The choice of cryptographic algorithms and protocol schemes—on which all security operations such as key exchange, digital signatures, and encryption are based—plays a big role in how security is implemented. Efficient design stems from the use of modern algorithms and schemes. Commercial and government specifications (and uptake of those specifications) have made the Advanced Encryption Standard (AES) the preferred algorithm for symmetric cryptography. Using AES as the symmetric cipher provides an efficient, small-footprint form of encryption, to provide confidentiality on a device and during a transaction.
Most of the security work in transactional systems, however, is done through asymmetric methods. As mentioned earlier, a connection between a device and reader or between two devices requires both authentication and a secure exchange of keys, creating a trusted path. Once this secure path is created, the transaction itself is validated and sealed for posterity through digital signatures created by the devices. Elliptic curve cryptography (ECC) provides modern asymmetric security, matching the strength of AES, and for many reasons is ideally suited to use in constrained devices.
ECC has been adopted within several industry standards including ANSI, IEEE, IETF and FIPS. (FIPS ensures that algorithm implementations and crypto modules can be trusted to provide a specific level of security. It has been mandatory in the U.S. government market since 2002; products must comply with FIPS to be approved, bought and implemented.) As well, the U.S. National Security Agency (NSA) has licensed ECC to meet its Suite B secure communication requirements. There are a number of reasons for ECC's growing popularity. It provides the most security per bit of any asymmetrical (aka public-key) algorithm. It can be computed faster than any other while using fewer resources. This is especially important for constrained devices and the applications running in them. Scalability and future-readiness are also factors. To deliver a cryptographic strength equivalent to 128-bit AES—protection that experts today estimate will suffice to at least 2031—ECC requires a key size of just 256 bits, while other public-key algorithms would require keys many times larger.
Compact and versatile, ECC allows developers to create inherently secure devices that have the capability and interoperability to participate in contactless transactions. With fast key exchange protocols and size- and space-efficient digital signatures, ECC-based operations form the building blocks for secure transactions. Using these building blocks as part of a CSP on top of a secure hardware base results in a device that meets present and future security needs. Building the proper security into devices based on industry-leading techniques requires more than AES. Devices must be built from their core with security in mind, and must provide the capability to make secure protocols work efficiently. Security must become ingrained within the device. This inherent security will become increasingly critical as transactional uses of mobile devices become more common. Inadequately secured mobile devices are not only at risk themselves, but can also serve as instruments in deeper security breaches of the networks they are connecting to. They cannot afford to be the weak links in the chain.
