ISG Seminar 3 rd November Agenda for Lecture. Smart Cards with Contacts. Contact-less Smart Cards. From Smart Cards to NFC Smart Phone Security
|
|
- Ferdinand Norris
- 6 years ago
- Views:
Transcription
1 ISG Seminar 3 rd November 2011 From Smart Cards to NFC Smart Phone Security Keith Mayes ISG Smart Card Centre (SCC) keith.mayes@rhul.ac.uk Agenda for Lecture Evolution of smart cards/rfids Attacks/countermeasures Near Field Communication (NFC) NFC Security Elements Misuse of NFC devices as attack platforms Other worries about phone platforms 1 2 Smart Cards with Contacts Contact-less Smart Cards Chip module interface via metal contacts Card reader makes physical contact [Gemplus Images] Chip module interface via antenna Reader uses RF field 1
2 Smart Card/RFID Trade-offs RFID Tags - Passive/Active There are many different contact-less tag/device formats The main classes are passive and active (powered) 5 6 At a store near you Near Field Communication The latest standards for mobile phones support Near Field Communications (NFC) NFC is a equivalent to a contact-less interface for the phone The phone can behave as a smart card or token The phone can behave as the reader (Standards from 7 Recap: Normally Smart Cards as Personalised Devices that Resist Attack When we are dealing with deployed/accessible devices we are not only concerned about attacks against the theoretical design of the security protection, but also its implementation and associated policies. Attacks can be classed under generic headings. Logical. Physical/Fault. Timing/Side-Channel. Attacks that target the implementation are often referred to as tampering. Specialist devices including Hardware Security Modules (HSM), Security Elements (SE), Mobile Smart cards (SIM), trusted Platform Modules (TPM) are designed to be strongly tamper-resistant. 8 2
3 Hacking a popular sport Wikipedia on the popular Hacking at Random Conference Hacking at Random was an outdoor hacker conference that took place in The Netherlands in August This conference was the most recent event in a sequence. Galactic Hacker Party in 1989, followed by Hacking at the End of the Universe in 1993, Hacking In Progress in 1997, Hackers At Large in 2001, and What the Hack in A small selection of seminars from HAR RFID sniffer workshop: Assemble your own RFID sniffer and find RFID tags in your wallet Cracking A5 GSM encryption Lock picking Sniffing cable modems Side channel analysis and fault injection Rootkits are awesome. Insider Threat for Fun and Profit Wikileaks. History is the only guidebook civilization has, but who's the publisher? 9 10 Hacking RFID a popular pastime. 10 Physical Attack Countermeasures In hardware security modules these are at chip level and include Physical barriers Active shields Circuit scrambling Encrypted busses Encrypted memories Environment/fault sensors In mobile equipment you have to consider protecting/obscuring sensitive chips and interfaces Making things hard to get at is better than nothing Try to impede the replacement of critical chips Source Gemalto 11 Timing/Side Channel Attack Side channel attacks exploit leakage from sensitive operations. The principle is simple; An electronic circuit is made up of gates/transistors Switching between logic levels causes a slight variation in power consumption and a small RF emission The attacker captures these variations and processes them in order to extract secret/sensitive information The equipment needed is relatively low cost/available and the processing techniques are well published The attack is effective against unprotected hardware and will extract keys from good logical algorithms such as DES/AES etc. 12 3
