• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions
 

Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions

on

  • 419 views

This UL white paper discusses some of the many issues and challenges that must be addressed in the future deployment of wireless technology for the processing...

This UL white paper discusses some of the many issues and challenges that must be addressed in the future deployment of wireless technology for the processing
of secure transactions. It begins with a discussion of the strengths and limitations of both contactless and wireless technologies. The white paper then reviews and assesses internal system risks, as well as external security concerns, for both technologies. The paper concludes with some thoughts on the future use of wireless technology in secure transactions, and how manufacturers can provide assurances to both system providers and users regarding the security of their private data.

Statistics

Views

Total Views
419
Views on SlideShare
419
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions Document Transcript

    • Moving From Contactlessto Wireless Technologiesin Secure, Over-the-AirTransactions
    • Moving From Contactless to Wireless TechnologiesMoving From Contactless to Wireless Technologiesin Secure, Over-the-Air TransactionsThe ability to process secure transactions over-the-air has transformed daily life.From digital payments, border or premises controls, healthcare records, and eventransportation ticketing, over-the-air transactions are no longer a novelty butan integral part of the daily interaction with the world. However, over-the-airtransaction services must continuously ensure the security of sensitive information,while exploiting the use of secure technologies that protect user information fromreal and potential threats.Until now, contactless technology has been the most efficient and cost-effectivemethod for processing over-the-air transactions. Unfortunately, the small operatingrange of the technology, typically just a few centimeters, is too restrictive formany applications.As a consequence, developers are increasingly turning to wireless technology as away of overcoming the limitations of contactless systems. Wireless devices not onlysupport an extended range of operation, but offer significantly enhanced systemcapabilities. While wireless standards, such as WiFi and Bluetooth, are relativelymature and provide a stable development environment for manufacturers, effortsto address the use of wireless technology to process secure transactions are onlynow emerging.This UL white paper discusses some of the many issues and challenges that mustbe addressed in the future deployment of wireless technology for the processingof secure transactions. It begins with a discussion of the strengths and limitationsof both contactless and wireless technologies. The white paper then reviewsand assesses internal system risks, as well as external security concerns, for bothtechnologies. The paper concludes with some thoughts on the future use of wirelesstechnology in secure transactions, and how manufacturers can provide assurancesto both system providers and users regarding the security of their private data.page 2
    • Moving From Contactless to Wireless Technologies“Contactless” vs. “Wireless” are significant impediments to efficient, minimize the risk of disclosing privateToday, contactless technology is the large-scale attacks. Nonetheless, the data and to prevent unauthorized accessmethod of choice for many secure communication channel itself represents to services. In addition, security hastransactions. A secure transaction a potential source of threats, since any become an important element for useris composed of a secure operations individual with malicious intent can acceptance, since few users would utilizesequence such as identification, secretly participate in a transaction WiFi connections if doing so routinelyauthentication and encryption. These simply by locating themselves within exposed personal information tooperations routinely handle highly close proximity to a system. unauthorized parties.sensitive information, such as secret Wireless technology, on the other hand, In an effort to address these concerns,cryptographic keys or user-related means any technology connecting industry standards are being reviewedpersonal data. Hardware secure standalone devices over the air using and revised to include additionalelements (HSM), such as smartcards, the 5GHz frequency band. This includes security requirements. For example,are usually employed to process most of the wireless technologies that the 2007 Bluetooth v2.1 releasesensitive information securely are common in everyday life, such introduced significant improvementsand efficiently. as WiFi connections available with aimed at strengthening the wireless computers and home automation communication pairing process. Similarly,Contactless systems typically follow systems utilizing Bluetooth or Zigbee- WiFi Protected Access II (WPA2) hasa “master/slave” communications compliant communication protocols. replaced the original WiFi Protectedprotocol. The master (usually a terminal) These technologies all utilize the same Access (WPA) protocol and the Wiredis in charge of providing a carrier and frequency band, and typically operate Equivalent Privacy (WEP) protocol tocontrolling the transaction sequence. within a range as large as 70 meters reinforce WiFi secure connections.The carrier signal represents both a indoors and up to 250 meters outdoors. However, questions remain as tosource of power for the HSM and a whether the current wireless standardscommunication vector. The slave (usually However, because of the wide operating are suitable for meeting today’sa smartcard) operates only upon request ranges available, wireless technology more demanding concerns in securefrom the master, and is powered solely presents a unique set of risks for secure