protection of taximeter data by secure elements
play

Protection of Taximeter Data by Secure Elements Jrg Wolff - PowerPoint PPT Presentation

Dec 18, 2022 •31 likes •261 views

PTB-Workshop on Protection of Measurement Data in Legal Metrology and Related Challenges, 30.11.-01.12.2011, PTB Berlin Protection of Taximeter Data by Secure Elements Jrg Wolff Physikalisch-Technische Bundesanstalt (PTB)

  1. PTB-Workshop on “Protection of Measurement Data in Legal Metrology and Related Challenges”, 30.11.-01.12.2011, PTB Berlin Protection of Taximeter Data by Secure Elements Jörg Wolff Physikalisch-Technische Bundesanstalt (PTB) joerg.wolff@ptb.de

  2. Outline ● Motivation ● How to Protect Taximeter Data? ● INSIKA Solution ● Why Secure Elements? ● Outlook Jörg Wolff, Protection of Taximeter Data by Secure Elements 2

  3. Motivation: Protection of Taximeter Data different approaches in Greece, ● Belgium, Netherlands, Poland, Czech Republic,... (fiscal memories, fiscal taximeter, OTP, GPS,...) taximeter: type approval required, ● 2004/22/EC “Measurement Instruments Directive” (MID) → protection of taximeter data ● without touching the MID type approval 2004/22/EC “MID” Jörg Wolff, Protection of Taximeter Data by Secure Elements 3

  4. Protection of Taximeter Data in Germany letter of the German Ministry of ● Finance (BMF) from Nov. 2010 taxi companies should provide ● data of every trip and shift in electronic format Hamburg and Berlin support ● pilot tests, Hamburg supports equipment for every cab collaboration with Tesymex UG ● and HALE GmbH increasing interest of taxi ● companies BMF letter from Nov. 2010 Jörg Wolff, Protection of Taximeter Data by Secure Elements 4

  5. Taximeter Environment Roof Sign Taximeter Add. Taxi Printer Tariff Unit * Seat Sensor MI-007 Signal Generator „Core“ Taximeter * / Control Unit Communicat. Interface … Regulations touching Taximeters: ● * MID 2004/22/EC incl. Annex MI-007 for Taximeter ● WELMEC ● OIML R 21 (2007) Taximeters ● CENELEC EN 50148 ● CAN CiA 447-3 ● national regulations (Germany: EO 18-2, PTB-A 18.21, Eichgesetz, PBefG, BOKraft, ...) Jörg Wolff, Protection of Taximeter Data by Secure Elements 5

  6. System Concept I: Plain/Insecure Wireless Link Taximeter GPRS Modem Cab Mobile Network Operator Taxi Data Center Company → no protection from alterations → no assignment to origin Jörg Wolff, Protection of Taximeter Data by Secure Elements 6

  7. Taximeter Stakeholders Passenger Garage Taxi Driver Service Taximeter Taxi Service Company Taximeter Taximeter Company Verification Service Certification Auditing Body Instance ● taximeter data = turnover data: cost of tampering << revenue from tampering ● taxi drivers, taxi companies and allied under general suspicion Jörg Wolff, Protection of Taximeter Data by Secure Elements 7

  8. Taximeter Data, as defined in MID, Annex MI-007 4. A taximeter shall be able to supply the following data through an appropriate secured interface(s) : - operation position : "For Hire", "Hired" or "Stopped"; - totaliser data according to paragraph 15.1; - general information : (…) - fare information for a trip : total charged, fare, calculation of the fare, supplement charge, date, start time, finish time, distance travelled; - tariff(s) information : parameters of tariff(s).  no demand on interface or data format Jörg Wolff, Protection of Taximeter Data by Secure Elements 8

  9. Security Properties for Taximeter Data  Integrity protection from modifications  Authenticity primary prove of origin  Non-Repudiation protected assets cannot be repudiated  Confidentiality protection from eavesdropping secondary  cryptographic technology can assure all security properties (other security properties: availability, etc.) Jörg Wolff, Protection of Taximeter Data by Secure Elements 9

