Page 21 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 21
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
3 Components of DFS ecosystem
3.1 Mobile device hardware
Role within the ecosystem
The mobile device comprises the physical platform on which a DFS user or an agent interacts with a mobile
money application. Hence, it is critically important that the security of the device itself be assured. One of
the main security features of mobile devices is hardware security. The first generation of DFS did not use any
secure elements in mobile devices. Second-generation systems used SIM cards for storage and execution of
sensitive data. Third-generation mobile devices have embedded secure elements (SE) or additional slots for
special secure SD cards, which make them more flexible and not dependent on SIM cards owned by mobile
network operators (MNOs). The latest devices contain trusted execution environments (TEEs), protecting
not only storage and execution of sensitive data, but also signals to and from the keyboard and display,
strengthening the security of these mobile devices. A TEE is a secure area that resides in the application
processor of an electronic device. Separated by hardware from the main operating system, a TEE ensures
the secure storage and processing of sensitive data and trusted applications. It protects the integrity and
confidentiality of key resources, such as the user interface and service provider assets. A TEE manages and
executes trusted applications built in by device makers, as well as trusted applications installed as people
demand them. Trusted applications running in a TEE have access to the full power of a device's main processor
and memory, while hardware isolation protects these applications from user-installed apps running in a main
operating system. The software and cryptographic isolation inside the TEE protect the trusted applications
contained within from each other.
Security threats and vulnerabilities
As discussed above, there are a variety of threats to the mobile hardware platform from a number of vectors.
The hardware itself, depending on its configuration, can provide strong security guarantees against these
threats. Device and chip makers use TEEs to build platforms that have trust built in from the start, while
service and content providers rely on integral trust to start launching innovative services and new business
opportunities.
Access control
The owner of the mobile device should not to trust it to outsiders, as this presents a risk of exposing information
to others. Such a vulnerability also exists if the mobile device is stolen, lost, or seized. It is strongly recommended
that strong authentication be used in order to mitigate these concerns.
Authentication
Insufficient authentication measures on the device can allow a malicious attacker to gain access to information
on it. Such insufficient mechanisms include not setting a password on the device or having one that is weak
and easily guessable. If a personal identification number (PIN) code is used for authentication, then not setting
a PIN or having one that is easily guessable can also compromise authentication. Handsets and operators may
not be deploying mechanisms that can allow for second-factor authentication, which is a means of providing
better authentication guarantees.
Data confidentiality
Without strong controls on data confidentiality, a malicious adversary can gain access to confidential information.
The device should be resistant to allowing access to sensitive information. It is therefore recommended to
choose mobile devices with SEs and TEEs to protect data confidentiality.
7
