Page 25 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 25

ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               communication with backend DFS systems. These applications should also be designed to be resilient against
               denial-of-service attacks.

               R4 – Apps should be subjected to external security review and penetration testing, and any recommendations
               acted upon. In particular, applications should be designed to be robust against phishing software. Other
               methods of increasing application security may include increasing the complexity of Java reflections and anti-
               compilation countermeasure, although software obfuscation remains an arms race between code writers
               and reverse engineers. An important focus should be on guiding the customer to access and download the
               application through official channels to mitigate the risk of running malware-infected code.
               R5 – Apps should securely manage username and password information so that adversaries cannot easily
               forge credentials, and should use strong authentication mechanisms to protect against unauthorized
               access. Default usernames and passwords should be removed or reset so that an adversary cannot easily
               guess credentials. It is strongly recommended to use PIN codes, passwords, or biometric authentication to
               protect mobile device and DFS application from unauthorized access. Multi-factor authentication may provide
               additional security guarantees and is required for Y.2740 Security Levels 3 and 4. Credential information must
               be securely stored and managed so that they are not accessible to adversaries. Encryption of at-rest data along
               with strong access control mechanisms can aid in ensuring tamper-resistance.

               Within the application, ensure support for password complexity (enforced by the server), unsuccessful login
               attempts, password history and reuse periods, account lock-out periods to a reasonable minimal value in order
               to minimize the potential for offline attack. Sensitive information should also be transferred using methods to
               assure its integrity and authenticity, through the use of protection mechanisms such as message authentication
               codes (MACs) and digital signatures, employing primitives, such as nonces, to prevent replay attacks.

               To ensure application consistency, complete fault recovery and synchronization mechanisms should be required
               to ensure the reliability of information storage.


               3.3    Mobile phone operating system


               Role within the ecosystem
               The operating system represents the software base that applications (whether app-based or USSD/SMS/
               IVR-based) rely upon. It is also used to monitor and contain other applications and users in a mobile device.
               The security of the operating system is critical to the security of applications that run on it, including DFS
               applications.


               Security threats and vulnerabilities


               Access control
               Mobile operating systems offer only very coarse-grained controls over dialling. In Android, this means that any
               application with dialling privileges can also dial USSD codes, allowing an unauthorized or malicious application
               to perform actions on behalf of a user. Additionally, if an adversary has access to the physical phone, it may
               be possible to recover billing information or passwords if this information remains in text messages. Such
               conditions can become possible when the operating system is overly permissive; in other words, it provides
               a surfeit of interfaces that are not essential for applications to possess and thus become potential vectors for
               vulnerability. More generally, the operating system itself has numerous ways by which access to privileged
               instructions can be made, and numerous processes that can possess highly privileged access, such that if they
               are compromised, the security of the entire system is at risk. This set of processes and interfaces is known
               as the trusted computing base of the operating system, and an important goal from the standpoint of the
               operating system vendor, or the handset manufacturer if they make modifications to the operating system,
               is to minimize the set of processes and interfaces that have highly-privileged access to reduce the size of the
               trusted computing base.




                                                                                                       11
   20   21   22   23   24   25   26   27   28   29   30