  10. Asymmetric Cryptography: Digital Signatures Algorithm Examples: A: Signing B: Verification ● RSA Signatures CD 04 20 10 02 28 CE 02 CD 04 20 10 02 28 CE 02 23 59 C6 09 6F 70 65 72 23 59 C6 09 6F 70 65 72 Data ● Digital Signature 61 74 6F 72 35 C7 14 5E 61 74 6F 72 35 C7 14 5E F0 13 F1 A1 F3 3B 00 FB F0 13 F1 A1 F3 3B 00 FB 18 00 9B BC 51 63 8B 36 18 00 9B BC 51 63 8B 36 Algorithm (DSA) 4C 6E 28 C8 02 03 D2 E1 4C 6E 28 C8 02 03 D2 E1 11 D8 03 04 49 1C D9 02 11 D8 03 04 49 1C D9 02 49 9C DA 02 71 7C DB 02 49 9C DA 02 71 7C DB 02 ● Elliptic Curve Digital 19 00 E2 0C D8 02 47 2C 19 00 E2 0C D8 02 47 2C DA 02 03 1C DB 02 07 00 DA 02 03 1C DB 02 07 00 Signature Algorithm (ECDSA) Hash Value 5E F0 13 F1 A1 F3 3B 00 5E F0 13 F1 A1 F3 3B 00 FB 18 00 9B BC 51 63 8B FB 18 00 9B BC 51 63 8B 36 4C 6E 28 36 4C 6E 28 PrivKey A PubKey A valid / invalid Signature Signature 47 40 88 BA D5 4D B9 48 47 40 88 BA D5 4D B9 48 5C 93 19 29 F3 0B 54 C7 5C 93 19 29 F3 0B 54 C7 28 9E C2 6C F0 F1 2A C2 28 9E C2 6C F0 F1 2A C2 75 70 42 A4 42 E0 8D B1 75 70 42 A4 42 E0 8D B1 A4 0A 88 27 2E C8 4C E4 A4 0A 88 27 2E C8 4C E4 8D 33 B1 32 35 75 12 19 8D 33 B1 32 35 75 12 19 B calculates hash value of A calculates hash value data and can verify the [x] Integrity of data and signs using signature by the use of A's the private key [x] Authenticity (PrivKey A ) public key (PubKey A ) [c] Non-Repudiation [ ] Confidentiality Jörg Wolff, Protection of Taximeter Data by Secure Elements 10

  11. INSIKA Solution: End-to-End Security Taximeter Security GPRS Box Modem Signing Cab Mobile Network Operator Auditing Taxi Instance Company Data Center Signature Verification Jörg Wolff, Protection of Taximeter Data by Secure Elements 11

  12. INSIKA Solution INSIKA ● integrated security solution for cash registers & measuring instruments Intention ● sign data of cash registers and taximeters by secure elements Demands ● error-free operation, trust of the users in the solution, long term protection (up to 10 years) Kerkhoffs's principle ● INSIKA Smart Card security of a crypto-system depends on secrecy of keys only, not on secrecy of the algorithm Environment ● developed for environments where cost of tampering << revenue from tampering Jörg Wolff, Protection of Taximeter Data by Secure Elements 12

  13. INSIKA Profile for Taximeters ● profiles for cash registers and taximeters ● digital signatures (ECDSA) & sequence numbers ● special smart card software-package ● smart cards personalised to VAT-ID of taxi company ● certificates and smart cards issued by INSIKA Smart Card a trust centre (PKI) ● other secure elements feasible Jörg Wolff, Protection of Taximeter Data by Secure Elements 13

  14. Secure Elements ● hardware based security ● secure environment: ability to protect data (e.g. private key) on a high level ● costs for readout of protected data (e.g. one particular private key) >> revenue from readout ● resistance against many side channel attacks (SPA, DPA, Timing,..) ● available as certificated hard- & software (up to CC EAL 4..5+..) ● most secure elements are smart card based components Images: Oberthur Technologies, Giesecke & Devrient, Infineon Jörg Wolff, Protection of Taximeter Data by Secure Elements 14

