Mobile/NFC Security Fundamentals. Secure Elements 101. Smart Card Alliance Webinar March 28, 2013

Similar documents
Secure Elements 101. Sree Swaminathan Director Product Development, First Data

GSM Association (GSMA) Mobile Ticketing Initiative

NFC Application Ecosystems: Introduction, Peer-to-Peer, NFC Tags/Posters and Product Label Applications

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

Mobile NFC Services Opportunities & Challenges. NGUYEN Anh Ton VNTelecom Conference 31/10/2010

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

Advances with Osaifu-Keitai Starting Services Supporting NFC (Type A/B) on NTT DOCOMO UIM Cards. contactless IC cards that is being adopted

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

State of US Mobile Payments (NFC)

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Strategies for the Implementation of PIV I Secure Identity Credentials

Next steps for NFC and mobile wallets

SMART CARDS. Miguel Monteiro FEUP / DEI

Secure Application Trend in Smartphones. STMicroelectronics November 2017

Contents. Preface. Acknowledgments. xxiii. List of Acronyms i xxv

Near Field Communication: IoT with NFC. Dominik Gruntz Fachhochschule Nordwestschweiz Institut für Mobile und Verteilte Systeme

NEAR FIELD COMMUNICATION - THE FUTURE TECHNOLOGY FOR AN INTERACTIVE WORLD

Security of NFC payments

Secure Over-The-Air Services in NFC Ecosystems

Die Zukunft des M-Payment The future of m-payment NFC. Andreas Johne. Düsseldorf, 25. Januar 2008

HOW TO INTEGRATE NFC CONTROLLERS IN LINUX

Webinar Tokenization 101

Mobile Contactless Technology Backgrounder

Mobile Payments Building the NFC Ecosystem

Security on NFC-Enabled Platforms

Managing an NFC Ecosystem

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

Leveraging the full potential of NFC to reinvent physical access control. Friday seminar,

Best Security Practices for NFC Mobile Payments

NFC is the double click in the internet of the things

The UICC. Recent Work of SCP and Related Security Aspects. Dr. Klaus Vedder Chairman ETSI TC SCP

The Open Application Platform for Secure Elements.

Fundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Smart Card Alliance Member Webinar: Mission Expansion and Name Change. February 22, 2017

A Role-Based Service Level NFC Ecosystem Model

The Role of TSM. TSM Functions. Guy Berg President Collis America May 6, 2009

ISG Seminar 3 rd November Agenda for Lecture. Smart Cards with Contacts. Contact-less Smart Cards. From Smart Cards to NFC Smart Phone Security

Practical Attack Scenarios on Secure Element-enabled Mobile Devices

MOBILE WALLET TECHNOLOGIES: GLOBAL MARKETS. IFT070A April Priyanka Patel Project Analyst ISBN:

The UICC. Recent Work of ETSI TC Smart Card Platform. Dr. Klaus Vedder Chairman ETSI TC SCP

GOOGLE WALLET. Hardik Mangukiya ABSTRACT INDIA

Security in NFC Readers

Natural Security Alliance

Relay Attacks on Secure Elementenabled

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

NFC Service Launch in Hong Kong. Alex Kun SVP, Product Development and Management Wireless Business

HCE security implications. Analyzing the security aspects of HCE

Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

Products and solutions for Secure Wearables

MIFARE4MOBILE: the road TO NFC MASS ADOPTION. NFC WORLD CONGRESS Sophia Antipolis, 2011

STMicroelectronics Payment Solutions. December 6 th 2012

SIM Evolution. Klaus Vedder. Presented by: 10 July 2018 ETSI th Sigos Conference

Smart Card meets Connectivity New Opportunities in Mobile Business with NFC Technology. Smart Card Alliance2005 Fall Annual Conference Martin Bührlen

Fare Media: Past, Present and Future. Hassan Tavassoli APTA Fare Collection Workshop San Diego, California March 29, 2010

Mobile Security / Mobile Payments

Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices

NFC Identity and Access Control

A Novel Scheme for On-demand Distribution of Secure Element Keys

ACR1252U. NFC Forum Certified Reader. Technical Specifications V1.03. Subject to change without prior notice.

