Wednesday, April 12, 2006

IBM to inject devices with security

Apr 11, 2006 11:16 AM

In an effort to boost the level of data security on portable computers, cell phones and other gadgets, IBM Corp. is unveiling a method for injecting encryption capabilities into the heart of the machines' circuitry, The Associated Press reports.

There are ways to achieve encryption. Specialized software can do the trick, as can hard-wired chips inside computers.
But IBM researchers contend that unless the encryption function is performed by a computer's central processing unit, a supremely savvy hacker can tap into the pathway between the machine's brain and the encryption engine. [Ed - For more infomation on how to break into this side channel visit the RUXCON security conference]

To guard against that, IBM has developed 'SecureBlue,' encryption circuitry that can be integrated into any processor, regardless of its maker.
'This thing is trying to be one of the most paranoid devices on the planet,' Charles Palmer, IBM's head security researcher, tells The AP.

IBM is not the first to seek to integrate encryption into central processing functions. Intel Corp.'s upcoming 'LaGrande' essentially does that, though it requires interaction with a separate chip. The IBM researchers say they know how to skip that step.

Richard Doherty, an analyst with the Envisioneering Group, said SecureBlue's design appears flexible enough to bring strong encryption to such settings as cell phones.
That could mean enhanced security not only for users who keep data on portable devices, but also for owners who can use encryption to lock down copyrighted material."