  15. Applications of Smart Cards Subscriber Identity Modules (SIM), ● [SIMalliance members shipped 3.9 billion SIM cards in 2010] payment cards: EMVCo ● (American Express, JCB, MasterCard and Visa) [1.4 billion cards used worldwide, except USA] new German identity card new German identity card ● passports (MRTD - machine ● readable travel documents), new German health card ● signature cards ● new German health card electronic passport Images: Giesecke & Devrient, Gematik, Federal Ministry of the Interior of Germany Jörg Wolff, Protection of Taximeter Data by Secure Elements 15

  16. INSIKA Solution: Open Interfaces Taximeter Interface (proprietary, MID data) Taximeter Security GPRS Box Modem MI-007 RESTful INSIKA INSIKA Signature Cab Interface Interface INSIKA XML Export Interface Mobile Network Operator Auditing Taxi Instance Company Data Center open interfaces, based on standards, independent from manufacturers, freely available (http://insika.de/) Jörg Wolff, Protection of Taximeter Data by Secure Elements 16

  17. Open Interfaces: INSIKA Signature Interface Application TIM Spec. ISO 7816 1-4 ISO/IEC 7816 1-4 standard for ● smart cards defines physical layer up to ● application layer TIM interface adds 4 commands ● on application level master-slave, “T=1” protocol ● Jörg Wolff, Protection of Taximeter Data by Secure Elements 17

  18. Open Interfaces: RESTful INSIKA Interface  open interface - allows change of data center  REST = Representational State Transfer  simple webservice  HTTP/HTTPS protocol and clearly defined methods, URIs and status codes  transfer of XML messages in body: <?xml version="1.0" encoding="ISO-8859-1"?> <insika xmlns="http://insika.de/msg"> <transactionEncoded> <itemListEncoded profile="taxi">sAEAsgIBDL0EIBEQBr4CFBE= </itemListEncoded> <transactionRequest>zQQgERAGzgIUE8YFNDAwMDHHFO/o11PEPlnlHT 6ucNs2z1rch0niyAID0uIL2AIBDNoBHNsCBwA=</transactionRequest> <transactionResponse>xA9JTlNJS0FfVEVTVF9QVELFAQjLAQGeMF9EuXi SieiyGr44FMEzW7q7X2Cf78CD64x6Ovcoa6evwWFC5hSqmLKebj95d8+28g== </transactionResponse> </transactionEncoded> </insika> Jörg Wolff, Protection of Taximeter Data by Secure Elements 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer ,

Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer ,

Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer , Pramod Jamkhedkar, Yu-Yuan Chen and Ruby B. Lee Princeton University WORCS 2012 July 25, 2012 contact: szefer@princeton.edu Data Centers as

686 views • 36 slides
Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program

Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program

Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program Empower users with the Secure critical data assets, ability to use new protect data confidentiality, and technologies while managing minimize

329 views • 4 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations &amp; guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 &amp; PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
MASH co-locates safeguarding agencies and their data into a secure assessment, research, and

MASH co-locates safeguarding agencies and their data into a secure assessment, research, and

MASH Streamlined referral processes, comprehensive information collation, timely service provision, increased protection = Better Outcomes MASH co-locates safeguarding agencies and their data into a secure assessment, research, and

375 views • 13 slides
Basic elements Esch-sur-Alzette Carmen Schanck 4 September 2018 Legal Department Outline 1.

Basic elements Esch-sur-Alzette Carmen Schanck 4 September 2018 Legal Department Outline 1.

