SlideShare a Scribd company logo

New Science Transaction Security Journal

UL
UL

Technology is transforming transactions — offering greater ease, speed and mobility — but also creating potential security risks. New Science is working to safeguard innovation and protect transactions. Inside this journal: Brand Test Tool, Smart Wave Box, TSM Test Suite, Vulnerability Analysis About New Science Journals: This journal is part of New Science, dedicated to showcasing how UL is advancing and innovating safety in our fast changing world through the demonstration of fundamental discovery, testing methodologies and equipment, procedures, software and standards. Inside this journal: Air Quality Databases, Paint and VOCs, Semi-VOCs, Environmental Chamber To Go About New Science Journals: This journal is part of New Science, dedicated to showcasing how UL is advancing and innovating safety in our fast changing world through the demonstration of fundamental discovery, testing methodologies and equipment, procedures, software and standards.

1 of 14
Download to read offline
NEW SCIENCE Transaction Security JOURNAL ul.com/newscience
NEW CHALLENGES CALL FOR NEW SCIENCE Progress is an unstoppable, transformative force. New technologies, product advances and globalization are arriving one on top of another at a dizzying pace. Innovation makes us more efficient, more productive and more connected. But there is a cost, and that cost is risk. To help mitigate the emerging risks, UL is developing New Science. Through fundamental discovery, testing methodologies and equipment, procedures, software and standards, UL is creating new and important ways to make the world safer.
Transaction Security OVERVIEW UL Transaction Security is advancing into new and important areas to better enable safe, efficient and seamless delivery. For mobile payments and chip and PIN technologies, UL is innovating new techniques and tests to provide greater reliability, security and interoperability. We also continuously develop aggressive attack approaches, utilizing advanced statistical analyses on cryptographic algorithms. Understanding how to get past a system’s security allows us to identify effective countermeasures and to stay ahead of the hackers. UL is also part of the Biometric Alliance Initiative, helping define regulatory and proprietary compliance requirements and producing test specifications to facilitate complete user acceptance of this technology in the fields of wireless communication, payment applications and security. TRANSACTION SECURITY JOURNAL 3
Vulnerability analysis BRAND test tool smartwave box tsm test suite
context The direct costs associated with global consumer hacking are calculated at $110 billion over the past 12 months.1 It is a massive issue for the individuals targeted as well as for financial institutions and governments. Advanced smart cards that use chip and PIN technology are not immune to the predations of hackers. Maintaining the cryptographic security of the smart credit and debit cards that carry this technology is critical to protecting individuals and to promoting the adoption of more advanced mobile payment technologies. The UL Security Lab is focused on staying one step ahead of hackers in order to help protect the security of transactions. What did UL do? UL uses advanced simulation to test chip security on credit cards by subjecting chips to multiple types of attacks. Specifically, we examine whether the cryptographic algorithm implementations achieve a high standard of security. This requires us to continually monitor the latest scientific advances in the field of cryptographic security and stay on top of the most recent attack techniques and the corresponding countermeasures. We do this to assess the cryptographic algorithms executed on smart cards and secure devices. UL researchers and scientists use observation techniques from the collection of physical signals during the cryptography execution or innovative fault-induction attacks. The aim is to malevolently extract the confidential information from the secure device or to compromise the defenses of the secure application. The UL Security Lab is focused on staying one step ahead of hackers in order to help protect the security of payment and other technologies. TRANSACTION SECURITY JOURNAL / VULNERABILITY ANALYSIS 5
