Giesecke & Devrient Mobile Security a secure ecosystem for connected devices 22.04.2010 VDE Kolloquium Münchner Dr. Kai Grassie CTO München, May 2012
Contents Giesecke & Devrient who we are The IKT industry gets mobile Security Threats in IKT Trusted execution environments Future trends 2
Giesecke & Devrient From Printing Banknotes to High-Tech Security Solutions Mobile Security Government solutions Cards for payment and telecommunications Banknote processing Banknote and security paper Banknote and security printing 1852 3 1964 1977 2012
The IKT Industry gets mobile 4
Convergence in the IKT Industry at work at home productivity UWB Ethernet 802.11 entertainment DWB cellular 802.11 802.11 hotspots on the move create a seamless environment for the user 5 NFC BT 802.11 NFC BT mobile
Smartphone Shipments will exceed Desktops PCs & Notebooks 700 2012E: Expected Inflection Point Smartphones > Total PCs Global Unit Shipments (in Mill) 600 500 400 300 200 100 0 2005 Notebook PC s Desktop PC s Smartphones Source: Morgan Stanley 6 2006 2007 2008 2009 2010E 2011E 2012E 2013E
Secure Applications migrate into Smartphone Loyalty Payment Physical Access Communicate Pay Content Download Identify Transact Ticketing DRM Device Configuration 7 Identity Management
Market potential: mcommerce & Financial Services Mobile Financial Services TAV >587 bn$; user >939 m Banking TAV >565 bn$; user >816 m Bill Payment Funds Transfer Account Management and Customer Service Financial Information Services Payment TAV >22 bn$; user >204 m Remote Payment Physical Payment (NFC based, TAV =12bn$, 52m users) Mobile Commerce TAV >124 bn$; user >2 bn Ticketing Mobile Search Transport Web / local On / off portal TAV >45 bn$; user>278m Railways, buses Air travel Parking, tolls Event Theatre, musik Sports Retail Service TAV >20 bn$; user >132m Vending Online TAV >3bn$ Entertainment TAV >56bn$ Infotainment UGC Mobile TV Music Games Adult Gambling Source: Juniper Research, various market analysis 2007-2008; * assumption G&D/NB3 8
Security threats in IKT 9
Threats while using the Internet increase dramatically Phishing successful 5-10% of the time ID Theft costs user $500 and 30 hours per incident (US FTC) Increased numbers of active phishing sites 27000 in June 07 Man-in-the middle attacks Hijacking Rerouting DNS Spoofing 70% of users would trade their password for chocolate $5.000.000.000 in remote payment fraud Password sniffers Liability can be shifted to issuing banks how will they pass-on the losses? Pharming Phishing Crack once, use everywhere Yahoo = Lotus? Bank = AOL? 10 Demonize-T Trojan horse forwards password keystrokes to hacker websites
The Development of Threats New attacks simply wait until authentication process has been completed: username / password PKI device internet OTP device Server The application / the browser is the new target: Malware infects the browser/app (exploiting default interfaces) Mobile as authentication device After the authentication the malware takes control of the browser and performs own operations in the name of the legitimate user The malware displays to the user what he expects to see, not what is really happening 11
Multifactor Authentication Methods A Paradigm of the Past Barrier to Entry / Complexity / Cost Biometrics (Biological) Biometrics (Behavioral) Smart Card (PKI) OTP Token / EMV Soft Token Out-of-Band Authentication Knowledge-Based Authentication Adaptive Authentication Password Lightweight OTP Advanced Password Assurance Strength 12
Trusted Execution Environments 13
TEE (MobiCore ) the glue between Hardware and Apps Applications Mobile Payment Mobile Banking Mobile Ticketing Mobile Visa MobiCore 14 Mobile Health Services Mobile Public Services
Backend Solutions for Trusted Mobile Services Application Processor Service Provider G&D Trusted Service MgtG&D MNO Server SW & Services Personalisation Application Management Lifecycle Management Maintenance 15
Future trends 16
Some future trends Accessing the Cloud Web Services & In-Car Internet Road Billing M2M Intelligent Car Routing and Navigation Traffic info and web cams (Location based) web information Fleet Management GPS Street Parking Parking Slots Reservation Social nets / distrib. identities 17 Inter Car Communication Contactless Gas Station Smart Grid Mobile TV
our opportunities in securing the connected future Applications Mobile Payment Mobile Banking Mobile Mobile Visa Ticketing Mobile Health Services Mobile Public Services Location based web info Digital content GPS based road tolling GPS based Fleet parking manageme nt Value Creation Secure Elements, Software & Services 18
Thank You 19