4 NFC Modes Basically NFC modem with three modes Reader-Token Communication Token-Reader Communication Peer-to-Peer <<DEMOs>> All very exciting..but considerable concerns remain about NFC security The NFC Secure Element Starting position: Mobile handset is not a trusted platform. Need additional trusted security component. Most well known example is the UICC. SE is security core of NFC applications. Tamper resistance - secure storage and management of applications and keys. Security mechanisms, e.g. encryption of communication channel. SE facilitates two key services. Secure execution of sensitive applications and their data. Secure management of applications. Multiple form factors! RIM RIM Example of a Secure Element Embedded SE NXP SmartMX Secure Microcontroller Family Dual interface smart cards Embedded form factors NXP SmartMX2 newest addition Processing 8,16,24,32 bit instruction set Memory - up to 384KB ROM, KB RAM, 144 KB EEPROM and 400 KB Flash Security Common Criteria targeting EAL6+ Crypto library and co-processors (AES/DES/ECC/RSA) Software platform JCOP (Java Card) Application management Global Platform NXP2011 SE is embedded in handset Smartcard in IC form factor Works when phone off No distinct owner Development opportunities Potential trust and ownership issues Secure personalisation important NXP2011 ifitit Teardown
5 SIM/USIM as SE microsd SE The existing SIM/USIM is the SE. No extra hardware. SIM stable technology. Handset needs to support Single Wire Protocol (SWP). Owned by the MNO. 3 rd party application access? Variations. DIF-SIM: All functionality on SIM with antenna in phone. SIM-Flex: All functionality on SIM with attached antenna NXP2011 Gemalto SE added in SD memory slot No NFC capability required in handset Can add to any handset with slot Off when phone is off Flexibly ownership 3 rd party owner open for development SE tied to specific owner/application Variations Some units only readers or only tokens Secure storage and execution NFC module in handset Integrated unit NFC communication capability Antenna included NXP2011 SDID Security Domains and Keys Global Platform application management is based on Security Domains (SD) Multiple SDs can be created on a SE and associated with Service Providers (SP) An SP can only access manage applications housed within its own SD. Example of Delegated Mode with UICC as SE shown on right. An Issuer Security Domain for MNO services, and multiple Supplementary Security Domains (SSD) for other services OTA keys are used to gain access to the SE SSD keys are used to gain access to each of the service domains Clones/Emulators Products/applications tied to specific UID not easily transferable to other token Emulator can masquerade as any token if data and/or key material can be obtained A number of devices have been demonstrated (available publicly) for LF, HF and UHF.Nice idea at least!. Credit: TU Graz, OpenPICC, Intel, Radboud University SmartTrust2011 5
6 Passive Relay A Hack a day keeps boredom away? Hackers/enthusiasts are very active and cooperative via forums and web sites. The examples here were found on the Hack-a- Day website. [G.P. Hancke, K. Mayes and K.Markantonakis. "Confidence in Smart Token Proximity: Relay Attacks Revisited", Elsevier Computers & Security, June 2009.] 21 Smart Phones are becoming top targets! 22 Phone Platform Risks As sophistication of phones grow, they become vulnerable to all the security perils of PCs Rootkits, viruses, malware, trojans, keyloggers..etc.. Phone architectures are complex and various components are bolted together. Phones are available from many sources, get unlocked, reflashed, upgraded and cheap clone/copies are in use - so what software is actually running? If your security protection relies on a software only solution you are at risk. Hardware security provides a reliable anchor point for security. Phone platform security protection is often proprietary and not disclosed for verification. 23 NFC device as an attack platform! Attacks currently use a lot of custom built kit. Hence, the interest in NFC devices as attack platforms! Skimming - reading genuine cards. Clone card emulation. An open development platform. Anyone can write phone reader applications. Embedded secure elements are unlockable. Existing APIs and developer environments. Multiple communications links. A software downloaded attack application could spread very fast! 24 6
