The digital revolution has transformed the way we create, destroy, share, process and manage information, bringing many benefits in its wake and an ever increasing number of electronic consumer and communication devices are at the heart of this revolution. However, such technology has also increased the opportunities for fraud and other related crimes to be committed. Therefore, as the adoption of such technologies expands, it becomes vital to ensure the integrity and authenticity of electronic digital systems and to manage, control and verify their identity. The need to protect the integrity of each device (such as the identity of a network node or a smartphone) has long been recognised, but the increasingly widespread adoption of networked electronic devices and the Internet-of-Things (IoT) raises new challenges, particularly where these devices are communicating autonomously. ICMetrics™ represents an exciting new approach for generating unique identifiers for electronic devices enabling secure encrypted communication between devices potentially significantly reducing both fraudulent activity such as eavesdropping and device cloning. While data encryption techniques are now highly sophisticated and well established, encryption itself cannot necessarily protect against fraudulent data manipulation when the security of encryption keys cannot be absolutely guaranteed. The use of ICMetrics™ authentication represents a novel concept of regulating access to devices and is explicitly aimed at providing protection at the especially vulnerable points where data access is initiated.
Specifically, ICMetrics™ enables:-
- Secure communication from mobile and networked devices via the direct generation of digital signatures and encryption keys from the internal behavioural characteristics of software and hardware associated with the device. This naturally implies the major advantage that no encryption keys or device characteristic templates are stored.
- Prevention of unauthorised access to networked and distributed devices that are
increasingly connected wirelessly.
- Prevention of the fraudulent cloning or imitation of a device in order to compromise its identity and subsequent communication.
- Implicit detection of tampering of the software or hardware associated with the device via the inclusion of spyware or similar virus software since this will implicitly cause the digital signature to vary.
A significant novelty in the potential for the direct encryption of data extracted from ICMetrics™ samples, which characterise the identity of the device. Such a system will offer the following significant advantages:-
- The removal of the need to store any form of template for validating the device, hence directly addressing the major weakness that the feature templates are accessed and used to circumvent the security afforded by the system.
- The security of the system is as strong as the ICMetrics™ and encryption algorithm employed (there is no back door). The only mechanisms to gain subsequent access are to provide another sample of the ICMetrics™ or to break the cipher employed by the encryption technology.
- The compromise of a system does not release sensitive template data which would allow unauthorised access to other systems protected by the same ICmetrics™ or indeed any system protected by any other ICMetrics™ templates present.
- Tampering with the constitution the device will cause its behaviour to change, potentially causing the features underlying the ICMetrics™ to change, perhaps dramatically, thus causing the generated ICMetrics™ to change. Consequently, a faulty or maliciously tampered device will be autonomously prevented from decrypting its own stored data or participating in any initiated secure communications, as the regenerated keys will differ from those created before its integrity was compromised. The ICMetrics™ approach can be made to fail securely and provide a very high immunity from cloning and tampering.
- The removal of the need for the storage of the private key associated with the encryption system. This is a natural consequence of the system, since the key will be uniquely associated with the given ICMetric sample and a further ICMetric sample may be used to regenerate the required private key. As there is no physical record of the key, it is not possible to compromise the security of sensitive data via unauthorised access to the key.
Sample application areas include:-
- Trusted Computing
- Secure Healthcare Applications
- Mobile Communications (pervasive computing)
- Communication to / from mobile phones
- Network security
- User Validation
- Media / Software copyright protection
ICMetrics™ ENHANCES existing security without requiring any specialist knowledge, and completely transparent to you the user. It is covered by a suite of granted worldwide patents and is the outcome of 10 years and $multi-million funded research and development into novel security techniques.
Metrarc is working to bring its’ universal ICMetrics™ security solutions to a number of sectors and has engineered demonstrator systems that showcase the capability of our technology to enhance communications, device and systems security in the context of military communications, mobile commerce and communications, IoT (Internet of Things) security for corporate and large organizations that require enhanced security solutions.
If you are interested in our unique technology and working with us then please contact us.
A further significant advantage relates to the asymmetric encryption system. Traditional systems require that the private key for decrypting data be stored in some way (memorising a private key is not feasible). With the METRARC™ system, the key will be uniquely associated with the given device features and so these will be required to generate the required private key. As there is no physical record of the key, it is not possible to compromise the security of sensitive data via unauthorised access to the key.