Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

IBM recently announced an effort to enmesh data security in the chips found in cell phones, PDAs, and other portable devices. More than half of all unprotected data can be found on these gadgets, says the company, and encryption that relies on software is not as secure as encryption built into hardware.

Some experts believe that IBM’s new technology could be useful in certain instances, such as when a PDA containing sensitive, proprietary information goes missing. But the technology also raises the hackles of those who fear it might one day be used by companies – in the entertainment industry, in particular – to further restrict people’s uses of copyrighted material. Content providers, the argument goes, could use such a chip to lock movies, music, or television shows to a gadget or computer, keeping them from being distributed.

This new IBM technology, called SecureBlue, is meant to address some of the limitations of software security, especially in portable electronics, says Guerney Hunt, senior manager for distributed infrastructures, IBM Research. “This kind of encryption technique was developed because it’s increasingly possible for these devices to fall into the wrong hands,” he says. “Software cryptography has to be turned on and turned off, and it can be defeated by software attacks.” But if the security and tamper protection is incorporated into the chip, he says, sensitive information cannot be removed without destroying the chip.

SecureBlue is a set of chip circuitry that uses a common type of encryption called Advanced Encryption Standard. When data enters a chip with SecureBlue technology, it encounters an extra processing step that encrypts the data as it travels throughout the chip and onto other device components such as the hard drive. Hardware encryption does not replace security software, but rather helps to protect data that might otherwise slip past the radar of security software.

For instance, when programs run, they copy small amounts of information to a hard drive, where it may be unintentionally stored, explains Burt Kaliski, vice president of research at RSA Security, a Bedford, MA-based digital security company. As this happens, encryption software might not account for all the data that is stored on the hard drive of a device. This is “one of the vulnerabilities of a computer system,” says Kaliski. But if the data is encrypted from the start, he says, that vulnerability is addressed and all of the data is securely in the hardware of the device. Kaliski adds that going after unencrypted remnants of data stored on hard drives is a “very sophisticated attack” that would be difficult to carry out.

But some industry observers aren’t so impressed. David Wagner, professor of computer science at the University of California, Berkeley, says that encrypting the chip doesn’t address the majority of cybercrime. “Encryption isn’t the main problem we face today in the security field,” he says; instead, most threats come from viruses, worms, and online identity theft. “There are certainly some applications that can benefit from hardware acceleration of cryptography,” says Wagner, but most computer users “don’t need this fancy stuff. Existing technology is adequate for many purposes.”

3 comments. Share your thoughts »

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me