services, and individuals to each other We understand, more than anyone, that consumer electronics developers must balance these security features, performance and battery efficiency effectively. Thats why were here. Mocanas Device Security Framework components, including the Nano product line, is the best-performing and more cost-effective standards-based device security software family available. Mocanas products allow consumer electronics developers to build the security features that enterprises and savvy consumers demand.

what was once a $400 piece of cuttingedge technology is now a very expensive paperweight, thanks to network malware. Simple security measures built into the device firmware can prevent most data destruction and device vandalism.

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104 415-617-0055 Phone 866-213-1273 Toll Free info@mocana.com www.mocana.com Copyright 2009 Mocana Corp.

Zombie-fying In one of the scarier attacks, hackers and automated malware can assume control of your devices without the user ever realizing it. Your device becomes a zombie or a bot: all of the computational resources,

Security Focus on CONSUMER ELECTRONICS

Mocana Products for Consumer Electronics Applications

Mocana FIPS Certified Crypto Libraries Standard in all configurations of the NanoPhone Suite, your fully-stocked cache of state-of-the-art crypto algorithms, including ultra-optimized implementations of RSA, AES, Blowfish, Diffie-Hellman, 3DES, DSA Mocana Product Features & Benefits
Common API and crypto library Open-standards, RFC compliant Dramatically reduce time to market Very high performance Micro memory footprint FIPS-validated cryptographic implementations Easy to install and use Asynchronous, eventdriven architecture Advanced, well documented APIs Significantly reduce testing efforts World-class development & technical support

NanoSec (Client): Designed from the ground up for use with IP connected devices, it also includes support for IKEv2. IPsec is a standard for securing (IP) Internet Protocol communications by encrypting and/or authenticating all packets at the network layer. The Client is standards-based and interoperates with IPsec enabled devices on the network. NanoSSH (Client): Designed for logging into and executing commands on a networked computer and provides secure encrypted communications between two untrusted hosts over an insecure network. The SSH Client is standard-based and interoperates with SSH Servers. NanoSSL (Client): Provides endpoint authentication, protecting against eavesdropping, message forgery and interference. The Client is standards-based and interoperates with any SSL Server. Both are commonly used for securing remote device management via a web browser. NanoWireless Mocana delivers a standards-based, full featured, IEEEcompliant WPA2 client software solution that is easy to use. The Mocana NanoWireless solution is uniquely architected with an asynchronous core to fully leverage hardware acceleration, is portable and has a small footprint.

and dozens of others. NanoCert Leverages mature technologies such as the Public Key Cryptography Standards (PKCS), specifically PKCS #10 and PKCS #7 Mocana internal HTTP . implementation code provides the clientserver transport protocol. Certificate management utility functions in the Mocana crypto library provide extremely efficient key generation and management, certificate parsing, encoding and decoding, and certificate store functions. NanoDefender Mocanas patent-pending new anti-malware product, is a device-based intrusion detection system that is designed to instantly detect and shut down malware or viruses before they have a chance to spread throughout the network or hijack data and it does so while eliminating false positives. NanoEAP (Client): Includes 14 different authentication methods and supports stand alone and pass thru authentication modes and acts as a framework and transport mechanism for AAA (Authentication, Authorization, and Accounting) protocols.

Free evaluation at www.mocana.com/ evaluate.html

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104 415-617-0055 Phone 866-213-1273 Toll Free info@mocana.com www.mocana.com Copyright 2009 Mocana Corp. Security Focus on CONSUMER ELECTRONICS 3

Mocanas Device Security Framework for Consumer Electronics

3rd Party Application Mocana NanoDefender Protected Application

3rd Party Application Mocana NanoDefender Protected Application

NanoCert Certificate Mgt Client XML Based Configuration and Patch Management Agent

NanoSSL SSL Client

NanoSSH SSH Client

NanoSec IKEv1/v2 & MOBIKE

NanoSec IPSec

Mocana FIPS Certified Crypto Algorithms

NanoSec IPSec

NanoWireless WPA2

Other Data Access Technologies

Consumer Electronics Device OS/RTOS

WPA2 is a mark of the Wi-Fi Alliance.

