GlobalPlatform: Balance, security, usability in standards
10 November, 2014
category: Corporate, Digital ID, Government, Library, NFC
Jon Geater, GlobalPlatform Security Task Force
Over the last few years, more and more valuable information has been deployed to mobile devices and we are using that information in new and different ways. Protecting this data has become an increasingly complex challenge; one that requires a systematic and coordinated approach to curate secure solutions that do not impair the user experience. This philosophy of user-first security is called Consumer-Centric Security.
Improving security and user experience simultaneously is no simple feat, and it is for this reason that GlobalPlatform has launched its Security Task Force. The group is working to define the association’s overall security philosophy and determine how GlobalPlatform can leverage its experience and technical specifications for the benefit of the connected information ecosystem.
Curation credentials
GlobalPlatform has been involved in security for a long time. As more entities, companies and people have become interested in and engaged with the development of security standards and solutions, the association has identified an opportunity to make security services more sophisticated and refined for services that really matter people.
At a workshop, the Security Task Force brought together representatives from a range of sectors to discuss real-world security requirements that GlobalPlatform Specifications can address. This liaison activity is essential to ensure that work is not being duplicated across bodies and that the efforts being undertaken will genuinely enhance the services being delivered.
With the group just kicking off, there is a real opportunity for players from both the developer and user sides of the ecosystem to help shape the future of both GlobalPlatform’s security work and the greater marketplace.
The vision
Traditionally, companies and consumers have regarded security as a barrier: the stereotypical view is that security makes life more difficult and access less convenient. But this does not have to be the case. This is the residue of the security-as-an-afterthought philosophy and is something that GlobalPlatform is working with the industry to address by building in security from the start.
As an example, placing a barrier across a highway may increase security — after a potentially problematic rollout — since traffic would be unable to move and collisions would therefore be rare. But such a system would also make the highway useless. This seems a ludicrous idea but we do have barriers on our highways: those that separate oncoming lanes from each other. This security solution is a win-win for security and usability: the reduced chance of collisions allows traffic in both directions to move faster, enabling more throughput. This principle is transferable, as security built into a system that understands the specifics of that system is much more effective than simply making access difficult, time consuming and frustrating.
GlobalPlatform is therefore working to take the experience that exists within its membership and apply it systematically to specific use cases. We are listening to the requirements of the outside world and working to make storing and accessing sensitive information on devices easier through appropriate security. For example, leveraging the security that exists within secure chip technology to reduce the number of keystrokes needed to complete an e-commerce purchase, while maintaining the same or better level of security, will benefit everyone involved.
The task force is currently assessing which combinations of GlobalPlatform’s Specifications most effectively achieve an appropriate level of security for particular markets or implementations, while maintaining usability in the context of that market. To do this, it is working closely with the sector-specific groups within GlobalPlatform — the Government, Premium Content and Mobile Task Forces — in order to fully understand the needs of each area. In addition to this, GlobalPlatform will draw information from other bodies and associations to feed into this activity.
Working together makes everyone stronger and striking the right balance is the key.
The art of security
GlobalPlatform sees security as an art. The art is in finding the appropriate compromise between security and usability, while remembering at all times that functionality is primary. Security should be there to preserve reliability and enhance functionality, never to compromise it.
With this in mind, a far more innovative and finessed solution is achievable when specifications are combined to answer the specific questions posed by a security problem. This is significantly more effective than selecting a single, silver bullet.
So what about those security ratings? Bigger, in this instance, is not always better. A higher Common Criteria rating does not equate to more effective or suitable security because it says little about what the thing actually does. It’s all about the functionality; an air bag and a seat belt might both have safety-rating certificates but you would not rely on one to do the job of the other.
By applying these principles to GlobalPlatform technologies there’s an opportunity to create easy to use but also secure systems. For example, the secure element is a very small piece of hardware that is physically strong but often programmatically limited. The Trusted Execution Environment — a secure area that resides in the main processor of a connected device and ensures that sensitive data is stored, processed and protected in a trusted environment — is flexible and has access to rich system resources. However, it shares physical protection with the main processor and this is usually less than that of the secure element. When combined the secure element and Trusted Execution Environment create a much better security and usability balance can be achieved than with traditional single-point solutions.
If security is to be usable, though, it must be transparent, such that the user does not realize it is there. For it to be transparent, it must be designed into the system. For it to be designed in, it must be tailored for the specific use case it is protecting. And to tailor the security to a use case, that use case must be understood. This ensures that the solution is secure by default, and this is the approach that GlobalPlatform has taken for the development of all of its secure-chip specifications.
Effective curation is therefore also about consistency and the ease of integrating different technologies.
GlobalPlatform’s core specifications
TEE – A Trusted Execution Environment is a separate execution environment that runs alongside the rich operating system (OS) on which most application processing occurs. When integrated in the core of the mobile device, the TEE may control any capability (screen, keyboard, modem, etc.) so as to ensure appropriate usage. This also serves to protect the device and user from rogue or malicious applications, such as malware or spyware.
SE – A secure element is a tamper-resistant device capable of embedding smart card-grade applications. As an endpoint, it provides the security and confidentiality required to support various business models and multiple applications.
System messaging – This establishes protocols for mobile messages that support system exchanges between servers in the cloud that facilitate the secure deployment of a mobile service onto a mobile device (a process known as ‘provisioning’).
GlobalPlatform’s core specifications are all developed under the same philosophy and have companion specifications, which connect them to ensure that they integrate effectively with one another. The association’s 120+ strong membership ensures the widespread industry collaboration, which is needed to achieve a strong, open and interoperable compliance-led ecosystem for security.
Next steps
Looking forward to the next few years, we will see the Trusted Execution Environment come to the forefront as a part of the mobile device security infrastructure. While not yet a household name, Trusted Execution Environments already reside in the handsets of millions of consumers around the world.
It may seem disappointing that such an innovative technology is hidden in the shadows, but in fact, GlobalPlatform can be proud that it is effortlessly and quietly working to provide a seamless level of appropriate and usable security.
This work is never complete, however. We are stronger together, so we call on the ecosystem to come forward and contribute to our work in this area as we continue our journey to curate the security ecosystem.