Embed Size (px)
DESCRIPTION
Mobile Security and Payment. Nour El Kadri University Of Ottawa. Security. Keep in mind: Security requires an overall approach A system is as secure as its weakest component Securing network transmission is only part of the equation - PowerPoint PPT Presentation
Citation preview
Mobile Security and Payment
Nour El Kadri
University Of Ottawa
Security
Keep in mind:• Security requires an overall approach• A system is as secure as its weakest component
– Securing network transmission is only part of the equation
• The sad part is that people often prove to be the weakest link in the chain– Employee who hacks company’s billing database– Careless user who writes his/her PIN on the back of
their handset and forget in on the bus
The Role of Cryptography
• SIM Module and Authentication centers in GSM Architecture
• WAP Gateway security gaps and their solution in the new WAP protocol stack for built-in IP
• How does cryptography complement such solutions?
• What are the business implications?
Network Transmission Security Requirements
• Authentication• Confidentiality• Integrity• Non-repudiation
Cryptography plays a central role in satisfying these requirements
Other techniques include:• Packet acknowledgements• Checksums
Cryptography
Sender:
plaintext cipher text …. Using encryption algorithms
Receiver
cipher text plaintext …. Using a matching decryption algorithm
Secret-Key or Symmetric Cryptography
• Alice and Bob agree on an encryption method and a shared key.
• Alice uses the key and the encryption method to encrypt (or encipher) a message and sends it to Bob.
• Bob uses the same key and the related decryption method to decrypt (or decipher) the message.
Advantages of Symmetric Cryptography
• There are some very fast classical encryption (and decryption) algorithms
• Since the speed of a method varies with the length of the key, faster algorithms allow one to use longer key values.
• Larger key values make it harder to guess the key value -- and break the code -- by brute force.
Disadvantages of Symmetric Cryptography
• Requires secure transmission of key value
• Requires a separate key for each group of people that wishes to exchange encrypted messages (readable by any group member)– For example, to have a separate key for each
pair of people, 100 people would need about 5000 different keys.
Public-Key Cryptography AKA Asymmetric Cryptography
• Alice generates a key value (usually a number or pair of related numbers) which she makes public.
• Alice uses her public key (and some additional information) to determine a second key (her private key).
• Alice keeps her private key (and the additional information she used to construct it) secret.
PK Cryptography – cont’d
• Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice.
• Alice can use her private key to decrypt this message.
• No-one without access to Alice’s private key (or the information used to construct it) can easily decrypt the message.
Public Key Cryptography
Source: N. Sadeh
Man-in-the-Middle Attack
Solution: Certificate Authorities• Keys are certified, that means a third person/institution
confirms (with its digital signature) the affiliation of the public key to a person
Certificate Authorities
Three types of organizations for certification systems (PKIs?):
• Central certification authority (CA)– A single CA, keys often integrated in checking software– Example: older versions of Netscape (CA = Verisign)
• Hierarchical certification system – CAs which in turn are certified by “higher” CA– Examples: PEM, Teletrust, infrastructure according to Signature
Law• Web of Trust
– Each owner of a key may serve as a CA– Users have to assess certificates on their own– Example: PGP (but with hierarchical overlay system)
Hybrid Encryption Systems
• All known public key encryption algorithms are much slower than the fastest secret-key algorithms.
• In a hybrid system, Alice uses Bob’s public key to send him a secret shared session key.
• Alice and Bob use the session key to exchange information.
Digital Signatures
• A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document
Digital Signatures
Source: N. Sadeh
Elliptic Curve Cryptography
• ECC was introduced by Victor Miller and Neal Koblitz in 1985.
• For DSA, RSA we need larger key length.• ECC requires significantly smaller key size with
same level of security.• Benefits of having smaller key sizes : faster
computations, need less storage space. • ECC ideal for constrained environments:
Pagers ; PDAs ; Cellular Phones ; Smart Cards
Key player
• Certicom is a key player.
• Acquired by Research in Motion (two days ago.
• Verisign was bidding on the company too
• This will set new research ahead in the wireless security arena
Smart card:– A card that contains a processor,
memory, and an interface to the outside world.
