architecture and security - gauthier van damme (ibbt-cosic- k.u.leuven) & kris vanhecke(...
TRANSCRIPT
![Page 1: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/1.jpg)
Architecture and security
Gauthier Van Damme, IBBT/COSIC, K.U.Leuven
Kris Vanhecke, IBBT/WICA, UGent
![Page 2: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/2.jpg)
Table of content
System overview Fundamental idea The NFC Voucher system
Technical: user-side components MIDlet running on NFC phone OS (S40) Secure Element (SE) for secure voucher manipulation
Practical: user-side features Voucher management Voucher use cases
Conclusions
2
![Page 3: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/3.jpg)
System overview: fundamentals
Offline system implies important security issues
Focus on maximal security
Therefore: PKI to create circle of trust: Issuer certifies users
Users can be trusted and if necessary revoked Efficient key management
Breaking one link does not scale to the system OS of mobile devices can’t be trusted
Use trusted platform on phones: SE
3
![Page 4: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/4.jpg)
The NFC Voucher System Registration
4
TSM
Handset
Voucher Issuer 4
2
3
5
MIDlet/Applet
Public Key
Certificate
1Phone Number
Public Key/Certificate
![Page 5: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/5.jpg)
The NFC Voucher System
5
![Page 6: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/6.jpg)
Technical – User-side components
MIDLet, running in the S40 OS of the (Nokia) phone GUI/Keypad Receiving Vouchers through MMS (encrypted) Communication proxy for Voucher transfer with SE’s
Java Card (2.2.1) applet, running in SE
Security backbone of the system Receive & store Vouchers Voucher transfer and payment protocol Stores all sensitive data and cryptographic keys
6
![Page 7: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/7.jpg)
7
OS Features (Java based)
The MIDlet Suite Java Archive (JAR) Java Application Descriptor (JAD)
JSR-257 Contactless Communication API Control the NFC interface ISO-14443 communication with SE
Push Registry Some Security
![Page 8: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/8.jpg)
8
Push Registry
MIDlets can be launched automatically by the Application Management Software
Timer based Inbound network connections
Static registration in JAD descriptors Possible use cases
Timely warnings about expiring vouchers Intercept incoming MMS messages that carry vouchers
![Page 9: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/9.jpg)
9
Security aspects
Access to some APIs is restricted Some require explicit user confirmation Some actions can only be performed by trusted
MIDlets X.509 PKI public key digital certificates.
Verisign Thawte …
Only trusted MIDlets may connect to the internal Secure Element
![Page 10: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/10.jpg)
SE: security backbone of the system
Security in offline payment systems is critical NFC has limited range but security issues remain:
(Haselsteiner & Breitfuss [RFIDSec2006])
Eavesdropping up to 10m from active devices Data modification possible for some transfer rates Denial-of-Service always possible
Risks for NFC Voucher scheme: Re-routing of Vouchers in transit (stealing) Loss of Vouchers Counterfeiting or duplication
10
![Page 11: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/11.jpg)
The Java Card applet on the SE
Strong cryptography is needed on top of the NFC Maximum use of SE functionalities:
Controlled by the Trusted Service Manager (TSM) Java Card applet will be deployed by TSM Application in SE gets a PKI key pair on initialization Limited applet access by OS/MIDlet
No Voucher leaves the SE unencrypted Issuer Signed Vouchers: Vouchers have a digital
signature
11
![Page 12: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/12.jpg)
Limitations of the SE
Unfortunately the Java Card used is not perfect
(NXP SmartMX with G&D's Sm@rtCafe Expert 3.1 OS) Preferred cryptographic primitives are not available
RSA (1024 bit keys) used instead of ECC (160 bit keys) 3DES used instead of more efficient AES
Memory issues limit the speed of every operation:
12
![Page 13: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/13.jpg)
13
Practical: user-side features
Check Balance
Review History
Make Payment
MMS Intercept
Phone 2 Phone
Configuration
![Page 14: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/14.jpg)
14
Use Cases in more detail
1. Receiving new Vouchers via MMS
2. Making a payment at the cash desk
3. Tranferring Vouchers to other users
![Page 15: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/15.jpg)
15
1. Receiving new vouchers via MMS
Multimedia Messaging Service MMS Encapsulation Specification Payload
Images, sound files SMIL file to describe message layout
NFC-Voucher MMS Payload is binary data: encrypted vouchers 20 vouchers: 3 kB of binary data MIDlet sends data to SE through APDU calls
![Page 16: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/16.jpg)
16
2. Making a payment at the cash desk
MIDlet
1
2
3
NotificationExternalReaderDetected
ISO 14443 (APDUs)Check new balance
JSR-257
![Page 17: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/17.jpg)
17
3. Transferring Vouchers to users
MIDlet
2
3
4
Notification
JSR-257
MIDlet
JSR-257
Initialize transaction
1
Start protocol
Execute protocol
4
![Page 18: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/18.jpg)
Conclusions: Security issues solved/remaining
Solved: Vouchers can not be created (signature) Voucher can not be duplicated (they do not leave SE
unencrypted) Vouchers can not be stolen as users are identified
Remaining issues: Vouchers can sometimes appear ‘lost in transaction’
18
![Page 19: Architecture and security - Gauthier Van Damme (IBBT-COSIC- K.U.Leuven) & Kris Vanhecke( IBBT-WICA-UGent)](https://reader035.vdocument.in/reader035/viewer/2022062514/558e2c161a28ab2c048b474a/html5/thumbnails/19.jpg)
Conclusions: usability
Promising technology Improvement compared to other systems (e.g. Proton) High enough security for Voucher payments
But needs speed improvements: ~6sec for NFC Phone-to-Phone transfer ~4sec for payments
19