7. Smartcards & Related Application Infrastructures Flashcards
Smartcards
small computers with memory, operating system, software, processor, I/O & access control used, when security of data (e.g. for keys, signatures, physical access control, payment) needed in insecure environments (chip protected against manipulation)
Why Smartcards?
protection needed against: unauthorised usage of service through forged user data, duplication of a user’s credentials, “cracking” of credentials, billing fraud
Defintion: Subscriber Identity Module (SIM)
SIMs are smartcards!
- -represents contract between subscriber & network operator
- authorizes a “phone” to use the network by linking it to a subscription
- -contain International Mobile Subscriber Identity (IMSI) for subscriber identification & the key K(i) provided by mobile operator
Functionality of SIM (3)
- -SIM serves as “identity card” for GSM cellular phone subscribers
- -Allows for secure billing & roaming subscribers
- -Contains additional configuration data of GSM system
SIM - Card Content
static data (IMSI, PIN, PUK, A3, A8, language preferred by subscriber) & dynamic data (cell & frequency information, dynamically generated keys, user data)
Integration of SIM into Mobile Phones
ETSI GSM 11.11 specifies electrical & software interfaces between SIM and device –> “SIM Application Toolkit” (SAT) allows for implementing of additional applications on a SIM, e.g. mobile banking, location-based services
WAP
WAP is a protocol family implementation of Client/Server applications on mobile devices
WAP Identity Module (WIM)
WIM is implemented as an additional application on a -> should solve security problems raised
by WAP: Secure storage (for key/certificates), tamper resistance (of SIM based crypto algorithms), standardized interface (to security functions), RSA signatures are implemented on WIM
USIM (def., features)
Universal SIM (for UMTS) - FEATURES; Support for multiple applications (SIM card & others), End-to-end security from USIM to application, Authentication of the network towards the USIM via cryptography (multilateral security possible), Downward compatible to SIM, Extended phone book on card (email addresses, numbers)
definition: Secure Elements & UICC
SE are hardware tokens, that offer secure services (e.g. tamper-proof storage) -> UICC are one form factor of a SE, enabling secure mobile applications & services
definition: ISIM
IP Multimedia Services Identity Module -> application running on a UICC smart card in a 3G mobile phone in IP Multimedia Subsystem (IMS) (can co-exist with SIM & USIM )
ISIM - parameters for identifying & authenticating users
One private “IM Private Identity” (IMPI), One or more “IM Public Identities” (IMPU), Long-term secret used to authenticate & calculate cipher keys
name SIM Applications (4)
Apple SIM, Google Fi Project, Embedded SIM (eSIM), CamWebSIM
Apple SIM
SIM contains credentials for several networks – When travelling abroad, customer can use same SIM card for a chosen mobile data tariff from selected operators
Google Fi Project
Connectivity through different operators (e.g. in cooperation with T-Mobile), High-speed data coverage in different countries with same conditions