7 Payment card cloning via NFC First generation contactless cards had rudimentary security Card authentication with static data Develop a Skimming Tool MIDlet on NFC phone reads card data. No code signing required. Cloning the card. Unlock SE. Load Java card applet with payment AID. Worked on POS system in lab [ L. Francis,G. Hancke, K. Mayes, and K. Markantonakis, Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms," Proceedings of The First International Workshop on RFID Security and Cryptography, (RISC 2009), UK] 25 Proof-of-Concept NFC Relay Experiment Two NFC enabled mobile phones operating in P2P mode and participating in a legitimate transaction. Phone-A intends to interact with Phone-B. Introduce two additional proxy phones (Proxy-A and Proxy-B) to relay the communication. [ L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, "Practical NFC Peerto-Peer Relay Attack using Mobile Phones". 6th Workshop on RFID Security (RFIDSec 2010), June 7-9, 2010, Istanbul, Turkey]. 26 Trusted NFC Phone platform? Security Applications go here 'Safebot' malware running as 'root' user Image from Vikas Rajole MSc report 2011 Malware goes here! 27 Conclusion/Comments Smart Cards have been evolving and changing from cards with contacts to contactless cards and RFIDs. The need for attack resistant hardware remains as cards/rfids are targeted by organised hacker/enthusiast communities. Near Field Communications offers possibility of using the mobile phone instead of smartcards/rfids or their readers. Security concerns around NFC have let to the definition of Security Elements, but several competing options. NFC reader mode does not use the SE and so applications are at risk from phone vulnerabilities. Phone architectures are complex and there are published attacks. NFC phones are attracting interest as convenient attack platforms! 28 7
8 Thank you for your attention Questions? 29 8
Considering the Security of Mobile Commerce and Banking. Professor Keith Mayes Information Security Group ACE-CSR
Considering the Security of Mobile Commerce and Banking Professor Keith Mayes Information Security Group ACE-CSR Information Security Group (ISG) Established 1992 17 Full-time Academics, 8+ Research Assistants
More informationSecure Elements 101. Sree Swaminathan Director Product Development, First Data
Secure Elements 101 Sree Swaminathan Director Product Development, First Data Secure Elements Secure Element is a tamper resistant Smart Card chip that facilitates the secure storage and transaction of
More informationAttacks on NFC enabled phones and their countermeasures
Attacks on NFC enabled phones and their countermeasures Arpit Jain: 113050028 September 3, 2012 Philosophy This survey explains NFC, its utility in real world, various attacks possible in NFC enabled phones
More informationSmart Tokens: Tags, smart phones and everything in between. Dr Gerhard Hancke Information Security Group
Smart Tokens: Tags, smart phones and everything in between Dr Gerhard Hancke Information Security Group 29.02.2012 Royal Holloway (RHUL) Royal Holloway founded in 1879 by Victorian entrepreneur Thomas
More informationPreface. Structure of the Book
When the first edition of this book was published back in 2008, the scope was anything to do with smart cards and security tokens in the widest sense. The aim was in fact to provide a complete story, looking
More informationPractical Attack Scenarios on Secure Element-enabled Mobile Devices
Practical Attack Scenarios on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria 4 th International Workshop on Near Field Communication 13 March
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationRelay Attacks on Secure Elementenabled
Relay Attacks on Secure Elementenabled Mobile Devices Virtual Pickpocketing Revisited Michael Roland University of Applied Sciences Upper Austria,, Austria SEC2012 IFIP International Information Security
More informationSecure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria WIMA 2012 NFC Research Track 11 April 2012, Monaco
More informationSecurity of NFC payments
Security of NFC payments Olga Korobova Department of Computer Science University of Massachusetts Amherst Abstract Our research objective was to examine the security features implemented by the bank cards
More informationSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare? Michael Roland University of Applied Sciences Upper Austria,, Austria IWSSISPMU2012 International Workshop on
More informationMobile NFC Services Opportunities & Challenges. NGUYEN Anh Ton VNTelecom Conference 31/10/2010
Mobile NFC Services Opportunities & Challenges NGUYEN Anh Ton VNTelecom Conference 31/10/2010 Agenda 1. Introduction 2. Mobile NFC Overview 3. NFC Ecosystem Key Findings 4. Main NFC challenges 5. What
