#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Secure Mobile Payment
1. Secure Mobile Payment via
Trusted Computing
Qi Li, Tsinghua University
Xinwen Zhang and Jean-Pierre Seifert, Samsung Research
张新文
Hulin Zhong, Lutong Network
This talk does not represent Samsung’s technical view
1
2. Mobile Threats
• Mobile devices become more open and general-purpose
• McAfee's 2008 Mobile Security Report
– nearly 14% percent of global mobile users have been directly infected or
have known someone who was infected by a mobile virus
– more than 86% of consumers worry about receiving inappropriate or
unsolicited content, fraudulent bill increases, or information loss or theft
– more then 70% of users expect mobile operators or device manufacturers
to pre-load mobile security functionality.
• F-secure 2007 mobile threat report
– 370 malware by end of 2007
– viruses, Trojans, and spyware
– User downloaded codes, BT, MMS, MMC card
2
3. Related Work in Samsung
• Secure boot on mobile phone devices
– Secure u-boot
– Integrity verification of kernel image and read-
only filesystem
• Integrity measurement for mobile phone
– IMA
– SELinux
– TCG MPWG compatible mobile phone platform
3
4. Outline
• Problem Statement
• Background
• Overview of Secure Payment Scheme
• Secure Payment Transactions
• Enhanced Payment Schemes
• Prototype Implementation and
Evaluation
• Conclusion
4
5. Mobile Payment
• A typical mobile payment scheme involves three parties: a mobile device, a
merchant, and a financial service provider.
• There are two types of e-payment applications:
– Check-like payments require a certain amount of virtual money which is taken
away from the customer before a payment is made.
– Cash-like payments require that a customer’s account is involved in each payment
transaction.
• To secure a payment transaction, a trusted third party (TTP) is involved to
authenticate and authorize users.
• General security requirements of mobile payments have been well studied in
the literature, however, mobile phones face the intrusion of different malware.
5
6. Problem Statement
• The existing embedded operating systems (OS) cannot provide
sufficient integrity and isolation protection for the security demands of
mobile payment applications.
• While the majority of existing research focuses on secure payment
transactions, there is no intensive research on platform integrity
protection for secure payments on mobile devices.
• Without trusted mobile devices, the security of payment applications
and data cannot be guaranteed at all.
• Existing secure payment schemes fail to provide a platform integrity
protection solution for mobile payment transactions.
• The problem how to establish and verify a secure runtime
environment of an e-wallet software was never addressed until now.
6
7. Trusted Computing
• As a key mechanism defined by the TCG, attestation is used to report
the measured PCR values to a requestor who needs to know the
runtime-state of a platform.
– System components validate whether the runtime environment;
– Measurement agent measures the state of the runtime environment;
– Attestation service provides the platform integrity metrics.
• Typically, a trusted boot mechanism is also required for a trusted
platform, e.g., with the help of a core root of trust for measurement
(CRTM) and the TPM itself.
7
8. Secure Payment Scheme
• We propose a platform integrity protection solution for the whole
secure mobile payment process.
• Our architecture consists of five major parties for a complete secure
m-payment solution:
– Mobile phone: A trusted mobile device consists of a TPM and trusted
services which provide the integrity evidences of the platform.
– Software provider: A software provider provides payment applications in a
secure way, such as e-wallet.
– Merchant: Merchants not only need to provide the commodities that
customers demand, but also the Point of Sales (POS) devices to
authorize customers and guarantee that the payment information is
forwarded to the financial service providers.
– Financial service provider: provides user accounts for m-payments and
validates the user payment information during the payment transaction
processes.
– TC service provider: a trusted third party (TTP) to validate whether a
measurement list is non-tampered and the system integrity
8
9. Secure Payment Transactions
• Secure software downloading
– For a secure payment scheme, e-wallet applications are essential for m-
payment transactions. In this context an e-wallet runtime environment is
also important.
• Secure e-wallet initialization
– In order to secure payment transaction processes itself, we also need to
secure the e-wallet initialization process.
• Secure payment transaction
– Similarly, we need to evaluate and validate the integrity of the whole
mobile phone before an actual payment process.
• We assume that the key pairs of an AIK should be generated inside
the TPM of the mobile phone and the AIK credential should be signed
and retrieved from the third trusted party.
9
10. Secure Software Downloading
• The process of application downloading consists of two stages, the
first stage is integrity measurement and the second is software
downloading.
– A measurement request is generated by the application manager, and the
measurement service initiates the respective measurement operation.
• Software runtime environment and e-wallet application downloading,
which have similar procedures.
10
11. Secure Downloading Protocol
• Secure Downloading Protocol
– The TC service provider verifies the AIK certificate which binds
the verification key of the Quote.
– The signatures of the software runtime and the software integrity
are verified before software installation.
Attestation Measurement Application Software TC Service
TPM
Service Agent Manager Provider Provider
2) Quote=
1) Attestation request: {nonce}
Sig{PCR, nonce}AIK
3) Measurement List (ML)
4) {Quote, (ML}
5) {Quote, (ML}
6) {Quote, (ML}
6a) determine trusted credential
6b) validate signature
6c) validate ML using PCR
8) {software| SIg{software}SK_SP} 7) Attestation result
8a) verify the software provider
8b) verify the software
11
12. E-wallet Initialization
• The e-wallet initialization
aims to generate a key
pair and securely stores
the private part (e.g., account
info) for the
m-payment application.