– Vary based on the capabilities of the processor and size of the memory
– A smart card needs a reader– Not very common in north America,
but it is widespread in other places.– Problems: Lack of standard interfaces
Smart Cards
GSM’s SIM-Based Authentication
Message Authentication Codes
• Checksums– used mostly to verify the integrity of
messages
Use a hybrid approach
• Recipient can verify both the authenticity and the integrity of the message
• MACs are also referred to as “Message Integrity Codes”
Security: The Combinations are Many
• IPSec protocol has been adopted by GPRS– Negotiation of security parameters between sender
and recipient– Negotiation carried out using Internet Key Exchange
• Flexibility in adapting security parameters to mobile environments is very important– Keys might be stored on SIM or WIM modules– Limited memory and processing power– Low bandwidth and high latency
Wired Equivalent Privacy
Aka “WEP”
• Represents Wi-Fi first attempt at security
• Works at data link layer (Layer 2)
• Uses static 40 or 104 bit keys for authentication and encryption.
• Based on RC4 symmetric stream cipher.
• Key stream generated from initial key, used to encrypt and decrypt data
WAP Security: WTLS
• Keys generally placed in normal phone storage.• New standards emerging (WAP Identity Module
[WIM]) for usage of tamper-resistent devices.• Aside from crypto problems:
– User interface attacks likely (remember SSL problems)
– WTLS terminates at WAP gateway; MITM attacks possible.
WAP Transaction layer WTP
• Three classes of transactions:– Class 0: unreliable– Class 1: reliable without result– Class 2: reliable with result
• Does the minimum a protocol must do to create reliability.
• No security elements at this layer.
• Protocol not resistant to malicious attacks.
WAP Session Layer WSP
• Meant to mimic the HTTP protocol.
• No mention of security in spec except for WTLS.
• Distinguishes a connected and connectionless mode.
• Connected mode is based on a SessionID given by the server.
Wireless Identity Module
• Can be used to hold private and secret keys required by WTLS TLS and non-WAP applications
• Computes crypto operations– “unwrapping master secret”– client signature in WTLS Handshake– key exchange (ECC WTLS Handshake)
• It can also store certificates and generate keys• WIM does not necessarily need to be issued by
the mobile operator• It can be implemented on the SIM card
WMLScript SignText
• Allows developers to write applications where users are prompted with a text that they reject or accept
• Acceptance requires the user to punch his/her WIM PIN code and that results in the generation of a digital signature
• DS is transmitted back to the content server
WAP Security Models
• Operator Hosts Gateway– Without PKI– With PKI
• Content Provider Hosts Gateway– Static Gateway Connection– Dynamic Gateway Connection
Operator Hosts Gateway
Operator Hosts Gateway
• Without PKI:– Advantages
• No extra work for Content Provider• No extra work for user• System only requires one logical gateway
– Disadvantages• Content Provider must trust Operator (NDA)• Operator can control home deck• Operator can introduce advertising
Operator Hosts Gateway
• With PKI:– Advantages
• Content providers does not need to trust Operator.
– Disadvantages• PKI Infrastructure must be in place.
Content Provider Hosts Gateway
• Static Gateway Connection– Advantages
• Content Provider does not need to trust Operator• Content Provider can control home deck• OTA can be used to configure mobile terminal
– Disadvantages• Mobile terminal may have limited number of gateway config
sets (i.e., Nokia 7110 has 10)• Mobile Terminal needs to be configured.
– OTA via WAP Push / SMS may not work with gateway / mobile terminal combination
– Content Provider may have to pre-configure mobile terminals
Content Provider Hosts Gateway
Internet
WAP Gateway
WTLS Class 2 SSL
Operator
WebServer
SSLContentProvider
WAP Gateway
Content Provider Hosts Gateway
• Dynamic Gateway Connection– Advantages
• Content Provider does not need to trust Operator.• Content Provider does not need to worry about
mobile terminal configuration
– Disadvantages• Operator needs to trust Content Provider.• Deployment very slow.
![A Study of Consumer Intention of Mobile Payment in Hong ... · 01.11.2018 · Hong Kong, such security problem in Hong Kong marathon payment system [18] and gaps of mobile payment](https://img.dokumen.tips/doc/110x75/5fabd49e783c2460d30d5588/a-study-of-consumer-intention-of-mobile-payment-in-hong-01112018-hong-kong.jpg)