Smart Cards in Mobile Payment / NFC

Security Strategy for Mobile ID GSMA Mobile Connect Summit

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

ebook - TRUSTED esim TESTING FRAMEWORK - June 2016 BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

NFC Payment Solutions for Transit

HOW TO INTEGRATE NFC FRONTENDS IN LINUX

CREDENTSYS CARD FAMILY

NIS Platform Working Group 3 Individuals Digital Rights and Capabilities. Dr. Gisela Meister April

Design and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet

Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans

Building Digital Key Solution for Automotive

The SIM Turns 20. Dr. Klaus Vedder. Chairman ETSI TC SCP. 3rd ETSI Security WS Sophia Antipolis, France January 2008

NFC ESSENTIALS JORDI JOFRE NFC EVERYWHERE MARCH 2018 PUBLIC

SEPA goes Mobile Dr. Marijke De Soete ETSI Security Workshop January 2011 Sophia Antipolis, France

Activating New Mobile Services and Business Models With smartsd Memory Cards

2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient

Smart Card Operating Systems Overview and Trends

Glossary. xii. Marina Yue Zhang and Mark Dodgson Downloaded from Elgar Online at 02/04/ :16:01PM via free access

Will Mobile Phones Replace Cards?

Smart Tokens: Tags, smart phones and everything in between. Dr Gerhard Hancke Information Security Group

Mobile Access is the Killer App The Path to Flexible, Secure Credentials Brandon Arcement Senior Director, Product Marketing April 8, 2019

Forging the Link Between Global Interoperability and New Business Opportunities

- Lessons Learnt in Asia. Dr. Jack C. Pan Watchdata Technologies

Smartcards. ISO 7816 & smartcard operating systems. Erik Poll Digital Security Radboud University Nijmegen

Mobile Identity Management

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

MasterCard NFC Mobile Device Approval Guide v July 2015

ACR1251U-A1 USB NFC Reader with SAM Slot

Ch 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated

The Future of Smart Cards: Bigger, Faster and More Secure

Linux NFC Subsystem. Lauro Ramos Venancio Samuel Ortiz 2011, September 9th

Smart Cards. José Costa. Software for Embedded Systems. Departamento de Engenharia Informática (DEI) Instituto Superior Técnico

Hitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip

STMicroelectronics NATIXIS Payment Solutions Conference

Mobile Payment & Retail Project. Maura Turolla, Telecom Italia - Innovazione

Smart Card Management Innovation - Shinhan Card Case Study

The NFC Forum NFC Technology for Developers

IDGo Middleware and SDK for Mobile Devices

Transcription:

Mobile/NFC Security Fundamentals Secure Elements 101 Smart Card Alliance Webinar March 28, 2013

Introductions Brent Bowen, INSIDE Secure Chair, Mobile & NFC Council, Smart Card Alliance

Mobile & NFC Council Raise awareness and accelerate the adoption of all applications using NFC Access control, identity, loyalty, marketing, payments, peer-to-peer, promotion/coupons/offers, transit, Accelerate the practical application of NFC, providing a bridge between technology development/specifications and the applications that can deliver business benefits to industry stakeholders.

Today s Webinar Topics & Speakers Introductions: INSIDE Secure & Chair, Smart Card Alliance Mobile & NFC Council Secure Element Fundamentals: Sridher (Sree) Swaminathan, Director Product Development - TSM and Chip Solutions, First Data Types of Secure Elements: Sanjiv Rawat, NFC Technical Account Manager, Mobile Security, Giesecke & Devrient Secure Elements in Action: Greg Coogan, Field Marketing North America, Morpho Q&A: Randy Vanderhoof, Smart Card Alliance

Secure Elements 101 Sridher (Sree) Swaminathan Director, Product Development -TSM & Chip Solutions First Data

What Is a Secure Element Secure Element A tamper resistant Smart Card chip that facilitates the secure storage and transaction of payment and other sensitive credentials. Secure Elements are used in multi-application environment and can be available in multiple form factors like Plastic SmartCard, UICC(SIM), ese, micro SD etc.

