Actuators are the reverse of sensors. They are used by the secure core to perform actions on its environment. Displays, loudspeakers and even perfume distributors are all actuators. Much as with sensors, they can be internal or external. Moreover, they are subject to the same attacks; just in reverse. However, the trust equation is different since the owner of the personal device, or whoever is benefiting from the actuator output, is the ultimate judge of trust due to being the end recipient of the information. From the trusted core perspective, all that is needed is trust in the integrity of the actuator and its link to the core. As we have seen, more trust is put in internal systems. High-volume external systems typically don’t have security mechanisms built-in. Therefore, the trust placed by the secure core in the actuators must be limited. In so far as trusting that the recipient is the intended one, there is nothing the secure core can do short of using sensors to complement the actuators. From the recipient’s perspective, trust in the system may be higher than the trust the secure core has for itself. This condition arises because, while the recipient’s trust in the actuators can be similar to that of the trusted core, the recipient carries in addition its own trust; trust that the trusted core doesn’t have access to. So we see that with actuators, trust between a secure component (the trusted core) and an unsecured component (the combination of sensor/actuator and the owner of the personal electronic device) are not symmetrical. The trust of the secure core is limited to its physical extent.

The sensors and actuators we’ve seen are mostly used for communication between a secure core and a human. However, sensors and actuators can also be used to interact with the environment; for example, a temperature sensor or a light emitting diode for signaling. Significantly different however, are communication channels. These provide means of transmitting information destined to other computers that may or may not have secure cores themselves. If the other computer does not have a secure core, the security situation is similar to that of sensors and actuators that are unprotected. Trust is necessarily limited and is in fact a function of the likelihood of attacks on the other computer, knowing that those attacks are not mitigated with the same level of security as that provided by a secure core. If the other computer has a secure core, communications can be established between the two secure cores. Since both have powerful cryptographic capabilities, it is possible to render the channel between them extremely secure, even if it is physically unprotected. An exception of course, is defense against attacks that render the channel inoperable by interrupting it, or perhaps by flooding it with bogus information effecting what are called Denial of Service (DoS) attacks. With that proviso, the trust in the physical system constituted by the two communicating secure core is essentially predicated on the secure core technology itself.

Communication channels are of two kinds, contact and contactless. In general, contact secure cores are found today in the billions in the form of smart cards. Contactless secure cores, found today in the hundred of millions, are called RFID (for Radio-Frequency Identification) tokens. There also exists an intermediate form, called a contactless smart card, which marries the security features of smart cards with some of the capabilities of RFID tokens. Smart cards have a physical link with their environment thru electrical contacts whose number, positioning and functions are strictly specified by international standards. Historically, smart cards started their life as security devices and they have always assumed that function. This suggests that they have evolved considerably in response to changing threats and subsequent development of counter-responses. Smart cards are the most ubiquitous computers and are among the more sophisticated security products available. However, we must mention that another security product is likely to also number in the hundreds of millions soon; the Trusted Platform Module (TPM). This is a processor that is meant to be attached to a larger computer, perhaps a laptop, in order to effect security for that machine. In other words, the trusted platform module is to the general computer what the trusted core of the personal electronic device is to the owner of that device. Information in the trusted platform module relates to the computer’s important information, whereas information in

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)