IBM embeds cryptography into mobile chips

IBM has announced new technology to bring a higher level of security to devices such as phones and PDAs. The move could make data encryption ubiquitous in devices if adopted, but it may be several years before it finds its way into handsets.

The technology, dubbed Secure Blue by IBM, integrates encryption hardware into the processor chip at the heart of devices. This extends protection to all information stored on the device, according to IBM, and makes it less susceptible to tampering than software-based security tools.

With up to half of all enterprise data now stored in endpoint devices, security becomes increasingly important according to Guerney Hunt, senior manager of the Distributed Infrastructure group at IBM Research.

"Cellphones and PDAs can easily fall into the hands of people who want to get at the data stored in them," he said.

While some mobile processor chips already have hardware to accelerate encryption algorithms, this is typically used for encrypting communications or individual files. Secure Blue takes protection a stage further by encrypting all information in the device's memory.

"This is needed because none of the chips available today protect against modification of data in memory, and anyone who acquires your mobile device can get at that data. We offer the ability to keep all information, including program code, encrypted," Hunt said.

Secure Blue performs encryption and integrity checking at the full memory bandwidth of the processor, making crypto operation transparent to software running on the device.

"Everything coming into the processor chip is decrypted, and everything going out [to memory] is automatically encrypted," Hunt said. The integrity protection also ensures that data read from memory is the same as that which was written, he added.

Secure Blue even performs 'whitening', which pads out encrypted data with redundant information, foiling attempts by malware to uncover the encryption keys via brute-force analysis of device memory content.

The technology is scalable from cellphones right up to supercomputers, IBM said. It is implemented in some devices today, but the company declined to name the products in question.

For Secure Blue to become a feature of phones or handhelds, IBM will have to get chipmakers such as Texas Instruments and Intel to license the technology in their mobile processors. IBM declined to detail any such agreements, but Hunt said that it would take about two years for the technology to filter through into end-user products.