Upload
vuhuong
View
217
Download
3
Embed Size (px)
Citation preview
www.chyp.com 1
HCE A better way for smart mobile ticketing?
Payments Summit Orlando, April 2016, v0.3
Agenda
Some History
The problem
Traditional mobile solution
‘Secure-enough’ solution
The last year at ITSO
The way forward
2
Ar#cleinBCSITNow,pp34-5,December2015.
Some History
NFC Ticketing Pilots:
• London - TfL
• Bay Area – BART
• Rhine-Main Traffic Association (RMV)
3
NFC Ticketing Today
4
Korea France(someof….) Turkey
Traditional mobile solution
Acceptance infrastructure • Expensive to change • Readers expect customer media to have keys
Mobile device has NFC • Near Field Communication • Can emulate a transit card (or reader)
Emulate the transit card • Inside the mobile’s tamper-resistant secure element • Secure element is usually the SIM card • Mobile Network Operator owns the SIM • Commercial barriers to entry
5
The problem
Authentication • Cryptography • Secret keys
Securing keys • Tamper-resistant hardware “secure element”:
• Smart cards as customer media • Secure Access Modules (SAMs) in readers
6
‘Secure-enough’ solution
Mobile device has NFC • Near Field Communication • Accessible from apps using the Host
Card Emulation (HCE) app programming interface
• i.e. not Apple iOS devices
Emulate the transit card • Within an app • Without relying upon a secure element • Mobile Network Operator agreement
not needed • µP and some DESFire only
7
Securing the keys
Use short-life keys • To limit their value to attackers • Maybe lasting just one day
Make the keys hard to find • Within their useful life
No ‘free lunch’ • Specialist techniques to hide the keys • Periodic (perhaps daily) updates to keys for
longer-life tickets.
8
ITSO on HCE work in 2015
• Funded by UK Department for Transport • Remit was HCE without changing ITSO
infrastructure • Options analysis • High Level Design • Lab-based proof of concept • Risk Analysis to identify where controls
needed • Testing against ITSO readers in ITSO
Warehouse • Review by ITSO Security Committee • Approval to go ahead
9
High level use cases
Provisioning • Installation and configuration of app, handset
and customer identification, creation and installation of core application
Purchase • Purchasing an HCE-based ticket (Product)
Refresh • Initial download and then daily/regular refresh
of travel rights, without which travel rights expire and are unusable
Redeem • Present HCE device to READER to gain travel
Inspect • Present HCE device to RID to inspect media
and confirm customer has valid travel rights
10
HCE Mobile Device
Mobile OS
ITSO with HCE App
Application
Pro
duct
ITSO with HCE App
Application
NFC Hardware
Revenue Inspector
App store
Ticket RetailerHCE Cloud Services(Perso)
READERRID
PersoSAM
SAMSAM
NFCNFC
GSM/WiFi
GSM/WiFi
Internet
HOST
HOST
Product Owner
SAM HOST
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Android KeyStore
Secure on device key storage
Can be HW backed • TEE • SE
Not in application layer
Supported Cryptograms: • RSA – Jellybean onwards • AES/EC – Marshmallow onwards
11
www.chyp.com
Want to know more? Contact:
12
Mail [email protected] Comment http://www.chyp.com/media/blog/ Listen http://www.chyp.com/media/podcasts/ Browse www.chyp.com Follow @chyppings
Consult Hyperion USA 535 Madison Avenue, 19th Floor New York, NY 10022, USA. +1 888 835 6124 Consult Hyperion UK Tweed House, 12 The Mount Guildford, Surrey, GU2 4HN, UK. +44 1483 301793