30
Mobile/NFC Security Fundamentals Anatomy of a Mobile Device: Security Architecture and Secure Provisioning Smart Card Alliance and GlobalPlatform Webinar March 5, 2013

Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

  • Upload
    others

  • View
    13

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Mobile/NFC Security Fundamentals Anatomy of a Mobile Device: Security Architecture and Secure Provisioning

Smart Card Alliance and GlobalPlatform Webinar March 5, 2013

Page 2: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Introductions • Randy Vanderhoof • Executive Director • Smart Card Alliance

Page 3: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry

association working to stimulate the understanding, adoption,

use and widespread application of smart card technology.

Through specific projects such as education programs, market

research, advocacy, industry relations and open forums, the

Alliance keeps its members connected to industry leaders and

innovative thought. The Alliance is the single industry voice for

smart cards, leading industry discussion on the impact and

value of smart cards in the U.S. and Latin America. For more

information please visit http://www.smartcardalliance.org.

Page 4: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Mobile & NFC Council

Raise awareness and accelerate the adoption of all applications using NFC Access control, identity,

loyalty, marketing, payments, peer-to-peer, promotion/coupons/offers, transit, …

Accelerate the practical application of NFC, providing a bridge between technology development/specifications and the applications that can deliver business benefits to industry stakeholders.

Page 5: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Today’s Webinar Topics & Speakers

Introduction: Randy Vanderhoof, Executive Director, Smart Card Alliance

Introduction to GlobalPlatform: Kevin Gillick, Executive Director, GlobalPlatform

Anatomy of a Mobile Device: Philip Hoyer, Director, Strategic Solutions, HID Global

Security Interfaces and Secure Provisioning: Gil Bernabeu, Technical Director, GlobalPlatform

Q&A: Randy Vanderhoof, Smart Card Alliance

Page 6: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Contactless and NFC Payments Continues to Spread

vending

taxi

Form factors

applications

drivethru

Page 7: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

NFC Security Webinar Series #1 – Anatomy of a Mobile Device

Kevin Gillick Executive Director GlobalPlatform

Page 8: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Introduction to

Across several market sectors and in converging sectors

GlobalPlatform is the standard for managing applications on secure chip technology

Trusted Execution

Environment

Secure Element

AND

Page 9: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

At-a-Glance What is the output of

GlobalPlatform?

Specifications – technical industry guidelines

Configurations – applying the guidelines to different market sectors

Security Certifications – streamlining security requirements & testing

Industry Compliance Program – confirming a product’s functionality aligns to

GlobalPlatform technology

Educating the Industry – white papers & technical documents

Workshops – specification training & educational

Page 10: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Mobile Task Force (MTF)

Established in 2007 to actively contribute to the development of mobile telecommunications standards worldwide.

Overview: The task force provides input to the technical committees, concerning the

specific and emerging requirements of the mobile sector, in order that the GlobalPlatform Card, Device and Systems Specifications can be expanded and updated to suit market needs.

The primary objectives is to: collect business requirements facilitate new market opportunities between the mobile sector and other

industries highlight that differentiation of products and services can be achieved

through multiple applications demonstrate that various business models can be applied within one

implementation communicate that a neutral and scalable infrastructure can protect current

investments relative to future technology evolutions

10

Page 12: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Anatomy of a Mobile Device Philip Hoyer Director, Strategic Solutions HID Global

Page 13: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Definition of Mobile

Smartphone Phablet Tablet

Page 14: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Anatomy

Handset

Application #1

OS

UI / Keyboard

Contactless Frontend (CLF)

Secure Element

Applet

Page 15: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Anatomy – 2 -

Handset

Application #1

Secure Element Access

OS

UI / Keyboard

Contactless Frontend (CLF)

UICC/SIM

Applet #1

Embedded SE

Smart micro SD

Applet #3 Applet #5

Applet #4 Applet #2

Application #2

Page 16: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Anatomy – 3 -

Handset

Application #1

Crypto Middleware

Secure Element Access

Trusted UI / Keyboard

OS

UI / Keyboard

Contactless Frontend (CLF)

UICC/SIM

Applet #1

Embedded SE

Smart Micro SD

Applet #3 Applet #5

Applet #4 Applet #2

Application #2

TEE

Trusted App #1

Trusted App #2

External Reader

Page 18: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Secure Elements

On Phone: Embedded SE

Removable UICC / SIM Smart micro SD

Attached Phone Sleeves (ex. iCarte for Apple

phones) (still harbours micro SD) Attached reader inserting ISO smart

card Stickers

Page 19: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Security Continuum

Phone OS

Software Based Solution

Trusted Execution Environment (TEE)