To effectively attack sensitive application security, it is necessary to take into consideration the fact that the code is hardware-processed. Some attacks have been developed to take advantage of the physical aspect of the hardware processing, defeating the apparent robustness of specifications or designs. To investigate potential attacks, we employ two primary methods: • Observation analyses can use hardware to understand internal processing and potentially modify code execution, and it can result in the disclosure of confidential data through analysis of inevitable hardware leakages. • Fault-injection attacks take advantage of errors induced during a code execution in order to reveal secrets or to change the device behavior to mitigate the security. For these attacks, the most advanced techniques are being used to stress the robustness of a secure code. Innovative techniques such as laser systems can be used to stress a secure chip with the highest level of accuracy and power. Every day, UL develops new ways to attack and defeat security. We use these techniques on smart cards, terminals and mobile phones. Hackers will continue to find ways to breach security. Our work is to get there first so we can help financial institutions develop effective countermeasures. IMPACT UL is working with most of the large banks, credit card companies and standards agencies, and is playing an important role in facilitating the adoption of chip and PIN technology in the U.S. and in advanced mobile technologies globally. Hackers will continue to find ways to breach security. Our work is to get there first so we can help financial institutions develop effective countermeasures. TRANSACTION SECURITY JOURNAL / VULNERABILITY ANALYSIS 6
Vulnerability analysis Brand test tool smartwave box tsm test suite
context Consumers expect their credit or debit cards to work wherever they are and whenever they need them: in stores and restaurants at the point of sale, at ATMs and online. UL researchers recently developed an innovative Brand Test Tool to make it easier and more efficient for financial organizations to provide trouble-free transactions within their entire payment infrastructures. What did ul do? UL developed a unique testing device that enables terminal acquirers and vendors to validate the payment brand testing of their Europay, MasterCard, Visa terminals at a POS or an ATM. Brand testing is a vital component of the overall certification process. Its core purpose is to validate payment brand compliancy of EMV terminals. These brands include associations such as Visa, MasterCard and American Express, as well as domestic scheme operators such as Interac in Canada and Hipercard in Brazil. The Brand Test Tool automates the required tests, enabling a shorter time to market and allowing a user to determine that a terminal is EMV-compliant and payment With the proliferation of credit association-certified.2 and debit cards as well as POS/ATM devices around the world, interoperability is a significant Why It Matters and growing requirement. With the proliferation of credit and debit cards as well as POS/ATM devices around the world, interoperability is a significant and growing requirement. If interoperability is not reliable, there is a risk that the customer’s card will not be accepted, which will impact both customer satisfaction and loyalty. IMpact The Brand Test Tool enables a terminal to be tested within the environment of use and within the brand settings that will be used in the field. More important, the Brand Test Tool can detect interoperability issues before new terminals are released in the field. This creates greater efficiencies, minimizes system errors, saves money in the long term and delivers a more reliable process when the terminals go live.3 TRANSACTION SECURITY JOURNAL / BRAND TEST TOOL 8
Vulnerability analysiS BRAND test tool smartwave box tsm test suite
context Contactless smart chip technology is rapidly coming into use globally in a wide range of applications. This includes delivering fast, secure transactions with credit and debit cards as well as transit fare payment cards. It encompasses protecting personal information on government and corporate identification cards, electronic passports and visas. Contactless smart chip technology improves speed, convenience and security but is a highly complex technology, particularly regarding implementation. Testing is crucial to show that contactless smart cards, e-identification documents and terminals/readers work correctly and reliably. What did ul do? UL researchers in Europe recently developed an innovative hardware device that functions as a complete testing tool. The SmartWave Box reads and simulates contactless smart cards and e-identification documents. The Box also analyzes the communication between a contactless card and a terminal or reader. 