• Seal secrets with TPM
12
13. Secure payment transaction
• Procedures
– Similar to the above two
processes, the integrity
measurement mechanism is
also invoked in the process of
secure payment transaction.
– Secure Payment Protocol
13
14. Enhanced Payment Schemes
• The efficiency and scalability issues of mobile payment will greatly
influence mobile payment performance.
– First, in the above scheme, each mobile payment application needs an
AIK, which introduces management cost to the overall mobile computing
infrastructure
– Second, in the above scheme the TC service provider is involved in the
attestations of every payment transaction.
• We propose two enhanced mobile payment solutions for different
optimization requirements.
– In the first solution, we leverage the phone number as the device identity
to resolve the credential management problem.
– Second, for further optimization, we also reduce the TC service provider
related attestation steps during payment transactions.
• These two enhanced schemes are independent of each other, and
they can be jointly used in a real system.
14
15. IBS for Attestation
• In a typical IBS system, there are four basic algorithms: setup
algorithm, extract algorithm, sign algorithm and verify algorithm.
PKG 1k (MK,MSK)
MKg
MSK,“Alice” sQIDA
UKg
sQIDA MK
Alice sQIDA MK, “Alice” Bob
M,σ
M Sign Verify acc/rej
• In this scheme, we fully utilize the mobile phone infrastructure and
replace in the transaction processes the AIK based public key
signature with an IBS algorithm.
• We only replace the signature algorithm and do not change the
underlying payment protocols, the enhanced schemes achieves the
same security goals.
15
16. Extended AIK Certificate for Attestation
• In the payment scheme, the financial service provider needs to
interact with the TC service provider within every payment
transaction, which might be a potential performance bottleneck.
• The core idea behind this scheme is that the integrity of the mobile
phone is validated when the TC service provider issues an AIK
certificate and the expected integrity values are included within the
certificate.
Attestation Measurement M-Payment Financial
TPM
Service Agent Application Provider
• In summary, comparedAttestation request: {nonce} one, several benefits are
2) Quote=
1)
to the original
achieved by this new scheme:
Sig{PCR, nonce} AIK
– Flexibility: In this scheme, (ML)financial service provider or a POS terminal
3) Measurement List a
can directly attest a mobile (ML}
4) {Quote,
phone on behalf of a TC service provider
– Security: The integrity of the mobile platformUser account| Signature validated by
5) TPM_Unseal(PCR) 6) {
is in any case
comparing the claimed measurement values to those embedded inside
|Quote, (ML}
the AIK certificate.
6a) determine trusted credential
– Performance: A TC service provider is not involved in every payment
transaction and a financial service provider can directly6b) validate signature
attest a mobile
phone 6c) validate PCR in credential
Transaction e-receipt}
16
17. Prototype Overview
• In our prototype, the platform integrity storage is realized by a
software TPM. Specifically, Trusted Java is used to provide the TCG
Software Stack (TSS).
• Different platforms were developed to act as a mobile device, a
financial service provider, a POS terminal, and a TC service provider,
respectively.
17
18. Performance Evaluation
• We only evaluated the performance of payment transactions
including the integrity attestation operations.
• The measured time includes the time of the TPM operations, the
measurement time, the verification time and the overhead.
– A whole payment transaction without SSL may cost only 2.70s — even
with 100 concurrent transactions to the same financial service server.
• We similarly evaluated our enhanced payment scheme using an IBS.
Similar performance is achieved.
18
19. Related Work
• M-payment security has been studied extensively in the literature.
– security requirements of mobile payments
– biometric-enabled payment system
– solutions considering the restrictions of mobile networks
– ……
• Another line of work focuses on securing e-wallets.
– A generalization of e-wallets to enable account-based payments.
– Ebringer et al. propose a parasitic authentication, thus offering security for
handheld computers
– ……
• Molar et al. provide a secure RFID solution with remote attestation.
They fully use TC technologies to secure RFID.
• Platform integrity measurement and attestation mechanisms
– IBM IMA
– Property-based, Semantic-aware, Behavior-based attestation
19
20. Conclusion
• We proposed a secure mobile payment scheme using
trusted computing (TC) technology. In our proposed
architecture we presented a platform integrity protection
solution for mobile payment via NFC.
• Our scheme addresses the unresolved security
challenges of mobile payment, including platform integrity
verification and user privacy protection.
• In order to improve the efficiency, flexibility and
performance of our payment scheme, we proposed two
enhanced payment schemes, utilizing an IBS scheme and
an attestation cache.
• The experimental results show that our scheme is efficient
and effective to achieve the security target.
20
21. Problems and Ongoing Work
• Platform integrity measurement
– Existing solution are not practical
• Either trust all components, or trust some untrusted components
– Representing of platform integrity measurement
• Static/loadtime measurement only
• Our ongoing work:
– Efficient IM and attestation for mobile phone devices
– Leverage some unique properties of phone systems and business model
– Leverage integrity models: Biba, Clark-Wilson, LOMAC, SEIM, etc
• To reduce measured components
• But still preserve the attestation assurance
• Via mandatory access control in OS level for information flow monitoring
– Virtualization on mobile devices
• Virtualogix, Trango, OpenKernel, etc.
21