Credential Management for Cloud Computing

Transcription

1 Credential Management for Cloud Computing Workshop Cloud Security, Dr. Johannes Luyken Page 1

2 Security breaches increase in their impact by exploiting online access to confidential data that is centrally stored Recent attacks target central Hubs storing Customer data Financial data Access credentials More incidents Higher variety Attacks become increasingly sophisticated Social engineering (e.g. s pear phishing) Trojans, malware etc. Impacts increase For example: >75m data sets stolen from Sony including financial data 1.5m credit card data (MC, Visa) stolen from payment provider Global Payments Page 2

3 Cloud Security: Framework TRANSACTIONS CONNECTIVITY USER DOMAIN SERVICE DOMAIN MOBILITY IDENTITY TRUST AND SECURITY CLIENT SIDE ELEMENTS DEVICE SOFTWARE DATA MANAGE- MENT PERSO- NALIZATION MOBILE DEVICE LIFECYCLE MANAGE- MENT SERVER SIDE Cloud Security Building blocks Page 3

4 Security Building Blocks Secure Elements Our Secure Elements are the VAULTS of your mobile service solutions Data management and Personalization Securely personalizing your service applications on multiple devices and multiple channels MOBILE DEVICE SOFTWARE LIFECYCLE MANAGEMENT ELEMENTS DATA MANAGEMENT PERSONALIZATION Device Software Establishing the connection between the user and your mobile service Secure Device Lifecycle Management State-of-the-art lifecycle management solutions for your Secure Elements and Service Applications A B Page 4

5 Secure Environments for Cloud Cloud Security Threats Data control Data location Data deletion Data Integrity Privacy Cloud Provider Secure Environment Page 5

6 Privacy by design for Cloud applications Encryption is the key element for privacy in the cloud Different encryption schemes Symmetric Asymmetric (PKI) Different encryption implementation At Cloud provider At third party At the access device Encryption can be made very powerful, but what about the keys? Adequate key handling needed to guarantee privacy Secure Environments Page 6

7 A family of Secure Environments (SE) for Secure Cloud Embedded SE SIM Token ID-Card Trusted Execution Environment NFC MicroSD Page 7

8 Secure device management solutions ensure full service flexibility over the entire device lifecycle MOBILE DEVICE SOFTWARE LIFECYCLE MANAGEMENT ELEMENTS DATA MANAGEMENT PERSONALIZATION SIM / Device Management Managing SIM cards and mobile devices over their entire lifetime NFC / TSM Trusted Service Management for service applicationson different multi-service secure elements Subscription Management / M2M Secure M2M communication (car, home) and dynamic SIM personalization A B Secure Authentication Secure Trusted Execution Environment (TEE) Lifecycle and Service Management TEE Page 8

9 Securing mobile life. Dr. Johannes Luyken Innovation Management Thank you for your attention Secure Devices Mobile Security Giesecke & Devrient GmbH Prinzregentenstrasse Munich, GERMANY Telephone Secure Environments for Cloud Computing Dr. Johannes Luyken 6th Banrisul International IT Forum, June 6 th 2013 Page 9

10 High-level personalization flow for Secure Elements MOBILE DEVICE SOFTWARE LIFECYCLE MANAGEMENT ELEMENTS DATA MANAGEMENT PERSONALIZATION Card body Card Commercial Banks and Transit Account data Input data Input Data reception SIM Data Preparation Data Generation Branch MNO Card Management System Output data Data routing Card / SE Personalizatio n G&D High Security Domain POS OEM Back end System Carrier Personalizatio n Fulfilment Shipment Car Home Mobile Transit Data Processing Systems G&D Security Domain Page 10

11 Credential Management:Subscription Mgt Page 11

12 Comparison between Secure Element and TEE SE Dedicated security chip with specific software Protects against all known HW and SW attacks, Certifications Limitations on number of applications and performance OS based and part of application processor of mobile device Protects against all known SW attacks, Does not offer HW tamper resistance Enabling a security layer on top of peripherals (e.g. display, keypad) SE Protects device and peripherals and applications the solution for scenarios with significant threat potential, such as mobile banking for everything beyond small amounts Page 12