Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004 - PowerPoint PPT Presentation

About This Presentation
Title:

Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004

Description:

Identity token with a wireless connection to an authentication and billing service ... 1999 launch of dual slot phones to great fanfare ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 15
Provided by: mobilem
Category:

less

Transcript and Presenter's Notes

Title: Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004


1
Extending the GSM/3G Key InfrastructureDIMACS
Workshop on Mobile and Wireless SecurityNovember
3, 2004
  • Scott B. Guthery
  • CTO, Mobile-Mind
  • Sguthery_at_mobile-mind.com

Mary J. Cronin Professor of Management Boston
College Cronin_at_bc.edu
2
Outline
  • SIM for Mobile Network Authentication
  • SIM for Internet Authentication
  • SIM for Local Authentication

3
Subscriber Identity Module
  • Integral part of GSM security from the start
  • Holds secret key Ki
  • other copy held by subscribers network operator
  • 8-bit processor, 8KB EEPROM, file system,
    cryptographic algorithms

Identity token with a wireless connection to an
authentication and billing service
4
GSM/3G Authentication
1) Identity
2) Identity
SIM
Visited Network
Home Network
3) Challenge Response
4) Challenge
5) Response
Ki
Ki
  • Roaming is the stepping off point for extending
    the GSM/3G key infrastructure
  • Visited network authenticates without being in
    possession of Ki

5
SIM for Internet Authentication
  • EAP-SIM uses SIM for Internet authentication
  • visited network is an EAP authenticator
  • draft-haverinen-pppext-eap-sim-14.txt
  • Uses GSM/3G authentication but generates a
    stronger session key

Internet Service
SIM
EAP Authenticator
Home Network
Ki
Ki
6
SIM Toolkit
  • SIM gives commands to the handset
  • display text, get key hit, send SMS, block call
  • Operator controls loading of applications
  • GlobalPlatform architecture used to manage keys
    for non-operator applications

Application 1
STK
Handset
Application 2
Application 3
7
SIM for Local Authentication
  • SIM-based authentication and authorization
  • visited network is a merchant or a door
  • SIM-based cryptographic services
  • session keys, certificates, signing, tickets,
    etc.

Local Connections (IR, Bluetooth, etc.)
Operator SIM
Handset
Other SIM
3G Network
8
User-Equipment Split
  • SIM is in the device needing signing and
    authentication services
  • All thats left of the mobile communication
    network is the extended key infrastructure

SIM A
Network Operator
Handset
SIM B
SIM C
9
Business Models for SIM Security
ExtensionTheory, Reality and Lessons Learned
  • Theory Compelling business and revenue
    opportunities based on leveraging SIM security
  • Enormous global installed base of active SIM
    cards
  • Over 800 million GSM and 3G handsets and
    subscribers
  • Well-established international standards for SIM
    applications and key infrastructure
  • Well documented architecture and tools for
    development using SIM Application Toolkit and
    Java Card platform
  • Multiple business models from different
    industries (banking, retail, media, IT, health,
    etc.) in search of strong mobile security
    solution will embrace the SIM

10
Three Potential Business Cases
  • SIM-hosted and authenticated non-telephony
    m-commerce applications and services
  • Allow trusted third parties to load applications
    onto the SIM card and share the existing key
    infrastructure to authenticate customers and
    authorize transactions via the wireless public
    network
  • SIM-enabled use of mobile handset for
    authenticated and authorized transactions via the
    wireless public network
  • Embedded SIMs for authorization of users or
    devices attached to any network, particularly WiFi

11
SIM-Hosted M-Commerce Applications
  • Business Model Multiple applications are stored
    on a single SIM card to allow subscriber to
    conduct secure banking, make and pay for
    purchases, download and store value, tickets, etc
    to the SIM
  • Third party consumer and enterprise applications
    both supported
  • SIM application provider gets share of projected
    60 billion plus in m-commerce transactions
  • Reality as of 2004
  • Technical requirements are in place
  • Almost all recent SIMs are multi-application Java
    Card SIMs
  • Over 260 million of them are Global Platform
    compliant
  • SIM-hosted applications have been scarce
  • Limited to small mobile banking pilots in Europe
    and Asia
  • Majority of booming m-commerce business has moved
    to handset downloads and back end server-based
    security systems

12
SIM-Enabled Security for Mobile Devices
  • Business Model Dual-slot handsets provide
    external slot for smart card to conduct secure
    transactions and move value via the SIM, making
    the mobile a cash dispenser, a ticket, a POS,
    etc.
  • 1999 launch of dual slot phones to great fanfare
  • Datamonitor projected over 32 million such phones
    in use by 2003
  • All major handset makers announced plans to
    manufacture them
  • Reality as of 2004
  • Dual slot phones are hard to find collectors
    items
  • Revival of the model via add-on module for
    standard GSM phone to create a mobile POS for
    developing markets
  • Way Systems has some initial traction with this
    approach for China

13
SIM Authentication in Non-Telephony Networks
  • Business Model Embed SIM in WiFi and other
    networked devices or provide SIM-USB token to
    subscribers for authentication and payment for
    WiFi access and roaming
  • One solution for problems with 802.11 security
  • Potential for portability and roaming on
    different networks
  • Possible integration with wireless subscriber
    accounts
  • Reality as of 2004
  • WLAN Smart Card Consortium attempting to define
    standards
  • Commercial deployments increasing but still in
    early stages
  • Transat solution launches with 3,500 hotspots in
    the UK (4/04)
  • Orange implements in Switzerland (3/04)
  • Tartara demonstrates solution with Verisign
    (3/04)
  • TSI demonstrates solution with Boingo Wireless
    (5/04)

14
Conclusion Still Searching for Clear Business
Case for SIM Extension
  • Limited applications to date outside of wireless
    telephony and some notable business failures such
    as dual-slot handsets
  • The combined business drivers of a billion SIMs,
    a rapidly growing m-commerce market and unsolved
    mobile security issues continue to bring new
    players and approaches to the table
  • Lesson learned Wireless carriers have made
    controlling and guarding the SIM key
    infrastructure a priority over increasing
    revenues through extension
  • Carriers have the ability to cut off third party
    access to the SIM platform
  • WiFi and non-telephony network authentication
    looks like a good match for the SIM key
    infrastructure, but long-term models may require
    wireless carrier participation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!