Official Mobile Security & Innovative Technologies Blog
This blog is managed/edited by Eric Everson. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community in addition to the intricacies of innovative technologies and the markets therein.
Thank you for taking the time to review my blog; I am Eric Everson the founder of MyMobiSafe.com. In addition to my duties at MyMobiSafe, LLC I am also a full-time graduate student and mobile industry researcher. As a mobile security expert and innovative technologies leader, I am glad to answer any questions you may have: EricEverson@Hotmail.com
Tuesday 11 March 2008, 2:45 AM
Tough Enough: Sybase Breakthrough Handheld Security?
By: Eric Everson, Founder of MyMobiSafe.com
This month many may have noticed that Sybase iAnywhere has released their latest “next gen” handset security solution. For many enterprise users the greatest claim this software boasts is message encryption.
As the founder of MyMobiSafe.com, any “breakthrough” (as described in the Sybase press release) warrants my special attention. In learning about the new Sybase product, I must contend that for typical enterprise message encryption this is likely a great tool. Those familiar with the flagship “Afaria” solution are sure to derive added value from the advanced message encryption offered in this new suite.
As mobile data encryption is a specialization of mine, the greatest shortcoming I noticed was the flimsy 128-bit encryption that the program utilizes. The idea of encryption is to create a barrier that can not be penetrated, however as we know “cracking” software is abundant. There are many cracking applications that can drive through standard 128-bit in about 60 seconds or less (i.e. kisMac).
This essentially suggests that if one was targeting the handset level, the right hybrid cracker could be deployed to “breakthrough” this Sybase Breakthrough Handheld Security solution. As a leading mobile encryption expert, I might recommend the adoption of a 256-bit standard to the Sybase development team. With a 256-bit standard there are fewer tools which translates into less barrier penetration. I am not trying to discredit the new Sybase suite as I think it adds a layer of protection that is much needed throughout enterprise messaging. On the other hand, it seems like bad word choice to use the words “Breakthrough” and “Security” in the title of a press release for a technology hinged on 128-bit encryption.
What do I know… I’m just the resident “Mobile Security Guru”. : )
Cheers,
Eric Everson, Founder MyMobiSafe.com
In ref to:
http://www.mobileburn.com/pressrelease.jsp?Id=4260
PreviousComments on this post
Eric,
Thank you for your comments about our next generation Afaria handheld device security solution. I wanted to clarify one point. Afaria Security Manager for Windows Mobile encrypts data with the Advanced Encryption Standard (AES) algorithm utilizing 256-bit keys. This is true in both the current release and our new generation product. When I saw your blog, I checked our website and noticed that some of our external product information does incorrectly state the key size is 128-bit. This has not been the case since mid-2007. Sorry for any confusion.
James Naftel
Sr. Product Manager
Sybase