09 93 05 9 With its various modes of operation, the SmartWave Box is the most versatile tool 40 50 05930 04 44050 03 0 09 0593 available today for contactless testing. The Box can operate in active, passive or 22 23 303 00 0202303 04 00 4050 10 0 2 001 10 0 intercept mode in order to allow stakeholders to spy on and analyze the communication between a smart card and a terminal. The Box can also simulate all the interactions across the relevant infrastructure players. In both cases, the SmartWave Box identifies interoperability and security issues prior to system implementation.4 The SmartWave Box reads and simulates contactless smart cards Why It Matters and e-identification documents. Contactless technology has the ability to revolutionize payments and identification, but the technology and its supporting infrastructure are complex. There are numerous stakeholders with differing needs and capabilities. With its innovative SmartWave Box, UL makes implementation smarter, more efficient and easier. IMpact The SmartWave Box is an easy-to-use tool that facilitates interoperability across a contactless infrastructure and reduces implementation costs by providing error detection during system development. In so doing, the SmartWave Box is paving the way for a migration to contactless technologies. TRANSACTION SECURITY JOURNAL / SMARTWAVE BOX 10
Vulnerability analysis Brand test tool smartwave box tsm test suite
context With the advent of mobile payments, consumers are using smart phones as virtual payment cards. It is imperative that interoperability and security be certified to link all the stakeholders that must cooperate as part of a near field communication ecosystem for mobile payments to work. What did ul do? UL developed first-of-its-kind research to simulate all the stakeholders in an NFC ecosystem so interoperability and security can be validated in advance of system rollout. The TSM Test Suite covers complete functional groups and checks compliance with GlobalPlatform Messaging Specifications and GP Card Specifications. The use of the Test Suite’s innovative built-in simulators allows dependencies to be solved during development. This innovation reduces time-to-market in the complex NFC/TSM infrastructure.5 38% 35 MILLION OF SMART PHONE USERS HAVE NFC ENABLED SMART PHONES PURCHASED SOMETHING USING THEIR PHONE 7 SHIPPED IN 2011 6 Why It Matters Mobile payments are the wave of the future, a natural extension of smart phone usage. But setting up systems to promote interoperability and security across the NFC ecosystem is complex and could hinder the growth and acceptance of mobile payments. IMpact The TSM Test Suite is a state-of-the-art tool that assists key audiences in the NFC ecosystem to determine the suitability of their mobile payments implementation by providing validation as well as simulation. For companies interested in participating in mobile payments, the Test Suite helps them determine that their infrastructure can connect to a TSM in a straightforward manner. TRANSACTION SECURITY JOURNAL / TSM TEST SUITE 12
sources 1 “2012 Norton Study: Consumer Cybercrime Estimated at $110 Billion Annually,” Press Release, 5 Sept. 2012, Web: 12 Oct.2012. http://www.symantec.com/about/news/release/article.jsp?prid=20120905_02. 2 “Collis Brand Test Tool,” Collis Sell Sheet. 3 “Collis Brand Test Tool,” Collis Sell Sheet. 4 “Collis SmartWave Box,” Collis Sell Sheet. 5 “Collis TSM Test Suite,” Collis Sell Sheet. 6 “The growth of mobile commerce: infographic,”Econsultancy, 4 Apr. 2012, Web: 12 Oct. 2012. http:// econsultancy.com/us/blog/9527-the-growth-of-mobile-commerce-infographic. 7 “Will m-commerce overtake e-commerce?” Bigcommerce, n.d., 12 Oct. 2012. http://www.bigcommerce. com/infographics/will-m-commerce-overtake-e-commerce/. TRANSACTION SECURITY JOURNAL / SOURCES 13
NEW CHALLENGES. NEW RISKS. NEW SCIENCE. WANT TO LEARN MORE? Download THE OTHER JOURNALS IN OUR NEW SCIENCE SERIES at UL.com/newscience NEWSCIENCE@UL.COM +1 847.664.2040 New Science Transaction Security cannot be copied, reproduced, distributed or displayed without UL’s express written permission. V.18. UL and the UL logo are trademarks of UL, LLC © 2012

