You've developed a multi-factor authentication system that works with any smartphone to help people keep their information safe while traveling. Give us some detail of how it works?
We had several enterprise clients that wanted to have a higher-integrity authentication system for employees while traveling overseas. In designing the system, we set the goal of having it work with as many smartphones/tablets as possible. We have been looking at how devices like Square interact with smartphones through the audio jack for several years, so we decided to see if we could get a cryptographic token to work through the audio jack.
By setting the crypto keys inside of a device which is not integrated into the phone, like on the SIM card or in a piece of software running on the phone, we avoid the problem of malicious carriers harvesting the crypto keys. We are working with mobile data protection partners to make it so that your data can only be opened and viewed when our device is present. The app which stores your personal information is encrypted, half of the keyset required to open the app is on the device and the other half is hosted in a hardware security module in the cloud. Without both keysets, the data on the user's device is protected. As we worked through the design process, the device looked like a slice of lime, and we thought it would be funny to name it KeyLime. The name has stuck and we're doing a complete launch to consumers via the KickStarter community to bring the technology to any traveler, not just those who work for our enterprise customers.
Who is your target audience/demographic/buyer for this product?
We've designed the consumer-grade version of KeyLime for anyone who travels internationally and uses an iOS or Android device. We are working with folks like the Electronic Frontier Foundation and people who have been involved in events like the Arab Spring situation to understand how we can deliver KeyLime in a way that protects anyone's information anywhere in the world. The KickStarter community will be involved in helping us bring this technology to consumers everywhere. We're excited at the potential that KeyLime has to turn the tables in the mobile security battle that is going on currently.
What do you see happening in the next 2-3 years when it comes to mobile security?
Things are going to get a lot worse before they get better. For example, at the CSO40 event I asked many of the attendees what they were doing about rogue cell towers near their critical facilities / boardrooms. Outside of the US Intelligence Community, most organizations are wide open when it comes to mobile communications coming in / heading out of the building. The complete focus of mobile network developers on availability has really driven some fundamental vulnerabilities into the system. For example, with GSM/HSDPA downgrade attacks, nearly any phone can be made a slave to a malicious tower operator. It used to be that CDMA-network devices, like those offered by Sprint and Verizon Wireless, were much more resilient to such attacks. But, with the advent of LTE, which is a sort of strange merger between CDMA and GSM technologies, CDMA devices are beginning to inherit some of the GSM system vulnerabilities.
Sign up for Computerworld eNewsletters.