More informationCh 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated 4-24-17 Current Generation Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated
More informationThe MIFARE Classic Story
The MIFARE Classic Story Keith E. Mayes Information Security Group Smart Card Centre Royal Holloway, University of London Egham, U.K. keith.mayes@rhul.ac.uk Carlos Cid Information Security Group Royal
More informationNFC embedded microsd smart Card - Mobile ticketing opportunities in Transit
NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit July 2017 By: www.smk-logomotion.com Introduction Presentation is describing NFC enabled microsd smart card (LGM Card) Technical
More informationGSM Association (GSMA) Mobile Ticketing Initiative
GSM Association (GSMA) Mobile Ticketing Initiative Sue Monahan Director - GSMA NA Clif Campbell Lead Member of Technical Staff AT&T April 2010 Content GSM World Today GSMA Overview GSMA M-Ticketing Initiative
More informationHCE security implications. Analyzing the security aspects of HCE
HCE security implications Analyzing the security aspects of HCE January 8th, 2014 White paper - HCE security implications, analyzing the security aspects of HCE HCE security implications About the authors:
More informationSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare? Michael Roland NFC Research Lab Hagenberg University of Applied Sciences Upper Austria Softwarepark 11, 4232
More informationContents. Preface. Acknowledgments. xxiii. List of Acronyms i xxv
Preface xv Acknowledgments. xxiii List of Acronyms i xxv 1 Executive Summary 1 1.1 Towards NFC Era 2 1.1.1 Ubiquitous Computing 2 1.1.2 Mobile Phones 3 1.1.3 Technological Motivation of NFC 4 1.1.4 Wireless
More informationMobile/NFC Security Fundamentals. Secure Elements 101. Smart Card Alliance Webinar March 28, 2013
Mobile/NFC Security Fundamentals Secure Elements 101 Smart Card Alliance Webinar March 28, 2013 Introductions Brent Bowen, INSIDE Secure Chair, Mobile & NFC Council, Smart Card Alliance Mobile & NFC Council
More informationLeveraging the full potential of NFC to reinvent physical access control. Friday seminar,
Leveraging the full potential of NFC to reinvent physical access control Wireless@KTH Friday seminar, 2012-08-31 NFC (Near Field Communication) A new radio communication technology for mobile phones Uses
More informationMobile Security / Mobile Payments
Mobile Security / Mobile Payments Leslie K. Lambert CISSP, CISM, CISA, CRISC, CIPP/US, CIPP/G VP, Chief Information Security Officer Juniper Networks Professional Techniques - Session T23 MOBILE SECURITY
More informationA Secure and Practical Key Management Mechanism for NFC Read-Write Mode
Journal of Computational Information Systems 7: 11 (2011) 3819-3828 Available at http://www.jofcis.com A Secure and Practical Key Management Mechanism for NFC Read-Write Mode Hsu-Chen CHENG, Wen-Wei LIAO,
More informationA Secure and Practical Key Management Mechanism for NFC Read-Write Mode
A Secure and Practical Key Management Mechanism for NFC Read-Write Mode Hsu-Chen Cheng, *Wen-Wei Liao, Tian-Yow Chi, Siao-Yun Wei Department of Information and Management, Chinese Culture University, Taipei,
More informationNFC Identity and Access Control
NFC Identity and Access Control Peter Cattaneo Vice President, Business Development Agenda Basics NFC User Interactions Architecture (F)ICAM Physical Access Logical Access Future Evolution 2 NFC Identity
More informationMultifunctional Identifiers ESMART Access
AIR TAG Multifunctional Identifiers ESMART Access Contents ESMART Access technology 4 Key advantages of ESMART Access 6 Multifunctional identifiers ESMART Access 8 AIRTAG RFID keyfobs 9 Silicone RFID
More informationSIM Smart Card Overview
SIM Smart Card Overview Smart Card Introduction 2 Java Card Java Card Based SIM Development Environment Service Examples 3 Smart Cards? A smart card is a plastic card that contains an embedded integrated
More informationHOW TO INTEGRATE NFC CONTROLLERS IN LINUX
HOW TO INTEGRATE NFC CONTROLLERS IN LINUX JORDI JOFRE NFC READERS NFC EVERYWHERE 28/09/2017 WEBINAR SERIES: NFC SOFTWARE INTEGRATION PUBLIC Agenda NFC software integration webinar series Session I, 14th
More informationRelay Attacks on Secure Element-enabled Mobile Devices?