Mocanas Device Security Framework is an extensible software framework that secures all aspects of device data and communications for any connected device. It is especially well-suited to securing
Free evaluation at www.mocana.com/ evaluate.html

FIPS-validated cryptography. Secure remote access to network services from the device, or vice versa Secure data communications between devices. Device identity management. Authentication of devices and device applications onto the network. Wireless authentication and encryption. Sophisticated key management & certificate handling. Advanced connection-handling.

consumer electronics. The Device Security Framework includes device-resident security software as well as security capabilities delivered across the network. It provides modular support for different open standards-based device

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104 415-617-0055 Phone 866-213-1273 Toll Free info@mocana.com www.mocana.com Copyright 2009 Mocana Corp.

security protocols and other sophisticated device security capabilities. Mocanas Device Security Framework delivers the following device security services in a managed, holistic way:

Security Focus on CONSUMER ELECTRONICS

Mocana Technology Features and Benefits for Consumer Electronics Developers

We know that developers working on consumer electronics platforms are on ultra-compressed development cycles. You dont have a lot of time to think about, let alone build from scratch, security features that have been optimized to maximize performance and battery life for portable and home implementations. Thats why weve built the Device Security Framework. Now, you dont need to be a crypto expert to make the design decisions required to build high-performing security applications in your consumer electronics environments. Mocanas DSF components all share a common API and crypto library that hides the complexity of cryptography and reduces the risks of inexperienced developers introducing new security holes into your own code. Dramatically Reduce Time to Market With development cycles cut in half, dont waste valuable time building security from scratch. The DSF is the culmination of six years of development work backed by our decades of experience in the security industry. Weve already done all the painstaking optimization work for you, resulting in our products incredibly small footprints and best-in-class performance. Our implementations of protocols like IPSec and SSL can run in less than 50KB of memory, yet are 2x-4x faster than open source implementations and theyre exhaustively tested for interoperability. Now, you can focus on whats important to your business getting your killer consumer electronics apps to market first. No Need to Sacrifice Performance for Security Consumers and corporate users need
Free evaluation at www.mocana.com/ evaluate.html

asynchronous, event-driven architecture, cryptographic jobs are easily offloaded to different CPU cores or silicon channels, fully enabling todays multi-core processors to do your applications work in parallel. At the heart of the DSF is an asynchronous core that leverages our patented Mocana Acceleration Harness a software layer that virtualizes and manages crypto offload from software to hardware speeding up crypto operations by as much as 400%, depending on the hardware platform to allow the best power and performance. Tested and Supported by Actual Humans. When it comes to security, you cant cut corners. But with Mocana, you can significantly reduce your testing efforts because weve done a significant amount already. All of the DSF components are pre-optimized and exhaustively tested so you can focus on whats important getting to market ahead of your competitors. Weve invested an enormous amount of money into our testing infrastructure that runs 24x7 against thousands of code scripts so you dont have to. Another benefit of choosing Mocana is our built-in verification process. While other programs only have one error code, -1 our developer suite ships with , over 1,000 unique code errors built-in so you can pinpoint bugs instantly. Because weve done the rigorous testing and our support organization is available 24/7/365, you can have enterprise grade security in weeks, not months.

security but they expect superfast performance in elegantly designed devices. So you dont want to let computationallyintensive crypto operations suck all the Wow! factor or battery power out of your gadget.

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104 415-617-0055 Phone 866-213-1273 Toll Free info@mocana.com www.mocana.com Copyright 2009 Mocana Corp.

Many device security architectures are synchronous, which severely limits the number of cryptography jobs that can be offloaded to silicon at any one time. Synchronous architectures also severely limit the way that completed cryptography jobs can be propagated back up the stack. Because Mocanas DSF features an

Security Focus on CONSUMER ELECTRONICS

About Mocana Mocana secures the Internet of Things: the ubiquitous devices of our lives, our infrastructure and the enterprise networks to which they connect. Mocana provides device integrity solutions and embedded security tools for consumer electronics manufacturers, datacom companies, telecom carriers, industrial automation applications and the enterprise. Mocanas industryleading infrastructure software solutions ensure that devices, networks and their services all scale securely. The company sells a broad portfolio product offerings and customers include Cisco, General Electric, Freescale, Philips, Dell, Nortel Networks, Honeywell and Aruba, among others. Mocana was founded in 2002, is privately held, and headquartered in San Francisco. The company was recently named one of Red Herrings Top 100 Privately-Held Companies globally for 2008 and also won Frost & Sullivans Technology Innovation of the Year award.

Awards and Certifications

Free evaluation at www.mocana.com/ evaluate.html

Mocana Corporation
350 Sansome Street Suite 1010 San Francisco, CA 94104 415-617-0055 Phone 866-213-1273 Toll Free info@mocana.com www.mocana.com Copyright 2009 Mocana Corp. Security Focus on CONSUMER ELECTRONICS 6