1 / 20

Leveraging UICC with Open Mobile API for Secure Applications and Services

Leveraging UICC with Open Mobile API for Secure Applications and Services. Overview of the Master Thesis. This master thesis is a part of the project “SmartOpenID”, which is carried out by InterDigital, Novalyst and Morpho e-Document

michi
Download Presentation

Leveraging UICC with Open Mobile API for Secure Applications and Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leveraging UICC with Open Mobile API for Secure Applications and Services

  2. Overview of the Master Thesis This master thesis is a part of the project “SmartOpenID”, which is carried out by InterDigital, Novalyst and Morpho e-Document Within the thesis, different technologies, which intend to extend the UICC’s usage and bring the value-added services, will be discussed Then the Open Mobile API, which fills the gap between the UICC and the outside world, will be introduced As an use case, the SmartOpenID protocol will be introduced and analyzed The usage of Open Mobile API with UICC will be shown. As a result, the services, which an UICC can provide, will be introduced and discussed An implementation of the SmartOpenID protocol on an Android device with UICC A test and analyze of the implementation Discussion and prospect of the other use cases with Open Mobile API and UICC

  3. UICC • UICC is a smart card used in mobile terminals in GSM and UMTS networks [1] • It provides • the authentication with the networks • secure storage • crypto algorithms • … • Java Card as UICC can provide [2] • Hash functions: MD5, SHA-1, SHA-256 … • Signature functions: HMAC … • Public-key cryptography: RSA … • Symmetric-key cryptography: AES, DES … • … ?

  4. UICC • Generic Bootstrapping Architecture (GBA) • Open Mobile API • Toolkit • Smart Card Web Server [3]

  5. Open Mobile API • Open Mobile API is established by SIMalliance as an open API between the Secure Element and the applications [4] • Crypto • Authentication • Secure Storage • PKCS#15 • … Open Mobile API

  6. Open Mobile API • 3 Layers [5] • Transport Layer: using APDUs for accessing a Secure Element • Service Layer: provide a more abstract interface for functions on SE • Application Layer: represents the various applications using Open Mobile API Figure 1: Architecture overview

  7. Use cases [4] NFC services Payment services Ticketing services Loyalty services (Kundenbindungsmaßnahmen) ID services

  8. OpenID Overview RelyingParties Relying Party Submit OpenID ID Association Log-On Device User User authentication OpenID Provider

  9. OpenID Weakness[6] Phishing An “Identity System” without Trust: no authority can promise OpenID rzhou.myopenid.com is Ran Zhou. No single-sign-on Communication Overhead: lots of HTTP requests

  10. Smart OpenID Overview RelyingParties Relying Party Association Log-On Local authentication Device withLocal OP User OpenID Provider Trust

  11. SmartOpenID Phishing Sensitive data remains on device An “identity system” without Trust: no authority can promise OpenID rzhou.myopenid.com is Ran Zhou. Trust between user and MNO (contract) No single-sign-on Local OP interface provide SSO Communication Overhead: lots of HTTP requests Significantly reduced authentication traffic

  12. SmartOpenID

  13. Time plan 01.11.2011 - 15.01.2012: Investigate and design 16.01.2012 - 29.02.2012: Implement of the first demo (with part of the algorithms and functions) 01.03.2012 - 31.03.2012: Implement of the second demo (complete version of the first one) 01.04.2012 - 30.04.2012: First version of the thesis 05.05.2012 - 15.05.2012: Second version of the thesis after first review 20.05.2012 - 30.05.2012: Final version of the thesis after second review 06.2012: Final presentation and Submission

  14. Thanks! Question?

  15. References [1] Rankl, W. (2oo8), Handbuch der Chipkarten, Carl Hanser Verlag München. [2] Sun Microsystems, I. (2006), 'Application Programming Interface Java Card™ Platform, Version 2.2.2'. [3] Wikipedia, t. f. e. (2012), 'Generic Bootstrapping Architecture'. [4] SIMalliance (2011), 'SIMalliance Open Mobile API An Introduction'. [5] SIMalliance (2011), 'Open Mobile API specification V2.02', SIMalliance. [6] van Delft, B. (2010), 'A Security Analysis of OpenID', IFIP Advances in Information and Communication Technology 343/2010, 73-84.

  16. SmartOpenID Architecture Overview • A browser which is able to communicate via HTTP with: the service/RP, and the local OP • Local OP, which provides a web server interface for the browser and acts like a network based OpenID identity provider • SIM communication API, which provides an API for the local OP to communicate with the application on the smart card: Open Mobile API • Application on the UICC, which performs all the necessary crypto operations for the local OP • A Long Term Secret shared between network OP and local OP, which is used to establish the Trust

  17. SmartOpenID Architecture Overview • The UICC application can handle local authentication by means of requesting a user Pin code to unlock the local OP functionality on the UICC • The Local OP app receives an HTTP request from the browser containing all the message fields which have to be signed and also including the association handle • The UICC application derives the signature key with the Long Term Secret and the association handle using key derivation function: PBKDF2 • The UICC signs the message with the derived signature key using HMAC function: HMAC-SHA1 or HMAC-SHA256

  18. Toolkit SIM Application Toolkit is a standard of GSM which can be used by the MNO to provide value-added services It is a set of commands which define how the card should interact with the outside world But the update of toolkit application and menu stored in the UICC is difficult and there is no support for multimedia

  19. Smart Card Web Server The SCWS is based on a standard HTTP 1.1 web server embedded in smart card, allowing communication with any HTTP client – particularly the handset browser It will benefit from all the latest improvement of particular client (JavaScript, XMLHttpRequest) and support s browser plug-ins such as Adobe Flash to bring Apps’ UIto the next level

  20. Generic Bootstrapping Architecture (GBA) • GBA extends the security infrastructure and establishes key agreement • It uses the 3GPP Authentication and Key Agreement (AKA) mechanism, enables authenticated User Equipment (UE) access to the Network Application Function (NAF) services. • But it requires to implement a GBA moduleto communicate with the browser, the NAF and the UICC

More Related