Relay Attacks on Secure Element-enabled Mobile Devices 1 Relay Attacks on Secure Element-enabled Mobile Devices? Virtual Pickpocketing Revisited Michael Roland 1, Josef Langer 1, and Josef Scharinger 2
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationNFC is the double click in the internet of the things
NFC is the double click in the internet of the things Name Frank Graeber, Product Manager NFC Subject 3rd Workshop on RFID Systems and Technologies Date 12.06.2007 Content NFC Introduction NFC Technology
More informationManaging an NFC Ecosystem
Managing an NFC Ecosystem Gerald Madlmayr NFC, ICMB 2008, Barcelona 1 NFC - What is it all about RFID Derivate 13,56 Mhz Integrated in mobile devices for consumer market Operating Modes Tag/SmartCard Emulation
More informationDr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011
Mobile Security Application Current Status Overview in Taiwan Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011 Content Problems and Current Status Approach for the Mobile Security Application Mobile
More informationThe SIM Turns 20. Dr. Klaus Vedder. Chairman ETSI TC SCP. 3rd ETSI Security WS Sophia Antipolis, France January 2008
The SIM Turns 20 Dr. Klaus Vedder Chairman ETSI TC SCP Footer text (edit in View : Header and Footer) 3rd ETSI Security WS Sophia Antipolis, France 14-15 January 2008 World Class Standards ETSI TC SCP,
More informationSmart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability
Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 25,
More informationBest Security Practices for NFC Mobile Payments
Security Workgroup January 2014 Copyright 2013 Mobey Forum All rights reserved. Reproduction by any method or unauthorised circulation is strictly prohibited, and is a violation of international copyright
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationSMART CARDS. Miguel Monteiro FEUP / DEI
SMART CARDS Miguel Monteiro apm@fe.up.pt FEUP / DEI WHAT IS A SMART CARD Distinguishable characteristics Can participate in automated electronic transactions Used primarily to add security Not easily forged
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationSession 2: Understanding the payment ecosystem and the issues Visa Europe
Session 2: Understanding the payment ecosystem and the issues Visa Europe Agnes Revel Martineau VP, Head of Product Specifications, Standards and Industry Liaison ETSI 01st, July, 2014 Agenda You said
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationSmartcards. ISO 7816 & smartcard operating systems. Erik Poll Digital Security Radboud University Nijmegen
Smartcards ISO 7816 & smartcard operating systems Erik Poll Digital Security Radboud University Nijmegen 1 Standard for contact smartcards ISO7816 7816-1 Physical characteristics 7816-2 Dimension & size
More informationSTMicroelectronics Payment Solutions. December 6 th 2012
STMicroelectronics Payment Solutions December 6 th 2012 GP Microcontrollers General Purpose 8-bit and 32-bit MCUs Automotive 8-bit MCUs Microcontrollers in MMS Group 2 Memories Serial EEPROM RF memories
More informationNear Field Communication: IoT with NFC. Dominik Gruntz Fachhochschule Nordwestschweiz Institut für Mobile und Verteilte Systeme
Near Field Communication: IoT with NFC Dominik Gruntz Institut für Mobile und Verteilte Systeme NFC Experience at FHNW 2005/06 First NFC demonstrator (with Siemens CX70 Emoty) NFC was included in a removable
More information2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient
2 nd ETSI Security Workshop: Future Security Smart Cards Dr. Klaus Vedder Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient ETSI TC SCP, the Smart Card Committee 19 Years of Dedication and Real-life
More informationMasterCard NFC Mobile Device Approval Guide v July 2015
MasterCard NFC Mobile Device Approval Guide v2.0 30 July 2015 Notices Following are policies pertaining to proprietary rights, trademarks, translations, and details about the availability of additional
