It's a fact of life that once trading or execution model development moves beyond the individual level, some level of collaboration is required. The quant/trader can dream up the algorithm, but may need peers to review it, programmers to code it, the line manager to sign off on it, the risk manager to vet it - and so on. From a security perspective, that in itself is less than ideal. But what if all these parties are distributed globally? And not always sitting in offices connected to a properly maintained virtual private network (VPN)? Perhaps on the move and having to use public networks to exchange emails about the algorithm/model or even the code itself? And using laptops that may have a password, but without encrypted hard drives?
And all this assumes that everyone works for the same organisation. If vendors or contractors are involved, then however many non-disclosure agreements they have signed, the security challenge is exponentially greater.
Even if everyone acts in the best possible faith, the risks of IP leakage are substantial.
The Mobiu from The Key Revolution could be a handy solution for these less-than-perfect real life situations. The unit combines three hardware elements:
• A SIM card
• A standard USB key
• Remote, secure, redundant disk storage
The SIM technology used by the Mobiu was originally developed by Vodafone almost as a by-product of its core mobile phone and data business. After spending some time gathering dust on a shelf, the technology was licensed from Vodafone by its original developers and re-incarnated as the Mobiu. The SIM technology provides the core security elements of the Mobiu, such as PIN management, encryption and secure messaging; thereby also controlling access to the unit's other hardware resources.
Up and running
Once the Mobiu is inserted in a USB port, its onboard operating system (OS) loads up automatically and you are prompted to enter your PIN. Once logged in, if it is the first time the Mobiu has been used, it will offer the option of backing up any files on the attached computer or other sources to your MobiVault. (The MobiVault is a slice of secure disk space provided by The Key Revolution that is linked to your Mobiu.) If the back up is complete or if you choose to bypass this step, the initial Mobiu OS interface (see Figure 1) appears.
From the perspective of those needing to share files securely, a key concept in the Mobiu OS is the MobiRoom. This is a secure online workspace that is only accessible by specific users to whom you have sent a secure invitation that they have accepted.
Figure 1: The initial Mobiu start up screen
Every Mobiu is associated with a unique membership number, so inviting another Mobiu user to become a trusted user simply involves clicking the "Invite User" link on the left hand Mobiu menu, entering the other user's membership number and clicking OK (see Figure 2). If they currently have their Mobiu online, they will receive the invitation immediately in their Mobiu Inbox, otherwise it will be available the next time they connect.
The next step is to grant the trusted user access to a specific MobiRoom (see Figure 2). It is possible to create multiple MobiRooms that are completely separate and secure from each other, each with multiple trusted users who may or may not overlap as desired. Files can be added to a MobiRoom from a connected computer, from local flash memory on the Mobiu, or from your MobiVault.
Figure 2: Creating a trusted user and granting them access to a MobiRoom
At first glance, this functionality may not appear anything particularly special, in that secure sharing of files among remote users can be readily achieved by other methods - such as a VPN, or simply by secure shell (SSH) access direct to a suitable server.
However, the point about the Mobiu is that it doesn't require any pre-arranged infrastructure or resources; it really is pretty much a case of just plug'n'share (securely). The other point is that it offers multi layer security; you need both physical access to the Mobiu and the PIN (which is entered via an onscreen mouse click keyboard) to connect and access any data. If the Mobiu is stolen or lost, it is useless to a third party without the PIN, and three incorrect attempts to guess or force this will automatically disable the unit. On the other hand if the PIN is compromised then (unlike the log in details for, say, an SSH connection) it is still useless without the Mobiu.
Finally, as soon as a Mobiu is reported stolen/missing it can be automatically disabled the next time anyone attempts to use it.
Another important consideration is that a Mobiu can also be used safely in the "dirtiest" computing environments, as it includes several of its own onboard applications, including Microsoft Office compatible programs, Firefox portable browser, file compression software and a PDF reader. If you or a trusted user attempt to open a file in a MobiRoom (or in your case also from your MobiVault or attached computer) the dialog in Figure 3 appears. If you select the Secure Open option, the application runs in memory on the Mobiu so all temporary files and session information remain on the Mobiu. As a result, when it is removed from the host machine, no footprint is left behind that could be compromised.
Therefore, while one wouldn't by choice wish to collaborate on a highly sensitive trading project via a dodgy PC in an internet café riddled with viruses and key logging software, it's comforting to know that it would still be possible and safe if absolutely necessary.
