V-KEY BOOTH

The main role I was tasked to carry out during WorldSkills was to help out at a booth called V-Key. Although I did not go for the training as I was sick on that day, after the staff there kindly explained to me about this product, I was honestly impressed at how advanced it is. V-Key actually stands for Virtual Key that makes use of a V-OS which is a Virtual Operating System. This product caters to meet the security requirements of security sensitive mobile applications which executes critical transactions. With the fact that having a higher security will decrease the usability of the application, V-Key took a step further by implementing advanced cryptographic capabilities in their operating system so that trusted applications can execute securely and reliably and also process sensitive data without the need for a hardware SE. This OS is also greatly enhanced by having V-OS App Protection, V-OS Smart Token, V-OS Messaging and V-OS Face Biometrics. Moreover, I also learnt that V-Key is created using the C programming language. Throughout the time when I was helping out at the booth, I actually read through the brochures and tried to understand its concept by using the knowledge that I currently possess. I greatly reflected on how important and how useful this system can be and that it is also something I should take note of as I am studying in a technology related course.

When I was reading through and also getting to know more about this product, I found how it actually relates to what I have learnt. Having a module, Information Security (INS), I was able to understand why it is important to implement these security features and how this product can be used. The main concept of this product which greatly relates to INS was the importance of having multi-factor authentication. In V-Key, there is a use of 2FA which is a form of multi-factor authentication. In the demo which was carried out, they used an example of logging in to their Singpass account. Firstly, the user will allow the use of the QR code scanning function on the computer before proceeding to the next step which is using his phone to scan the QR Code which is displayed after given permission. The website in the computer will then sync through the QR Code and prompt the user for a pin to be keyed into their mobile application. After successfully keying in the pin, the website on the computer will immediate bring the user to their own account and from there, the user can access whatever they want or need to by using their computer. I think that this is actually very convenient as the process is very simple and straightforward. As the username and password is already stored in the mobile application, it is not necessary for the user to remember their username or password when they want to log into their account through their computer. The common problem of users forgetting their password is also avoided as their information and data will have already been stored inside the application. The fact that only the pin number is needed for the user to key in makes it much easier and also more convenient for them.

After reflecting on how the application works and its uses, I feel that I can apply all these knowledge in the course of my studies. Having taken a module called Secure Software Design, I was greatly aware of the high risk of hackers attacking insecure mobile applications and how important it is to ensure that the security defence is more difficult to penetrate. By applying my knowledge of the vulnerabilities that has to be taken note of, I was able to link to why certain features are being implemented in this V-Key product. Even threat factors are taken into account so that they can be prevented during the launching of this mobile application. Furthermore, problems like securing data in transit, data at rest and date in use, verifying identity and non-repudiation are also addressed in this product. After taking from what I have learned in my INS module, I was able to easily understand how they were able to achieve the security and an example will be that they make use of encryption keys and digital certificates which are terms that I am familiar. By being able to make a link between what I have learnt and also the way this product is made, I was able to think more in dept about the importance of having these properties in the application.

The property that caught my eye however, was the face biometric feature. The reason being that it was the only feature which I could not really understand how it can be carried out as it was not taught to me during my lessons and thus I payed extra attention and read up more about how this actually works. This feature works mainly by having the application detect and evaluate the face and facial features in real time with a total of 18 facial features. Even the brightness, contrast, sharpness, grayscale, uniform lighting and also shadow in facial region are also implemented to make it a more secure feature. I felt that this is a very interesting feature that will greatly enhance the security as it is using the authentication of something you are which is a factor that is also important in ensuring a secure design.

The main takeaway for me after helping out at the booth is that security is indeed a highly important factor/feature that developers must take into account when they develop their application so as to make it less prone to attacks by hackers. After being through this experience, I thought that instead of making security out to be a heavy topic, we should think of creative ways to implement strong security without relying on the usual methods of authentication. Even simple ways like authenticating through the way a person talks, the pitch or tone of a person can also be used as a security feature. In conclusion, I feel that security is something we must not overlook and if there is the problem of usability over security, we should think of creative ways to make the application easy to use despite security being implemented.