Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Extending the GSM/3G Key Infrastructure

advertisement 
Extending the GSM/3G Key
Infrastructure
DIMACS Workshop on Mobile and Wireless Security
November 3, 2004
Scott B. Guthery
Mary J. Cronin
CTO, Mobile-Mind
Professor of Management
Boston College
Sguthery@mobile-mind.com
Cronin@bc.edu
1
Outline
• SIM for Mobile Network Authentication
• SIM for Internet Authentication
• SIM for Local Authentication
2
Subscriber Identity Module
• Integral part of GSM security from the start
• Holds secret key Ki
– other copy held by subscriber’s network operator
• 8-bit processor, 8KB EEPROM, file system,
cryptographic algorithms
Identity token with a wireless connection to an
authentication and billing service
3
GSM/3G Authentication
1) Identity
SIM
Ki
4) Challenge
5) Response
2) Identity
Visited
Network
3) Challenge
& Response
Home
Network
Ki
• Roaming is the stepping off point for
extending the GSM/3G key infrastructure
• Visited network authenticates without being in
possession of Ki
4
SIM for Internet Authentication
• EAP-SIM uses SIM for Internet authentication
– visited network is an EAP authenticator
–
draft-haverinen-pppext-eap-sim-14.txt
• Uses GSM/3G authentication but generates a
stronger session key
Internet Service
SIM
Ki
5
EAP
Authenticator
Home
Network
Ki
SIM Toolkit
• SIM gives commands to the handset
– display text, get key hit, send SMS, block call
• Operator controls loading of applications
– GlobalPlatform architecture used to manage keys
for non-operator applications
Application 1
Application 2 STK
Application 3
6
Handset
SIM for Local Authentication
• SIM-based authentication and authorization
– visited network is a merchant or a door
• SIM-based cryptographic services
– session keys, certificates, signing, tickets, etc.
Local Connections
(IR, Bluetooth, etc.)
Operator
SIM
7
Handset
3G Network
Other
SIM
User-Equipment Split
• SIM is in the device needing signing and
authentication services
• All that’s left of the mobile communication
network is the extended key infrastructure
SIM A
SIM B
SIM C
8
Handset
Network
Operator
Business Models for SIM Security Extension
Theory, Reality and Lessons Learned
• Theory: Compelling business and revenue
opportunities based on leveraging SIM security
– Enormous global installed base of active SIM cards
• Over 800 million GSM and 3G handsets and subscribers
– Well-established international standards for SIM
applications and key infrastructure
• Well documented architecture and tools for development
using SIM Application Toolkit and Java Card™ platform
– Multiple business models from different industries
(banking, retail, media, IT, health, etc.) in search of
strong mobile security solution will embrace the SIM
9
Three Potential Business Cases
• SIM-hosted and authenticated non-telephony mcommerce applications and services
– Allow trusted third parties to load applications onto the SIM
card and share the existing key infrastructure to authenticate
customers and authorize transactions via the wireless public
network
• SIM-enabled use of mobile handset for authenticated
and authorized transactions via the wireless public
network
• Embedded SIMs for authorization of users or devices
attached to any network, particularly WiFi
10
SIM-Hosted M-Commerce Applications
• Business Model: Multiple applications are stored on a
single SIM card to allow subscriber to conduct secure
banking, make and pay for purchases, download and
store value, tickets, etc to the SIM
– Third party consumer and enterprise applications both
supported
• SIM application provider gets share of projected $60 billion plus
in m-commerce transactions
• Reality as of 2004
– Technical requirements are in place
• Almost all recent SIMs are multi-application Java Card™ SIMs
• Over 260 million of them are Global Platform compliant
– SIM-hosted applications have been scarce
• Limited to small mobile banking pilots in Europe and Asia
• Majority of booming m-commerce business has moved to
handset downloads and back end server-based security systems
11
SIM-Enabled Security for Mobile Devices
• Business Model: Dual-slot handsets provide external
slot for smart card to conduct secure transactions and
move value via the SIM, making the mobile a cash
dispenser, a ticket, a POS, etc.
– 1999 launch of dual slot phones to great fanfare
• Datamonitor projected over 32 million such phones in use by 2003
• All major handset makers announced plans to manufacture them
• Reality as of 2004
– Dual slot phones are hard to find collectors’ items
– Revival of the model via “add-on” module for standard GSM
phone to create a mobile POS for developing markets
• Way Systems has some initial traction with this approach for China
12
SIM Authentication in Non-Telephony Networks
• Business Model: Embed SIM in WiFi and other
networked devices or provide SIM-USB token to
subscribers for authentication and payment for WiFi
access and roaming
– One solution for problems with 802.11 security
– Potential for portability and roaming on different networks
– Possible integration with wireless subscriber accounts
• Reality as of 2004
– WLAN Smart Card Consortium attempting to define
standards
– Commercial deployments increasing but still in early stages
•
•
•
•
13
Transat solution launches with 3,500 hotspots in the UK (4/04)
Orange implements in Switzerland (3/04)
Tartara demonstrates solution with Verisign (3/04)
TSI demonstrates solution with Boingo Wireless (5/04)
Conclusion: Still Searching for Clear
Business Case for SIM Extension
• Limited applications to date outside of wireless
telephony and some notable business failures such
as dual-slot handsets
– The combined business drivers of a billion SIMs, a rapidly growing
m-commerce market and unsolved mobile security issues continue
to bring new players and approaches to the table
• Lesson learned: Wireless carriers have made
controlling and guarding the SIM key infrastructure a
priority over increasing revenues through extension
– Carriers have the ability to cut off third party access to the
SIM platform
– WiFi and non-telephony network authentication looks like a
good match for the SIM key infrastructure, but long-term
models may require wireless carrier participation
14
Related documents
ANALYZING MOTION IN A SOLAR SYSTEM
ANALYZING MOTION IN A SOLAR SYSTEM
How to Read a Journal Article Bill Knowlton
How to Read a Journal Article Bill Knowlton
First purchase a sim card online or walk in to a best buy a pay $7
First purchase a sim card online or walk in to a best buy a pay $7
Observations of Solar Variability in the 240-2400 nm Range using... Jerald Harder Colorado, Boulder.
Observations of Solar Variability in the 240-2400 nm Range using... Jerald Harder Colorado, Boulder.
Web - SIM K-12
Web - SIM K-12
Download
advertisement