over-the-air transactions.by the terminals carrier. The connection transactions. Attackers can positioninterface usually provides a limited range themselves at a safe distance from Assessing System Risksarea, typically not more than a couple of legitimate communication activities The total cost to ensure the securitycentimeters. The HSM processes terminal and remain undetected. In addition, of over-the-air transactions may berequests in a secure manner, thereby since wireless devices remain active as significant since the complexity involvedrepresenting a key element in overall long as they are powered, their regular in developing a completely secure systemsystem reliability and security. signal emission can be more easily requires additional hardware resourcesOver-the-air operation offers the detected and exploited. and development time. However,advantage of limiting harmful Initially, wireless technology was mainly it is possible to find an appropriate,manipulation of the contactless device. devoted to the exchange of data between cost-effective solution by identifyingUnlike contact-based systems, a card two paired devices. However, many likely risks and determining an acceptableholder in a contactless system is exempt wireless systems now afford one-to-many level of risk. Risk management relies onfrom inserting the device in a reader, or many-to-many connections, a vulnerability analysis that identifiesthereby significantly reducing transaction strengthening the need for more secure potential threats in the context of theduration. Further, since the range area is data exchanges. As such, authentication system’s actual use, and defines securitylimited to a couple of centimeters, there requirements are now necessary to requirements to address those threats.page 3
    • Moving From Contactless to Wireless TechnologiesA vulnerability analysis begins by creating an in-depth profile of a potential attack,including the context within which an attack could occur and the possible motives ofan attacker. Then, a list of vulnerable assets or sensitive operations is drawn up. Oncepotential threats and their targets are clearly identified it is possible to define minimumsecurity requirements and implement appropriate security measures. These measurescan include existing fraud techniques or by designing new approaches during thesystem development process.ConfidentialityCryptographic keys are the heart of any secure system. Since their disclosure cansignificantly compromise system security, preserving their confidentiality should bethe highest priority. But the need for confidentiality also extends to information andother assets transmitted in over-the-air communications, since unauthorized partiescan intercept these data transfers. This is why secure WiFi data transfers are encryptedin secured mode usage.When addressing matters of confidentiality, it is necessary to distinguish betweenprivate data processed internally from data exchanged through the communicationchannel. Internally processed data, such as cryptographic keys, are typically subject tophysical attacks, and distant attacks are infrequently used to access such data. However,private data accessible through the communication channel represents a potentialtarget and must be thoroughly protected.AuthenticationAuthentication enables a system to restrict access to sensitive operations or data byrequiring the use of trusted data. For example, accessing a secure WiFi connectiontypically requires the knowledge of a key or a pass phrase. As wireless and contactlesssystems become more open, strong authentication requirements are essential toeliminating illegal access to sensitive assets.PrivacyPrivacy becomes an issue when an unauthorized person successfully obtains personaluser information. The information disclosure does not directly affect a system security,but it can be exploited to a users detriment. By collecting some users representativedata from a device, it becomes possible to identify or to track an individual user orhis/her habits. For instance, ePassport devices have been designed to withstand illegalholder identifications, preventing anyone from accessing a authorized holders nameor picture.Over-the-air communications are especially vulnerable to privacy concerns, since thereis no physical restriction to prevent a transaction with a secure device. In such cases,specific protections that combine strong authentication with high confidentiality are ofparamount importance. Users are likely to reject any technology solution that does notoffer the highest levels of privacy reliability.page 4
    • Moving From Contactless to Wireless TechnologiesData and Transaction Integrity Assessing External reasons, concealing rogue hardware toA secure transaction relies on both a Security Risks catch contact-based transaction fraud isdefined sequence of operations and the Conducting a secure over-the-air not an easy task, especially since it mustexchange of data between different transaction potentially means that be operated at relatively close range.devices. The security of a transaction can anyone is a prospective participant, However, for contactless or wirelessbe compromised by either violating the either as a passive or an active player. devices, this technique becomessequence of commands, such as skipping An individual with malicious intent highly probable and can take placean authentication step, or by modifying could then attempt to compromise the from a distance.or tampering with the data exchange security of a transaction in such a way The threat from eavesdropping isitself. Communication integrity can only that a fraud would go undetected by a already well-known in the wireless field.be achieved through a combination of user. The balance of this paper focuses Dedicated software, such as Wiresharkstrong protocol design and a secure on external threats, which are potentially or hardware sniffers for Zigbee, is readilyimplementation. This