In October of last year, Apple launched their mobile wallet product Apple Pay. Many experts were also very excited about Apple Pay saying it’s a much safer way to shop. From the demo on Apple’s website, you can see the whole transaction usually takes less than 3 seconds. So, what happened in the 3 seconds and what made those experts so excited?
First let’s take a look at Apple Pay’s core components:
A Secure Element is a tamper-resistant platform (typically a one-chip, secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities.
NFC controller connects three different entities: Point-Of-Sale (POS), Application Processor, and Secure Element. Two communication channels are established by NFC controller – from Application Processor to Secure Element and From POS to Secure Element.
Passbook is a product that had already existed before Apple Pay. Apple upgraded it after iOS 8. Now Passbook is able to add and manage your credit and debit cards. You can also update your card information and check recent transactions within Passbook.
One thing you should keep in mind is that Touch ID is not a substitution of a password. It enables you to have a much more complicated password without lowering the convenience of using the device.
The chip in your device also includes an advanced security architecture (environment) called the Secure Enclave which was developed to protect your passcode and fingerprint data. For example, fingerprint data is encrypted and protected with a key available only to the Secure Enclave. To sum it up, Secure Enclave is responsible for the authentication process.
Apple also hosts the Apple Pay servers. They are used to manage Credit and Debit Card information in your Passbook and communicate with payment networks such as VISA and MasterCard.
How Apple Pay secures the communication between Secure Enclave and Touch ID?
Touch ID sensor uses the Serial Peripheral Interface Bus to communicate with the processor and the Secure Enclave. Here is the security risk: malware can intercept the communication between them to get your fingerprint. Apple Pay implements a pre-shared key between Touch ID and Secure Enclave. The Encryption Algorithm AES-CCM is used here to guarantee the fingerprint is unreadable by unauthorized third party.
How does Apple Pay secure the communication between Secure Enclave and Secure Element?
As I have mentioned before, there is no direct physical communication between Secure Enclave and Secure Element. All data needs to be relayed by NFC controller. To ensure the data security, a similar mechanism is used here: a shared key. Since the Secure Element is involved, the whole process is a little bit more complicated.
A shared key is produced from the Secure Enclave’s own unique identifier when the device is manufactured in the factory. In a real world, the whole process is also encrypted by AES algorithm to prevent Replay Attacks.
How does Apple Pay secure the communication between Secure Element and POS?
Generally speaking, there is no need to secure the communication between those two components because it is a Near Field Communication, which means the communication only happens when they are close. In order to make this happen, it requires a device, POS, and human being within a close range – otherwise it won’t happen. But Apple Pay does provide some additional protections. For example, Apple Pay needs your fingerprint to activate NFC communication.
What kind of Operating System is running within Secure Enclave?
Secure Enclave needs to handle Touch ID fingerprint, asymmetric cryptography, and store sensitive information. As we all know, the simpler the better. Secure Enclave itself has been complicated enough so here comes the question: what kind of OS is running on Secure Enclave? From Apple’s official documents we can tell a microkernel OS called L4 is running on the microcontroller. A microkernel (also known as μ-kernel) is the near-minimum amount of software that can provide the mechanisms needed to implement an operating system (OS). These mechanisms include low-level address space management, thread management, and inter-process communication (IPC)
Is Apple Pay safe enough?
As you can tell, the majority of Apple Pay’s payment process is completed inside of Secure Element which is substantially equivalent to the chip on your credit card, or even safer. The authentication process is completed within Secure Enclave. Generally speaking, Secure Enclave is not as secure as Secure Element but it is secure enough to protect personal information and much more secure than the credit cards in your wallet. I am very confident to say Apple Pay is way more secure than traditional payment methods.
How about Android/Google Wallet?
Many people are concerned about Android phones, are they as secure as iPhone/Apple Pay? My conclusion is: not now, but it can be as secure as its competitor. Based on our analysis, the whole authentication/payment process of Apple Pay is completed within Secure Enclave. iOS system is not involved in the authentication or payment process at all. In addition to that, all data is encrypted so iOS has no idea about any transaction data. Therefore, the operating system of the smartphone is not a big threat. The only key to a secure payment environment is the underlying design of hardware and software system of the phone.