Abstract
Today mobile operators are in the possession of the SIM application toolkit technology available in their GSM SIM smartcards plugged into the mobile handsets of their subscribers. Although there are roughly 500 mio. SIMs deployed all over the world, they are not integrated into the Internet yet. With the WebSIM approach [6] we have demonstrated how SIMs can be integrated into the Internet by means of a tiny HTTP server implemented in a SIM to provide value-added services running on top of the SIM toolkit.
In this contribution we propose to further extend this approach by making SIMs accessible as open and secure execution platforms for mobile code. Here, open means that virtually anybody in the Internet can use this mobile code platform, and secure means that both - platform and subscriber - cannot be harmed by malicious code. Such a platform can be provided by operators upon which third-party service providers can build their applications which would benefit from the security context of the smartcard they run inside.
The SIMspeak system is comprised of an off-card compiler, a verifier, and a corresponding card-resident interpreter, which can interpret code that has been pushed by an Internet service provider into a customer’s SIM. We describe the underlying trust model of SIMspeak, its architecture, language, and protocols. Furthermore we present approaches for end-to-end security that influence the design of the compiler, verifier, and interpreter and we give an overview on the current status of our implementation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
3GPP. 3rd Generation Partnership Project; Technical Specification Group Terminals; US AT Interpreter Byte Codes (Release 4), January 2001. Available at http://www.3gpp.org.
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Available at http://www.ict.etsi.org/eessi/e-sign-directive.pdf, 1999.
European Telecommunications Standard Institute. Digital cellular telecommunications system (Phase 2+); Specification of the SIM Application Toolkit for the Subscriber Identity Module-Mobile Equipment (SIM-ME) interface (GSM 11.14), 1998.
European Telecommunications Standard Institute. Digital cellular telecommunications system (Phase 2+); Specification of the Subscriber Identity Module-Mobile Equipment (SIM-ME) interface (GSM 11.11), 1998.
Philip W. L. Fong. Viewer’s discretion: Host security in mobile code systems. Technical Report SFU CMPT TR 1998-19, School of Computing Science, Simon Eraser University, Burnaby, B.C., Canada, 1998. Available at http://www.cs.sfu. ca/ ∼pwfong/personal/.
Scott Guthery, Roger Kehr, and Joachim Posegga. How to turn a GSM SIM into a Web server. In Josep Domigo-Ferrer, David Chan, and Anthony Watson, editors, Proceedings of Fourth IFIP TC8/WG8.8 Smart Card Research and Advanced Application Conference CARDIS’2000, Bristol, UK, pages 209-222. Kluwer Academic Publisher, September 20–22, 2000.
International Standardization Organization, JTC 1/SC 22. ISO/IEC 15145:1997 Standard Information technology-Programming languages-FORTH, 1997.
Java Card Technology. Specifications are available at http://java.sun.com/products/javacard/
Roger Kehr, Joachim Posegga, Roland Schmitz, and Peter Windirsch. Mobile security for Internet applications. In Proceedings of Kommunikationssicherheit KSI’2001, DuD Fachbeitrage. Vieweg Verlag, March 27–28, 2001.
Xavier Leroy. On-card bytecode verification for Java Card. In Proceedings of eSmart’ 2001, Cannes, France, Lecture Notes in Computer Science. Springer-Verlag, September 2001.
Tim Lindholm and Frank Yellin. The Java Virtual Machine Specification. Sun Microsystems Inc., Mountain View, second edition, 1999.
Across Wireless (now Sonera Smart Trust), http://www.acrosswireless.com.
SIMalliance. http://www.simalliance.org.
U. G. Wilhelm, L. Buttyan, and S. Staamann. On the problem of trust in mobile agent systems. In Symposium on Network and Distributed System Security, pages 114–124, San Diego, CA, USA, March 1998. Internet Society.
Wireless Application Protocol Forum, Ltd. WAP Push Architectural Overview Version 1999-11-08, November 1999. Available at http://www.wapforum.org.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kehr, R., Mieves, H. (2001). SIMspeak - Towards an Open and Secure Application Platform for GSM SIMs. In: Attali, I., Jensen, T. (eds) Smart Card Programming and Security. E-smart 2001. Lecture Notes in Computer Science, vol 2140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45418-7_12
Download citation
DOI: https://doi.org/10.1007/3-540-45418-7_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42610-3
Online ISBN: 978-3-540-45418-2
eBook Packages: Springer Book Archive