1 / 17

S3 review of MExE release 99 security

S3 review of MExE release 99 security. Tim Wright, Vodafone UK 3GPP SA3, ETSI SMG10 timothy.wright@vf.vodafone.co.uk. Contents. MExE refresher course Specification history and S3/SMG10 involvement Break for clarification Issues raised by Colin Blanchard and self Questions and discussions.

zyta
Download Presentation

S3 review of MExE release 99 security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. S3 review of MExE release 99 security Tim Wright, Vodafone UK 3GPP SA3, ETSI SMG10 timothy.wright@vf.vodafone.co.uk S3 and MExE

  2. Contents • MExE refresher course • Specification history and S3/SMG10 involvement • Break for clarification • Issues raised by Colin Blanchard and self • Questions and discussions S3 and MExE

  3. MExE refresher course • Mobile Execution Environment • A spec to create a standardised execution environment on mobile terminals, similar to PDA, such as Palm, Psion • Classmark 1 is WAP • Classmark 2 is Java, specifically the PersonalJava virtual machine S3 and MExE

  4. Execution domains • Operator, manufacturer and third party execution domains • Applications can only execute in a domain if authorised for that domain • Broadly similar capabilities for each domain • Untrusted domain S3 and MExE

  5. Domain authorisation • Apps that can run in a domain must have a a digitally signature that can be verified by the terminal using valid certificates • Certificates are verified with root public keys for each domain • Operator and third party root keys can be on the SIM • Untrusted apps are unsigned S3 and MExE

  6. Third party Administrator • Third party roots may be installed by manufacturer and user (and operator) • Operator may have no control over signing policy of a third party root controller • Therefore, Operator may (but is not obliged to) elect to be Administrator and can then control which Third Party roots are valid (but cannot delete or revoke) S3 and MExE

  7. User permission • Apps cannot be installed without user permission • Apps cannot carry out functions without user permission • Three types of user permission • Single action • Session • Blanket S3 and MExE

  8. Specification history • MExE begun within ETSI in January 1998 • Stage 1 approved in February (March?) 1998 • Release 98 stage 1 and 2 approved in July 1999 • Release 99 to be approved in December 1999 S3 and MExE

  9. S3/SMG10 involvement • Some review of specs since February • Little real interaction until December 1998 • Productive MExE/SMG10 meeting in February 1999 • S3 took responsibility for MExE security in August 1999 S3 and MExE

  10. Goal of this session • MExE (and) WAP are powerful developments with enormous potential to change the way phones are used • Security is a key issue • MExE has worked hard on security and deserve credit • Time, and last chance, for S3 to take corporate responsibility S3 and MExE

  11. Clarifications S3 and MExE

  12. Issues raised by CB • Application could be downloaded that would: • Eavesdrop on user • Perform internal denial of service • Make bogus calls and so complicate law enforcement S3 and MExE

  13. Issues raised by CB • User would have to give permission for installation • Process of giving permission by user must be clear - can this be ensured? • Above apps would have to be trusted • Issue of whether third parties can be trusted S3 and MExE

  14. VF issues - Security table • Security table is currently very complex • List actions that can be performed by each domain and that are forbidden for each domain • Status of actions not listed uncertain • Suggest - security table lists forbidden actions only • Would be clearer and more likely to be implemented S3 and MExE

  15. VF issues - external port access • Difficult to manage permissions if don’t know what is attached to the port • for example, location info in phone is forbidden to an app • but it can be accessed via port if GPS attached to phone • Have to rely on user/ • Warnings should be given S3 and MExE

  16. VF issues - untrusted applications • Can acess screen and keyboard without user permission • Apps are long lived - Trojan horses • App could listen to keyboard and pick up PINs • Could interfere with UI and get user to perform actions they did not want S3 and MExE

  17. VF issues - untrusted applications • But untrusted apps could be a popular market sector • What can be done? • Rules for precedence in screen access • Session user permission? • ? S3 and MExE

More Related