Elliptic Technologies has announced the immediate availability of its highly programmable and configurable security accelerator and Hardware Security Module, SPAcc-HSM. This unique security engine provides reliable protection for sensitive data and transactions and can be shared simultaneously with an application processor that requires lower levels of security.
Digital Rights Management (DRM) and content protection standards, such as Digital Transmission Content Protection (DTCP) demand robust security schemes to protect sensitive key information from non-authorized use. Elliptic’s SPAcc-HSM provides a highly-secure infrastructure for key storage and high-throughput cryptographic operations, and at the same time it can be shared securely and reliably with an application processor that has lower security needs.
“For many systems and SoCs, it is very important to protect and differentiate secure transactions such as key management from other transactions.” said Vijay Dube, President and CEO of Elliptic Technologies. “Our main goal with the security protocol accelerator SPAcc-HSM is to offer our customers the ability to share a single proven, cost and power-efficient engine between processors with different levels of security.”
The SPAcc-HSM provides specialized access control to key management and application processors and ensures that the security boundaries between the two domains are strictly enforced. The sharing of cryptographic resources between the two processors allows for significant gate count reduction and smaller memory footprint.
According to university researchers, most of the Android based phones used today can leak secret information used to access Google Calendar, Contacts and other sensitive data. The main flaw for this security weakness is the ClientLogin authentication protocol used in version 2.3.3 and earlier versions of Android. “Quite easily”, hackers can take advantage of the security hole and launch impersonation attacks against Google services.
Google patched the security hole recently with the release of Android 2.3.4, but some security deficiencies related to Picassa web albums still exist. And unfortunately even if patches are available, it still takes Google’s partners months to upgrade to the latest versions of Android.
The recently published Request For Comments RFC 6176 prohibits the use of Secure Sockets Layer (SSL) Version 2.0 when Transport Layer Security (TLS) clients and servers establish connections. SSL 2.0 has been removed because it does not provide a sufficient level of security.
Networks administrators now have to ensure that the use of SSL 2.0 is prohibited in their networks and checks must be put in place for clients and servers.
RFC 6176 points to the SLL 2.0 deficiencies which include:
- Use of MD5 message authentication
- Lack of protection for handshake messages
- Same key used for message authentication and encryption
- Sessions can be terminated easily and it is hard to determine if it was a legitimate end of session or not
Elliptic Technologies has announced the immediate availability of its HDCP 2.0 (High-bandwidth Digital Content Protection) Software Development Kit. HDCP 2.0 is a key security technology that addresses all content protection needs for high-valued digital content. The specification has been endorsed by Sony, Panasonic, Intel and high-definition content owners Universal Pictures, Warner Bros. Entertainment and others.
Elliptic is one of the first suppliers of a comprehensive HDCP 2.0 content protection solution, which has already been delivered to lead customers. The HDCP 2.0 Software Development Kit (SDK) is a fully portable architecture that can be used on all popular platforms and Operating Systems, including Android based devices.
“The exploding market for high-definition entertainment has sharpened the need to protect high-value content with more robust protection schemes. Elliptic Technologies is a trusted supplier of embedded security solutions and has the best-in-class content protection IP.” said Vijay Dube, President and CEO of Elliptic Technologies. “Working closely with lead customers and partners gave us the unique opportunity to optimize the HDCP 2.0 components to precisely match the requirements of a digital TV streaming device.”
Digital media is being rapidly adopted as the primary consumer entertainment distribution medium. The technical demands of the digital home and the need to deliver and protect rich audio and video content have increased dramatically in recent years.
RSA, the Security Division of EMC, announced that SecureID two-factor authentication products may be at risk following a sophisticated cyber attack that has been recently identified.
There is evidence that certain information has been maliciously stolen from RSA that could potentially affect the efficiency of the authentication process.
In an open letter to RSA customers, RSA’s Executive chairman Arthur Coviello stated “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.”
RSA SecureID products are used by tens of millions of people in tens of thousands of organizations worldwide on phones, key fobs, USB devices and PCs.
RSA’s revelation may cause quite a wave of concern.