Recommended

SmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologySmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologyOKsystem
 
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...IJRTEMJOURNAL
 
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - FinalTsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Finalsandhibhide
 
Nxtd
NxtdNxtd
NxtdRedChip Companies, Inc.
 
Report
ReportReport
ReportMassimo Salvato
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
SDI @ISCWest 2017: A Systems Integrator Perspective
SDI @ISCWest 2017: A Systems Integrator PerspectiveSDI @ISCWest 2017: A Systems Integrator Perspective
SDI @ISCWest 2017: A Systems Integrator PerspectiveDawn Nash Pfeiffer
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 

Recommended

SmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologySmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologyOKsystem
 
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...IJRTEMJOURNAL
 
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - FinalTsensors San Diego Sandhi Bhide - Nov 12-13 - Final
Tsensors San Diego Sandhi Bhide - Nov 12-13 - Finalsandhibhide
 
Nxtd
NxtdNxtd
NxtdRedChip Companies, Inc.
 
Report
ReportReport
ReportMassimo Salvato
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
SDI @ISCWest 2017: A Systems Integrator Perspective
SDI @ISCWest 2017: A Systems Integrator PerspectiveSDI @ISCWest 2017: A Systems Integrator Perspective
SDI @ISCWest 2017: A Systems Integrator PerspectiveDawn Nash Pfeiffer
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Smart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securitySmart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securityOKsystem
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyFIDO Alliance
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthrcnossen
 
Tap into NFC Showcase - Shanghai
Tap into NFC Showcase - ShanghaiTap into NFC Showcase - Shanghai
Tap into NFC Showcase - ShanghaiNFC Forum
 
Securing industrial and smart grid devices in a connected world webinar (final)
Securing industrial and smart grid devices in a connected world webinar (final)Securing industrial and smart grid devices in a connected world webinar (final)
Securing industrial and smart grid devices in a connected world webinar (final)gretchensimm
 
Smart Cards Evolution
Smart Cards EvolutionSmart Cards Evolution
Smart Cards EvolutionHometrack Australia
 
Building trust and Enabling innivation for voice enabled IOT
Building trust and Enabling innivation for voice enabled IOTBuilding trust and Enabling innivation for voice enabled IOT
Building trust and Enabling innivation for voice enabled IOTPriyanka Aash
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingHai Nguyen
 
Ascure session
Ascure sessionAscure session
Ascure sessionbvandennotelaer
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
Biometrics - The Key for Effective, Secure & Smart Identification
Biometrics - The Key for Effective, Secure & Smart IdentificationBiometrics - The Key for Effective, Secure & Smart Identification
Biometrics - The Key for Effective, Secure & Smart IdentificationIDEX ASA
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group
 
SecureMag 2015 :: Volume 7
SecureMag 2015 :: Volume 7SecureMag 2015 :: Volume 7
SecureMag 2015 :: Volume 7Chin Wan Lim
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 
InDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation FinalInDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation FinalRob Marano
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017Riaan Bellingan
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 

More Related Content

What's hot

Smart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securitySmart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securityOKsystem
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyFIDO Alliance
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthrcnossen
 
Tap into NFC Showcase - Shanghai
Tap into NFC Showcase - ShanghaiTap into NFC Showcase - Shanghai
Tap into NFC Showcase - ShanghaiNFC Forum
 
Securing industrial and smart grid devices in a connected world webinar (final)
Securing industrial and smart grid devices in a connected world webinar (final)Securing industrial and smart grid devices in a connected world webinar (final)
Securing industrial and smart grid devices in a connected world webinar (final)gretchensimm
 
Building trust and Enabling innivation for voice enabled IOT
Building trust and Enabling innivation for voice enabled IOTBuilding trust and Enabling innivation for voice enabled IOT
Building trust and Enabling innivation for voice enabled IOTPriyanka Aash
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingHai Nguyen
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
Biometrics - The Key for Effective, Secure & Smart Identification
Biometrics - The Key for Effective, Secure & Smart IdentificationBiometrics - The Key for Effective, Secure & Smart Identification
Biometrics - The Key for Effective, Secure & Smart IdentificationIDEX ASA
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group
 
SecureMag 2015 :: Volume 7
SecureMag 2015 :: Volume 7SecureMag 2015 :: Volume 7
SecureMag 2015 :: Volume 7Chin Wan Lim
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 
InDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation FinalInDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation FinalRob Marano
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 

What's hot (19)

Smart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securitySmart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant security
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
 
Tap into NFC Showcase - Shanghai
Tap into NFC Showcase - ShanghaiTap into NFC Showcase - Shanghai
Tap into NFC Showcase - Shanghai
 
Securing industrial and smart grid devices in a connected world webinar (final)
Securing industrial and smart grid devices in a connected world webinar (final)Securing industrial and smart grid devices in a connected world webinar (final)
Securing industrial and smart grid devices in a connected world webinar (final)
 