What Is a Secure Element Secure Elements = Secure ICC Cards (Smart Cards) Secure Microcontrollers CPU Operating System Memory Immutable(ROM), Mutable(EEPROM) and Volatile(RAM) Crypto Engines Sensors, Timers, RNG Communication Ports FIPS, CC Certifications Reset I/O CPU Sensors Timer Typical Architecture of Secure ICC Encrypt Clock Crypto Engine Random # Generator Interrupts BUS BUS RAM EEPROM ROM

Evolution of Smart Cards From the 70s to date

Types of Smart Cards Smart Card types Contact ICC Cards with contacts for external communications. Card is inserted into a reader/pos terminal for transactions to occur. Follows ISO-7816 standards. Contactless ICC Cards with no visible contacts. Communicates using Radio Frequency with 13.56 MHz through antennas. Card is tapped at a distance of up to 4 cm. for read/write. Follows ISO- 14443 standards. Hybrid Combines the features of contact and contactless cards with 2 separate chips used for contact and contactless interfaces Dual Interface Same chip is used for both contact and contactless interfaces

Mobile NFC Near Field Communication (NFC) is a technology in smartphones that can enable contactless transactions and other data exchange with variety devices. RF Wireless Technology ISO/IEC 14443, 18092, MIFARE, FeliCa etc. Payment, Ticketing, Access, Loyalty & Coupons, etc. Secure Elements help store payment credentials Used in conjunction with Mobile UI(e.g. Wallets) E.g. Google Wallet, ISIS Wallet

Mobile NFC NFC Forum Specifications Reader/Writer mode Device can read/write any NFC Forum supported tag types. ISO 14443 and FeliCa schemes NFC Tag Peer-to-Peer Two NFC devices can exchange data between themselves. ISO/IEC 18092 standard Card Emulation NFC device (phone) acts as a contactless card

Trusted Service Managers(TSM) TSM is a Trusted Third Party that brings the service providers together for the provisioning and life cycle management of Payment, Access, Transit and other Secure Element related credentials in a secure manner. E.g. - First Data, G&D, Gemalto etc., TSM Functions Provision/Deletion Key Management/Data Prep Post Issuance Life Cycle Management OTA(Over-The-Air) TSM Models MNO / SE TSM Service Provider(SP) TSM

Trusted Service Managers(TSM) NFC Phone Service Provider TSM Service Providers

Secure Element & NFC Components of a typical mobile NFC phone Secure Element(SE) UICC, Embedded SE, micro SD NFC Controller NFC Chip, Stack, CLF Mobile Wallet UI Application for consumer interaction Communication Protocols/Interfaces ISO-7816, ISO-14443, SWP,UART,I2C,SPI Smart OS Android, ios, BlackBerry OS, Windows Phone SE OS Java, Multos, Proprietary

NFC Phone Architecture

How Does a Secure Element Work? How does a Secure Element work? Contains an OS Java, Multos Multiple systems Interaction MNOs, TSMs, Data Prep systems, POS Transactions GlobalPlatform Specification for Interoperability Communication Secure Channel, APDUs Multi-Applications Applets, Security Domains E.g. Payment brands, PPSE, Access, Transit Security Cryptographic Keys Symmetric, Asymmetric

GlobalPlatform & Secure Element GlobalPlatform Cross industry, international, nonprofit organization which identifies, develops and publishes specifications for a secure and interoperable environment for the chip technology. GlobalPlatform Specifications Card Specification Device Specification Systems Specifications

GlobalPlatform & Secure Element Security Domains Area of ownership for entities within the chip Issuers Controlling authorities Application providers Communication APDU Secure Channel Applications - Installation, Extradition, Provision and Deletion AIDs

Security Domains Hierarchy Security Domains Issuer Security Domain Supplementary Security Domain CASD TSD APSD NFC Deployment Models Simple Mode Delegated Mode Authorized Mode

