Mobile Security a secure ecosystem for connected devices

Transcription

1 Giesecke & Devrient Mobile Security a secure ecosystem for connected devices VDE Kolloquium Münchner Dr. Kai Grassie CTO München, May 2012

2 Contents Giesecke & Devrient who we are The IKT industry gets mobile Security Threats in IKT Trusted execution environments Future trends 2

3 Giesecke & Devrient From Printing Banknotes to High-Tech Security Solutions Mobile Security Government solutions Cards for payment and telecommunications Banknote processing Banknote and security paper Banknote and security printing

4 The IKT Industry gets mobile 4

5 Convergence in the IKT Industry at work at home productivity UWB Ethernet entertainment DWB cellular hotspots on the move create a seamless environment for the user 5 NFC BT NFC BT mobile

6 Smartphone Shipments will exceed Desktops PCs & Notebooks E: Expected Inflection Point Smartphones > Total PCs Global Unit Shipments (in Mill) Notebook PC s Desktop PC s Smartphones Source: Morgan Stanley E 2011E 2012E 2013E

7 Secure Applications migrate into Smartphone Loyalty Payment Physical Access Communicate Pay Content Download Identify Transact Ticketing DRM Device Configuration 7 Identity Management

8 Market potential: mcommerce & Financial Services Mobile Financial Services TAV >587 bn$; user >939 m Banking TAV >565 bn$; user >816 m Bill Payment Funds Transfer Account Management and Customer Service Financial Information Services Payment TAV >22 bn$; user >204 m Remote Payment Physical Payment (NFC based, TAV =12bn$, 52m users) Mobile Commerce TAV >124 bn$; user >2 bn Ticketing Mobile Search Transport Web / local On / off portal TAV >45 bn$; user>278m Railways, buses Air travel Parking, tolls Event Theatre, musik Sports Retail Service TAV >20 bn$; user >132m Vending Online TAV >3bn$ Entertainment TAV >56bn$ Infotainment UGC Mobile TV Music Games Adult Gambling Source: Juniper Research, various market analysis ; * assumption G&D/NB3 8

9 Security threats in IKT 9

10 Threats while using the Internet increase dramatically Phishing successful 5-10% of the time ID Theft costs user $500 and 30 hours per incident (US FTC) Increased numbers of active phishing sites in June 07 Man-in-the middle attacks Hijacking Rerouting DNS Spoofing 70% of users would trade their password for chocolate $ in remote payment fraud Password sniffers Liability can be shifted to issuing banks how will they pass-on the losses? Pharming Phishing Crack once, use everywhere Yahoo = Lotus? Bank = AOL? 10 Demonize-T Trojan horse forwards password keystrokes to hacker websites

11 The Development of Threats New attacks simply wait until authentication process has been completed: username / password PKI device internet OTP device Server The application / the browser is the new target: Malware infects the browser/app (exploiting default interfaces) Mobile as authentication device After the authentication the malware takes control of the browser and performs own operations in the name of the legitimate user The malware displays to the user what he expects to see, not what is really happening 11

12 Multifactor Authentication Methods A Paradigm of the Past Barrier to Entry / Complexity / Cost Biometrics (Biological) Biometrics (Behavioral) Smart Card (PKI) OTP Token / EMV Soft Token Out-of-Band Authentication Knowledge-Based Authentication Adaptive Authentication Password Lightweight OTP Advanced Password Assurance Strength 12

13 Trusted Execution Environments 13

14 TEE (MobiCore ) the glue between Hardware and Apps Applications Mobile Payment Mobile Banking Mobile Ticketing Mobile Visa MobiCore 14 Mobile Health Services Mobile Public Services

15 Backend Solutions for Trusted Mobile Services Application Processor Service Provider G&D Trusted Service MgtG&D MNO Server SW & Services Personalisation Application Management Lifecycle Management Maintenance 15

16 Future trends 16

17 Some future trends Accessing the Cloud Web Services & In-Car Internet Road Billing M2M Intelligent Car Routing and Navigation Traffic info and web cams (Location based) web information Fleet Management GPS Street Parking Parking Slots Reservation Social nets / distrib. identities 17 Inter Car Communication Contactless Gas Station Smart Grid Mobile TV

18 our opportunities in securing the connected future Applications Mobile Payment Mobile Banking Mobile Mobile Visa Ticketing Mobile Health Services Mobile Public Services Location based web info Digital content GPS based road tolling GPS based Fleet parking manageme nt Value Creation Secure Elements, Software & Services 18

19 Thank You 19