Smart Cards Evolution
Smart Cards EvolutionSmart Cards Evolution
Smart Cards Evolution
 
Building trust and Enabling innivation for voice enabled IOT
Building trust and Enabling innivation for voice enabled IOTBuilding trust and Enabling innivation for voice enabled IOT
Building trust and Enabling innivation for voice enabled IOT
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 
Ascure session
Ascure sessionAscure session
Ascure session
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
Biometrics - The Key for Effective, Secure & Smart Identification
Biometrics - The Key for Effective, Secure & Smart IdentificationBiometrics - The Key for Effective, Secure & Smart Identification
Biometrics - The Key for Effective, Secure & Smart Identification
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee Seng
 
SecureMag 2015 :: Volume 7
SecureMag 2015 :: Volume 7SecureMag 2015 :: Volume 7
SecureMag 2015 :: Volume 7
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
 
InDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation FinalInDorse Tech Red Herring 100 Presentation Final
InDorse Tech Red Herring 100 Presentation Final
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
 

Similar to New Science Transaction Security Journal

TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017Riaan Bellingan
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesWavestone
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Two aspect authentication system using secure mobile devices
Two aspect authentication system using secure mobile devicesTwo aspect authentication system using secure mobile devices
Two aspect authentication system using secure mobile devicesUvaraj Shan
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE코리아
 
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Unisys Corporation
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationStefane Mouille
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthingsPrayukth K V
 
Validy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summaryValidy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summaryGilles Sgro
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 

Similar to New Science Transaction Security Journal (20)

TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devices
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-payments
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobile
 
Two aspect authentication system using secure mobile devices
Two aspect authentication system using secure mobile devicesTwo aspect authentication system using secure mobile devices
Two aspect authentication system using secure mobile devices
 
Currency
CurrencyCurrency
Currency
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
 
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthings
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
Validy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summaryValidy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summary
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9
 

More from UL

The UL safety index for the SmartCities Hackathon at CES 2017
The UL safety index for the SmartCities Hackathon at CES 2017The UL safety index for the SmartCities Hackathon at CES 2017
The UL safety index for the SmartCities Hackathon at CES 2017UL
 
UL's New Science - Fire Safety Overview
UL's New Science - Fire Safety OverviewUL's New Science - Fire Safety Overview
UL's New Science - Fire Safety OverviewUL
 
UL Product Mindset Industry Report High Tech
UL Product Mindset Industry Report High TechUL Product Mindset Industry Report High Tech
UL Product Mindset Industry Report High TechUL
 
UL Product Mindset Industry Report Household Chemicals
UL Product Mindset Industry Report Household ChemicalsUL Product Mindset Industry Report Household Chemicals
UL Product Mindset Industry Report Household ChemicalsUL
 
UL Product Mindset Industry Report Food
UL Product Mindset Industry Report FoodUL Product Mindset Industry Report Food
UL Product Mindset Industry Report FoodUL
 
UL Product Mindset Industry Report Building Materials
UL Product Mindset Industry Report Building MaterialsUL Product Mindset Industry Report Building Materials
UL Product Mindset Industry Report Building MaterialsUL
 
UL Navigating The Product Mindset 2011
UL Navigating The Product Mindset 2011UL Navigating The Product Mindset 2011
UL Navigating The Product Mindset 2011UL
 
UL Product Mindset 2012
UL Product Mindset 2012UL Product Mindset 2012
UL Product Mindset 2012UL
 
New Science Fire Safety Journal
New Science Fire Safety JournalNew Science Fire Safety Journal
New Science Fire Safety JournalUL
 
New Science Indoor Air Quality Journal
New Science Indoor Air Quality JournalNew Science Indoor Air Quality Journal
New Science Indoor Air Quality JournalUL
 

More from UL (10)

The UL safety index for the SmartCities Hackathon at CES 2017
The UL safety index for the SmartCities Hackathon at CES 2017The UL safety index for the SmartCities Hackathon at CES 2017
The UL safety index for the SmartCities Hackathon at CES 2017
 