is particularly as damaging as those originating from available through the Internet, makingimportant for over-the-air channels, system-based considerations. the potential for eavesdropping onwhich are essentially unsecured. Eavesdropping wireless communications fairly common.Service Reliability However, such easy access is not routinelyIncidents involving denial of services Over-the-air communication offers available for contactless communications,attacks have increased dramatically of anyone capable of intercepting a physical which require possession and use oflate. The goal of such attacks is to create signal the opportunity to interpret it and relatively specialized equipment fora partial or a complete interruption of partially or fully retrieve any information collecting and interpreting signals.service, potentially compromising the being exchanged. This approach considerably increases the distance from Data Corruptionsecurity of a system or an operationand providing an immediate gain for an which an attacker can operate when Data corruption consists of the insertionattacker. Alternatively, a denial of service compared with the normal range area of or the modification of data exchangedattack may represent an attempt to use. Obviously, the goal of eavesdropping during an official transaction. The goalreveal a system’s underlying weakness, is to obtain access to the data being may be to change a normal transactionundermining a user’s perception exchanged during a transaction. Even sequence, for example, skipping aof security. a partial disclosure of data through this control or an authentication process. ThisService reliability is particularly important approach can potentially impact the attack technique has been successfullyfor contactless and wireless devices, since privacy or confidentiality of the demonstrated on a contact-based chipthey are exposed to distant attacks. The users data. and PIN product, in which the changedenial of service risk is particularly critical of a single byte led to the successful Eavesdropping on a transaction in processwhen devices can be compromised to completion of a payment transaction is not a novel approach. For instance,provide unauthorized access that can that bypassed the PIN verification result.2 contact-based banking cards may beultimately lead to the collapse of entire subject to data disclosure when a secret For both contactless and wirelesssystems. This is no longer a theoreticalpossibility, as some industry researchers personal identification number (PIN) is technologies, inserting different datahave successfully inserted a self- transferred in plain text, justifying the use during a communication is not an obviousreplicating malware computer program, of a corresponding encrypted command. choice, since tampering directly withi.e., a worm, into a local electric system The main difficulty lies in making an the physical signals of devices that areusing the wireless interface of a system’s attack transparent to a cardholder communicating in close proximity to onesmart meters. 1 or merchant. For obvious ergonomic another is neither easy nor realistic.page 5
    • Moving From Contactless to Wireless TechnologiesHowever, one way to overcome this and then proceed with an attack. An Skimming is only possible when thechallenge is to initiate a transaction attack from outside the vicinity of the attacker has the ability to communicateby the use of relays. Relays are modules devices by means of relays is likely to directly with the device. For this reason,whose function is to transfer data using escape detection. Therefore, as with data systems that allow distant access arethe same or a different channel. By using corruption, the risk level is correlated with particularly vulnerable to this form ofa relay, an attacker can artificially the operating range of the technology. attack. As a potential consequence, aninitiate a transaction between two individual with malicious intent may Skimmingdevices that would normally be too far obtain access to unprotected data, or mayapart to communicate with each other, Skimming is one of the most common challenge the security protocols with the techniques for attacking a wireless intent of finding a breach.thereby creating the opportunity tocorrupt the data using the system. Its aim is to initiate a fake However, as before, the operating range of“man-in-the-middle” technique. 3 transaction without the consent of a the technology may be a factor in whether device owner. As a result, private or skimming can occur. This is particularly“Man-in-the-Middle” sensitive information can be disclosed. true for contactless technology, the rangeAnother means of corrupting data is the Skimming can also be used to locate area of which is limited to a couple ofso-called “man-in-the-middle” technique, and subsequently exploit protocol centimeters. Expanding this range area isin which an attacker positions a malicious weaknesses, such as authentication, and complicated, particularly when the radiodevice in a genuine transaction between is an excellent method for initiating a frequency carrier must also supply powertwo devices. To be effective, a malicious denial of service. to the device.device must ensure that both devicesbelieve that they are connected witheach other, when they are in realitycommunicating directly with a maliciousdevice alone. In this way, an attacker maygain unauthorized access to confidentialinformation, or may be able to corrupt thedata being exchanged.In a contactless or wireless context,initiating a man-in-the-middle attackin the vicinity of both devices is not asimple process. Indeed, the maliciousdevice must first catch the attentionof each device in a one-to-one mode,and then prevent them from directlycommunicating with one another. In anenvironment in which multiple devicesare operating in the same physical vicinityand are receiving all communication,a physical corruption of signals is unlikely.A more realistic option would be totake advantage of the communicationprotocol to gain access to both devicespage 6
