the$three$approaches$to$nfc$security4$se,$tee$&$ … ·...

12

The Three Approaches to NFC Security SE, TEE & HCE Sree Swaminathan Director Product Development First Data

Upload: trinhthien

Post on 06-Aug-2018

215 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

The Three Approaches to NFC Security-‐ SE, TEE & HCE Sree Swaminathan Director Product Development First Data

Page 2: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

Near Field CommunicaAon Near Field CommunicaAon (NFC) is a technology in smartphones that can enable contactless transacAons and other data exchange with variety of external devices. -‐  Secure Element -‐  NFC Chip -‐  Mobile Wallet -‐  Applets

2

NFC Controller

Processor /Wallet App

Secure Element

SWP

I SO-7

816

HC

I

ISO-14443 13.56 MHz

Page 3: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

Emerging NFC Ecosystem

3

HCE

TEE Secure Element

NFC

NFC Trinity Ø  SE Only?

Ø  HCE Only?

Ø  TEE Only?

Ø  TEE & HCE?

Ø  TEE & SE?

Ø  SE & HCE?

Ø  SE+TEE+HCE?

Page 4: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

How do they store the credenAals?

4

Ø Secure Element •  Tamper resistant module •  Cryptographic Keys •  Secure channel Protocols

Ø Host Card EmulaAon •  Cloud • OS Memory •  Everything at soRware

(Source: Google HCE)

Ø Trusted ExecuAon Environment •  Strikes a balance •  Rich OS and Hardware •  Hardware root of trust

(Source: GlobalPlaWorm)

Page 5: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

Smart Phones, CredenAals and Security

5

Bluetooth

Wi-Fi

Internet/ OTA SMS

Free Apps

USB

Page 6: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

Challenges from SE, TEE and HCE

6

Approach Challenges

Secure Element

§  Cost §  Memory, applicaAons and access flexibility §  Changes /Lifecycle Management §  Ownership struggles §  Over-‐engineering §  TSM to TSM to TSM to TSM to……..

Trusted ExecuAon Environment

•  Inherits most of SE challenges

Host Card EmulaAon • Security = hmmm….. What…?

Page 7: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

Security means different things to different souls…

7

Page 8: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

The real security needs for the credenAals…

Ø What? ü Data at rest ü Data in moAon ü Data in process

Ø Where? ü At the host plaWorm ü On the device ü In the channels – Payment and Provision

8

Page 9: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

The real security needs for the credenAals…

Ø How? Not one or two but…. ü Make the data less sensiAve or useless to social engineers in case of breach

ü EncrypAon, TokenizaAon, Hardware based, Transient Storage and other mulAtude of fraud detecAon techniques

ü Compliance to PCI, Payment network and other Governing bodies areas like HIPPA, GLBA, OFAC, SEC, FTC, etc. based on the data

9

Page 10: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

and at the end -‐ All’s well….

10

HCE

TEE

Secure Element

TokenizaBon, Transient Data, ObfuscaBon, Time outs, White box Cryptography, GPS, BLE, Biometrics, HBS, TEE etc.

TEE APIs (IsolaBon, Trust)

SCP02/81 GP msg.

Complexity and Cost

Compensatory Controls

Page 11: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

Big Thought Slide

InnovaAon is unstoppable! Superman wins at the end!

11

Page 12: The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ … · The$Three$Approaches$to$NFC$Security4$SE,$TEE$&$ HCE$ Sree$Swaminathan$ Director$ProductDevelopment FirstData $

Sree Swaminathan First Data [email protected]

NFC-Fachtagung 2018 - Teilnehmereinladung · NFC-Fachtagung 14.06.2018 Aufgrund des positiven Feedbacks zur letzten NFC-Fachtagung wird auch 2018 eine eigenständige NFC-Fachtagung

NFC: Getting Down to Business · NFC: Getting Down to Business By Koichi Tagawa, Chairman, NFC Forum . 40 NFC & CONTACTLESS | NFC solutions are popping up everywhere. One of the most

TOUR TEE GORD TEE - Core Entertainment · tour tee gord tee leaf tee mmp collage lyric album tee anarchy hoodie poster cap bottle opener rolling paper program 3/4 sleeve animals ladies

Building the Foundation for NFC - NFC Forumnfc-forum.org/wp-content/uploads/2013/12/Foundation-for-NFC-MIT... · 13.12.2010 · Building the Foundation for NFC ... NFC technology

