Page 24 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 24

ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               breaching confidentiality. The GSM ciphers are known to be vulnerable to attack. In smartphone applications
               using IP transactions, the incorrect use of secure sockets layer (SSL) or the negotiation of known weak cipher
               suites can also lead to breaks in the encryption and the exposure of user data, again breaching confidentiality.
               Data left unencrypted within the application, written in an insecure manner to application logs, or stored in
               databases with no or weak encryption can also lead to an adversary exposing this information. Caches can
               also be exploited to harvest sensitive information. Minimizing the amount of sensitive data stored within the
               application can mitigate confidentiality risks, such as the use of DFS with host card emulation (HCE).


               Communication security
               The security of the communication link is contingent on the negotiated cipher suite between the application
               and the back-end services. Information in applications has been demonstrated to flow to a variety of sinks
               outside the authorized end-point, including into logs and databases. Consequently, only strong encryption
               mechanisms such as SSL ensure data security in public telecommunications networks. It is also important
               to ensure that the cipher suites used are not subject to downgrade attacks to older versions that contain
               potentially weak ciphers. If session keys are not periodically renegotiated, the accumulation of enciphered
               material can make the key vulnerable to attack. Protocols such as SSL and transport layer security (TLS) can be
               set to renegotiate ciphers, but it is important for the protocols to be resistant to renegotiation attacks from
               attackers injecting traffic into legitimate client-server exchanges.


               Data integrity
               The integrity of information is at risk from the lack of a secure communication channel in applications that use
               USSD or unauthenticated SMS. There are no integrity guarantees provided in these environments. Similarly, with
               smartphone applications, negotiation of weak cipher suites that downgrade security can allow an adversary
               to modify transactions and, hence, the integrity of financial data. Within applications, a lack of access control
               amongst some applications provides an avenue for adversaries to modify financial data. Applications that do
               not require credentials prior to performing sensitive operations such as bill pay are subject to adversaries
               modifying this information. If the application does not provide stateful tracking mechanisms, the adversary
               can easily perform remote exploits leading to data compromise.


               Availability

               Application availability is a measure of code quality and security. If applications do not perform robust
               input validation an adversary can potentially perform buffer overflow attacks that may end up crashing the
               application. Denial of service can also occur if resources are not sufficiently allocated from the application or if
               logging mechanisms are subverted by the adversary. Partially-completed actions can have negative effects on
               availability and lead to lack of system consistency; as such, it is important that interactions with applications
               are atomic.

               Privacy

               The use of weak cryptographic algorithms by the application can lead to privacy violations as data and metadata
               can be inferred through network activity. In the worst case, weak ciphers can be completely compromised,
               leading to full breaches of privacy.


               Recommendations for mitigation

               R3 – Whether an application is designed for deployment on the handset or secure element, it should be
               designed and implemented in accordance with best practices, including encrypted and authenticated
               communication and secure coding practices to harden the app. Such practices should additionally extend
               to  software  embedded  in  third  party  systems  and  web  pages  for  communication  with  mobile  money
               systems. Sufficiently strong encryption should be employed for both data protection within the app and for





                10
   19   20   21   22   23   24   25   26   27   28   29