Hardware move at Google
In the mind of the general public, the name Google does not really convey an image of security. The tech giant has just announced its latest attempt at improving this with the leaders in our industry. This project marks an important milestone in the global fight between hardware-based security and software solutions: Google, the #1 in software and services finally recognizes the value of hardware security!
Google just announced the inception of the “Android Ready SE Alliance,” a collaboration between Google and Secure Element (SE) vendors. The SE partners, as of time of launch are Giesecke & Devrient (G+D), Kigen (Arm subsidiary focusing on embedded security), NXP, STMicroelectronics and Thales. The Alliance intends to provide discrete tamper resistant hardware systems, in other words, Secure Elements, all across the Android ecosystem.
Along these lines, hardware Secure Elements will be included not only in smartphones and tablets, but also in all kinds of Android devices such as smart watches, smart TVs or even smart cars. With this announcement, Google encourages its OEM (original equipment manufacturers) partners to integrate a Secure Element in their devices.
The Secure Elements falling under the “Android Ready SE Alliance” provide traditional security features that will allow to provide a hardware attestation for apps, secure provisioning for Android keys, secure identity credentials for government and private IDs, digital keys for access control, and secure payment solutions. In addition, Google expects to limit risks coming from app updates with a secure update process. The goal announced by Google with this move is to provide a complete security ecosystem for secure applets across the Android ecosystem.
Google is actually the latest company to put its weight in support for hardware-based security through the adoption of Secure Elements. Samsung Knox architecture includes their own eSE (Embedded Secure Element) while Apple’s Secure Enclave combines their T2 secure boot chip with a TEE (Trusted Execution Environment).
Every decision made by key players going in the direction of increased security is positive. A decision made by a company with a strong software culture like Google to adopt and standardize a hardware Secure Element is even better!