Take TED Along To Protect Data
Wifi Connections Are Safe with a Trust Extension Device
The risk of your data being copied through untrustworthy connections is the downside of using wifi connections. Australian ICT scientists have solved the problem with TED
The laptop, mobile phone and Blackberry have revolutionized our working habits, freeing us up from being tied to an office and desk-based computer.
It’s quite common to see people working on the bus, train, plane or in a café with wireless internet connection.
But there is a downside to this wireless freedom.
The risk of data being copied through untrustworthy connections. This is particularly risky when users are making banking transactions or credit card purchases.
TED Extends Trust into the Wifi Sphere
Australian scientists working at the CSIRO ICT Centre in Sydney have developed a prototype portable device that will allow people to do business across the internet on any computer in a trusted manner. Known as a Trust Extension Device (TED), it consists of software loaded onto a portable device, such as a USB memory stick or a mobile phone. Because of the organization-specific software it carries, TED is able to minimize the risk associated with performing transactions in untrusted and unknown computing environments.
Dr John Zic, one of TED’s developers, explained that the problem with operating away from home or office-based computer is one of trust, or rather, lack of trust. Just as it is easier to trust someone a user knows well, or with whom one meets on a regular basis, so ‘trust’ in online transactions is developed between a user's computer and an organization such as a bank by exchanging information to ensure that each party is who they say they are.
“The problem is that trust is currently tied to specific, well-known computing environments,” Dr Zic said. "TED makes that trust portable, opening the way for secure transactions to be undertaken anywhere, even in an internet café.”
Organization-Specific Software Establishes Trust
TED works by providing the means to establish trust by the software and encrypted data loaded onto the device. The device is supplied to the user by the organization the user would regularly transact with, for example the user's bank.
This TED creates its own environment on an untrusted computer and, before it runs an application, it establishes trust with the remote enterprise server. Both ends must prove their identities to each other and that the computing environments are as expected. Once the parties prove to each other they are trustworthy, the TED accesses the remote server and the transaction takes place.
“The idea is that the person or organization issuing the device runs their own computing environment and applications within the TED,” said Dr Zic. “Wherever you go, whichever machine you run on, you and the issuer can be confident both parties are known to each other, cannot engage in any malicious acts, and that the transactions are trusted.”
Banks Interested In Prototype
Although the TED shown off by Dr Zic and his colleagues in February is only a prototype, banks in Australia are already showing interest in the device.
The CSIRO ICT Centre is calling for expressions of interest from parties interested in licensing the technology.
