mobile security application current status overview in...
TRANSCRIPT
Mobile Security Application Current Status Overview in Taiwan
Dr. Char-Shin MiouChunghwa Telecom. Co.
April 7, 2011
Content
� Problems and Current Status�Approach for the Mobile Security
Application�Mobile PKI and Mobile NFC�Mobile PKI and Mobile NFC�Case Study�Conclusions
2
Service
Host Device
Network
PC Mobile Phone, PDA
BB Wireless Network by 3G, 24hours Connection
[Mobile & Local Transaction]
(Market Size)
E-GovernmentCitizen ID Healthcare
passport
E-Money
[Mobile]
Market Trend of E-Commerce to M-Commerce
Service ramping up period
Service
2007 2009 2011
Market Size)
Digital Content
Entertainment Education News
Payment
Stock Trading
Auction Shopping
E-Service
[On line]
[Mobile]
Enterprise
Employ ID
Remote accessRemote accessRemote accessRemote access
Smart Card
TransportationISPBanking SportsTransportation Amusement
E-Ticket
Insurance
3
-Enterprise-Government-Public org.
(Remote access)
Public-Citizen card(Driver license,Passport)-Health care-Education Financial
-e-Money-Payment-m-Banking-Stock Trade
Employ
Member
Linkage of
-Mileage Club-Private Club (Hobby)-Internet member site
Mobile Security Applications
Consumer
Service
-Network-Transportation-Telematics-Insurance-Travel
-Content(movie,
music, game,publishing)Retail
-Home electronics-Automotive
-Stock Trade
-Advertisement(Bargain sale,catalog)
-CRM-Town Guide -Sports
-Amusement,-Cinema-Concert
e-Ticket
Linkage ofServices in
Mobile Device(W-LAN, ISP)
4
Secure Issues in Mobile Environment
DenialTransaction
Eavesdrop
TamperIntegrity
Encryption Non-Repudiation
PersonatorAuthentication
Mobile SIM
E-Cash TransportTicket
Access Control
Citizen CertificateCard
SE++++
TransactionEavesdropEncryption Non-Repudiation
5
5
� Problems and current status�Approach for the Mobile Security
Application�Mobile PKI and Mobile NFC�Mobile PKI and Mobile NFC�Case Study�Conclusions
6
Crypto-
NFC PN511E-Purse
Dual Interface and Multiple function
TransportationTransportation TelematicsTelematics
RFIDRFID
SIM
ISO14443
CoreController
Crypto-Controller
Dual I/FSmart Card
- Contact [ISO7816]- Contact-less [ISO14443]
POSPOS
Vending Vending MachineMachine
ISO14443
EE--ID ServiceID Service
ISO7816
� High Speed & large storage Interface � In 2006 Nov., USB was selected as High Speed & large storage
Interface by ETSI committee
C1、C2、C3、C5、C7: Already used by SIM
C1C1
C2C2
C3C3
C5C5
C6C6
C7C7國際國際國際國際SIM 卡標準化過程卡標準化過程卡標準化過程卡標準化過程
SIM Card Evolution
� Contact-less Interface� In 2007 Nov. SWP(Single Wired Protocol) was adapted as contactless
interface for NFC ( Near Field Communication) service by ETSI and GSMA
C4C4 C8C8國際國際國際國際SIM 卡標準化過程卡標準化過程卡標準化過程卡標準化過程
Mobile PKI Service Architecture
RAOCertification Registration
Secure Tokenfor
Key & Certificatestorage
+RAOCertification Authority
User
E-service
Authority+
Mobile Network
PKI enable APIand
Device middleware
9
HSM
Transaction data
Protected byapplet
handset
One way authentication
Mutual Authentication
� One way authentication �Mutual authentication� Ensure transaction date secure and non-repudiation
Platform and Mobile Handset
Application Application Server
Protected by
Session Key
ServiceData
Secure Channel establish
Data encrypted by Session KeyData encrypted by Session KeyData encrypted by Session KeyData encrypted by Session Key
Encrypted Data
Server
Secureelement
applet
Data
10
What is a SE (Secure Element) ?
Provider Security Domain Provider Application
Card IssuerSecurity Domain
Secure Channel
Secure Element
Run-Time Environment & Hardware-neutral API(JCRE)
Global Platform API
Card Manager
Issuer Application
� Security Domain:� It is a key container.� To store Key Sets belong to an application provider
� Key Set:� To establish Secure Channel between card application
(Applet) and host application.� A Key Set:� Secure Channel Encryption Key (S-ENC)� Secure Channel Message Authentication Code Key
(S-MAC)� Key Encryption Key (KEK)
�Mutual Authentication
�Secure Message
11
Middleware
Mobile Device + Secure Element
JSR 257
Browser-based (MIDlet) Text-based(STK Menu)
JSR 177(U)SAT
Mobile PKI Enable API
MobilePKCS # 11
+ ++
J2ME/Native OS (WIN Mobile、iPhone OS、Android、Symbian…)
USIM/Secure Element Access interface(ISO 7816/USB/)
PKCS # 11
12
Hardware Secure Element Approach
Stack-SIM module
C1C1C2C2
C3C3
C4C4
C5C5C6C6
C7C7C8C8
VVCCCC
RSTRST
CLKCLK
RFURFU
GNDGND
VVPPPP
I/OI/O
RFURFU
SE in uSDSE in Stack SIM
Secure Element chip
SIM card chip
13
APDU JCRMI PKI CRYPTO
Midlet Midlet MidletMidlet
JSR 177 Security and Trust Services APIs (SATSA)
JSR 177 Architecture
J2ME VM
Native and low level Smart card driver
Communication APIS Security APIS
Mobile Platform OS
14
JSR-257
JSR257 NDEF formatted data R/W
Physical RFID R/W
External smart card communication
Contactless common functions
NFC Applications
15
CLDC MIDP
KVM
NFC Software Stack
Visual Tag R/W
Operating System
Hardware
General purpose
Slot and token management
Sessionmanagement
Crypto algorithms
PKCS#11:Cryptographic Token Interface Standard
PKCS#11 Architecture
AP AP/Mdilet AP/MidletAP
Keymanagement
Desktop Platform Mobile phone Platform
purposefunctions
management management
Native and low level Smart card driver
algorithmsmanagement
windows Linux/UnixMAC OSX
PC/SC
Windows phone
Windows phone
android phone
J2ME phone
management
16
� Problems and current status�Approach for the Mobile Security
Application�Mobile PKI and Mobile NFC�Mobile PKI and Mobile NFC�Case Study�Conclusions
17
What is NFC ? What is NFC ?
� NFC (Near Field Communication) Provides the way information and services are distributed, paid for and accessed by the connected consumer
� NFC is a wireless technology enabling � NFC is a wireless technology enabling convenient short-range communication between electronic devices with secure way
18
SWP SIM Architecture
C1C1C2C2
C3C3
C4C4
C5C5C6C6
C7C7C8C8
VVCCCC
RSTRST
CLKCLK
D+D+
GNDGND
VVPPPP
I/OI/O
DD--
SWP
19
ISO 7816 Part 12
USB Interface
PKIApplet
Defined by GSMA Standard
PKI FunctionInside