Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou.

Slides:



Advertisements
Similar presentations
© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
NFC Devices: Security and Privacy
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation ESPOO, Finland.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Lecture 23 Internet Authentication Applications
CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.
Dongyan Wang GlobalPlatform Technical Program Manager
By: Ansuya Chauhan.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
A Survey of WAP Security Architecture Neil Daswani
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
FIT3105 Smart card based authentication and identity management Lecture 4.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Web services security I
魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Hsu-Chen Cheng, *Wen-Wei Liao, Tian-Yow Chi, Siao-Yun Wei
UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.
Confidential & proprietary M2M communications in Transportation industry.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Module 9: Fundamentals of Securing Network Communication.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Leveraging UICC with Open Mobile API for Secure Applications and Services.
Single Sign-On
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.
Payment in Identity Federations David J. Lutz Universitaet Stuttgart.
OneM2M Challenges of M2M Security and Privacy
Web Services Security Patterns Alex Mackman CM Group Ltd
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
Hardware-based secure services past and future Olivier POTONNIEE, Aurélien COUVERT, Virginie GALINDO April 2016.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Presented by Edith Ngai MPhil Term 3 Presentation
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Public Key Infrastructure from the Most Trusted Name in e-Security
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Presentation transcript:

Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou

Introduction and Motivation Until 2011, there were 6 billion mobile subscriptions (87% of the population) UICC serves as the security anchor in mobile telecom network Java Card make the UICC more powerful: digital signature, cryptography… UICC is an ideal module to enhance the security level of terminal application Interface is required to fill the gap between UICC applet and terminal application Open Mobile API is proposed to provide this interface A Dual Application Architecture together with the access control mechanism will be introduced As an example to be implemented: an UICC-based Local OpenID protocol will be considered in this thesis

Agenda Introduction and Motivation Basic Technologies – UICC – SIMalliance Open Mobile API – OpenID Concept of Local OpenID Thesis Outline Time Plan

Universal Integrated Circuit Card: UICC UICC is a smart card used in mobile terminals within telecom networks [1] It provides aauthentication ssecure storage ccrypto algorithms …… Java Card as UICC can provide [2] HHash functions: MD5, SHA-1, SHA-256 … SSignature functions: HMAC … PPublic-key cryptography: RSA … SSymmetric-key cryptography: AES, DES … ……

UICC – Related Technologies Toolkit Smart Card Web Server Generic Bootstrapping Architecture (GBA) Open Mobile API [3]

Open Mobile API Open Mobile API is established by SIMalliance as an open API between the Secure Element and the Terminal Applications [4] Crypto Authentication Secure Storage PKCS#15 …

Open Mobile API 3 Layers [5]  Transport Layer: using APDUs for accessing a Secure Element  Service Layer: provide a more abstract interface for functions on SE  Application Layer: represents the various applications using Open Mobile API Figure 1: Architecture overview

Dual Application Architecture NFC (Near Field Communication) services Payment services Ticketing services Loyalty services (Kundenbindungsmaßnahmen) ID Management services (e.g. Single Sign-On) UICC Terminal Application Open Mobile API Transport Layer Access Control Module Access Control Table

OpenID Provider Relying Party User Device Relying Parties Submit OpenID Association User authentication Log-on OpenID

OpenID Weakness [6] Phishing An “Identity System” without Trust: no authority can promise OpenID rzhou.myopenid.com is Ran Zhou Redirects Communication Overhead: lots of HTTP requests

Phishing Sensitive data remains on UICC An “identity system” without Trust: no authority can promise OpenID rzhou.myopenid.com is Ran Zhou. Trusted Identity through Network Operator (contract) Redirects Local OpenID Server interface Communication Overhead: lots of HTTP requests Significantly reduced authentication traffic  Terminal part is developed by a project partner of Morpho  Integration of UICC is the main topic of this thesis Concept: Local OpenID Server with UICC

Network OpenID Provider Relying Party User Local OP Provider = Mobile Application + UICC Applet Relying Parties Association Signed Assertion (with same derivated key) Local OpenID Architecture Trust (Long-Term Secret) Local authentication (with PIN) Association Handle + Derivated Key Submit OpenID Association Handle

Contents 1. INTRODUCTION 1.1 Motivation 1.2 Solution Idea 1.3 Overview 2. UICC AND JAVA CARD 2.1 UICC 2.2 Java Card Introduction Security and Crypto New Features in Java Card Related Technologies SIM Toolkit Smart Card Web Server Generic Bootstrapping Architecture 3. OPEN MOBILE API 3.1 Introduction 3.2 Fundamental Structure 3.3 Use Pattern 3.4 Access Control 3.5 Application Scenario 4. LOCAL OPENID 4.1 OpenID Protocol Introduction Weakness of OpenID 4.2 SAML Protocol Introduction Weakness of SAML

Contents 4.3Local OpenID Protocol Introduction Architecture and Description Compare of OpenID, SAML and Local OpenID 5. IMPLEMENTATION 5.1 Platform Introduction of Android Android Security Management 5.2 App on UICC Applet on UICC Algorithms and Functions Configuration of UICC PKCS15 Structure Implementation 5.3 App on Android Functional Description Open Mobile API in Android Implementation 5.4 Test Test Environment Test Procedure Test Result 5.5 Weakness Analysis 6. SUMMARY AND FUTURE WORK 6.1 Summary 6.2 Future Work

Time plan Investigate and design NovDecJan Feb MarAprMay 1 st Implementation 2 nd Implementation Jun 1 st Thesis 2 nd Thesis Final Thesis Test

Thanks! Questions?

References [1] Rankl, W. (2oo8), Handbuch der Chipkarten, Carl Hanser Verlag München. [2] Sun Microsystems, I. (2006), 'Application Programming Interface Java Card™ Platform, Version 2.2.2'. [3] Wikipedia, t. f. e. (2012), 'Generic Bootstrapping Architecture'. [4] SIMalliance (2011), 'SIMalliance Open Mobile API An Introduction'. [5] SIMalliance (2011), 'Open Mobile API specification V2.02', SIMalliance. [6] van Delft, B. (2010), 'A Security Analysis of OpenID', IFIP Advances in Information and Communication Technology 343/2010,

Authentication Protocol

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.