• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SmartCard Forum 2011 - Chytré karty dnes a za 20 let
 

SmartCard Forum 2011 - Chytré karty dnes a za 20 let

on

  • 188 views

 

Statistics

Views

Total Views
188
Views on SlideShare
188
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SmartCard Forum 2011 - Chytré karty dnes a za 20 let SmartCard Forum 2011 - Chytré karty dnes a za 20 let Presentation Transcript

    • Chytré karty dnes a za 20 let... SmartCardForum 2011 Jan Němec Gemalto Květen 2011
    • Agenda Chytré karty včera, dnes a za 20 let eGo Bezpečnost mobilních telefonů SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 2
    • Smart cards SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 3
    • Smart Cards predecessors … 1950 - plastic cards used for payment issued by Diners Club 200 customers in 27 restaurants in New York 1960ths - magnetic stripe cards London Transit Authority installed a magnetic stripe system SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 4
    • … Smart Cards vision 5 year ago … Source: Chandan – blog SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 5
    • … Smart Cards vision today Sources: http://www.upgradeyourbody.com http://www.ego-project.eu/ SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 6
    • What you touch is yours SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 7
    • Everywhere… Any Phone is mine, anywhere!Eve has: Eve did not: • borrowed a phone • Insert a card • placed a phone call • Enter a code in the handset • returned the phone • Charge the call on the phone owner’s bill SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 8
    • Fast… Just take it!Jeanne has: Jeanne did not: • Selected her drink • Open her handbag and grab her • Taken it purse • Use her credit card • Insert coins SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 9
    • Friendly… No more user name/password!Pierre has: Pierre did not: • touched his mouse • Enter a login and a password • Worked within his private • Insert a card environment SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 10
    • Intuitive… Open a door without handling a key!John has: John did not • Opened the door • turn a key SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 11
    • Safe… Only my swimming suit and my bath-towel!Eve has: Eve did not: • closed her home door • Be concerned about leaving • Stepped into her car anything on the beach during her • Driven to the beach bath • Purchased a bottle of iced tea • Placed a phone call SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 12
    • A wireless world Ubiquity • Everywhere • I can use all objects around me Security • All transactions are: anonymous, authenticated and non traceable Autonomy • Guarantee of mission of at least a day Connectivity • Easy and intuitive pairing and collaboration between smartNo more physical connectors objects SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 13
    • Easy pairing principleThe principle involves two wireless technologies: • INTRA-BODY Communication: • very short operational range to unambiguously select the device to connect with • Ultra-Wide Band (UWB) with RTLS (Real Time Location Service) • Medium operational range, high-speed exchange for application data Step 1: Securely Pair two devices and bootstrap the UWB communication Step 2: Start Application via a fast and secure wireless network and monitor the distance between the two devices to control an operational and secure bubble SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 14
    • eGo: a wearable device eGo can be placed anywhere on the user’s body • An NFC antenna would require to be in close vicinity of the “reader” object, therefore would be wearable only when positioned close to the user’s hand. Reversely, IBC antenna can be placed anywhere on the user’s body. IBC-based devices are truly wearable: intra-body communication will bridge the two devices.No standard form factors Physically attached to clothes or garments you wear • Has to be kept close to your body at all time SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 15
    • Intra-body communicationCapacitive Capacitive Sensing Sensing Capacitive Sensing Ultra-low power Low frequency (< 10 MHz) Conveys no application data Short range (< 20 mm) No direct skin contact needed. Work through gloves or clothes Low data rates (few dozens of kbit/s) SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 16
    • eGo: Two-Factor Authentication 1- What you wear • eGo is a wearable device 2- Who you are • A Single-Sign-On based on a fingerprint sensor SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 17
    • eGo: basic security concerns Active • When eGo is attached to your body and after a positive SSO Inactive • When eGo is not attached to your body SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 18
    • eGo: Enhanced Privacy Protection All transactions may be: • Anonymous • Non traceable • Authenticated Multiple Identity/Attributes Providers support Inherits from smart cards technology • Javacard • Global Platform SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 19