CNPD Course: Data Protection Basics Basic elements Esch-sur-Alzette Carmen Schanck 4 September 2018 Legal Department Outline 1. Introduction 2. Basic elements 3. The rights of data subjects 4. The obligations of controllers and processors

965 views • 83 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
Data Protection &amp; Availability Kaushal Devater Data Protection &amp; Availability Discipline

Data Protection &amp; Availability Kaushal Devater Data Protection &amp; Availability Discipline

Plan &amp; Deploy Data Protection &amp; Availability Kaushal Devater Data Protection &amp; Availability Discipline Lead - RDC Planning &amp; Deploy Data Protection &amp; Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
Improving Security of Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements A

Improving Security of Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements A

Improving Security of Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements A Position Paper Raja Naeem Akram 1 , Pierre-Franois Bonnefoi 2 , Serge Chaumette 3 , Konstantinos Markantonakis 4 and Damien Sauveron 2 1 Department of

589 views • 24 slides
Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection Defending Privacy Empowerment Protection Transparency Firms must always Informed consent secure personal data Consumer law Empowerment Protection

543 views • 10 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
Data Elements: Bridging Clinical &amp; Research Data HCS Research Collaboratory Grand Rounds

Data Elements: Bridging Clinical &amp; Research Data HCS Research Collaboratory Grand Rounds

Data Elements: Bridging Clinical &amp; Research Data HCS Research Collaboratory Grand Rounds December 6, 2013 Rachel Richesson, PhD Associate Professor Duke University School of Nursing Outline Definitions and sources for data elements

610 views • 46 slides
Michigan Wellhead Protection Program Seven Elements of WHPP 1) Roles and Responsibilities :

Michigan Wellhead Protection Program Seven Elements of WHPP 1) Roles and Responsibilities :

Michigan Wellhead Protection Program Seven Elements of WHPP 1) Roles and Responsibilities : identify WHPP team 2) Wellhead Protection Area (WHPA): delineate Wellhead Protection Area (WHPA): delineate the area that contributes groundwater to wells

926 views • 37 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
Malwares in Cyber Space Threat landscape, Emerging trends, Solutions and Challenges Atul

Malwares in Cyber Space Threat landscape, Emerging trends, Solutions and Challenges Atul

Malwares in Cyber Space Threat landscape, Emerging trends, Solutions and Challenges Atul Kabra, Solutions Architect CyberSpace The good, the bad and the ugly Internet is an unsafe neighborhood right in your office space

257 views • 12 slides
Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA

Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA

S6349 - XMP LIBRARY INTERNALS Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA Accelerated Big Integer Library High Performance Modular Exponentiation A^K mod P Where A, K and P are hundreds to thousands

737 views • 24 slides
Towards Tightly Secure Lattice Short Signature and Id-Based Encryption Xavier Boyen Qinyi Li

Towards Tightly Secure Lattice Short Signature and Id-Based Encryption Xavier Boyen Qinyi Li

Towards Tightly Secure Lattice Short Signature and Id-Based Encryption Xavier Boyen Qinyi Li QUT Asiacrypt16 2016-12-06 1 / 19 Motivations 1. Short lattice signature with tight security reduction w/o ROs. Techniques Short Sig? Tight

712 views • 47 slides
Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering July 2014 DNS Main Components Server Side: Authoritative Servers Resolvers (Recursive Resolvers, cache) Client Side: Stub resolvers

429 views • 30 slides
Defeating TLS client authentication using fault attacks Who are we ? R&amp;D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&amp;D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&amp;D dept. @ Security Evaluation Kudelski Security Lab @ Kudelski IoT Embedded systems Hardware attacks security research Glitch / EM Reverse

889 views • 51 slides
Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks Konstantinos Markantonakis, Michael Tunstall, Keith Mayes Dr Konstantinos Markantonakis (BSc, MSc, MBA, PhD) K.Markantonakis@rhul.ac.uk

509 views • 15 slides
DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH,

DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH,

DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH, Cedric DUMONDELLE, Willy SUSILO Institute of Cybersecurity and Cryptology University of Wollongong http://www.uow.edu.au/ thomaspl

458 views • 22 slides
Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash

Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash

Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash algorithms NIST SHA-3 Competition MD6 Algorithm and Mode of Operation Research Objective Approach Introduction to hash algorithms Hash

454 views • 14 slides

More recommend