Information Technology Reference
In-Depth Information
such as mobile operators. The GlobalPlatform
defines the secure UICC management protocol
between UICC and off-card entity such as mobile
terminals, administration servers (SCMS - Smart
Card Management System), etc. Currently, Glo-
balPlatform defines four SCPs depending on the
applied security between UICC and the off-card
entity ; SCP '01' (deprecated) - DES, SCP '02'
- 3DES, SCP '10' - PKI and SCP '03' - AES
minals. ESTI has been working on the USSM
(UICC Security Service Module) as TS 102.266
since the release of stage 1 documents in 2006.
The basic concept of this work is based on the
GlobalPlatform to provide the security services
such as PKI operations, storing security keys, data
encryption/decryption, etc. to UICC applications
via APIs. This work is in the progress of stage 2
and currently presents only the conceptualized
architectures.
The mobile OS vendors usually implement
the security functionalities and make them as
APIs into their own products such as Android
(Google), Windows Mobile (Microsoft), Symbian
(Nokia), etc. These products usually provide only
the fundamental crypto algorithms and some
commonly used security protocols such as TLS/
SSL, PKCS series, etc. To satisfy all the security
requirements for the mobile operators, additional
implementation should be accompanied to provide
the secure services to the customers. Also, when
the customers change their phones, all security
implementations should be re-installed on their
new phones or can be impossible to be installed
again due to the differences in the type of OS,
the version, the supported crypto algorithms, etc.
These days, TPM (Trusted Platform Module)
has been introduced to enhance the security of
mobile terminals. TPM usually refers to the
name of specifications and the implementation
of these specifications. This technology usually
implements the primitive algorithms such as AES,
SHA-1, RSA, etc. and the storages for the security
keys. The TPM can be considered as the technology
for chip such as the computer motherboards, the
computer graphic boards, one component of the
mobile terminals, etc. Since TPM only implements
the fundamental crypto algorithms, additional
implementations also should be completed in the
upper layer of the mobile terminal such as the
platform or application layer. The same obstacles
to the mobile OS can be found in the case of TPM.
Related Works
Now, we present some related works about UICC-
based security. Actually, there were lots of trials
conducted by smart card vendors to utilize smart
cards for security purposes. For example, DRM
agents on smart cards and on-card key genera-
tion for PKI were developed and evaluated as the
proof-of-concept; however, due to the resource-
constraints of the former smart cards, it looked
quite impossible to commercialize.
Yet, with improvement of hardware and soft-
ware technologies of the smart cards, these vendors
are now trying to make the trials be feasible. Tual,
Couchard and Sourgen (2005) mention about the
high-speed interface with devices and its possible
use cases such as SIM-based DRM and condi-
tional access in the field of the mobile pay TV or
home networks. Handschuh and Trichina (2007)
examine the security issues such as memory in-
teractions, secure card personalization techniques,
secure memory accesses of high-density cards,
which have hundreds of megabytes of non vola-
tile flash memory and high-speed interface (e.g.
USB and MMC) with devices and other enhanced
components. Trichina, Hyppönen and Hassinen
(2007), Badra and Urien (2004), and Zheng, He,
Wang and Tang (2005) introduce the security ap-
plications of the smart cards in the fields of DRM,
PKI and TLS/SSL.
Till now, there has been several works about
the security frameworks onto the mobile ter-
Search WWH ::
Custom Search