    • Application Distance Control with RTLStechnology RTLS (Real Time Location Service) based control • +/- 10 cm accuracy • Courtesy of IEEE802.15.4a precision location Relay-attack protection • Application bubble controlled by the application • Completed with Out-Of-Band agreement SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 20
    • eGo and Safety Intra-Body Communication • eGo embeds only the receiver • eGo-ready device generates electric field bursts. SAR is 10 millions times lower than a mobile phone • Electric field based technologies are already use for: • biomedical sensors • Sensitive PC Pads, touch display • Sensitive button (lift button, electronic oven control,…) UWB IEEE802.15.4a • Ultra low spectral density: • 1000 times less than Bluetooth class 1 • Specific Absorption Rate • 3.5 GHz to 8GHz out of range of the water absorption (e.g. Body) which is around 2.4 GHz • Low power 3000 times lower than mobile phone • 99% of the working time in standby mode • The UWB and Intra-body technology are safe SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 21
    • Security inHandset Market SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 22
    • Malware Applications and Security Holesare Growing…January 11, 2010: Android app steals bank login detailsAn application available via Googles Android Market was infected with a trojandesigned to steal users bank login details (…)May 27, 2010: Ubuntu Lucid (PC) can read your iPhones secretsDo you have a PIN code on your iPhone? Well, it doesn’t prevent access to yourdata … When hooking up a non-jailbroken, fully up-to-date iPhone 3GS to a PCrunning Lucid Lynx … SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 23
    • Malware and Attacks in Smartphones are Growing! SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 24
    • Users are Delocking their Smarphones… Step 1: Set up ADB Step 2: Push exploid to /sqlite_stmt_journals "adb push exploid /sqlite_stmt_journals" Step 3: type "adb shell" Step 4: type "cd sqlite_stmt_journals" Step 5: type "chmod 755 exploid" Step 6: type "./exploid" and follow directions on screen Step 7: type "rootshell" Step 8: type in password "secretlol" Step 9: you’re in root! ⇒ Used by users to get access and full control to Android resources by exploiting Android security holes SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 25
    • Android Case Android security model based on end-user • User validates the application permissions at installation • Example: application X needs to access localization information • User is capable of modifying the whole Android system (fully open model) Android is a large and complex system Security holes that can be used by user and malware e.g. Just a few days to jailbreak a new Android phone model Any software or sensitive data needs to be isolated from Android SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 26
    • How to Secure Sensitive Applications? Software to be executed needs to be secured (code and data such as cryptographic keys) • Principle: isolation in a secure environment 1. Security for downloadable applications 2. Use of Trusted Execution Environment (TEE) 3. Use of external component: Secure Element User Interface needs to be secured • Sensitive information entry (e.g. password) • Transaction data to be validated (e.g. transaction amount) • Principle: Trusted User Interface via Trusted Execution Environment SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 27
    • What is a Trusted Execution Environment (TEE)? TEE provides hardware-based isolation from Rich OS such as Android, Windows Phone and Rich OS Application Environment Symbian. Trusted Execution Environment Trusted Trusted Trusted Application Application Application TEE runs on the main device DRM Payment Payment Corporate Corporate Client Applications processor TEE has privileged access to device API GlobalPlatformTEE Internal API resources (user interface, crypto GlobalPlatform TEE Client API accelerators, secure elements, …) Trusted Core Trusted Environment Kernel TEE Functions Rich OS Security Requirements by HW Secure Resources Hardware Platform Advanced Trusted Environment: OMTP TR1 SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 28
    • Trusted Execution Environment Innovative solution from the mobile industry Hardware protection exists in mobile processors to isolate critical data and code Main OS Environment Trusted Execution Environment SECURE SERVICES APPLICATIONS TRUSTED EXECUTION OS ENVIRONMENT OS (Trusted Logic Trusted Foundations™) Smartphone Processor SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 29
    • What GlobalPlatform DefinesRich OS Application Environment Trusted Execution Environment Trusted Trusted Trusted Application Application Application Client Applications DRM Payment Payment Corporate Corporate TEE APIs GlobalPlatform GlobalPlatform TEE FunctionalAPI TEE Functional API GlobalPlatformTEE Internal API GlobalPlatformTEE InternalGlobalPlatform TEE Client API GlobalPlatformTEE Client API Trusted Core Trusted Core Trusted TEE Environment Environment Functions Compliance Rich OS and TEE Kernel Security HW Keys, Secure Storage, Certification HW Secure Trusted UI (Keypad, Screen), Crypto accelerators, Hardware Platform Resources NFC controller, Secure Element, etc. SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 30
    • Your questions ... ... thank you! SmartCardForum 2011 – Chytré karty dnes a za 20 let ... 31