    • Moving From Contactless to Wireless TechnologiesSome researchers have investigated the maximum communications distances possiblewith contactless devices. 4 It is interesting to note that the reading range of contactlessdevices can reach one meter or slightly more using specific types of materials, comparedto a normal range area of a couple of centimeters. However, most research confirmsthat an attack must take place in close proximity to a cardholder.The distance limitation vanishes with wireless technology. The effect range areaexpands to several meters, even dozens of meters, typically well within the distancebetween two apartments in a building, for example. As a consequence, wirelesstechnology is particularly vulnerable to skimming, especially since the attacker canremain hidden. Indeed, some software tools using this technique have been developedto exploit weaknesses in WEP or WPA protocols of WiFi secure connections.Side-Channels AttacksTo appropriately address security issues for sensitive applications, it is necessary toremember that communication code is processed by hardware. Some attacks methodshave been developed that exploit the physical aspect of processing, defeating otherwiserobust specifications or designs. As a result, observation analyses may use hardwareto understand internal processing and potentially modify code execution, and mayresult in the disclosure of confidential data through the analysis of inevitablehardware leakages.Since contactless devices are powered by a carrier supplied by a terminal, an attackercan take advantage of this design to conduct side-channel attacks. Such attacksmonitor the device’s internal activity by analyzing the microscopic fluctuations on thecarrier signal. As a result, unprotected data may be disclosed using either simple orstatistical analyses. Cryptographic keys are particularly vulnerable to this kind of attack.5Interestingly, this threat does not impact wireless systems, since power is supplieddirectly to both devices, and the radio frequency signal serves only as a communicationvector. As a result, an attacker is not able to directly monitor power fluctuations orremotely analyze internal processing. However, this does not mean that it is not worthprotecting devices against this kind of attack, since the risk still exists from attackerswho have physical access to a device.page 7
    • Moving From Contactless to Wireless TechnologiesConclusionThis white paper has illustrated some of the security challenges inherent in themigration of secure transaction systems from contactless to wireless technologies.Indeed, wireless technology introduces a range of distant attack techniques that cancompromise system security. Further, the attack profile is significantly different withthe use of wireless technology, since an attacker can safely remain at some distancefrom targeted devices.The emerging use of wireless technology for secure transactions means that any riskassessment process must include an in-depth vulnerability analysis adapted to theunique conditions presented by the technology. Such an analysis must include possiblethreats, acceptable level of risk, and techniques in the protocol or device design that canbe used to mitigate any weaknesses.The successful introduction of a secure transaction solution requires that both serviceproviders and users have high level of confidence that private or confidential datawill remain secure. Guarantees from a manufacturer of wireless devices can aid in thedevelopment of the required confidence. Device certification by independent testinglaboratories supervised by competent authorities is also an essential element inassuring both system operators and end users that important information willremain protected.Through its RFI Global Services, Ltd. subsidiary, UL has consulting and testing expertisein wireless mobile communications, payment approval services, and wireless securityevaluations, the three primary areas involved in secure mobile payments.For more information about the “Moving From Contactless to Wireless Technologies inSecure, Over-the-Air Transactions” white paper, contact Jean-Luc Khaou, RFI Paymentsand Security Manager at Jean-Luc.Khaou@uk.ul.com.1 Davis, M. “Smart Grid Device Security: Adventures in a New Medium.” Presentation delivered at Black Hat USA, 2009. Web. 15 Jul 2011. http://www.ioactive.com/pdfs/SmartMeterBlackHat09Preso.pdf2 Murdoch, S., Drimer, S., Anderson, R., Bond, M. “Chip and PIN is Broken.” IEEE Symposium on Security and Privacy, 2011. Web. 15 Jul 2011. http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf3 The Computer Laboratory at the University of Cambridge has posted on its web site an interesting illustration of an attack using the relay technique, in which a presumably straightforward payment for a sandwich is modified to pay for expensive jewelry, all without the cardholder’s knowledge. See Drimer, S. and Murdoch, S. “Chip & PIN (EMV) Relay Attacks.” Computer Laboratory. University of Cambridge, 2008. Web. 15 Jul 2011. http://www.cl.cam.ac.uk/research/security/banking/relay/4 Koscher, K., Juels, A., Brajkovic, V., Kohno, T. “EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond.” 16th ACM Conference on Computer and Communications Security, 2009. Web. 15 Jul 2011. http://www.cs.washington.edu/homes/yoshi/papers/RFID/ccs280-koscher.pdf5 This technique has been adapted from the simple power analysis introduced in Kocher, P. “Timing Attacks on Implementations of Di e-Hellman, RSA, DSS, and Other Systems.” Dans Advances in Cryptology CRYPTO 96, volume 1109 de Lecture Notes in Computer Science, pages 104-113. Springer. 1996.©2011 Underwriters Laboratories Inc. All rights reserved. No part of this document may be copied or distributed without the priorwritten consent of Underwriters Laboratories Inc. 9/11page 8