Considering the Security of Mobile Commerce and Banking. Professor Keith Mayes Information Security Group ACE-CSR

Transcription

1 Considering the Security of Mobile Commerce and Banking Professor Keith Mayes Information Security Group ACE-CSR

2 Information Security Group (ISG) Established Full-time Academics, 8+ Research Assistants 50+ PhD Students and 100+ MSc Students An alumni of over 3,000 Areas of activity Access control Critical infrastructure protection Cryptography Identity management Network security Smartcards, security modules and mobile* System security Socio-technical issues * Carried out within ISG Smart Card Centre (SCC) established

3 Trustworthy Solution Implementation A trustworthy mobile solution for banking or payments needs to be well designed, well used, but also well implemented. A designer may declare his design logically secure if it satisfies information security best-practices. The system must be appropriately configured, used and managed. The implementation of the design must also withstand all likely attacks (often called Tampering ) Specialist devices including Hardware Security Modules (HSM), Security Elements (SE), Mobile Smart cards (SIM), trusted Platform Modules (TPM) are designed to be strongly tamper-resistant. They can be evaluated under Common Criteria (typically EAL4+ and higher) 3

4 Physical Attack Countermeasures In hardware security modules (e.g. bank cards) chip level measures include: Physical barriers Active shields Circuit scrambling Encrypted busses Encrypted memories Source Gemalto Environment/fault sensors In mobile equipment you have to consider protecting/obscuring sensitive chips and interfaces Making things hard to get at is better than nothing Try to impede the replacement of critical chips 4 4

5 Timing/Side Channel Attack Side channel attacks exploit leakage from operations and the principle is simple; An electronic circuit is made up of gates/transistors; switching between logic levels causes a slight variation in power consumption and RF emissions The attacker captures these variations (with low cost kit) and processes them (using published techniques) in order to extract secret/sensitive information The attacks are effective against unprotected hardware and will extract keys from good logical algorithms e.g. AES Specialist security hardware countermeasures (found in bank cards) include, smoothing, additive noise, random delays, differential logic.. 5 5

6 Secure Nodes in Transactions Payment The transactions is effectively between the Issuer (bank) and the card. The card is trusted as strongly attack/ tamper-resistant. The network/parties in between can be considered as a transport network. On-Line Banking The card can be re-used as a trusted node for authentication and signing etc. Makes use of an off-line reader (to avoid on-line attack) User involved in manual process to create/communicate One-Time-Password to Issuer (via web-site). Issuer Issuer 6

7 Mobiles have not been Trustworthy History Analogue phone cloning Phone unlocking IMEI duplication Today Phone rooting Malware, viruses, trojans etc. Reverse Engineering Memory analysis Use as skimmers Use as card emulators Use as relays Tomorrow..?? 7

8 Near Field Communication NFC is equivalent to a phone contact-less interface, it has been used for mobile payment trials The phone can behave as a smart card/token or as a reader The standards body ( needed a new Security Element to make NFC trustworthy. Starting position: The mobile handset was not a trusted platform 8

9 The NFC Secure Element SE is security core of NFC applications. It is where you would put your bank card applications It has tamper resistance - secure storage and management of applications and keys. It has security mechanisms, e.g. encryption of communication. Multiple form factors. SIM-SE, Phone SE (chip) and Memory Card-SE. But then Google turned the world on its head!! Android phones will have Host Card Emulation (HCE) Effectively SE functionality implemented in software running on the phone processor 9 9 RIM2011

10 HCE: Pragmatism v Security Hardware SEs may be security evaluated, but they are tightly controlled, and inaccessible to most developers. Even mobile network operators have found it difficult to offer NFC banking/transaction services to customers via SEs. HCE should make it much easier to develop functionality for new services, and for users to obtain and use the services. However, we should not assume that HCE will resist physical, side-channel or fault attacks and it may add other conventional threats from viruses, malware etc. Given the complexity and fast moving nature of phones it is hard to see how evaluation could ever approach the rigour of Common Criteria applied to say bank cards

11 More Trustworthy Phones? The need to have more assurance of the correct operation of mobile software is not restricted to banking or NFC There are various proposed schemes under the heading of Trusted Execution Environment Some use a TPM to ensure the phone boots properly and to check the integrity of critical software There are specialist CPU extensions that separate secure and general (virus/malware prone) software execution. This can be extended by adding the equivalent of a smartcard OS to manage the secure execution. Answer: Phones are getting better, but are unlikely to rival the attack resistance of evaluated security chips/elements

12 Conclusion: Issues for Debate Mobile phone platforms have historically been considered as untrustworthy and there is a huge amount of attacker energy aimed at undermining phone security. This threatens any banking or payment application. NFC hardware SEs can be secure, but not if you can t access them for your services. HCE is likely to trigger a surge of new services. The challenge is how to handle the reduced tamperresistance, yet keep services fast and easy to use. Expect tears, but there is hope that phone security will improve

13 Thank you for your attention...any questions?