UL's New Science - Fire Safety Overview
UL's New Science - Fire Safety OverviewUL's New Science - Fire Safety Overview
UL's New Science - Fire Safety Overview
 
UL Product Mindset Industry Report High Tech
UL Product Mindset Industry Report High TechUL Product Mindset Industry Report High Tech
UL Product Mindset Industry Report High Tech
 
UL Product Mindset Industry Report Household Chemicals
UL Product Mindset Industry Report Household ChemicalsUL Product Mindset Industry Report Household Chemicals
UL Product Mindset Industry Report Household Chemicals
 
UL Product Mindset Industry Report Food
UL Product Mindset Industry Report FoodUL Product Mindset Industry Report Food
UL Product Mindset Industry Report Food
 
UL Product Mindset Industry Report Building Materials
UL Product Mindset Industry Report Building MaterialsUL Product Mindset Industry Report Building Materials
UL Product Mindset Industry Report Building Materials
 
UL Navigating The Product Mindset 2011
UL Navigating The Product Mindset 2011UL Navigating The Product Mindset 2011
UL Navigating The Product Mindset 2011
 
UL Product Mindset 2012
UL Product Mindset 2012UL Product Mindset 2012
UL Product Mindset 2012
 
New Science Fire Safety Journal
New Science Fire Safety JournalNew Science Fire Safety Journal
New Science Fire Safety Journal
 
New Science Indoor Air Quality Journal
New Science Indoor Air Quality JournalNew Science Indoor Air Quality Journal
New Science Indoor Air Quality Journal
 

