Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke(...

Post on 27-Jun-2015

523 views 0 download

Tags:

Transcript of Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke(...

Architecture and security

Gauthier Van Damme, IBBT/COSIC, K.U.Leuven

Kris Vanhecke, IBBT/WICA, UGent

Table of content

System overview Fundamental idea The NFC Voucher system

Technical: user-side components MIDlet running on NFC phone OS (S40) Secure Element (SE) for secure voucher manipulation

Practical: user-side features Voucher management Voucher use cases

Conclusions

2

System overview: fundamentals

Offline system implies important security issues

Focus on maximal security

Therefore: PKI to create circle of trust: Issuer certifies users

Users can be trusted and if necessary revoked Efficient key management

Breaking one link does not scale to the system OS of mobile devices can’t be trusted

Use trusted platform on phones: SE

3

The NFC Voucher System Registration

4

TSM

Handset

Voucher Issuer 4

2

3

5

MIDlet/Applet

Public Key

Certificate

1Phone Number

Public Key/Certificate

The NFC Voucher System

5

Technical – User-side components

MIDLet, running in the S40 OS of the (Nokia) phone GUI/Keypad Receiving Vouchers through MMS (encrypted) Communication proxy for Voucher transfer with SE’s

Java Card (2.2.1) applet, running in SE

Security backbone of the system Receive & store Vouchers Voucher transfer and payment protocol Stores all sensitive data and cryptographic keys

6

7

OS Features (Java based)

The MIDlet Suite Java Archive (JAR) Java Application Descriptor (JAD)

JSR-257 Contactless Communication API Control the NFC interface ISO-14443 communication with SE

Push Registry Some Security

8

Push Registry

MIDlets can be launched automatically by the Application Management Software

Timer based Inbound network connections

Static registration in JAD descriptors Possible use cases

Timely warnings about expiring vouchers Intercept incoming MMS messages that carry vouchers

9

Security aspects

Access to some APIs is restricted Some require explicit user confirmation Some actions can only be performed by trusted

MIDlets X.509 PKI public key digital certificates.

Verisign Thawte …

Only trusted MIDlets may connect to the internal Secure Element

SE: security backbone of the system

Security in offline payment systems is critical NFC has limited range but security issues remain:

(Haselsteiner & Breitfuss [RFIDSec2006])

Eavesdropping up to 10m from active devices Data modification possible for some transfer rates Denial-of-Service always possible

Risks for NFC Voucher scheme: Re-routing of Vouchers in transit (stealing) Loss of Vouchers Counterfeiting or duplication

10

The Java Card applet on the SE

Strong cryptography is needed on top of the NFC Maximum use of SE functionalities:

Controlled by the Trusted Service Manager (TSM) Java Card applet will be deployed by TSM Application in SE gets a PKI key pair on initialization Limited applet access by OS/MIDlet

No Voucher leaves the SE unencrypted Issuer Signed Vouchers: Vouchers have a digital

signature

11

Limitations of the SE

Unfortunately the Java Card used is not perfect

(NXP SmartMX with G&D's Sm@rtCafe Expert 3.1 OS) Preferred cryptographic primitives are not available

RSA (1024 bit keys) used instead of ECC (160 bit keys) 3DES used instead of more efficient AES

Memory issues limit the speed of every operation:

12

13

Practical: user-side features

Check Balance

Review History

Make Payment

MMS Intercept

Phone 2 Phone

Configuration

14

Use Cases in more detail

1. Receiving new Vouchers via MMS

2. Making a payment at the cash desk

3. Tranferring Vouchers to other users

15

1. Receiving new vouchers via MMS

Multimedia Messaging Service MMS Encapsulation Specification Payload

Images, sound files SMIL file to describe message layout

NFC-Voucher MMS Payload is binary data: encrypted vouchers 20 vouchers: 3 kB of binary data MIDlet sends data to SE through APDU calls

16

2. Making a payment at the cash desk

MIDlet

1

2

3

NotificationExternalReaderDetected

ISO 14443 (APDUs)Check new balance

JSR-257

17

3. Transferring Vouchers to users

MIDlet

2

3

4

Notification

JSR-257

MIDlet

JSR-257

Initialize transaction

1

Start protocol

Execute protocol

4

Conclusions: Security issues solved/remaining

Solved: Vouchers can not be created (signature) Voucher can not be duplicated (they do not leave SE

unencrypted) Vouchers can not be stolen as users are identified

Remaining issues: Vouchers can sometimes appear ‘lost in transaction’

18

Conclusions: usability

Promising technology Improvement compared to other systems (e.g. Proton) High enough security for Voucher payments

But needs speed improvements: ~6sec for NFC Phone-to-Phone transfer ~4sec for payments

19

Karel Wouters
Current and future challenges for offline NFC voucher system: Better hw needed/existing?less security for more efficiency?