DEVICE SECURITY

Overview

With the explosion of connected devices and corresponding growth in hacks and malware, your business data needs a layered security approach. For Mobiliya, security is a vital aspect for across projects it undertake for its customers, especially those in the space of device manufacturing, defense, automotive, banking, and education. Over the years, Mobiliya has pioneered in implementing security solutions from device to cloud. This is evident from the fact that Mobiliya was one of the global R&D partner for Samsung KNOX, played a key role in designing secure ultra-rugged devices for Sonim Technologies, deployed managed security for mobile devices for defense, enabled single sign-on (SSO), Rights Management System (RMS) on top of Microsoft stack, and many more to name.

Typical security layer stack we work across :

Key Security Focus Areas

Mobiliya Device Security

Device Security

Mobiliya has the capability to secure devices across various form factors by leveraging the building blocks of security:

TrustZone enabled chipset
  • Hardware security
  • Root of trust implementation
ARM TrustZone firmware
  • Boot services
  • Runtime services
Trusted Execution environment OS
  • Client libraries / TEE APIs (enable writing of trusted applications)
  • Drivers, Trusted OS
Client applications
  • TEE client (Rich OS)
  • Trusted applications (Secure world)
Mobiliya Data Security

Data Security

Securing data-at-rest and in-transit requires comprehensive implementation of security provisions in place. Mobiliya helps its customers achieve data security through robust implementations such as:

FIPS Certification Services
  • Develop / certify (with NIST lab) crypto library
  • Enable FIPS module in OpenSSL stack
DRM Services
  • Enable OMD-DM 1.0/2.0
  • Enable / develop services on 3rd party DRM solution i.e. Wide Vine, SafeNet (Synaptics), PlayReady
White Box Cryptography
  • Protection of applications, keys, and data
  • Enable customers on the usage of White Box cryptography
Rights Management Services
  • Enable Microsoft Rights Management Services on third party document management (for example, EMC Documentum)
Mobiliya Authentication & authorization

Authentication & authorization

Code security protects ensures that the solution is robust in all environments. It is extremely important to know not only what the user is doing but also who the user is and whether the user is allowed to do that. That is why authentication & authorization is so important. Mobiliya has extensive experience in protecting user’s private data by implementing various authentication & authorization protocols. Some of them are as follows:

SAML / OAUth identity management service
  • Enable compatibility with multiple SAML 2.0 / OAuth identity service i.e. Octa, Ping Identity, Azure, Amazon, Google
Single Sign On
  • Services to develop SSO capability on web and mobile (if identity service is owned by the customer)
PKI Infrastructure
  • Services to build PKI infrastructure
  • Integrate solutions with 3rd party PKI infrastructure
2nd factor authentication
  • Capability to develop 2nd factor authentication services using HOTP, TOTP, OCRA protocols
Mobiliya Certification & Compliance

Certification & Compliance

Certificate & compliance ensures adherence to minimum security requirements for cryptographic modules in products and systems. X` is to promote compliance and ethics through the certification and Mobiliya has implemented for following certifications for various customers:

Some of the certifications that
  • NIAP Common Criteria certification
  • DoD STIG certification
  • FIPS 140-2 certification
  • NSA CSfc Certification
  • CAVP – crypto algorithm testing
Mobiliya Penetration Testing

Penetration Testing

With the ever present security threats, it is extremely important to ensure that the product or solution can withstand it. One must test their service to make sure it’s secure. Mobiliya designs security into its customer’s service during the discovery phase and then tests continuously as we build, not as a one-off check. Mobiliya performs a plethora of tests to endure the solution is secure. Some of the key tests are as follows:

 
  • Attempt to reverse engineer the OS Code (including de-obfuscating APKs, etc.)
  • Testing for Common Libraries and Fingerprinting
  • Enumeration of Application Known Controllers
  • Information Disclosure by logcat
  • Hidden Secrets in the Code
  • Storing Sensitive Data on Shared Storage (exposed to all applications without any restrictions)
  • Cryptographic Based Storage Strength
  • Content Providers Access Permissions
  • Content Providers SQL Injection
  • Privacy and Metadata Leaks
  • User Propriety Data in logcat
  • Technical Valuable Data in logcat
  • Exposed Components and Cross Application Authorization
  • Permissions & Digital Signature Data Sharing Issues
  • Clipboard Separation
  • Public Intents and Unauthenticated Data Sources

LEAVE A MESSAGE

loading image enquiry form

© 2017 Mobiliya