Presented by BeMyApp.
Think we’re connected now? By 2020 we’ll be living in a world with more than 24 billion internet-connected devices. That’s more than 4 devices for every human on earth (though undoubtedly some people will have more than their fair share).
Can internet security keep up? Maybe celebrities who’ve had their private photos leaked don’t think so—but GlobalPlatform, a cross industry, non-profit association that develops security specifications—is betting they’ve got the answer.
With the help of two sponsors, Sequitur Labs and Samsung, the organization threw themselves a hackathon in Silicon Valley on October 7 to demonstrate what they hope will be the standard for ensuring device integrity, data confidentiality, and authenticity for IoT devices: the trusted execution environment (TEE).
GlobalPlatform defines the TEE as a secure area in the main processor in a smartphone, or any connected device. It’s designed to ensure that sensitive data is stored, processed, and protected by trusted applications in an isolated and trusted environment.
“In the age of mobile and IoT devices, the importance of secure operations and transactions of applications, backed by hardware security, is recognized more than ever,” says Henry Lee, vice president of security R&D for Samsung Mobile. “Trusted applications are playing an important role to enhance the operational and transactional security.”
The Hackathon, Lee says, was intended to be a catalyst for recognizing the importance of trusted applications, TEE, and hardware-backed security.
At the event, over 60 students and developers from the IoT, security, and fintech sectors were invited to throw their best ideas at the TEE ecosystem, to create the kind of innovative use cases and prototypes that can safely and swiftly usher us into the future of connectivity that we’ve all been talking about.
“It is imperative for developers to understand this technology and learn to develop applications that utilize it,” says Abhijeet Rane, chief marketing officer at Sequitur Labs. “The TEE Hackathon event provides the opportunity to engage with and train developers. It provides a forum for developers to learn about TEE use cases specific to the IoT market.”
Each team was provided a Bus Blaster debugging tool connected to a Raspberry Pi 3 loaded with the TEE virtual machine, Rane explains.
13 applications and projects were developed, and three were rewarded. The grand prize netted team SafeHaven $5,000, presented by Samsung. First runner-up, Rolling IDs won $2,500, and the second runners up scored $1,500.
The results blew the judges away, says Gil Bernabeu, technical director for GlobalPlatform. “I must say that the result has been outstanding: developers have been able to quickly develop secure applications and good prototypes of their impressive ideas.”
Fellow judge and mentor Lubna Dajani, chief strategic officer and futurist at Intercede, agreed adding, “The success of the inaugural TEE Hackathon exceeded all expectations. Although the overwhelming majority of the participants did not have prior knowledge of the technology, by the end of the hackathon, they had managed to build innovative applications in the TEE. Participants left saying they will use TEE in their professions in the future.”
Grand-Prize Winner: SafeHaven
Subhash Gutti and Gowda Harish were the developers behind SafeHaven. Their invention was a gateway system that denies or grants access remotely, instantly and securely to IoT devices.
“Currently granular access of IoT devices is very difficult. Let’s consider an example of AirBnB rental. I have automated my house and I want to securely provide access to guests but also revoke it when the guest checks out. It is currently very difficult and existing solutions are unsecure. The same problem can be applied to the hospitality industry and office buildings. The user of our product can enable and revoke access on the fly and control access granularity.”
First Runner-up: Rolling IDs
Rolling IDs was developed by Piotr Oleszkiewicz, founder and CEO of Revealo (a startup focusing on producing small wearable asset trackers), as well as Daniel Ei and Ardy Forouhar. The TEE technology helped to improve privacy and device security for personal safety and asset tracking in his company’s existing prototypes.
“5.5 million people in the U.S .suffer from Alzheimer’s disease; 3 out of 5 will walk out of their home and get lost. Every year, 260,000 children are kidnapped in the U.S., 60 000 by complete strangers. Moreover, millions of dollars in assets are lost or stolen in all industries annually. Existing solutions include BLE or RFID that lack privacy and GSM/GPS which lacks power efficiency. We provide a rolling identity for wireless identification, based on a multi-stage cryptographic algorithm. This algorithm allows time limited location sharing with authorized parties while appearing random to bystanders. The system is designed for security, by not using a single key that could unlock the whole system. The key operations are performed within TEE, assuring safety to users.”
Second Runner-Up: TuffPass
TuffPass, created by full-stack fintech developers Mike Lagomarsino and Harvey Chan, is an application designed to create and persistently store passwords in the TEE. Users can text a Twilio number to create or retrieve a unique password.
“Coming up with passwords that are secure and remembering them is a major pain. Often people use a notepad or a text file on their computer to save the passwords. Text files stored on the hard drive can be insecure, notepads can be lost, and password manager services can be compromised. Our project utilizes encrypted communication through Twilio to securely generate and store passwords in the TEE persistent data store.”
With IoT expansion accelerating daily, contributions to our security through hackathons like these and the developers they support are critical. Lubna Dajani, Futurist and Chief Strategy Officer at Intercede, summed it up this way: “As the digital realm is unequivocally woven into the fabric of our lives, so is the potential impact of malicious attacks and rogue business models can be devastating. Consumers, businesses, and governments alike need their products, services, and identities to be secure. Hardware-rooted TEE is a significant step in security, enabling the needed privacy and integrity.”
Sponsored posts are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact firstname.lastname@example.org.