TSM Deployment Models Simple Mode Card Content Management is done by the MNO can be monitored by the TSM. Delegated Mode Card Content Management is delegated to a TSM with preauthorization Authorized Mode Card Content Management is fully delegated to a TSM

Secure Element Communication Card Content Management (CCM) Loading, Installation, Perso, Extradition, Deletion APDU - Application Protocol Data Unit Command APDU CLASS INSTRUCTION P1 P2 L c Data L e Response APDU

Secure Element Communication Secure Channels Secure Communication between card and off-card entity SCP02 - Symmetric secure channel protocol SCP03 - Asymmetric secure channel protocol SCP80 - OTA secure channel protocol(etsi) Keys & Diversification Master Keys Card Keys Session Keys Provision Store Data commands Stores credentials Data Grouping Identifiers Groups data for storage

Trusted Execution Environment Challenges in Mobile Device Environment Malware and Viruses Privacy Financial Fraud Content Protection Enterprise Data Secure Space Solution: Trusted Execution Environment (TEE) Framework for mobile device security Layer between Rich OS and SE Protection against malware and viruses

Trusted Execution Environment TEE Architecture Environment isolation Rich OS Trusted Applications Secure Element TEE Internal API TEE Client API TEE Functional API Source: GlobalPlatform

Trusted Execution Environment Cost vs. Protection Higher protection = Higher costs Potential Use Cases for TEE Mobile Payment DRM Content Management Corporate Access Email, Intranet Source: GlobalPlatform

Standards for SE & NFC Standards EMVCo http://www.emvco.com/ ETSI http://www.etsi.org/ GlobalPlatform http://www.globalplatform.org/ GSMA http://www.gsma.com/ ISO http://www.iso.org/ NFC Forum http://www.nfc-forum.org Payment Schemes PCI https://www.pcisecuritystandards.org FIPS https://csrc.nist.gov Common Criteria http://www.commoncriteriaportal.org/ Purpose Global standard for credit and debit payment cards based on chip card(icc) technology European Telecommunications Standards Institute is a standardization organization in the telecommunications industry Organization provides specifications for a secure and interoperable environment for the chip technology Association of mobile operators for supporting the standardizing and deployment of the GSM mobile system International Organization for Standardization. Provides standards for contact(iso- 7816), Contactless(ISO-14443) chip technologies Industry association that promotes the specification and use of NFC short-range wireless interaction in consumer electronics, mobile devices and PCs. Provides specifications for contact and contactless payments. (Amex, Discover, MasterCard, Visa) PCI Security Standards Council provides Payment Card Industry Security Standards -Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) U.S. government computer security standard describes Security requirements and standards for cryptography modules Common Criteria is an international standard for computer security certification. Provides evaluations of Information Technology products and protection profiles

Types of Secure Elements (SE) Sanjiv Rawat Technical Account Manager Giesecke & Devrient

Types of Secure Elements UICC Embedded Secure Elements (ese) MicroSD Stickers (Not a SE)

UICC Mandatory in GSM and LTE standards UICC already used as SE for storing network information Applications residing the UICC can include USIM, CSIM, and ISIM Variety of memory sizes available from 256K to 1.2M and beyond, along with a variety of form factors (2FF, 3FF, 4FF) Built on Java card and GlobalPlatform standards allowing GP security standards allow for security domains (SD) where 3 rd parties can manage their own applications on the UICC Banks, retailers, and transit authorities for their secure applications based on GP Specs 3 rd parties are granted access to SDs by the issuing MNO MNO provides each 3rd party with a unique security key to access its SD UICC communicates with the NFC controller in the handset through a Single Wire Protocol (SWP) The UICC plus an NFC-enabled device creates the framework for secure transactions in an NFC environment, while storing secure credentials on the UICC

Embedded Secure Element (ese) Similar to a UICC, but in another form factor Built into mobile devices during the manufacturing process by Original Equipment Manufacturer (OEM) Cannot be removed from the mobile device Does not require the same level of standardization as the removable type Follows GP standards vs. telecommunication standards Issued and managed by either the OEM or MNO

