January 27, 2016
With the launch of Android Pay in September 2015, Google responded to Apple Pay after a full long year. However, unlike Apple, not all Android devices are NFC-enabled. HCE, or host card emulation, is a cloud-based protocol that promises to simplify mobile contactless payment implementations and has successfully been acting as a replacement for NFC for Android phones. HCE allows customers to use any near field communication-enabled (NFC) Android phone to pay at a point-of-sale. One might be interested in how Android Pay rivals Apple Pay in securing point-of-sale purchases and purchases within mobile apps. Android is more widely used than iOS and presents a security challenge because of the number of devices and operating systems. To meet this challenge, there are some new advances in Android’s software-based HCE payments model that are closing the security gap with Apple Pay and striking a balance between security and privacy.
Sam Rehman, CTO of Arxan Technologies—a company which protects the software in mobile wallets, P2P payments and POS systems and hardens the applications used by consumers to perform payment transactions, deposits, money transfers, etc. on their mobile devices—became a good source for us to explain how things work with Android Pay, HCE and contactless payments. Arxan Technologies works with leading banks and retailers to ensure customer credentials and transaction details are not exposed to hackers. Here’s the transcript of the interview with Sam Rehman, Chief Technology Office, Arxan Technologies:
LTP: Android Pay and hence, HCE has a big market outside of the US. Contactless payments are emerging. What is the underlying technology that makes HCE as secure as NFC?
Sam Rehman: HCE builds on top of NFC communication. If the question is about comparing HCE to contactless chip cards, the responsibility for that falls on the app developers and their security testers. HCE gives apps access to NFC channels. The rest is down to the app.
As time goes on, it will be increasingly important for on-device software to take on even more roles. Legacy risk management systems are not designed to handle dynamic, contextual data from connected devices. The on-device software needs to be adaptable to leverage a variety of security solutions. It should also be extensible to new solutions such as host card emulation (HCE).
Prior to HCE, payment credentials needed to be stored in a highly restricted part of the smartphone, the Secure Element (SE), which is typically controlled by mobile carriers. Carriers have long been the gatekeepers to whom and what gets access to a phone’s Secure Element and have typically charged for these access rights. Now, with HCE, phones can conduct mobile payments without a carrier’s control and constraints.
When account parameters are provisioned to the device, a limited-use key (LUK) helps protect access to sensitive information. The key can be used to allow payment transactions that are in accordance with the threshold parameters of the device, such as transaction count or time-to-live value.
…but not without its threats
Although HCE has made provisioning credentials easier for a more open mobile payments ecosystem, security implications need to be considered. Without the more robust security of cryptographic keys, credentials on the device are prone to various kinds of attacks:
- Attackers could gain access to sensitive information such as payment credentials and cardholder information
- Malware applications could attack the OS and exploit the device and mobile payment app
- Malicious users could gain access to information stored within the mobile payment application and use it to make fraudulent payments
LTP: What are some of the recent major advancements in the software-based host card emulation (HCE) model that have come a long way in achieving a similar level of security protection as Apple Pay? Can you also shed some light on White Box Cryptographic in the context of HCE, Android Pay and Apple Pay?
SR: Increased awareness & adoption of secure software solutions highly contributes to the success of HCE. In order to mitigate the key security risks inherent to HCE, a comprehensive application protection solution or software secure element is needed to safeguard the integrity and confidentiality of both the application and cryptographic keys.
Robust white-box cryptography can protect sensitive cardholder and payment information in the token. White-box cryptography ensures the keys are never present either in the static form or in runtime memory, while an automated security solution comprised of unique guarding technology can protect the confidentiality of the application and combat application tampering by:
1. Defending applications against compromise
2. Detecting attacks at run-time
3. Reacting to attacks with self-repair, custom responses, and/or alerts
As a result, the combination of cryptographic key and application code protection can mitigate the risks associated with using a software secure element approach.
LTP: Would you now define Apple Pay's NFC security and HCE's security equivalent? If no, what are the unsecured elements or risks that still exist in HCE?
SR: They can be, but there are a lot of HCE offerings using a lot of approaches to security. Until recently, the NFC industry has been relatively stagnant due to interoperability challenges, high upfront capital costs and a complex partner relationship. What has changed and what experts believe will give fresh momentum to the NFC industry is the tremendous interest currently gathering around host card emulation (HCE), especially after Google has announced HCE capabilities in its Android (4.4) KitKat platform.
Additionally, while Google has not openly revealed its intentions of how it would use HCE in its mobile payments/wallet strategy, there is a very good chance that HCE is being integrated into Android Pay’s API to support phones which do not have an NFC radio/secure element built in. The Android OS provides built-in support for HCE since its aforementioned KitKat release.
As such, HCE is being seen as an excellent low-cost and easy-to-install alternative to the standard secure element approach. There are various benefits attached to HCE, which many experts consider as a real game changer that will drive more NFC adoption in the near future.
Earlier, even though there was enormous interest in the telecom and banking sectors to launch NFC mobile applications, the key challenges were the lack of sufficient infrastructure and high costs attached to storing the user data securely inside the mobile devices. HCE can solve these problems as it can end the dependency on the TSM (trusted service managers) and high costs of replacing NFC SIMs and installing expensive POS terminals.
The value of adopting this open HCE approach without hardware update requirements enables payment providers and ecosystem stakeholders to quickly scale and fully leverage the mobile computing platform. The combination of contactless payments with proper mobile application protection enables financial institutions to confidently embrace a secure mobile payments approach – one that can help expedite mass adoption. To learn more about how to associate your brand with this rapidly emerging HCE ecosystem and to gain the first mover’s advantage, you can view our archived webinar, Revolutionary Security for HCE Mobile Payments.
If you ask me whether Arxan developing the security to cover the various risks and unsecured elements associated with HCE, the answer is YES.
LTP: Can you explain to our audiences the security differences between Android Pay, Apple Pay and others, with a look at how apps are vulnerable to discovery and compromise?
SR: The critical thing for a contactless payment system is the secret crypto keys that are used to identify a particular card. The contactless card payment infrastructure was built in a world where these were kept hidden in a custom chip that was built to survive some very sophisticated attacks.
A phone has pretty much the same secrets to keep, but most have a lot less help from the hardware designers. The phone can't rely on a friendly server to push keys over just-in-time, either. The keys have to be stored on the phone, ready for use at any time; even when the phone doesn't have a connection. Shopping doesn't stop when cell phone coverage fails.
Apple owns the whole stack, from the chip design to the user interface. They can build a secure key storage system using any approach they want and use hardware or special processor modes to keep the keys safe from prying eyes.
Similarly, Samsung or Google can build something that works with the latest Galaxy or Nexus hardware and won't mind that it doesn't work with other manufacturers' phones or last year's models.
A card organization, bank or payment company needs to address a broad market, with a solution that will secure payment keys for any customer on any Android device. The only way to do that is with a software-only solution, built around white-box cryptography.
LTP: Does Arxan's security technology slow down the payment process?
SR: Security typically requires a tradeoff between speed and security, but Arxan’s robust solutions are so lightweight and agile that they can be implemented well within an organization’s operational specifications.