The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … ·...
-
Upload
trinhthien -
Category
Documents
-
view
214 -
download
0
Transcript of The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … ·...
The Three Approaches to NFC Security-‐ SE, TEE & HCE Sree Swaminathan Director Product Development First Data
Near Field CommunicaAon Near Field CommunicaAon (NFC) is a technology in smartphones that can enable contactless transacAons and other data exchange with variety of external devices. -‐ Secure Element -‐ NFC Chip -‐ Mobile Wallet -‐ Applets
2
NFC Controller
Processor /Wallet App
Secure Element
SWP
I SO-7
816
HC
I
ISO-14443 13.56 MHz
Emerging NFC Ecosystem
3
HCE
TEE Secure Element
NFC
NFC Trinity Ø SE Only?
Ø HCE Only?
Ø TEE Only?
Ø TEE & HCE?
Ø TEE & SE?
Ø SE & HCE?
Ø SE+TEE+HCE?
How do they store the credenAals?
4
Ø Secure Element • Tamper resistant module • Cryptographic Keys • Secure channel Protocols
Ø Host Card EmulaAon • Cloud • OS Memory • Everything at soRware
(Source: Google HCE)
Ø Trusted ExecuAon Environment • Strikes a balance • Rich OS and Hardware • Hardware root of trust
(Source: GlobalPlaWorm)
Challenges from SE, TEE and HCE
6
Approach Challenges
Secure Element
§ Cost § Memory, applicaAons and access flexibility § Changes /Lifecycle Management § Ownership struggles § Over-‐engineering § TSM to TSM to TSM to TSM to……..
Trusted ExecuAon Environment
• Inherits most of SE challenges
Host Card EmulaAon • Security = hmmm….. What…?
The real security needs for the credenAals…
Ø What? ü Data at rest ü Data in moAon ü Data in process
Ø Where? ü At the host plaWorm ü On the device ü In the channels – Payment and Provision
8
The real security needs for the credenAals…
Ø How? Not one or two but…. ü Make the data less sensiAve or useless to social engineers in case of breach
ü EncrypAon, TokenizaAon, Hardware based, Transient Storage and other mulAtude of fraud detecAon techniques
ü Compliance to PCI, Payment network and other Governing bodies areas like HIPPA, GLBA, OFAC, SEC, FTC, etc. based on the data
9
and at the end -‐ All’s well….
10
HCE
TEE
Secure Element
TokenizaBon, Transient Data, ObfuscaBon, Time outs, White box Cryptography, GPS, BLE, Biometrics, HBS, TEE etc.
TEE APIs (IsolaBon, Trust)
SCP02/81 GP msg.
Complexity and Cost
Compensatory Controls
Sree Swaminathan First Data [email protected]