Mobile Security Application Current Status Overview in Taiwan Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011
Content Problems and Current Status Approach for the Mobile Security Application Mobile PKI and Mobile NFC Case Study Conclusions 2
Market Trend of E-Commerce to M-Commerce Network BB Wireless Network by 3G, 24hours Connection Host Device PC Mobile Phone, PDA Service (Ma arket Size) [Mobile & Local Transaction] [Mobile] [On line] Smart Card Enterprise Remote access Employ ID Banking ISP Transportation E-Government Citizen ID passport Healthcare Digital Content Entertainment Education News E-Service Payment Auction Shopping Insurance Stock Trading Transportation E-Ticket Sports Amusement E-Money 3 2007 2009 2011 Service ramping up period
Mobile Security Applications 4 Member -Mileage Club -Private Club (Hobby) -Internet member site -Advertisement (Bargain sale,catalog) -CRM -Town Guide Retail Employ -Enterprise -Government -Public org. (Remote access) -Content (movie, music, game, publishing) -Home electronics -Automotive Consumer Public -Citizen card (Driver license,passport) -Health care -Education Linkage of Services in Mobile Device Financial -e-money -Payment -m-banking -Stock Trade -Sports -Amusement, -Cinema -Concert e-ticket -Network (W-LAN, ISP) -Transportation -Telematics -Insurance -Travel Service
Secure Issues in Mobile Environment Tamper Integrity Authentication Personator Eavesdrop Encryption Denial Non-Repudiation Transaction E-Cash + SE Transport Ticket Mobile SIM 5 Access Control Citizen Certificate Card 5
Problems and current status Approach for the Mobile Security Application Mobile PKI and Mobile NFC Case Study Conclusions 6
Dual Interface and Multiple function SIM E-Purse NFC PN511 Transportation Telematics Core Controller Crypto- Controller Dual I/F Smart Card ISO14443 POS RFID Vending Machine - Contact [ISO7816] - Contact-less [ISO14443] ISO7816 E-ID Service
SIM Card Evolution High Speed & large storage Interface In 2006 Nov., USB was selected as High Speed & large storage Interface by ETSI committee C1 C2 C3 C5 C7: Already used by SIM Contact-less Interface 國際 SIM 卡標準化過程 In 2007 Nov. SWP(Single Wired Protocol) was adapted as contactless interface for NFC ( Near Field Communication) service by ETSI and GSMA C1 C2 C3 C4 C5 C6 C7 C8
Mobile PKI Service Architecture Certification Authority Registration Authority RAO + Secure Token for Key & Certificate storage PKI enable API and Device middleware User E-service Mobile Network 9
Platform and Mobile Handset One way authentication Mutual authentication Ensure transaction date secure and non-repudiation handset HSM One way authentication Transaction data Protected by Session Key Mutual Authentication applet Service Data Application Server Data Secure element Server Secure Channel establish Encrypted Data 10 Data encrypted by Session Key
What is a SE (Secure Element)? Provider Security Domain Secure Element Provider Application Card Issuer Security Domain Secure Channel Card Manager Issuer Application Mutual Authentication Secure Message Global Platform API Run-Time Environment & Hardware-neutral API (JCRE) 11 Key Set: To establish Secure Channel between card application (Applet) and host application. A Key Set: Secure Channel Encryption Key (S-ENC) Secure Channel Message Authentication Code Key (S-MAC) Key Encryption Key (KEK) Security Domain: It is a key container. To store Key Sets belong to an application provider
Mobile Device + Secure Element Browser-based (MIDlet) Mobile PKI Enable API Text-based (STK Menu) Middleware Mobile PKCS # 11 JSR 177 JSR 257 (U)SAT USIM/Secure Element Access interface (ISO 7816/USB/) J2ME/Native OS (WIN Mobile iphone OS Android Symbian ) + + + 12
Hardware Secure Element Approach V CC RST CLK RFU Stack-SIM module C1 C2 C3 C4 C5 C6 C7 C8 GND V PP I/O RFU SIM card chip Secure Element chip SE in usd SE in Stack SIM 13
JSR 177 Architecture Midlet Midlet Midlet Midlet JSR 177 Security and Trust Services APIs (SATSA) APDU JCRMI PKI CRYPTO Communication APIS Security APIS J2ME VM Native and low level Smart card driver Mobile Platform OS 14
JSR-257 NFC Applications JSR Contactless common functions 257 NDEF formatted data R/W External smart card communication Physical RFID R/W Visual Tag R/W CLDC MIDP KVM Operating System Hardware NFC Software Stack 15
PKCS#11 Architecture Desktop Platform Mobile phone Platform AP AP AP/Mdilet AP/Midlet PKCS#11:Cryptographic Token Interface Standard General purpose functions Slot and token management Session management Key management Crypto algorithms management PC/SC Native and low level Smart card driver 16 windows Linux/Unix MAC OSX Window s phone J2ME phone android phone
Problems and current status Approach for the Mobile Security Application Mobile PKI and Mobile NFC Case Study Conclusions 17
What is NFC? NFC (Near Field Communication) Provides the way information and services are distributed, paid for and accessed by the connected consumer NFC is a wireless technology enabling convenient short-range communication between electronic devices with secure way 18
SWP SIM Architecture V CC RST CLK D+ C1 C2 C3 C4 C5 C6 C7 C8 GND V PP I/O D- SWP PKI Applet ISO 7816 Part 12 USB Interface PKI Function Inside Defined by GSMA Standard 19