More informationMobile Contactless Technology Backgrounder
Mobile Contactless Technology Backgrounder June 2011 1. In2Pay TM microsd architecture... 3 2. In2Pay microsd basic features... 4 3. Differences between In2Pay v2.0 and v2.6... 5 4. Support for full NFC
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationNFC ESSENTIALS JORDI JOFRE NFC EVERYWHERE MARCH 2018 PUBLIC
NFC ESSENTIALS JORDI JOFRE NFC EVERYWHERE MARCH 2018 PUBLIC Learn all about NFC Session I, 15th March NFC applications and use cases https://attendee.gotowebinar.com/rt/1059402932312036099 Session II,
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO
ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing Pierre Garnier, COO 1 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium
More informationSecurity in sensors, an important requirement for embedded systems
Security in sensors, an important requirement for embedded systems Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer AISEC Institute for Applied
More informationCennox. The Global Brand in ATM Services THE CENNOX EPOS TERMINAL RANGE TAKING PAYMENTS AS EASY AS 1,2,3
Cennox The Global Brand in ATM Services THE CENNOX EPOS TERMINAL RANGE TAKING PAYMENTS AS EASY AS 1,2,3 Cennox PLC 11 & 12, Admiralty Way Camberley Surrey, GU15 3DT t: +44 (0) 1276 607200 f: +44 (0) 1276
More informationDate: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.
Date: 13 June 2018 @qualcomm Location: Sophia Antipolis Integrating the SIM Dr. Adrian Escott Qualcomm Technologies, Inc. Agenda 1 2 3 4 5 6 Path to isim isim Size benefit Hardware Architecture Certification
More informationStrong Authentication for Physical Access using Mobile Devices
Strong Authentication for Physical Access using Mobile Devices DoD Identity Protection and Management Conference May 15-17, 2012 Dr. Sarbari Gupta, CISSP, CISA sarbari@electrosoft-inc.com 703-437-9451
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationSafeNet MobilePKI for BlackBerry V1.2. Administration Guide
SafeNet MobilePKI for BlackBerry V1.2 Administration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV and/or its subsidiaries who shall have
More informationThe Future of Smart Cards: Bigger, Faster and More Secure
The Future of Smart Cards: Bigger, Faster and More Secure Joerg Borchert, Vice President, Secure Mobile Solutions July 16, 2003 Page 1 N e v e r s t o p t h i n k i n g. Infineon Technologies: Overview
More informationDigital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans
Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October 2014 Frazier D. Evans Evans_Frazier@bah.com There are four key areas that need to be investigated when talking
More informationProducts and solutions for Secure Wearables
Products and solutions for Secure Wearables Content Introduction... 3 Security... 4 Secure element and integrated NFC boosted solutions for wearable devices... 4 Secure element... 5 NFC booster and nfc
More informationBuilding Digital Key Solution for Automotive
Building Digital Key Solution for Automotive Content Overview Use Cases Unlocking Use Cases Key Provisioning Use Cases Key Sharing Use Cases Key Properties High Level Architecture and Related Standards
More informationANTI THEFT CONTROL SYSTEM OF CAR USING ARM7 Gunaganti Ganesh* 1
e-issn 2277-2685, p-issn 2320-976 IJESR/June 2014/ Vol-4/Issue-6/480-484 Gunaganti Ganesh/ International Journal of Engineering & Science Research ANTI THEFT CONTROL SYSTEM OF CAR USING ARM7 Gunaganti
More informationAN MIFARE Type Identification Procedure. Application note COMPANY PUBLIC. Rev August Document information
Document information Info Content Keywords, 14443 Abstract This document describes how to differentiate between the members of the card IC family. 14443-3 describes the initialization and anti-collision
More informationSmart Payments. Generating a seamless experience in a digital world.