Secure Element (SE)

SE + TEE combination

Security

Complexity

Page 20: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Interfaces

Handset

Application #1

Crypto Middleware

Secure Element Access

Trusted UI / Keyboard

OS

UI / Keyboard

Contactless Frontend (CLF)

UICC/SIM

Applet #1

Embedded SE

Smart Micro SD

Applet #3 Applet #5

Applet #4 Applet #2

Application #2

TEE

Page 21: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Security Interfaces and Secure Provisioning Gil Bernabeu Technical Director GlobalPlatform

Page 22: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Interfaces - standardisation

Handset

Crypto Middleware

Secure Element Access

TEE

Trusted UI / Keyboard

OS

UI / Keyboard

Open Mobile API

Contactless Frontend (CLF)

UICC/SIM

Applet #1

Embedded SE

Smart micro SD

Applet #3 Applet #5

Applet #4 Applet #2

Application #1 Application #2

PKCS #11 TEE Client API

Trusted App

Page 23: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Being Worked On

• Secure Element Access Control : which application has access to which Applets

• Routing of NFC Services

from CLF to multiple secure elements

Handset

Application #1

Crypto Middleware

Secure Element Access

TEE

Trusted UI / Keyboard

OS

UI / Keyboard

Contactless Frontend (CLF)

UICC/SIM

Applet #1

Embedded SE

Smart Micro SD

Applet #3 Applet #5

Applet #4 Applet #2

Application #2

Trusted App #1

Trusted App #2

Page 24: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Hosting multiple services

Secure Element

Bank

Transit

Office Security Domain

Bank Security Domain

Store

Office

Store Security Domain

Transit Security Domain

Applet #1

Applet #2

Applet #3

Applet #4

Page 25: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Secure Provisioning

Handset

Application #1

Crypto Middleware

Secure Element Access

Trusted UI / Keyboard

OS

UI / Keyboard

Contactless Frontend (CLF)

UICC/SIM

Applet #1

Embedded SE

Smart Micro SD

Applet #3 Applet #5

Applet #4 Applet #2

Application #2

TEE

Remote Admin Agent

Page 26: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

GlobalPlatform Mobile Messaging

Provisioning - TSM

Bank

Bank

Transit

Store

Office

SIM OTA

TSM-SP

TSM-SP

TSM-SP

TSM-SP

SE Issuer TSM

ID TSM

Reader infrastructure

Bank

Payment card issuer

Transit

Transit card issuer

Store

Issues coupons and loyalty cards

Office

Issues access cards to employees

TSM-SP

Connects SP and SEI

TSM- SEI

NFC SE

Stores credentials securely

Phone

NFC antenna NfC chip

Credentials

NFC phone Wallet

MNO

SE OTA

TSM-3rd Party

Control SE usage

Page 27: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Questions & Answers

Page 28: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Mobile & NFC Security Webinar Series

Mobile/NFC Security Fundamentals: Secure Elements 101 March 28, 2013, 1pm ET/10am PT Speakers: Brent Bowen, INSIDE Secure; Greg Coogan, Morpho Cards; Sanjiv

Rawat, Giesecke & Devrient; Sree Swaminathan, First Data

Mobile/NFC Security Fundamentals : NFC Forum Tags and Security Considerations

April 18, 2013, 1pm ET/10am PT Speakers: Tony Rosati, NFC Forum/Blackberry; Joe Tassone, Identive; Randy

Vanderhoof, Smart Card Alliance; Mike Zercher, NXP Semiconductors; Rob Zivney, Identification Technology Partners

Mobile/NFC Security Fundamentals : NFC Application Use Cases – Security Perspectives May 9, 2013, 1pm ET/10am PT Speakers: Rene Bastien, SecureKey Technlogies; Jonathan Main, NFC

Forum/MasterCard; Steve Rogers, IQ Devices; Tony Sabetti, Isis; Randy Vanderhoof, Smart Card Alliance

Page 29: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

NFC Solutions Summit 2013

Page 30: Mobile/NFC Security Fundamentals Anatomy of a Mobile ...d3nrwezfchbhhm.cloudfront.net/webinars/Anatomy_of_a_Mobile_Device_030513.pdfAnatomy of a Mobile Device: Security Architecture

Smart Card Alliance 191 Clarksville Rd. · Princeton Junction, NJ 08550 · (800) 556-6828 www.smartcardalliance.org

• Randy Vanderhoof, [email protected] • Kevin Gillick, [email protected] • Philip Hoyer, [email protected] • Gil Bernabeu, [email protected]