Upload
camron-henderson
View
216
Download
3
Tags:
Embed Size (px)
Citation preview
1
How GlobalPlatform's TEE is Solving the Missing Security Link for Mobile Wallets
Dongyan Wang
GlobalPlatform Technical Program Manager
Thursday 20 March
GP Confidential©2013
@GlobalPlatform_ www.linkedin.com/company/globalplatform
GlobalPlatform Positioning
Across several market sectors and in converging sectors
GlobalPlatform is the standard for managing applications on secure chip technology
TrustedExecution
Environment
Secure Element
AND
PremiumContent
Mobile as a Center of the New Service Deployment
Trusted Execution Environment (TEE)
TEE provides with a unique capability to ensure that the transaction:
• Is approved by the right end user • Takes place on the right and trusted device • Takes place between the application and cloud or back-
end server
A Basic Wallet and Extensions
Device authentication
Transaction management
Wallet application maintenance
Loading 3rd party app on m-Wallet
Wallet APP
1. Means to authenticate users 2. A list of services 3. An identified device4. Root of trust
User Authentication
On device:• Personal sensitive data storage• Transaction validation by user• User authentication• Secure communication to cloud• Secure communication to secure element
(SE)
GlobalPlatform TEE
Hardware Platform
Rich OS Application Environment
Rich OS
GlobalPlatformTEE Client API
Trusted Execution Environment
Trusted CoreEnvironment
GlobalPlatformTEEInternalAPI
TrustedFunctions
Payment Corporate
GlobalPlatformTEE Functional APIThe image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.GlobalPlatform
TEE Functional API
Client Applications
GlobalPlatform TEE Client API
TrustedApplication
DRM
TrustedApplication
Payment
TrustedApplicationCorporate
HW Keys, Secure Storage,Trusted UI (Keypad, Screen),
Crypto accelerators,NFC controller,
Secure Element, etc.
HW SecureResources
EnvironmentTrusted Core Trusted
Functions
GlobalPlatformTEE Internal
TEE Kernel
API
Primary deviceenvironment
runs as normal, including other
security mechanisms
Security critical code and resources
protected by TEEapplications
TEE provides the constant security
foundation independent of
OS choice
TEE provided hardware based isolations from rich operating system (OS)
TEE has privileged access to platform and device resources: User interface, memory controller, video / audio hardware, crypto accelerators, biometry, …)
Isolation of sensitive assets
Open to malware and rooting / jailbreaking
GlobalPlatform APIs ensure portability across handsets /
platforms
What Makes the TEE Secure?
• Main security properties in TEE– Isolation between rich OS and TEE– Isolation between trusted applications (TAs) within TEE– Isolation between TAs and TEE OS– Temporary or permanent exclusive access to some device resources
• TEE is an association of:– Hardware: Hardware security technology– Software: TEE secure operating system (secure kernel, secure drivers, etc.)
• TEE is built upon:– Hardware-based isolation: e.g. system-on-chip hardware-based secure mode– Hardware root of trust
• Secure boot process chain started from ROM code
• Hardware unique key present within chipset and solely accessible by TEE
– Small footprint of TEE OS to pass a security certification
• TEE is designed to protect against any software attack arising from rich OS environment, such as malware or due to device being rooted
8
+
TEE OS
Isolation in databus & addr bus level
TEE for Wallets
Application Processor
WalletApplication
Trusted Execution Environment
Companion Wallet Trusted Application
TEE OS
Financial Server
Open OS
Trusted User
Interface
DeviceSecure Storage
Secure Elements
Crypto
10
TEE: A Toolbox for Wallet
Sensitivity in Wallets TEE Security Function in Wallet Scenario TEE Primitives
User authentication Protect credential entry (e.g. login/password or PIN entry ) TUI
Device authentication By using device specific credentials Crypto
Explicit payment action
Protect from interactions on the device not intended by the user TUI
Transaction information validation
Protect transaction information display and potential credential entry (e.g. PIN entry)
TUI
Data storageProtect information such as user’s profile or transaction logs/statistic
Secure storage
Hosting of additional 3rd party applications in m-wallet
Protect application code & data such as loyalty and couponing All functions
SE applet configuration
Protect user-configured parameters such as amount threshold for no-PIN transactions
TUI + SE + Crypto
Communication to SE and SE applet
Protect access and communication to SE applets from only TEE applications
SE + Crypto
Cloud Communication Secure communications from / to cloud Crypto + Network
Fingerprint / Biometry
• The objective is to protect the control access of biometry sensor – Secure enrolment and verification either within the TEE or the TA– To support ID initiative, such as FIDO, OpenID 2.0.
• GlobalPlatform will publish biometry API for Trusted Application– including fingerprint sensor access support
• Target date for public review: end of 2014
11
Transport Payment Retail
GlobalPlatform
Specifications
to enableinteroperable
services
MNOs
Card
Configurations
Compliance
• GlobalPlatform UICC Configuration v1.0.1 / - Contactless Extension v1.0• GlobalPlatform Mapping Guidelines• GlobalPlatform Basic Financial Configuration v1.5• GlobalPlatform ID configurations (under review)• Common Implementation configuration (under review)
TEE
Compliance
TSM
Compliance• GlobalPlatform System Messaging Specification for Management of Mobile-NFC Services v1.1.2• Systems Profile and Scripting Specifications v1.1• GlobalPlatform E2E Simplified Services Deployment v1.0
+
TEE OS
Ease the Interoperable Wallet Deployment
• GlobalPlatform TEE Initial Configuration Test Suite 1.1.0.2• GlobalPlatform TEE Protection Profile v1.0• Current and first-phase focus = DEVICE PLATFORM• Final product (smartphone, tablet etc): in light delta compliance
and / or security certification will be defined in second phase