EU backs device security scheme

Five leading tech firms and universities have teamed up to define European security standards for smartphones and tablet PCs.
The European Union-funded Secure Embedded Platform with advanced Process Isolation and Anonymity (SEPIA) project aims to build trust in mobile devices as new services come on stream, including mobile banking, location-based services and social networking.
ARM, Brightsight, Giesecke & Devrient (G&D) and Infineon Technologies are participating in the three year program, with Austria’s Graz University of Technology coordinating the research.
The program aims to address a current lack of common standards by establishing security enhancements and certification models for device platforms.
Security firm F-Secure recently warned that some malware authors are beginning to make money from mobile viruses, despite only 517 families of mobile-specific worms, viruses and Trojans being discovered since 2004.
“SEPIA addresses an ever more pressing security problem that is receiving increased attention on the European level, especially regarding mobile applications like eBanking,” explains Herbert Reul, chair of the European Parliament committee on Industry, Research and Energy.
The project will combine ARM’s TrustZone technology with G&D’s MobilCore to ensure malware cannot access usernames, passwords and on-screen data. Infineon will supply technology allowing user details to be securely stored, while Brightsight will work on certification models.
In the long run, the aim is to separate secure applications from more general services like gaming, in a bid to keep malware and Trojans at bay.