Implementing secure digital data transfer in portable handheld embedded devices: Part 1Embedded or handheld devices are getting increasingly connected and are more and more involved in network communications. The users of these devices are now able to execute almost all the network/internet applications that run in a PC on these devices.
These devices are also increasingly involved in transfer of secure data through public networks that needs protection from unauthorized access and thus the security requirements in embedded devices have become critical.
Secure data falls in different categories requiring different levels of security. Based on who wants to protect the data, the secure data can be partitioned into two segments: the User's private data and the User restricted data.
The User's private data are those data which when its security is compromised impacts directly on the user. A simple example of compromising such security is having access to a user's internet banking password. But in case of User restricted data, it's not the user but the content (data) provider who suffers direct loss on compromising the security of that data. Examples of such data include digital multimedia content such as copyrighted digital photos, audio and video contents.
Secure data not only requires protection during transfer but also while handling the data at the end user devices. Vulnerability at the end user device, like easy access to the secret keys that are used to encrypt or decrypt the data, can easily turn down the entire security mechanisms.
The protocol involved for the secure transmission of either of the above mentioned contents through a public network uses more or less the same techniques but the handling of the User restricted data at the user's end involves much more care since the content is protected from the user itself!
Thus an embedded device must not only incorprate methods or protocol for secure data transfer but should also include security methods to defeat attempts of unauthorized access to secure data from the device itself. The security needs for an embedded device thus can be classified into two parts:
* Security needs for data transfer, and
* Security needs within the device
The data in a public network passes through a number of untrusted intermediate points. Therefore the secure data must be scrambled in such a way that the data will be useless or unintelligible for anyone who is having unauthorized access to the secure data.
This can be achieved with the help of cryptographic methods such as Encryption/Decryption, Key Agreement, Digital Signatures and Digital Certificates, which are explained below.