1 / 36

Mobile Security and Payment

Mobile Security and Payment. Nour El Kadri University Of Ottawa. Security. Keep in mind: Security requires an overall approach A system is as secure as its weakest component Securing network transmission is only part of the equation

Download Presentation

Mobile Security and Payment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mobile Security and Payment Nour El Kadri University Of Ottawa

  2. Security Keep in mind: • Security requires an overall approach • A system is as secure as its weakest component • Securing network transmission is only part of the equation • The sad part is that people often prove to be the weakest link in the chain • Employee who hacks company’s billing database • Careless user who writes his/her PIN on the back of their handset and forget in on the bus

  3. The Role of Cryptography • SIM Module and Authentication centers in GSM Architecture • WAP Gateway security gaps and their solution in the new WAP protocol stack for built-in IP • How does cryptography complement such solutions? • What are the business implications?

  4. Network Transmission Security Requirements • Authentication • Confidentiality • Integrity • Non-repudiation Cryptography plays a central role in satisfying these requirements Other techniques include: • Packet acknowledgements • Checksums

  5. Cryptography Sender: plaintext  cipher text …. Using encryption algorithms Receiver cipher text plaintext …. Using a matching decryption algorithm

  6. Secret-Key or Symmetric Cryptography • Alice and Bob agree on an encryption method and a shared key. • Alice uses the key and the encryption method to encrypt (or encipher) a message and sends it to Bob. • Bob uses the same key and the related decryption method to decrypt (or decipher) the message.

  7. Advantages of Symmetric Cryptography • There are some very fast classical encryption (and decryption) algorithms • Since the speed of a method varies with the length of the key, faster algorithms allow one to use longer key values. • Larger key values make it harder to guess the key value-- and break the code -- by brute force.

  8. Disadvantages of Symmetric Cryptography • Requires secure transmission of key value • Requires a separate key for each group of people that wishes to exchange encrypted messages (readable by any group member) • For example, to have a separate key for each pair of people, 100 people would need about 5000 different keys.

  9. Public-Key Cryptography AKA Asymmetric Cryptography • Alice generates a key value (usually a number or pair of related numbers) which she makes public. • Alice uses her public key (and some additional information) to determine a second key (her private key). • Alice keeps her private key (and the additional information she used to construct it) secret.

  10. PK Cryptography – cont’d • Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice. • Alice can use her private key to decrypt this message. • No-one without access to Alice’s private key (or the information used to construct it) can easily decrypt the message.

  11. Public Key Cryptography Source: N. Sadeh

  12. Man-in-the-Middle Attack Solution: Certificate Authorities • Keys are certified, that means a third person/institution confirms (with its digital signature) the affiliation of the public key to a person

  13. Certificate Authorities Three types of organizations for certification systems (PKIs?): • Central certification authority (CA) • A single CA, keys often integrated in checking software • Example: older versions of Netscape (CA = Verisign) • Hierarchical certification system • CAs which in turn are certified by “higher” CA • Examples: PEM, Teletrust, infrastructure according to Signature Law • Web of Trust • Each owner of a key may serve as a CA • Users have to assess certificates on their own • Example: PGP (but with hierarchical overlay system)

  14. Hybrid Encryption Systems • All known public key encryption algorithms are much slower than the fastest secret-key algorithms. • In a hybrid system, Alice uses Bob’s public key to send him a secret shared session key. • Alice and Bob use the session key to exchange information.

  15. Digital Signatures • A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document

  16. Digital Signatures Source: N. Sadeh

  17. Elliptic Curve Cryptography • ECC was introduced by Victor Miller and Neal Koblitz in 1985. • For DSA, RSA we need larger key length. • ECC requires significantly smaller key size with same level of security. • Benefits of having smaller key sizes : faster computations, need less storage space. • ECC ideal for constrained environments: Pagers ; PDAs ; Cellular Phones ; Smart Cards

  18. Key player • Certicom is a key player. • Acquired by Research in Motion (two days ago. • Verisign was bidding on the company too • This will set new research ahead in the wireless security arena