Open NFC - NFC HAL Protocol Specification

NFC+: Breaking NFC Networking Limits through Resonance …xyzhang.ucsd.edu/papers/RZhao_SIGCOMM20_NFC+.pdf · NFC+: Breaking NFC Networking Limits through Resonance Engineering Renjie

Mobile/NFC Security Fundamentals NFC Application Use Cases ... · Mobile/NFC Security Fundamentals NFC Application Use Cases: Security ... own separate domain for secure credentials

NFC and the NFC Forum · NFC Forum. NFC and the NFC Forum. The Problems • Many proximity technologies have evolved in different ... -friendly and broadly interoperable platform

Secure Element – Protecting Your Digital Life - · PDF filedetached SE Via NFC Via Bluetooth Detached SE TEE eSE ... IMSI: International mobile subscriber identity Uniquely identify

NFC Reference Guide for Air Travel - NFC Forum

OPPORTUNITIES OF NEAR FIELD COMMUNICATION (NFC…msra.or.ke/.../MSRA...NFC-Technology-in-Research-Janet,-Daniel,-Rob… · Introduction •NFC NFC (Near Field Communication) is a

NFC M24LRxx CR95HF - etc · NFC Portfolio presentation NFC Tag with serial interface • NFC Reader-Writer NFC Transceiver NFC Controller & Secure Element NFC Summary . NFC Transceiver

color guide 2020 · gildanbrands.com 877.562.1499 3380 Toddler Tee 3383 Juvy Tee 3362 Girls Tee 5081 Youth Tee 3981 Youth Tee 3384 Youth Long Sleeve Tee 3381 Youth Tee YOUTH 2562

Tee Tee t-shirt

· tee tee tee . Created Date: 8/18/2014 4:42:13 PM

How to use NFC? - Bill & Ted's NFC adventure

NFC and the NFC Forum · Nokia Vice Chairman NFC Forum NFC and the NFC Forum The Problems • Many proximity technologies have evolved in different vertical markets • Most bring

NFC Technology Overview - NFC Forum · NFC Forum Technology Architecture. Digital Protocol Specification. NFC Activities Specifications. Defines how to construct records in NDEF messages

System Frameworks #WWDC17€¦ · Near Field Communication (NFC) Close proximity wireless communication RF technologies: NFC-A, NFC-B, NFC-F, NFC-V NFC Data Exchange Format (NDEF)

VULCANIC TEE TEE VERSION 2 - Thermal Electric

Mobile/NFC Security Fundamentals NFC Application Use Cases

URSONATE de Kurt Schwitters - merzmail.netmerzmail.net/ursonatepdf.pdf · Uu zee tee wee bee zee tee wee bee zee tee wee bee zee tee wee bee zee tee wee bee zee tee wee bee Fümms

NFC in Japan NFC Forum - Meetupfiles.meetup.com/2610372/2012 05 23 NFC Solutions Summit Meetup... · NFC in Japan and NFC Forum ... •CRM effect Fact Advantages Trend ... papers,

NFC FOR CONSUMABLES AND ACCESSORIES · • NFC technology integration / retrofitting into existing or new product designs • Building up of NFC enabled demonstrators • NFC technology

Provable Security4

NFC AND THE VEHICLE.• NFC-DEP NFC in the Car, BMW Car IT GmbH 2014-02-02 Page 18 NFC OVER SOMEIP. VIRTUAL NFC CONTROLLER AND REAL HARDWARE. • NFC Reader is somewhere in the vehicle

NFC Shield/NFC Module User Guide - Elecfreaks Store

NFC Standards for the NFC Ecosystem FINAL 103112

NFC A World of Opportunities - STMicroelectronics · NFC A World of Opportunities. Content Introduction to NFC..... 4 NFC communication modes ..... 6 NFC ... The NFC Forum defines

W. Feldheim: Tee und Tee-Erzeugnisse H. Grösser: Tee für … · Lehrbuch der Lebensmittelchemie (Springer-Verlag) TEE Lebensmittelrechtliche Aspekte Definition Als Tee werden Blattknospen,

Prénom (Tee-shirt) Tee-shirt)

NFC essentials · 13 NFC Forum Leading the way to NFC innovation • The NFC Forum is a non-profit organization established to promote the use of NFC technology in consumer electronics,

NFC Reference Guide for Air Travel - Home - NFC …nfc-forum.org/.../2013_10_28_NFC_Reference_Guide_for_Air_Travel_… · 1 Background ... 8.1 Android ... NFC Reference Guide for

Security in NFC Readers · Training NFC and security NFC, a different kind of wireless Under the hood of NFC based systems Enhancing the security of an NFC architecture Secure data