Smart Payments Generating a seamless experience in a digital world www.infineon.com/payment Trends Rising need for security The trends highlighted opposite are heightening the need for security and performance,
More informationDynamic program analysis
Dynamic program analysis Pierre.Girard@gemalto.com RE-TRUST workshop Meudon, March 19, 2009 Mission of the day Give an overview of tools and procedures for dynamic software analysis in an industrial security
More informationThe NFC Forum NFC Technology for Developers
The NFC Forum NFC Technology for Developers 7 October 2008 Audio Tips All audio comes through your computer Use your computer mixer to adjust master volume Use Webcast reader audio slide top center of
More informationLinux NFC Subsystem. Lauro Ramos Venancio Samuel Ortiz 2011, September 9th
Lauro Ramos Venancio Samuel Ortiz 2011, September 9th What is NFC? NFC means Near Field Communication It is a short-range wireless communication It operates at 13.56 MHz Data rates from 106 kbits/s to
More informationSECURITY FOR CONNECTED OBJECTS. Alain MERLE CEA-LETI
SECURITY FOR CONNECTED OBJECTS Alain MERLE CEA-LETI Alain.merle@cea.fr Source: CISCO, AT&T IOT: SOME FIGURES Cisco predicts 50B of connected object by 2020 X-as-a-service a breakthrough for carrier s business
More informationSecuring IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager
Securing IoT devices with Hardware Secure Element Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager 2 A global semiconductor leader 2016 revenues of $6.97B Listed: NYSE, Euronext Paris
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationMicrocontrollers. Claude Dardanne Executive Vice President, General Manager, Microcontrollers, Memory & Secure MCU Group.
Microcontrollers Claude Dardanne Executive Vice President, General Manager, Microcontrollers, Memory & Secure MCU Group Francois Guibert Executive Vice President, President, Greater China and South Asia
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationFundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors
Fundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors Automotive Identification Wireless Infrastructure Lighting Industrial Mobile Consumer Computing Global player with local
More informationSecure Over-The-Air Services in NFC Ecosystems
Secure Over-The-Air Services in NFC Ecosystems Sirpa Nordlund Venyon Hagenberg March 20th, 2007 Contents of the presentation 1. Building up NFC ecosystem 2. Trusted third party and value proposition 3.
More informationAdvances with Osaifu-Keitai Starting Services Supporting NFC (Type A/B) on NTT DOCOMO UIM Cards. contactless IC cards that is being adopted
Type A/B GP TSM Advances with Osaifu-Keitai Starting Services Supporting NFC (Type A/B) on NTT DOCOMO UIM Cards The Osaifu-Keitai service currently being provided in Japan is based on the FeliCa *1 mobile
More informationPhysical Tamper Resistance
Physical Tamper Resistance (Ross Anderson s book Security Engineering - Chapter 16) Tamper: VERB (tamper with) Interfere with (something) in order to cause damage or make unauthorized alterations. someone
More informationMIFARE4MOBILE: the road TO NFC MASS ADOPTION. NFC WORLD CONGRESS Sophia Antipolis, 2011
MIFARE4MOBILE: the road TO NFC MASS ADOPTION NFC WORLD CONGRESS Sophia Antipolis, 2011 Creating a Mobile-nfc Ecosystem Challenges to Mobile NFC s success: technical and business complexity, interoperability,
More informationMobile Identity Management
Mobile Identity Management Outline Ideas Motivation Architecture Implementation notes Discussion Motivation 1 The mobile phone has become a highly personal device: Phonebook E-mail Music, videos Landmarks
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationGlobalPlatform Trusted Execution Environment (TEE) for Mobile
GlobalPlatform Trusted Execution Environment (TEE) for Mobile Kevin Gillick Executive Director, GlobalPlatform @GlobalPlatform_ www.linkedin.com/company/globalplatform GlobalPlatform Overview GlobalPlatform
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationDIGITAL TECHNOLOGY An Evolution in the Payment Landscape. AMEX Digital Solutions
DIGITAL TECHNOLOGY An Evolution in the Payment Landscape AMEX Digital Solutions The Anatomy of Digital Payments Integration with leading digital wallet platforms such as Apple Pay, Android Pay and Samsung
More informationRFID tags. Inductive coupling is used for. energy transfer to card transmission of clock signal data transfer
RFID 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags can be called (contactless) smartcards Inductive coupling is used for energy
More informationA Multi-Application Smart-Card ID System for George Mason University. - Suraj Ravichandran.