New Science Transaction Security Journal

  • 2. NEW CHALLENGES CALL FOR NEW SCIENCE Progress is an unstoppable, transformative force. New technologies, product advances and globalization are arriving one on top of another at a dizzying pace. Innovation makes us more efficient, more productive and more connected. But there is a cost, and that cost is risk. To help mitigate the emerging risks, UL is developing New Science. Through fundamental discovery, testing methodologies and equipment, procedures, software and standards, UL is creating new and important ways to make the world safer.
  • 3. Transaction Security OVERVIEW UL Transaction Security is advancing into new and important areas to better enable safe, efficient and seamless delivery. For mobile payments and chip and PIN technologies, UL is innovating new techniques and tests to provide greater reliability, security and interoperability. We also continuously develop aggressive attack approaches, utilizing advanced statistical analyses on cryptographic algorithms. Understanding how to get past a system’s security allows us to identify effective countermeasures and to stay ahead of the hackers. UL is also part of the Biometric Alliance Initiative, helping define regulatory and proprietary compliance requirements and producing test specifications to facilitate complete user acceptance of this technology in the fields of wireless communication, payment applications and security. TRANSACTION SECURITY JOURNAL 3
  • 4. Vulnerability analysis BRAND test tool smartwave box tsm test suite
  • 5. context The direct costs associated with global consumer hacking are calculated at $110 billion over the past 12 months.1 It is a massive issue for the individuals targeted as well as for financial institutions and governments. Advanced smart cards that use chip and PIN technology are not immune to the predations of hackers. Maintaining the cryptographic security of the smart credit and debit cards that carry this technology is critical to protecting individuals and to promoting the adoption of more advanced mobile payment technologies. The UL Security Lab is focused on staying one step ahead of hackers in order to help protect the security of transactions. What did UL do? UL uses advanced simulation to test chip security on credit cards by subjecting chips to multiple types of attacks. Specifically, we examine whether the cryptographic algorithm implementations achieve a high standard of security. This requires us to continually monitor the latest scientific advances in the field of cryptographic security and stay on top of the most recent attack techniques and the corresponding countermeasures. We do this to assess the cryptographic algorithms executed on smart cards and secure devices. UL researchers and scientists use observation techniques from the collection of physical signals during the cryptography execution or innovative fault-induction attacks. The aim is to malevolently extract the confidential information from the secure device or to compromise the defenses of the secure application. The UL Security Lab is focused on staying one step ahead of hackers in order to help protect the security of payment and other technologies. TRANSACTION SECURITY JOURNAL / VULNERABILITY ANALYSIS 5
  • 6. To effectively attack sensitive application security, it is necessary to take into consideration the fact that the code is hardware-processed. Some attacks have been developed to take advantage of the physical aspect of the hardware processing, defeating the apparent robustness of specifications or designs. To investigate potential attacks, we employ two primary methods: • Observation analyses can use hardware to understand internal processing and potentially modify code execution, and it can result in the disclosure of confidential data through analysis of inevitable hardware leakages. • Fault-injection attacks take advantage of errors induced during a code execution in order to reveal secrets or to change the device behavior to mitigate the security. For these attacks, the most advanced techniques are being used to stress the robustness of a secure code. Innovative techniques such as laser systems can be used to stress a secure chip with the highest level of accuracy and power. Every day, UL develops new ways to attack and defeat security. We use these techniques on smart cards, terminals and mobile phones. Hackers will continue to find ways to breach security. Our work is to get there first so we can help financial institutions develop effective countermeasures. IMPACT UL is working with most of the large banks, credit card companies and standards agencies, and is playing an important role in facilitating the adoption of chip and PIN technology in the U.S. and in advanced mobile technologies globally. Hackers will continue to find ways to breach security. Our work is to get there first so we can help financial institutions develop effective countermeasures. TRANSACTION SECURITY JOURNAL / VULNERABILITY ANALYSIS 6
  • 7. Vulnerability analysis Brand test tool smartwave box tsm test suite
  • 8. context Consumers expect their credit or debit cards to work wherever they are and whenever they need them: in stores and restaurants at the point of sale, at ATMs and online. UL researchers recently developed an innovative Brand Test Tool to make it easier and more efficient for financial organizations to provide trouble-free transactions within their entire payment infrastructures. What did ul do? UL developed a unique testing device that enables terminal acquirers and vendors to validate the payment brand testing of their Europay, MasterCard, Visa terminals at a POS or an ATM. Brand testing is a vital component of the overall certification process. Its core purpose is to validate payment brand compliancy of EMV terminals. These brands include associations such as Visa, MasterCard and American Express, as well as domestic scheme operators such as Interac in Canada and Hipercard in Brazil. The Brand Test Tool automates the required tests, enabling a shorter time to market and allowing a user to determine that a terminal is EMV-compliant and payment With the proliferation of credit