Using a Mobiu also means that sensitive data that may need to be shared while on the move never has to be stored on a laptop that could be stolen and compromised. (Certain government agencies may care to ponder this point at leisure.) When travelling, sensitive data could be kept only on the Mobiu or in a MobiRoom/MobiVault; when accessed via Secure Open, no footprint would remain that could be exploited.
Figure 3: Mobiu ﬁle opening options
As mentioned above, the Mobiu includes a suite of Microsoft Office compatible programs - specifically SoftMaker's Office 2008. This consists of equivalent programs for MS Word, PowerPoint and Excel. We tried all of these, as well as the portable Firefox browser and the zip and PDF utilities. However, as one of the apps most likely to be of interest to Automated Trader readers, we gave the Excel equivalent - called Plan Maker - an extra special kicking. Bearing in mind that Plan Maker has to run within the constraints of the Mobiu's flash memory (1GB on the test unit we were supplied with) you probably won't want to kick off a multi parameter optimisation on a couple of years of tick and depth of order book data using it. That said, it made a decent fist of the Automated Trader Q4 Alphability data set, which isn't exactly minuscule and also did a reasonable job of producing the Alphability charts (see Figure 4). Though we didn't test them all, Plan Maker has a respectable selection of some 230 worksheet functions. It also has an equivalent to Excel's Visual Basic Editor called BasicMaker, but this wasn't installed on the review sample, so were unable to test it.
Figure 4: One of Automated Trader's Q4 Alphability charts produced with Plan Maker
Inevitably, as we tested the unit, our wish list for future Mobiu functionality started to grow. Topping this list is secure messaging; being able to share sensitive files securely is good, but being able to do so interactively in real time would be even better. We raised this whinge with the firm that supplied the review units - 3D Computers - and were mollified to learn that they already have this functionality in the pipeline. (The Mobiu is designed to be extensible, so distributors and others can add functionality as required.)
Oddly enough, for something based on an offshoot of mobile phone technology, the Mobiu doesn't as yet include 3G access on the SIM. For an item that makes a virtue out of being able to get you hooked up safely in a lot less than ideal conditions, this would be, well, ideal. (It's also something our Sharp End Reviewer highlighted.) Again we whinged - and again we were shown it on the road map for the Mobiu.
We think we finally caught The Key Revolution out with another wish list item - an SSH terminal that would run inside the Mobiu OS. (Actually to be strictly honest we raised it with them and their CTO, who has a security background, became very excited and started scribbling notes, so it may well already be in the latest release for all we know.) For the quant/programmer on the move or working from home, being able to make an utterly secure remote log-in on the fly to a server running complex optimisation or pricing routines would be rather handy…
Bottom line: it does what it says on the tin. Using a pair of Mobius we exchanged mutual trusted user status and Mobiu Rooms with our Sharp End Reviewer, Shaun Downey. We were able to exchange/add/manipulate/review multiple files with each other via MobiRooms. The on-key apps worked as claimed (no incompatibility problems with MS Office files) and files opened with Secure Open definitely didn't leave any traces on host machines. If you need quick, easy and secure remote file sharing for your hottest trading models, the Mobiu's tyres are definitely worth a kick.
Sharp End Reviewer:
Shaun Downey, Chief Technical Analyst, CQG
I spend a large part of the working day helping CQG clients
with coding their trading ideas. One of the biggest practical
problems I encounter when doing this is security. Clients are
inevitably uneasy about the risks of emailing files to and fro
across public networks. Email encryption using PGP or similar
is possible, but less than ideal given the proliferation of all
the various public/private key pairs for each client.
Also, in view of the amount of travelling I do, being able to tightly and quickly control access to highly sensitive client IP using something like the Mobiu is valuable. If I have just checked into a hotel in Tokyo at 3am, I don't particularly wish to spend three hours struggling to make a connection to a client's recalcitrant VPN.
Given the number of clients I may be dealing with at any one time, the ability to create discrete and secure MobiRooms for individual client groups also made a lot of sense. Establishing secure sharing on a peer to peer basis and hooking up to MobiRooms was trivial and took less than a minute.
Secure messaging would be particularly useful, as would the ability to brainstorm ideas on a secure whiteboard. Nevertheless, there's no question that the Mobiu delivers on its promises and would give a lot of assurance to trading firms concerned about the risks of IP leakage.