Abstract
Cellular communication via a traditional mobile handset is a ubiquitous part of modern life and as device technology and network performance continues to advance, it becomes possible for laptop computers, Personal Digital Assistants (PDAs) and even electrical meters to better exploit mobile networks for wireless communication. As the diverse demands for network access and value added services increase, so does the importance of maintaining secure and consistent access controls. A critical and well-proven component of the Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) security solution is the smart card in the form of the Subscriber Identity Module (SIM) or USIM, respectively. However, with the enlarged range of communications devices, some manufacturers claim that the hardware selection, chip design, operating system implementation and security concepts are different from traditional mobile phones. This has led to a suggestion that types of “Software SIM” should be used as an alternative to the smart card-based solution. This paper investigates the suggestion.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/978-1-4614-7915-4_25
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Near Field Communication (NFC) is similar to a contactless smart card/Radio Frequency Identification (RFID) interface for mobile phones.
- 2.
UMTS is the successor to GSM, initially standardised by ETSI and now by the Third Generation Partnership Project (3GPP).
- 3.
Standards defined by 3GPP2—relating to IS95/CDMA2000.
- 4.
K, CK and RES are similar to Ki, Kc and SRES in GSM authentication.
- 5.
The attacks which are described more fully in the Sect. 10.5 include all known logical, physical, side-channel and fault classes.
- 6.
Fault attacks could be considered as combinations of other categories, but their importance merits separate mention.
- 7.
It is interesting to note that the traditional limitations of the SIM smart card (small memory, slow interface and restricted CPU) have been overcome by technology advances, albeit at added cost compared to a traditional SIM.
- 8.
Note the Trusted Computing Platform Alliance (TCPA) was the predecessor to the Trusted Computing Group (TCG).
- 9.
References
Anderson R (2008). Security engineering: a guide to building dependable distributed systems. John Wiley, New York.
German Federal Office for Information Security (2011). Protection Profiles. [Online Available] https://www.bsi.bund.de/DE/Themen/ZertifizierungundAnerkennung/ZertifizierungnachCCundITSEC/SchutzprofileProtectionProfiles/schutzprofileprotectionprofiles_node.html.
EVITA project (20082011). E-Safety vehicle intrusion protected applications. http://www.evita-project.org.
Hersteller Initiative Software (HIS), Working Group Security (2010). SHE Secure hardware extension version 1.1.
ISO 11898 (20032007). Road vehicles Controller area network (CAN).
National Institute of Standards and Technology (2001). FIPS-140-2: Security requirements for cryptographic modules.
Trusted Computing Group (2011). TPM Main Specification Version 1.2. [Online Available] http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
Russell R (2008). Virtio: Towards a de-facto standard for virtual I/O devices. ACM SIGOPS Operating Systems, Review (42).
Debian GNU/Linux FAQ (2011). Basics of the Debian package management system. [Online Available] http://www.debian.org/doc/FAQ/ch-pkg_basics.en.html.
RSA Laboratories (2004). Cryptographic Token Interface Standard 2.2.
Universitat Politecnica de Valencia (2012). XtratuM A hypervisor specially designed for real-time embedded systems. [Online Available] www.xtratum.org.
Standaert FX, Malkin T, Yung M (2009). A unified framework for the analysis of side-channel key recovery attacks. Springer-Verlag, Berlin.
IEEE 1609. Draft standards for wireless access in vehicular environments.
ISO 15408 (2007). Information technology Security techniques Evaluation criteria for IT security.
Scheibel M, Wolf M (2009). Security risk analysis for vehicular IT systems A business model for IT security measures. Embedded Security in Cars Workshop (escar 2009), Dsseldorf, Germany.
European Commission Information Society (2012). Emergency call (eCall). [Online Available] http://ec.europa.eu/information_society/activities/esafety/ecall/index_en.htm.
Poulsen K (2010). Hacker Disables More Than 100 Cars Remotely. The WIRED Magazine.
Eisenbarth T, Kasper T, Moradi A, Paar C et al. (2010). On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. Springer-Verlag, Berlin.
Koscher K et al. (2010). Experimental security analysis of a modern automobile. IEEE Symposium on Security and Privacy (SP).
Checkoway S et al. (2011). Comprehensive experimental analyses of automotive attack surfaces. USENIX association.
Rouf I et al. (2010). Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. USENIX association.
OVERSEE project (2009–2012). Open Vehicular Secure Platform. http://www.oversee-project.com.
Acknowledgments
Originally published in Elsevier Information Security Report 13 (2008); reproduced with kind permission of Elsevier.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Mayes, K., Markantonakis, K. (2014). Mobile Communication Security Controllers. In: Markantonakis, K., Mayes, K. (eds) Secure Smart Embedded Devices, Platforms and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7915-4_10
Download citation
DOI: https://doi.org/10.1007/978-1-4614-7915-4_10
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-7914-7
Online ISBN: 978-1-4614-7915-4
eBook Packages: Computer ScienceComputer Science (R0)