Cryptography Reference
In-Depth Information
10.4.6 Software Identity Modules
Every Smartphone uses a SIM card for secure authentication against the network
provider (PLMN). A SIM card is usually implemented as a hardware device
[WR08] that allows the secure storage of, and secure computation with credentials.
These protection mechanisms are based on physical characteristics of the deployed
hardware and attacks against such devices are believed to be very expensive and
thus usually not practical. Operating system providers, e.g. RIM [iGR10] and
Apple [Apple10], have recognized the importance of these trusted devices and
provide APIs which allow the use of these functionalities by applications that
require trusted authentication mechanisms.
The deployment of such trusted hardware devices can guarantee the
confidentiality and integrity of credentials used for authentication. However, we
assume that smartcards or similar trusted computing devices will vanish in the
long run:
Over a long time telecommunication providers were basically defining hardware
specifications for cell phones; the “Mobile Terminal” was a comparably dumb
device that simply served the network. However, the setting has changed:
Connectivity became commodity in the last decade, and the market today is driven
by extremely powerful “user terminals”, i.e.: Smartphones: Now, devices and their
capabilities become the focal point of innovation visible by consumers, and
subscribing for connectivity is increasingly a necessary burden. The SIM today,
from a consumer perspective, largely stands for this “burden”. It is being discussed
since two decades if the phone itself should offer SIM-like capabilities and allow
customers to choose connectivity options as to their wish: cheapest offer, best
availability, etc., rather than being bound to be part of a home network. We believe
that also here a second round of innovation will eventually succeed with providing
trusted platforms in mobile devices (resembling first attempts in the late 90s like
TPMs [TCG11]).
Note that the only immediate reason for having a home network provider is in fact
naming, e.g. for having a fixed phone number. Technically, there are various other
technical solutions, e.g. VoIP servers, Skype, DNS-based solutions, etc., which will
almost certainly take over in the long run.
With the increased mobility of users and increased device-centeredness, it is a
question of time for SIM cards being replaced by a successor technology. We do
expect the development of software modules which basically show the same
functionality as ICCs to continue, and we expect that software-based replacements
of SIMs will become being used: Customer authentication boils down to the
question of
Who owns the customer?
; the answer to this question has significantly
changed since the appearance of the iPhone.
Search WWH ::
Custom Search