association-certified.2 and debit cards as well as POS/ATM devices around the world, interoperability is a significant Why It Matters and growing requirement. With the proliferation of credit and debit cards as well as POS/ATM devices around the world, interoperability is a significant and growing requirement. If interoperability is not reliable, there is a risk that the customer’s card will not be accepted, which will impact both customer satisfaction and loyalty. IMpact The Brand Test Tool enables a terminal to be tested within the environment of use and within the brand settings that will be used in the field. More important, the Brand Test Tool can detect interoperability issues before new terminals are released in the field. This creates greater efficiencies, minimizes system errors, saves money in the long term and delivers a more reliable process when the terminals go live.3 TRANSACTION SECURITY JOURNAL / BRAND TEST TOOL 8
  • 9. Vulnerability analysiS BRAND test tool smartwave box tsm test suite
  • 10. context Contactless smart chip technology is rapidly coming into use globally in a wide range of applications. This includes delivering fast, secure transactions with credit and debit cards as well as transit fare payment cards. It encompasses protecting personal information on government and corporate identification cards, electronic passports and visas. Contactless smart chip technology improves speed, convenience and security but is a highly complex technology, particularly regarding implementation. Testing is crucial to show that contactless smart cards, e-identification documents and terminals/readers work correctly and reliably. What did ul do? UL researchers in Europe recently developed an innovative hardware device that functions as a complete testing tool. The SmartWave Box reads and simulates contactless smart cards and e-identification documents. The Box also analyzes the communication between a contactless card and a terminal or reader. 09 93 05 9 With its various modes of operation, the SmartWave Box is the most versatile tool 40 50 05930 04 44050 03 0 09 0593 available today for contactless testing. The Box can operate in active, passive or 22 23 303 00 0202303 04 00 4050 10 0 2 001 10 0 intercept mode in order to allow stakeholders to spy on and analyze the communication between a smart card and a terminal. The Box can also simulate all the interactions across the relevant infrastructure players. In both cases, the SmartWave Box identifies interoperability and security issues prior to system implementation.4 The SmartWave Box reads and simulates contactless smart cards Why It Matters and e-identification documents. Contactless technology has the ability to revolutionize payments and identification, but the technology and its supporting infrastructure are complex. There are numerous stakeholders with differing needs and capabilities. With its innovative SmartWave Box, UL makes implementation smarter, more efficient and easier. IMpact The SmartWave Box is an easy-to-use tool that facilitates interoperability across a contactless infrastructure and reduces implementation costs by providing error detection during system development. In so doing, the SmartWave Box is paving the way for a migration to contactless technologies. TRANSACTION SECURITY JOURNAL / SMARTWAVE BOX 10
  • 11. Vulnerability analysis Brand test tool smartwave box tsm test suite
  • 12. context With the advent of mobile payments, consumers are using smart phones as virtual payment cards. It is imperative that interoperability and security be certified to link all the stakeholders that must cooperate as part of a near field communication ecosystem for mobile payments to work. What did ul do? UL developed first-of-its-kind research to simulate all the stakeholders in an NFC ecosystem so interoperability and security can be validated in advance of system rollout. The TSM Test Suite covers complete functional groups and checks compliance with GlobalPlatform Messaging Specifications and GP Card Specifications. The use of the Test Suite’s innovative built-in simulators allows dependencies to be solved during development. This innovation reduces time-to-market in the complex NFC/TSM infrastructure.5 38% 35 MILLION OF SMART PHONE USERS HAVE NFC ENABLED SMART PHONES PURCHASED SOMETHING USING THEIR PHONE 7 SHIPPED IN 2011 6 Why It Matters Mobile payments are the wave of the future, a natural extension of smart phone usage. But setting up systems to promote interoperability and security across the NFC ecosystem is complex and could hinder the growth and acceptance of mobile payments. IMpact The TSM Test Suite is a state-of-the-art tool that assists key audiences in the NFC ecosystem to determine the suitability of their mobile payments implementation by providing validation as well as simulation. For companies interested in participating in mobile payments, the Test Suite helps them determine that their infrastructure can connect to a TSM in a straightforward manner. TRANSACTION SECURITY JOURNAL / TSM TEST SUITE 12
  • 13. sources 1 “2012 Norton Study: Consumer Cybercrime Estimated at $110 Billion Annually,” Press Release, 5 Sept. 2012, Web: 12 Oct.2012. http://www.symantec.com/about/news/release/article.jsp?prid=20120905_02. 2 “Collis Brand Test Tool,” Collis Sell Sheet. 3 “Collis Brand Test Tool,” Collis Sell Sheet. 4 “Collis SmartWave Box,” Collis Sell Sheet. 5 “Collis TSM Test Suite,” Collis Sell Sheet. 6 “The growth of mobile commerce: infographic,”Econsultancy, 4 Apr. 2012, Web: 12 Oct. 2012. http:// econsultancy.com/us/blog/9527-the-growth-of-mobile-commerce-infographic. 7 “Will m-commerce overtake e-commerce?” Bigcommerce, n.d., 12 Oct. 2012. http://www.bigcommerce. com/infographics/will-m-commerce-overtake-e-commerce/. TRANSACTION SECURITY JOURNAL / SOURCES 13
  • 14. NEW CHALLENGES. NEW RISKS. NEW SCIENCE. WANT TO LEARN MORE? Download THE OTHER JOURNALS IN OUR NEW SCIENCE SERIES at UL.com/newscience NEWSCIENCE@UL.COM +1 847.664.2040 New Science Transaction Security cannot be copied, reproduced, distributed or displayed without UL’s express written permission. V.18. UL and the UL logo are trademarks of UL, LLC © 2012