Mobile Payment Security

Transcription

1 Mobile Payment Security What it means and how to implement it Macroeconomics of Mobile Money Columbia University Apr. 2, 2010 Hadi Nahari Principal Security & Mobile Architect PayPal, Inc. an ebay Company HADI S BACKGROUND Security, cryptography, complex system analysis and design, distributed computing Identity management, digital asset protection, vulnerability assessment & threat analysis (VATA) Security and assurance certifications (FIPS, CC, NSA) Theory of programming languages, semantics of security, formal and functional languages Operating systems security (SVR4, Linux, Symbian, Nucleus, MultOS, etc.) Enterprise and embedded environments (Netscape Communications, Sun Microsystems, U.S. Government, Motorola, MontaVista, ebay, PayPal, etc.) The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

2 AGENDA Perspective Requirements Conclusion The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ AGENDA Perspective Requirements Conclusion The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

3 FACTS ABOUT MOBILE Internet access (all means) > 1 billion/day Cellular networks access ~ 4 billion/day Mobile is the only digital system many people will ever encounter The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ USECASE PROLIFERATION From Back Pocket to Front Pocket From Paper to Virtual Coupons From Paper to Virtual Tickets From Mass to Personalized From Pre Sale to in Store The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

4 MOBILE IDENTITY* CRISIS Complex landscape Identity proliferation Chip Vendors Mobile Network Operators Many players Neither trusts others Heterogeneous identity environment Device Manufacturers TSM Trusted Svc. Mgr. Card Associations Regulators Banks Retailers The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ MANY STANDARDIZATION* BODIES Global Platform Smart Card Infrastructure OMTP Open Mobile Terminal Platform Usability, Economic Security OMA Open Mobile Alliance Decoupling, Interoperability NFC Forum Near Field Communication Forum NFC, Proximity ETSI European Telecommunications Standards Institute Telecom Integration The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

5 AND THE NETWORKS Isolated from other systems (e.g. the Internet) Fundamentally different design-assumptions Applications must know how the network operates! The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ USAGE PATTERNS (UNITED STATES) The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

6 USAGE PATTERNS (INT L) The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ TRAFFIC SHARE The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

7 WHAT S A PLATFORM? Marc Andreessen A "platform" is a system that can be programmed and therefore customized by outside developers and in that way, adapted to countless needs and niches that the platform's original developers could not have possibly contemplated, much less had time to accommodate. So, platform is open by definition. How open? Two models the we know what s good for you model the you re not evil, are ya? model The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ AGENDA perspective Requirements Conclusion The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

8 MOBILE APP-WAREHOUSING ECOSYSTEM Development App. 1 Portal App. 0 App. 1 App. N SDK. 0 SDK. N Deployment App. 0 App. N\ App. N\ App. N\ App. N\ App. M SDK. 1 App. N Devices The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ IT S CLEAR THAT The mobile app ecosystem Is distributed Is open by definition The development & distribution model is evolving Single application warehouse (Market, AppStore, etc.) Compound application warehouse (WAC, etc.) The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

9 SECURITY BOUNDARIES Portal Regulator App. 1 App. 0 App. N Financial MNO Retailer The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ HOW MUCH SECURITY? Security proportionate to risk Simple, flexible, usable 0 $ Security Cost $$ No Security Usable Security Mil-Aero Security The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

10 THE BIG CHALLENGE: RISK MANAGEMENT Risk-driven decisioning: Authentication, authorization, etc. Takes time: highly data-driven Expen$ive: needs incurring the lo$ts Interoperability: Risk models are still rather local The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ AGENDA Perspective Requirements Conclusion The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

11 CONCLUDING THOUGHTS Good security should also be usable The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ THERE S MORE THAN TECHNOLOGY Technology Integrated Consolidated Utilized Technology People Interconnected Effective Supportive Information People Information Federated Secure Accessible Process Process Best Practices Automated Managed The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

12 THANK YOU! Questions, Comments, Feedback The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ BACKUP SLIDES The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

13 SECURITY REQUIREMENTS Environment: Objects: Autonomous governance of Key material Identities Secure isolation Authentication Asset protection At rest In transit Cohabitation Well-defined interaction contracts Channel protection The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ ABSTRACT MODEL Cloud_m Claims Verification Authorization Framework Cloud_n Claims Verification Authorization Framework Unforgeable, as in capability model ID Claims Protection Declarations Enforcement Mechanisms The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

14 OBJECTS MANDATE Declares own security needs Authenticates environment Protects its key material Claims, requirements, etc. ID Claims Protection Declarations Protected by object itself Declaration is a security asset Enforcement Mechanisms The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ ENVIRONMENTS MANDATE Authenticates objects Based on objects claims Authorizes interactions Among objects Between environments Claims Verification Authorization Framework The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

15 INTER-OBJECT COMMUNICATIONS Follows objects declarations Facilitated by env. only if authorized Claims Verification Authorization Framework ID Claims? ID Claims Protection Declarations Enforcement Mechanisms Protection Declarations Enforcement Mechanisms The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/ INTER-ENVIRONMENT COMMUNICATION Follows mutually-agreed declarations Only if authorized by both environments Claims Verification Cloud_m Claims Verification Cloud_n Authorization Framework ID Claims? Authorization Framework ID Claims Protection Protection Declarations Declarations?? Enforcement Enforcement Mechanisms Mechanisms? The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/

16 OBSERVATIONS The proposed model decouples authorization decisions Enables the autonomy of environments Allows for flexible business models Objects also authenticated the environment Execution is based on mutual agreement The Macroeconomics of Mobile Money, Apr. 2 nd 2010 Columbia University, NYC 4/9/