A Multi-Application Smart-Card ID System for George Mason University - Suraj Ravichandran. Current System Magnetic Swipe Card based ID The card has three tracks They each store the following: Name, G#
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
More informationBreaking Hardware Wallets
Breaking Hardware Wallets Breaking Bitcoin September 2017 Nicolas Bacca @btchip Why Hardware Wallets? - high level overview YES NO Public data Do you want to send 1.337 BTC to 1UnREADABLE Operations on
More informationDesign and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet
Design and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet Hao Zhao, Sead Muftic School of Information and Communication Technologies (ICT) Royal Institute of Technology
More informationMobile Security Fall 2012
Mobile Security 14-829 Fall 2012 Patrick Tague Class #9 The Internet of Things Partial slide credit to L. Zoia and Y. Zhang Announcements If you haven't signed up for a Survey presentation (two teams,
More informationNext steps for NFC and mobile wallets
Next steps for NFC and mobile wallets PSE Consulting Merchant Acquiring Conference Mike Hendry Payment Systems Consultant Mike Hendry Page 1 1 Next steps for NFC and mobile wallets State of the (dis-)
More informationEnabling Mobile NFC CTST 2008
CTST 2008 Presented by Patrick Waters 15 May 2008 GROUP R&D - Enablers AGENDA Developing a Mobile NFC platform Turning NFC into Reality Re-inventing the SIM to Enable Trusted Services 2 1 Developing a
More informationEvaluation of the feasible attacks against RFID tags for access control systems
Evaluation of the feasible attacks against RFID tags for access control systems Hristo Dimitrov & Kim van Erkelens University of Amsterdam February 4, 2014 1 / 20 Contents 1 Introduction 2 Background 3
More informationST25TV product presentation. June 2018
ST25TV product presentation June 2018 ST25TV512 / 02K Product 2 The ST25TV chip belongs to ST25 NFC / RFID Tags & Readers family ST25TV is the natural evolution of LRI2K series The ST25TV512 / ST25TV02K
More informationMobile Payments Building the NFC Ecosystem
Mobile Payments Smart Card Alliance / NFC Forum Joint Workshop Building the NFC Ecosystem 2010 Smart Card Alliance Annual Conference Peter Preuss Nokia Chairman, NFC Forum Marketing Committee Cooperation
More informationMobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013
Mobile Devices as Identity Carriers Pre Conference Workshop October 14 th 2013 Mobile Market Worldwide Smartphones Market by OS (in thousands of units) 1,400,000 1,200,000 1,000,000 800,000 600,000 400,000
More informationJrsys Mobile Banking Solutions
Jrsys Mobile Banking Solutions Jrsys International corp. James Wu Mobile PKI solutions 1.Mobile CA 2.Mobile RA 3.Mobile Signing and Validation Service CA Mobile Signature/ Encryption Mobile PKI Mobile
More informationRFID & NFC. Erik Poll. Digital Security Radboud University Nijmegen
RFID & NFC Erik Poll Digital Security Radboud University Nijmegen 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags also called contactless
More informationAn Alternate Secure Element Access Control for NFC Enabled Android Smartphones
An Alternate Secure Element Access Control for NFC Enabled Android Smartphones Waqar Anwar, Dale Lindskog, Pavol Zavarsky, Ron Ruhl Concordia University College of Alberta Abstract For mobile payments
More informationSpoofing iclass and iclass SE
Introduction The concept of emulating (spoofing) security access cards has become more and more difficult with the introduction of smart card technology. The older proximity based RFID access cards were
More informationTrusted Computing Today: Benefits and Solutions
Trusted Computing Today: Benefits and Solutions Brian D. Berger EVP Marketing & Sales Wave Systems Corp. bberger@wavesys.com Copyright 2009 Trusted Computing Group Agenda TCG Vision TCG Benefits Solution
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More information