1

Extending the GSM/3G Key

Infrastructure

DIMACS Workshop on Mobile and Wireless Security
November 3, 2004
Scott B. Guthery
CTO, Mobile-Mind
Sguthery@mobile-mind.com
Mary J. Cronin
Professor of Management
Boston College
Cronin@bc.edu

2
Outline
SIM for Mobile Network Authentication
SIM for Internet Authentication
SIM for Local Authentication

3
Subscriber Identity Module
Integral part of GSM security from the start
Holds secret key Ki
other copy held by subscribers network operator
8-bit processor, 8KB EEPROM, file system,
cryptographic algorithms

Identity token with a wireless connection to an
authentication and billing service

4
GSM/3G Authentication
Roaming is the stepping off point for
extending the GSM/3G key infrastructure
Visited network authenticates without being in
possession of Ki
SIM
1) Identity
3) Challenge
& Response
4) Challenge
5) Response
Visited
Network
Home
Network
2) Identity
Ki
Ki

5
SIM for Internet Authentication
EAP-SIM uses SIM for Internet authentication
visited network is an EAP authenticator
draft-haverinen-pppext-eap-sim-14.txt
Uses GSM/3G authentication but generates a
stronger session key
SIM
EAP
Authenticator
Home
Network
Ki
Ki
Internet Service

6
SIM Toolkit
SIM gives commands to the handset
display text, get key hit, send SMS, block call
Operator controls loading of applications
GlobalPlatform architecture used to manage keys
for non-operator applications
Application 1
Application 2
Application 3
Handset STK

7
SIM for Local Authentication
SIM-based authentication and authorization
visited network is a merchant or a door
SIM-based cryptographic services
session keys, certificates, signing, tickets, etc.
Operator
SIM
Handset
Local Connections
(IR, Bluetooth, etc.)
Other
SIM
3G Network

8
User-Equipment Split
SIM is in the device needing signing and
authentication services
All thats left of the mobile communication
network is the extended key infrastructure
SIM A
SIM B
SIM C
Network
Operator
Handset

9
Business Models for SIM Security Extension
Theory, Reality and Lessons Learned
Theory: Compelling business and revenue
opportunities based on leveraging SIM security
Enormous global installed base of active SIM cards
Over 800 million GSM and 3G handsets and subscribers
Well-established international standards for SIM
applications and key infrastructure
Well documented architecture and tools for development
using SIM Application Toolkit and Java Card platform
Multiple business models from different industries
(banking, retail, media, IT, health, etc.) in search of
strong mobile security solution will embrace the SIM

10
Three Potential Business Cases
SIM-hosted and authenticated non-telephony m-
commerce applications and services
Allow trusted third parties to load applications onto the SIM
card and share the existing key infrastructure to authenticate
customers and authorize transactions via the wireless public
network
SIM-enabled use of mobile handset for authenticated
and authorized transactions via the wireless public
network
Embedded SIMs for authorization of users or devices
attached to any network, particularly WiFi

11
SIM-Hosted M-Commerce Applications
Business Model: Multiple applications are stored on a
single SIM card to allow subscriber to conduct secure
banking, make and pay for purchases, download and
store value, tickets, etc to the SIM
Third party consumer and enterprise applications both
supported
SIM application provider gets share of projected $60 billion plus
in m-commerce transactions
Reality as of 2004
Technical requirements are in place
Almost all recent SIMs are multi-application Java Card SIMs
Over 260 million of them are Global Platform compliant
SIM-hosted applications have been scarce
Limited to small mobile banking pilots in Europe and Asia
Majority of booming m-commerce business has moved to
handset downloads and back end server-based security systems

12
SIM-Enabled Security for Mobile Devices
Business Model: Dual-slot handsets provide external
slot for smart card to conduct secure transactions and
move value via the SIM, making the mobile a cash
dispenser, a ticket, a POS, etc.
1999 launch of dual slot phones to great fanfare
Datamonitor projected over 32 million such phones in use by 2003
All major handset makers announced plans to manufacture them
Reality as of 2004
Dual slot phones are hard to find collectors items
Revival of the model via add-on module for standard GSM
phone to create a mobile POS for developing markets
Way Systems has some initial traction with this approach for China

13
SIM Authentication in Non-Telephony Networks
Business Model: Embed SIM in WiFi and other
networked devices or provide SIM-USB token to
subscribers for authentication and payment for WiFi
access and roaming
One solution for problems with 802.11 security
Potential for portability and roaming on different networks
Possible integration with wireless subscriber accounts
Reality as of 2004
WLAN Smart Card Consortium attempting to define
standards
Commercial deployments increasing but still in early stages
Transat solution launches with 3,500 hotspots in the UK
(4/04)
Orange implements in Switzerland (3/04)
Tartara demonstrates solution with Verisign (3/04)
TSI demonstrates solution with Boingo Wireless (5/04)

14
Conclusion: Still Searching for Clear
Business Case for SIM Extension
Limited applications to date outside of wireless
telephony and some notable business failures such
as dual-slot handsets
The combined business drivers of a billion SIMs, a rapidly growing
m-commerce market and unsolved mobile security issues continue
to bring new players and approaches to the table
Lesson learned: Wireless carriers have made
controlling and guarding the SIM key infrastructure a
priority over increasing revenues through extension
Carriers have the ability to cut off third party access to the
SIM platform
WiFi and non-telephony network authentication looks like a
good match for the SIM key infrastructure, but long-term
models may require wireless carrier participation