Abstract
Mobile networks have become a very attractive channel for the provision of electronic services, as they are available almost anytime and anywhere. But for a service provider, there are several mobile communication standards to choose from. They differ in market penetration, flexibility, and security.
This paper gives a comparative overview of the security features of GSM, SIM Application Toolkit and WAP (Wireless Application Protocol). It describes the trust relations involved, and gives examples of typical applications suitable for each of these standards.
Results are that pure GSM is suitable only for applications with low sensitivity, as the security features are limited. SIM Toolkit allows for the implementation of application-specific end-to-end security, and is thus suitable for sensitive, personalized applications like banking ore brokerage. Finally, WAP defines a security standard with choices for differently strong algorithms. In order to be suitable for secure applications, the models for local storage have to be settled, and there must be sufficiently many WAP phones with support for strong security on the market.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
T. Dierks et al: The TLS Protocol, RFC 2246, January 1999, ftp://ftp.isi.edu/in-notes/rfc2246.txt
ETSI: GSM 02.09: “Security-related Network Functions”, February 1992, http://www.etsi.org
ETSI: GSM 02.19: “Digital cellular telecommunications system (Phase 2+); Subscriber Identity Module Application Programming Interface (SIM API); Service Description; Stage 1”, to appear
ETSI: GSM 03.19: “Digital cellular telecommunications system (Phase 2+); Subscriber Identity Module Application Programming Interface (SIM API); SIM API for Java Card™ Stage 2”, to appear
ETSI: GSM 03.20: “Security Aspects”, June 1993, http://www.etsi.org
ETSI: GSM 03.48: “Digital cellular telecommunications system (Phase 2+); Security Mechanisms for the SIM application toolkit”, http://www.etsi.org
ETSI: GSM 11.11: “Digital cellular telecommunications system (Phase 2+); Specification of the Subscriber Identity Module-Mobile Equipment (SIM-ME) interface”, http://www.etsi.org
ETSI: GSM 11.14: “Digital cellular telecommunication system (Phase 2+); Specification of the SIM Application Toolkit for the Subscriber Identity Module-Mobile Equipment (SIM-ME) interface”, http://www.etsi.org
Jovan Dj. Golic: Cryptanalysis of alleged A5 stream cipher, Proceedings of EUROCRYPT’ 97, LNCS 1233, Springer-Verlag, 1997
RSA Laboratories: “PKCS #15: Cryptographic Token Information Standard”, Version 1.0, April 1999, ftp://ftp.rsa.com/pub/pkcs/pkcs-15/pkcs15v1.doc
WAP Forum: WAP Architecture Specification, April 30, 1998, http://www.wapforum.org/
WAP Forum: Identity Module Specification, Proposed Version July 5, 1999, http://www.wapforum.org/
WAP Forum: Wireless Transport Layer Security Protocol, April 30, 1998, http://www.wapforum.org/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Borcherding, M. (1999). Mobile Security – An Overview of GSM, SAT and WAP. In: Secure Networking — CQRE [Secure] ’ 99. CQRE 1999. Lecture Notes in Computer Science, vol 1740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46701-7_12
Download citation
DOI: https://doi.org/10.1007/3-540-46701-7_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66800-8
Online ISBN: 978-3-540-46701-4
eBook Packages: Springer Book Archive