Developing Bullet-Proof Payment Applications for Mobile and Consumer Electronic Devices

BUILDING BULLET-PROOF PAYMENT APPLICATIONS FOR MOBILE AND CONSUMER ELECTRONICS DEVICES Hadi Nahari, Principal Security & Devices Architect PayPal Emerging Technologies

AGENDA

Landscape

Requirements

Model

{ToDo || !ToDo}; That’s the Q

LANDSCAPE: FACTS ABOUT MOBILE

Internet access (all means)

> 1 billion/day

Cellular network access

~ 4 billion/day

Mobile is the only digital system many people will ever encounter.

NEW USE CASES From Back Pocket to Front Pocket From Paper to Virtual Tickets From Paper to Virtual Coupons From Mass to Personalized From Pre-Sale to In-Store

MOBILE IDENTITY CRISIS

Complex landscape

Identity proliferation

Many players

Neither trusts others

Heterogeneous identity

environment

Retailers Banks Card Associations Mobile Network Operators Regulators Chip Vendors Trusted Service Manager Device Manufacturers

MANY STANDARDIZATION BODIES

Global Platform

Smart Card infrastructure

Open Mobile Terminal Platform (OMTP)

Usability

Economic security

Open Mobile Alliance (OMA)

Decoupling

Interoperability

Near Field Communication (NFC) Forum

Proximity

European Telecommunications Standards Institute (ETSI)

Telecom integration

YEAH, AND THE NETWORK…

The network is solated from other systems, such as the Internet.

Design assumptions are fundamentally different.

The application should know how the network operates.

WHAT’S A PLATFORM?

Marc Andreessen

A "platform" is a system that can be programmed and therefore customized by outside developers and in that way, adapted to countless needs and niches that the platform's original developers could not have possibly contemplated, much less had time to accommodate.

By definition a platform is open. How open?

the “ we decide for you ” model

the “ don’t be evil” model

AGENDA

Landscape

Requirements

Model

OPEN PLATFORM MODEL (OPM) Portal App. N App. 0 Development SDK. N SDK. 1 SDK. 0 App. 1 App. N App. N App. N App. N App. M Deployment Download Device App. N App. 0 App. 1

CLEARLY…

OPM is a distributed platform

By definition it is open

Realizes abstraction

Generic services

Modularization

Leaky abstractions?

OPM generations

OPM SECURITY REQUIREMENTS

Environment

Autonomous governance of

Key material

Identities

Secure isolation

Cohabitation

Well-defined interaction contracts

Objects

Authentication

Asset protection

At rest

In transit

Channel protection

AGENDA

Landscape

Requirements

Model

OBJECTS’ SECURITY MESH MNO Financial Portal App. N App. 0 App. 1 Retailer Regulator

ABSTRACT MODEL Cloud_m Cloud_n ID Claims Protection Declarations Enforcement Mechanisms Unforgeable, as in capability model Authorization Framework Claims Verification Authorization Framework Claims Verification

OBJECTS’ RESPONSIBILITIES

Declares own security requirements

Authenticates the environment

Protects the key material

Claims

Requirement

And so on

Protected by object itself Declaration is a security asset ID Claims Protection Declarations Enforcement Mechanisms

ENVIRONMENT’S MANDATE

Authenticates objects

Based on objects’ claims

Authorizes interactions

Among objects

Between environments

Authorization Framework Claims Verification

INTER-OBJECT COMMUNICATION

Based on objects’ declarations

Environment facilitates only if authorized

? Authorization Framework Claims Verification ID Claims Protection Declarations Enforcement Mechanisms ID Claims Protection Declarations Enforcement Mechanisms

INTER-ENVIRONMENT COMMUNICATION

Based on mutually-agreed declarations

Only if allowed by both environments

Cloud_m Cloud_n ? ? ? Authorization Framework Claims Verification ID Claims Protection Declarations Enforcement Mechanisms Authorization Framework Claims Verification ? ID Claims Protection Declarations Enforcement Mechanisms

AGENDA