The security services described in this appendix, data confidentiality, entity authentication, data authentication (data origin authentication and data integrity), non- repudiation , and timeliness, counter the possible consequences of the threats generated by passive and active wiretapping. The security services that prevent attackers from tampering with the device representing a participant to a protocol, either physically or logically, are generically called device integrity services.
The goal of data confidentiality is to protect against an unauthorized disclosure of information through eavesdropping (see Appendix B). Referring to Figure B.1, the sender wants to be reassured that whenever he or she sends a message to the receiver, even if the eavesdropper could passively wiretap the message he would not be able to get the content of the message. In the case of electronic payment systems, the confidentiality service concerning the financial messages exchanged between the communicating parties is often referred to as secure messaging for confidentiality .
Entity authentication is the security service that allows the verifying entity through the acquisition of corroborative evidence to check the identity of the proving entity. This service is intended to counter the impersonation threat (see Appendix B). In the case of electronic payment systems, entity authentication has specific variants, as listed below:
If the proving entity is a cardholder, proving its identity either to the IH (on-line verification) or to a chip card (off-line verification) playing the role of the verifying entity, then entity authentication is also referred to as cardholder verification . The cardholder verification establishes the link between the actual user of a card and the eligible cardholder.
If the proving entity is a card and the verifying entity is the IH, the entity authentication service is also referred to as on-line card authentication .
If the proving entity is a card and the verifying entity is a terminal, the entity authentication service is also referred to as off-line card authentication .
When the proving entity is the IH and the verifying entity is the card, the entity authentication service is also referred to as issuer authentication .
If the proving entity is the terminal and the verifying entity is the card, the entity authentication service is also called terminal authentication .
When a time variant is considered in the production of the corroborative evidence (i.e. when the timeliness service is considered ), entity authentication allows the verifying entity to check that the proving entity was active at the time when the evidence was created or acquired . Thus, the verifying entity can check that the proving evidence is not replayed from a previous entity authentication. In case of either on-line or off-line card authentication, if the verification process considers a time variant for the proof production, then the process is referred to as dynamic card authentication . This requires the production of a new proof every time the card authentication is performed. Dynamic card authentication protects against the threat of card counterfeiting. This is true unless the attacker was able to clone the secret parameters used during the proof generation, following a successful device tampering attack.
If the verification process does not consider any time variant for the proof production, then the process is referred to as static card authentication . This service does not protect against the counterfeit card attack, since the static proof [e.g., the static authenticator (see Appendix D, Section D.6)], once wiretapped by the attacker, can be replayed many times. However, the service can check that data in the card has not changed since the issuer personalized the card, effectively countering the threat of manipulating the content of data stored in devices.
Data authentication is a security service consisting of two inseparable components :
Data origin authentication provides enough evidence to the receiver whether or not the sender is really the one claiming to be.
Data integrity provides enough evidence to the receiver whether or not the content of the information changed compared to the initial content as intended by the sender.
The two components are inseparable, since it does not help the receiver to know that the received data has not been altered unless he has the confirmation that this data was sent by the right sender. When the data authentication service is enforced, the attacker can impersonate neither the sender nor manipulate the data (see Appendix B). In case of electronic payment systems, data authentication considers the authentication and integrity of financial messages exchanged between parties, and is often referred to as secure messaging for integrity and authentication .
Non-repudiation counters the threat of denying the participation in a transaction by one of the mutually distrustful entities involved in the communication (see Appendix B). Depending whether the sender or the receiver generates the denial threat, one can distinguish between two basic forms of this security service.
Non-repudiation of origin counters the false statements of the sender, which tries to repudiate having sent a message.
Non-repudiation of delivery protects against the attempts of the receiver to falsely deny that he received a message from the sender.
Timeliness is the security service that protects against reply attacks (see Appendix B). This security service relies on inserting a time variant component in the messages exchanged between the communicating parties, which makes any message exchange unique.
Tamper resistance is the generic security service that counters the threat of device tampering through physical penetration. The most common example of a tamper resistant device is an integrated circuit card, or chip card, the resources of which are protected from being directly accessed.
The security service that counters the logical penetration in a device is the access control . A successful logical penetration means, in fact, exploiting a security hole in the access control system of the device.