LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015

Motivation  Smartphones become the handheld computer and the personal assistant  Growing market has attracted hackers to make the potential for serious security threats on smartphones a reality  UICC serves as the security anchor in mobile networks  GSM Association: the UICC is the strategically best alternative as a secure element for mobile devices [Sma09]  Interface is required to fill the gap between UICC applets and mobile applications 2 9/3/2015

Solution Idea  SIMAlliance Open Mobile API: the communication channel  Dual Application Architecture: the basic architecture  An example: Smart OpenID 3 9/3/2015

Agenda  Motivation and Solution Idea  Basic Technologies  State of the Art  Smart OpenID  Implementation  Summary and Future Work 4 9/3/2015

Universal Integrated Circuit Card: UICC  The bearer of the subscriber’s identity in cellular networks  Secure element secure storage, cryptographic functions  Secure channel transmission between the UICC and the server with authenticity, integrity, confidentiality  Wireless PKI mobile network operator owns root certificate: becomes a certificate authority 5 9/3/2015

Open Mobile API Open Mobile API is established by SIMalliance as an open API between secure element and the mobile applications Crypto Authentication Secure Storage PKCS#15 … 6 Open Mobile API 9/3/2015

Open Mobile API 7 9/3/2015

Agenda  Motivation and Solution Idea  Basic Technologies  State of the Art  Smart OpenID  Implementation  Summary and Future Work 8 9/3/2015

State of the Art  Financial applications online-banking, contactless payment, tickets apps  Enterprise applications secure , ERP, Software as a Service  Content protection applications digital rights management, secure document  Authentication applications generic bootstrapping architecture, public key infrastructure 9 9/3/2015

State of the Art  Malware virus, Trojan horse, Spyware  Eavesdropping traffic (password) on the network  Man-in-the-middle attacker manipulates the transmitted data  Replay attacks a valid data is maliciously repeated or delayed  Phishing acquires data by masquerading as a trustworthy entity 10 9/3/2015

State of the Art  Private information is the main aim of the attacker, e.g., password, credit card number etc.  Anti-Malware, secure storage, digital certificate, transport layer security, authentication etc.  Some countermeasures are unusual on smartphone  Existed protocols are vulnerable to different attacks 11 9/3/2015

Agenda  Motivation and Solution Idea  Basic Technologies  State of the Art  Smart OpenID  Implementation  Summary and Future Work 12 9/3/2015

OpenID Provider Relying Party User Device Relying Parties Submit OpenID Association session: a shared symmetric key + association handle User authentication Authentication response: signed with the shared key OpenID 13

Threats to OpenID  Malware virus, Trojan horse, Spyware  Eavesdropping password on the network  Man-in-the-middle attacker captures the transmitted password, authentication assertion, optionally alters it  Replay attacks a valid authentication assertion is maliciously repeated  Phishing acquire password by masquerading as an OP 14 9/3/2015

Smart OpenID: Concept  Authentication factor  something the user knows: password  something the user has: smart card  something the user is: finger print  Using UICC as credential  shares a long-term secret (LTS) with the server  derives a key from the LTS and an one-time password  PIN verification to activate the function 15 9/3/2015

Network OpenID Provider Relying Party User Local OP Provider = Mobile Application + UICC Applet Relying Parties Association Signed assertion (with same derivated key) Smart OpenID Trust (long-term secret) Local authentication (with PIN) Association handle + derived key (symmetric) Submit OpenID Association Handle 16

Smart OpenID  Long-term secret: 64 bytes  Association handle: less than 255 bytes  Key derivation functions: PBKDF2  use HMAC-SHA-1/HMAC-SHA-256 (hash-based message authentication code) as underlying algorithm  configurable iteration count and derived key length 17

Security Analysis 18

Security Analysis : Phishing 19 Derived Key S = PBKDF2-HMAC-SHA-1(LTS, AH, 64, 64)

Agenda  Motivation and Solution Idea  Basic Technologies  State of the Art  Smart OpenID  Implementation  Summary and Future Work 20 9/3/2015

Implementation  Platform Android Java Card UICC  Algorithms key derivation function: PBKDF2-HMAC-SHA-1 signature: HMAC-SHA /3/2015

Demo 9/3/

Performance Iteration : 64 rounds AH: 240 bytes Derived key length: 64 bytes 23 9/3/2015

Performance Derived key length: 64 bytes 24 9/3/2015

Agenda  Motivation and Solution Idea  Basic Technologies  State of the Art  Smart OpenID  Implementation  Summary and Future Work 25 9/3/2015

Summary  UICC as secure element on smartphones  Dual Application Architecture with Open Mobile API  Improve existed protocols with the UICC  Other usages:  Digital certificate  Wireless PKI  NFC payment  … 26 9/3/2015

Future Work  Smart OpenID with HMAC-SHA-256  Implementation of other applications 27 9/3/2015

28 Thank you! Questions? 28 9/3/2015

Bibliographie [Sma09]SmartTrust. The role of SIM OTA and the mobile operator in the NFC environment, /3/2015

Smartphone  Mobile phone voice communication and messaging  Feature phone digital camera, gaming, music and video streaming  Smartphone modern operating system, high speed connectivity, third- party applications /3/2015

Access Control Module 31 9/3/2015

Security Analysis : Phishing 32

Security Analysis : Phishing 33