  19. Smart Cards Smart card: • A card that contains a processor, memory, and an interface to the outside world. • Vary based on the capabilities of the processor and size of the memory • A smart card needs a reader • Not very common in north America, but it is widespread in other places. • Problems: Lack of standard interfaces

  20. GSM’s SIM-Based Authentication

  21. Message Authentication Codes • Checksums • used mostly to verify the integrity of messages Use a hybrid approach • Recipient can verify both the authenticity and the integrity of the message • MACs are also referred to as “Message Integrity Codes”

  22. Security: The Combinations are Many • IPSec protocol has been adopted by GPRS • Negotiation of security parameters between sender and recipient • Negotiation carried out using Internet Key Exchange • Flexibility in adapting security parameters to mobile environments is very important • Keys might be stored on SIM or WIM modules • Limited memory and processing power • Low bandwidth and high latency

  23. Wired Equivalent Privacy Aka “WEP” • Represents Wi-Fi first attempt at security • Works at data link layer (Layer 2) • Uses static 40 or 104 bit keys for authentication and encryption. • Based on RC4 symmetric stream cipher. • Key stream generated from initial key, used to encrypt and decrypt data

  24. WAP Security: WTLS • Keys generally placed in normal phone storage. • New standards emerging (WAP Identity Module [WIM]) for usage of tamper-resistent devices. • Aside from crypto problems: • User interface attacks likely (remember SSL problems) • WTLS terminates at WAP gateway; MITM attacks possible.

  25. WAP Transaction layer WTP • Three classes of transactions: • Class 0: unreliable • Class 1: reliable without result • Class 2: reliable with result • Does the minimum a protocol must do to create reliability. • No security elements at this layer. • Protocol not resistant to malicious attacks.

  26. WAP Session Layer WSP • Meant to mimic the HTTP protocol. • No mention of security in spec except for WTLS. • Distinguishes a connected and connectionless mode. • Connected mode is based on a SessionID given by the server.

  27. Wireless Identity Module • Can be used to hold private and secret keys required by WTLS TLS and non-WAP applications • Computes crypto operations • “unwrapping master secret” • client signature in WTLS Handshake • key exchange (ECC WTLS Handshake) • It can also store certificates and generate keys • WIM does not necessarily need to be issued by the mobile operator • It can be implemented on the SIM card

  28. WMLScript SignText • Allows developers to write applications where users are prompted with a text that they reject or accept • Acceptance requires the user to punch his/her WIM PIN code and that results in the generation of a digital signature • DS is transmitted back to the content server

  29. WAP Security Models • Operator Hosts Gateway • Without PKI • With PKI • Content Provider Hosts Gateway • Static Gateway Connection • Dynamic Gateway Connection

  30. Operator Hosts Gateway

  31. Operator Hosts Gateway • Without PKI: • Advantages • No extra work for Content Provider • No extra work for user • System only requires one logical gateway • Disadvantages • Content Provider must trust Operator (NDA) • Operator can control home deck • Operator can introduce advertising

  32. Operator Hosts Gateway • With PKI: • Advantages • Content providers does not need to trust Operator. • Disadvantages • PKI Infrastructure must be in place.

  33. Content Provider Hosts Gateway • Static Gateway Connection • Advantages • Content Provider does not need to trust Operator • Content Provider can control home deck • OTA can be used to configure mobile terminal • Disadvantages • Mobile terminal may have limited number of gateway config sets (i.e., Nokia 7110 has 10) • Mobile Terminal needs to be configured. • OTA via WAP Push / SMS may not work with gateway / mobile terminal combination • Content Provider may have to pre-configure mobile terminals

  34. WTLS Class 2 SSL Operator WAP Gateway Internet WAP Gateway Content Provider Web Server SSL Content Provider Hosts Gateway

  35. Content Provider Hosts Gateway • Dynamic Gateway Connection • Advantages • Content Provider does not need to trust Operator. • Content Provider does not need to worry about mobile terminal configuration • Disadvantages • Operator needs to trust Content Provider. • Deployment very slow.

More Related