MicroSD Changes any mobile phone to an NFC phone Was considered a bridging technology, now a third option where the SP owns and manages the SE MicroSD SE: With or Without an embedded Antenna MicroSD with the NFC capabilities and built-in antenna MicroSD without the antenna that requires an external NFC capabilities (i.e.: sleeves or antenna connection) MicroSD issued & owned by a 3 rd party (banks, etc.) No MNO or OEM manufacturer involvement Most handsets have a built in MicroSD slot Slot position will impact the NFC strength there is no standard placement of the slots within a mobile device, thus placement can greatly impact the read range and effectiveness Security, issuance and distribution remains completely in the hands of the SP

Stickers/NFC tags Bank or Transit Stickers: Bridging or companion products for a contactless card emulation Stickers are self-adhesive contactless cards designed to be attached to the back of handsets Issued by banks as a companion card or as a different form factor cards for contactless applications Typically a single application No OTA post-issuance life cycle management of applications No direct connection to the mobile device NFC Tags: Secure reading smart tags (sharing and pairing of information) NFC tags can be easily incorporated into promotional marketing media, such as posters, retail displays, product packaging, direct mail and numerous other print options Less secure than Secure Elements 2 Types of Stickers: Passive RFID relies on RF energy transferred from the reader to the tag to power the tag (example: posters, product info, etc.) Active RFID uses an internal power source (battery) within the tag to continuously power the tag and its RF communication (example: toll-gate pass)

Secure Elements UICC Promoted by MNOs New SWP, HCI protocols First NFC UICC products available in 2012, many new handset models expected Embedded SE Type and model specified by handset vendor Security chip directly embedded into the mobile device Technology is available (e.g. Blackberry, Nokia, Samsung) Mainly MNO independent MicroSD 3rd party products that are independent of the MNO Many handsets today have µsd slots, although RF performance critical Combination with m-banking (OTP, PKI), m-commerce SE Secure Element SIM Subscriber Identity Module SWP Single Wire Protocol

The Secure Element in Action Greg Coogan Field Marketing North America Morpho

ISIS Style Deployment of Secure Element Wallet App ISIS Consortium NFC Enabled Merchant Credit Card Issuers Merchant Acquirers NFC Enabled SIM Isis App Mobile Network Operator Trusted Service Manager

Google Wallet Style Deployment of Secure Element Wallet App Google Wallet NFC Enabled Merchant Credit Card Issuers Merchant Acquirers Embedded NFC Chip Google Applet Mobile Network Operator Trusted Service Manager

Secure Elements for Access Keys ACCESS Home Work Hotel Access Company Trusted Service Manager Hotels Corporations Government

Secure Elements in Transit Passes Transit Subway Bus Ferry Controlling Authority Trusted Service Manager Payment Provider Mobile payments platforms may also support transit

Questions & Answers

Mobile & NFC Security Webinar Series Mobile/NFC Security Fundamentals : NFC Forum Tags and Security Considerations April 18, 2013, 1pm ET/10am PT Speakers: Tony Rosati, NFC Forum/Blackberry; Joe Tassone, Identive; Randy Vanderhoof, Smart Card Alliance; Mike Zercher, NXP Semiconductors; Rob Zivney, Identification Technology Partners Mobile/NFC Security Fundamentals : NFC Application Use Cases Security Perspectives May 9, 2013, 1pm ET/10am PT Speakers: Rene Bastien, SecureKey Technlogies; Jonathan Main, NFC Forum/MasterCard; Steve Rogers, IQ Devices; Tony Sabetti, Isis; Randy Vanderhoof, Smart Card Alliance

NFC Solutions Summit 2013

Brent Bowen, bbowen@insidefr.com Sridher (Sree) Swaminathan, FirstData.com Sanjiv Rawat, sanjiv.rawat@gi-de.com Greg Coogan, greg.coogan@morpho.com Randy Vanderhoof, rvanderhoof@smartcardalliance.org Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback