slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004 PowerPoint Presentation
Download Presentation
Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004

Loading in 2 Seconds...

play fullscreen
1 / 14

Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004 - PowerPoint PPT Presentation


  • 396 Views
  • Uploaded on

Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004 Scott B. Guthery CTO, Mobile-Mind Sguthery@mobile-mind.com Mary J. Cronin Professor of Management Boston College Cronin@bc.edu Outline SIM for Mobile Network Authentication

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004' - betty_james


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Extending the GSM/3G Key InfrastructureDIMACS Workshop on Mobile and Wireless SecurityNovember 3, 2004

Scott B. Guthery

CTO, Mobile-Mind

Sguthery@mobile-mind.com

Mary J. Cronin

Professor of Management Boston College

Cronin@bc.edu

outline
Outline
  • SIM for Mobile Network Authentication
  • SIM for Internet Authentication
  • SIM for Local Authentication
subscriber identity module
Subscriber Identity Module
  • Integral part of GSM security from the start
  • Holds secret key Ki
    • other copy held by subscriber’s network operator
  • 8-bit processor, 8KB EEPROM, file system, cryptographic algorithms

Identity token with a wireless connection to an authentication and billing service

gsm 3g authentication
GSM/3G Authentication
  • Roaming is the stepping off point for extending the GSM/3G key infrastructure
  • Visited network authenticates without being in possession of Ki

1) Identity

2) Identity

SIM

Visited

Network

Home

Network

3) Challenge

& Response

4) Challenge

5) Response

Ki

Ki

sim for internet authentication
SIM for Internet Authentication
  • EAP-SIM uses SIM for Internet authentication
    • visited network is an EAP authenticator
    • draft-haverinen-pppext-eap-sim-14.txt
  • Uses GSM/3G authentication but generates a stronger session key

Internet Service

SIM

EAP

Authenticator

Home

Network

Ki

Ki

sim toolkit
SIM Toolkit
  • SIM gives commands to the handset
    • display text, get key hit, send SMS, block call
  • Operator controls loading of applications
    • GlobalPlatform architecture used to manage keys for non-operator applications

Application 1

STK

Handset

Application 2

Application 3

sim for local authentication
SIM for Local Authentication
  • SIM-based authentication and authorization
    • visited network is a merchant or a door
  • SIM-based cryptographic services
    • session keys, certificates, signing, tickets, etc.

Local Connections

(IR, Bluetooth, etc.)

Operator

SIM

Handset

Other

SIM

3G Network

user equipment split
User-Equipment Split
  • SIM is in the device needing signing and authentication services
  • All that’s left of the mobile communication network is the extended key infrastructure

SIM A

Network

Operator

Handset

SIM B

SIM C

business models for sim security extension theory reality and lessons learned
Business Models for SIM Security ExtensionTheory, Reality and Lessons Learned
  • Theory: Compelling business and revenue opportunities based on leveraging SIM security
    • Enormous global installed base of active SIM cards
      • Over 800 million GSM and 3G handsets and subscribers
    • Well-established international standards for SIM applications and key infrastructure
      • Well documented architecture and tools for development using SIM Application Toolkit and Java Card™ platform
    • Multiple business models from different industries (banking, retail, media, IT, health, etc.) in search of strong mobile security solution will embrace the SIM
three potential business cases
Three Potential Business Cases
  • SIM-hosted and authenticated non-telephony m-commerce applications and services
    • Allow trusted third parties to load applications onto the SIM card and share the existing key infrastructure to authenticate customers and authorize transactions via the wireless public network
  • SIM-enabled use of mobile handset for authenticated and authorized transactions via the wireless public network
  • Embedded SIMs for authorization of users or devices attached to any network, particularly WiFi
sim hosted m commerce applications
SIM-Hosted M-Commerce Applications
  • Business Model: Multiple applications are stored on a single SIM card to allow subscriber to conduct secure banking, make and pay for purchases, download and store value, tickets, etc to the SIM
    • Third party consumer and enterprise applications both supported
      • SIM application provider gets share of projected $60 billion plus in m-commerce transactions
  • Reality as of 2004
    • Technical requirements are in place
      • Almost all recent SIMs are multi-application Java Card™ SIMs
      • Over 260 million of them are Global Platform compliant
    • SIM-hosted applications have been scarce
      • Limited to small mobile banking pilots in Europe and Asia
      • Majority of booming m-commerce business has moved to handset downloads and back end server-based security systems
sim enabled security for mobile devices
SIM-Enabled Security for Mobile Devices
  • Business Model: Dual-slot handsets provide external slot for smart card to conduct secure transactions and move value via the SIM, making the mobile a cash dispenser, a ticket, a POS, etc.
    • 1999 launch of dual slot phones to great fanfare
      • Datamonitor projected over 32 million such phones in use by 2003
      • All major handset makers announced plans to manufacture them
  • Reality as of 2004
    • Dual slot phones are hard to find collectors’ items
    • Revival of the model via “add-on” module for standard GSM phone to create a mobile POS for developing markets
      • Way Systems has some initial traction with this approach for China
sim authentication in non telephony networks
SIM Authentication in Non-Telephony Networks
  • Business Model: Embed SIM in WiFi and other networked devices or provide SIM-USB token to subscribers for authentication and payment for WiFi access and roaming
    • One solution for problems with 802.11 security
    • Potential for portability and roaming on different networks
    • Possible integration with wireless subscriber accounts
  • Reality as of 2004
    • WLAN Smart Card Consortium attempting to define standards
    • Commercial deployments increasing but still in early stages
      • Transat solution launches with 3,500 hotspots in the UK (4/04)
      • Orange implements in Switzerland (3/04)
      • Tartara demonstrates solution with Verisign (3/04)
      • TSI demonstrates solution with Boingo Wireless (5/04)
conclusion still searching for clear business case for sim extension
Conclusion: Still Searching for Clear Business Case for SIM Extension
  • Limited applications to date outside of wireless telephony and some notable business failures such as dual-slot handsets
    • The combined business drivers of a billion SIMs, a rapidly growing m-commerce market and unsolved mobile security issues continue to bring new players and approaches to the table
  • Lesson learned: Wireless carriers have made controlling and guarding the SIM key infrastructure a priority over increasing revenues through extension
    • Carriers have the ability to cut off third party access to the SIM platform
    • WiFi and non-telephony network authentication looks like a good match for the SIM key infrastructure, but long-term models may require wireless carrier participation