GlobalPlatform Discussions with NFC Forum to Focus on Security as Part of MOU
Standards organizations GlobalPlatform and the NFC Forum will focus on security issues as part of their recently announced memo of understanding, especially to ensure apps on NFC phones don’t compromise the security of secure elements in the devices.
GlobalPlatform, which is focusing much of its work these days on standardizing the management of applications in secure elements, such as SIM cards and embedded chips, in particular wants to discuss ways to keep payment applications safe with the NFC Forum. The forum specifies how NFC chips communicate with each other and with NFC tags and, in some cases, with secure elements.
“Currently, an application stored in the secure element talks with an application in the phone and with the NFC chip,” GlobalPlatform technical director Gil Bernabeu told NFC Times. “The standardization effort should therefore take these three elements into consideration.”
The two groups have talked frequently in the past, since they share many of the same members, but the memo of understanding formalizes the discussions, said NFC Forum director Debbie Arnold, who agreed the focus of those discussions will be on security.
One example of changes GlobalPlatform would like to see relates to an NFC Forum standard referred to as the NCI, short for NFC controller interface. It establishes communication between the NFC chip and other secure elements, such as embedded chips, as well as the phone baseband or application processor.
GlobalPlatform’s Bernabeu said the NCI is not discriminating enough in terms of which applications it permits to send commands, called APDUs, to secure elements in NFC phones.
“GlobalPlatform would like to control which application can send an APDU (command) to the secure element,” he told NFC Times.
While commands from an app on the handset to, say, a banking application stored on an embedded secure chip in the phone would not compromise the account data on the secure chip, a hacker could potentially launch a sort of denial-of-service attack against the banking application by flooding it with requests.
A separate standards organization, the European Telecommunications Standards Institute, or ETSI, has standardized a software connection between the NFC chip and the SIM card used as the secure element in an NFC phone.
This connection, called the host-controller interface, or HCI, was at one time seen as a competing standard to the NFC Forum’s NCI. But HCI and NCI connections can reside in the same NFC phone, and communication between the NFC chip and a payment application on the SIM card would likely be handled by the HCI. GlobalPlatform does not appear to have any security issues with this.
Meanwhile, the situation can become even more complex because many NFC phones will have more than one secure element, such as a SIM and an embedded chip, and perhaps even a microSD card.
But much standards work remains to enable multiple secure elements to be active in the same NFC phone. GlobalPlatform wants to coordinate work with the NFC Forum on this topic, as well.
And there will be other issues under discussion between the two groups, such as how secure applications in two NFC phones could talk to each other in peer-to-peer mode and how secure elements could work with a trusted execution environment on the phone’s processor.
This trusted execution environment, or TEE, could enable a consumer to safely enter a PIN code on his handset keypad when making a payment using an NFC payment application stored in a secure element in his phone.
GlobalPlatform has issued the first version of its standards around the TEE, but it’s unclear how a joint venture proposed this week by TEE vendors would affect that work.