SIMSec: A Key Exchange Protocol Between SIM Card and Service Provider
- 215 Downloads
Mobile technology is so popular and overdosed adoption is inevitable in today’s world. As the mobile technologies have advanced, Service Providers (SP) have offered services via Smartphones and some of them required secure data communication between the Subscriber Identity Module (SIM) cards on Smartphones and the servers of SP. The latest SIM cards comply with recent specifications including secure domain generation, mobile signatures, pre-installed encryption keys, and other useful security services. Nevertheless, un-keyed SIM cards do not satisfy such requirements, thus end-to-end encryption between the SIM card and SP cannot be provided. In this paper, we provide a key exchange protocol, which creates a symmetric key through the collaborative work of the SIM card and the SP server. After a successful protocol performance, the SIM card and SP can perform end-to-end data encryption. After defining the protocol, we also discuss the security issues and provide a formal security analysis of the protocol using the Casper/FDR tool.
KeywordsSmart card SIM card Service provider End-to-end security Key exchange protocol
- 3.Schneier, B. (1994). Description of a new variable-length key, 64-bit block cipher (Blowfish). In R. Anderson (Ed.), Fast software encryption (pp. 191–204). Berlin: Springer.Google Scholar
- 6.Barker, W. C., & Barker, E. (2012). NIST Special Publication 800-67 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Revision 1.Google Scholar
- 7.Perkov, L., Klisura, A., & Pavkovic, N. (2011). In 34th International convention on recent advances in GSM insecurities (pp. 1502–1506).Google Scholar
- 8.ISO/IEC. (2006). ISO/IEC 7812-1:2006. Identification Cards—Identification of issuers—Part 1: Numbering system (3rd ed.).Google Scholar
- 9.Smart Card Alliance. Smart card standards and specifications. http://www.smartcardalliance.org/smart-cards-intro-standards/. Accessed 20 April 2016.
- 10.GlobalPlatform. GlobalPlatform official web page. http://www.globalplatform.org/. Accessed 20 April 2016.
- 12.GlobalPlatform. GlobalPlatform Card Specification v2.2.1. http://www.globalplatform.org/specificationscard.asp. Accessed 20 April 2016.
- 14.Coskun, V., Ok, K., & Ozdenizci, B. (2011). Near field communication (NFC): From theory to practice. Wiley. ISBN: 978-1119971092.Google Scholar
- 19.Abdalla, M., & Pointcheval, D. (2005). Simple password-based encrypted key exchange protocols. In A. Menezes (Ed.), Topics in cryptology–CT-RSA 2005 (pp. 191–208).Google Scholar
- 20.International Telecommunication Union. (2007). ITU-T Recommendation X.1035: Password authenticated key exchange (PAK) Protocol. http://www.itu.int/rec/T-REC-X.1035/en.
- 24.Ok, K., Coskun, V., Aydin, M. N., & Ozdenizci, B. (2010). Current benefits and future directions of NFC services. In 2010 International conference on education and management technology (ICEMT), (pp. 334–338).Google Scholar
- 30.Coskun, V., Ozdenizci, B., Ok, K., Alsadi, M., & Soylemezgiller, F. (2013). Design and development of NFC enabled loyalty system. In Proceedings of the 6th international conference of advanced computer systems and networks: Design and application, Lviv, Ukraine (pp. 16–18).Google Scholar
- 32.Li, C. T., Lee, C. C., Liu, C. J., & Lee, C. W. (2011). A robust remote user authentication scheme against smart card security breach. In Y. Li (Ed.), Data and applications security and privacy XXV (pp. 231–238). Berlin: Springer.Google Scholar
- 33.Badra, M., & Urien, P. (2004). Toward SSL integration in SIM SmartCards. In Wireless communications and networking conference, 2004. WCNC. 2004 IEEE (Vol. 2, pp. 889–893).Google Scholar
- 35.Li, Y., Chen, M., & Nie, J. (2011). Mobile commerce security model construction based on sms. In Wireless communications, networking and mobile computing (WiCOM), 7th International Conference on 2011 (pp. 1–3).Google Scholar
- 36.Markantonakis, K., & Mayes, K. (2005). A Secure Channel protocol for multi-application smart cards based on public key cryptography, Communications and Multimedia Security, (Vol. 175, pp. 79–95). US: Springer.Google Scholar
- 37.Ok, K., Coskun, V., & Cevikbas, R. C. (2014). Challenges and risks for a secure communication between a smartcard and a SP through cellular network. International Journal of Advances in Computer Networks and Its Security, 4(4), 26–30.Google Scholar
- 38.Ok, K., Coskun, V., Cevikbas, C., & Ozdenizci, B. (2015). Design of a key exchange protocol between SIM card and service provider. In 2015 23rd telecommunications forum telfor (TELFOR) (pp. 281–284). IEEE.Google Scholar
- 39.3rd Generation Partnership Project 2 / 3GPP2. (2007). X.S0028-100-0 cdma2000 Packet data services: Wireless local area network (WLAN) interworking—Access to internet. http://www.3gpp2.org/public_html/specs/X.S0028-100-0_v1.0_070405.pdf. Last Access Date 20 April 2016.
- 40.3rd Generation Partnership Project 2 / 3GPP2. (2010). Over-the-air service provisioning of mobile stations in spread spectrum systems. http://www.3gpp2.org/public_html/specs/C.S0016-D%20v1.0_OTASP.pdf. Last Access Date 20 April 2016.
- 41.Sterckx, M., Gierlichs, B., Preneel, B., & Verbauwhede, I. (2009). Efficient implementation of anonymous credentials on Java Card smart cards. In First IEEE international workshop on information forensics and security, (pp. 106–110).Google Scholar
- 43.Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2006). Recommendation for key management-part 1: General (Revision 3). NIST special publication.Google Scholar
- 44.Lowe, G. Casper: A compiler for the analysis of security protocols. http://www.cs.ox.ac.uk/gavin.lowe/Security/Casper/. Accessed 20 April 2016.
- 46.Lamberger, M., & Mendel, F. (2011). Higher-order differential attack on reduced SHA-256. IACR Cryptology ePrint Archive, 2011, 37.Google Scholar