Abstract
In this paper we present an architecture based on a Java (J2SE, J2EE, J2ME and Java Card) platform supporting a secure channel from a Mobile Operator to the SIM card. This channel offers the possibility of end to end security for delivery of large data files to a GSM SIM card. Such a secure channel could be used for delivery of high value content that requires a high bandwidth channel — perhaps either rendered for user infotainment, or processed in the client Mobile Station (device and SIM card) for remote device management. Our methodology overcomes the bandwidth constraints of the SIM Toolkit Security scheme described in GSM standard 03.48. To validate our proposal we have developed code to create DRM and Web Service test scenarios utilising readily available J2ME, Java Card, J2SE and J2EE platforms, Web Services tools from Apache, the KToolBar emulator from Sun, and a Gemplus Java Card.
Chapter PDF
Similar content being viewed by others
References
3GPP TS 03.48 (2001). Technical Specification Group Terminals; Security Mechanisms for the SIM application toolkit; stage 2. http://www.3gpp.org.
3GPP TS 23.057 (2003). Technical Specification Group Terminals; Mobile Execution Environment (MExE); Functional description; Stage 2. http://www.3gpp.org.
3GPP TS 31.101 (2003). Technical Specification Group Terminals; UICC-terminal interface; Physical and logical characteristics. http://www.3gpp.org.
3GPP TS 31.102 (2003). Technical Specification Group Terminals; Characteristics of the USIM application. http://www.3gpp.org.
3GPP TS 31.111 (2004). Technical Specification Group Terminals; USIM Application Toolkit(USAT). http://www.3gpp.org.
Blanchard, C. W. and Trask, N. (2002). Wireless security. In Temple, R. and Regnault, J., editors, Internet and Wireless Security, number 4 in BT Exact Communications Technology Series, chapter 9, pages 146–170. IEE, London.
Block, C. and Wagner, A. C. (2003). MIDP 2.0 Style Guide. Addison-Wesley, London.
Chen, Z. (2004). Java Card Technology for Smart Cards. Addison-Wesley, London.
ETSI TS 101 476 (2000). Digital cellular telecommunication system (Phase 2+); Subscriber Identity Module Application Programming Interface (SIM API); SIM API for Java Card; Stage 2 (GSM 03.19). ETSI, http://www.etsi.org.
GSM 11.14 (2001). Digital cellular telecommunications system (Phase 2+); Specification of the SIM Application Toolkit for the Subscriber Identity Module-Mobile Equipment (SIM-ME) interface. ETSI, http://www.etsi.org.
Guthery, S. B. and Cronin, M. J. (2002). Mobile Application Development with SMS & the SIM Toolkit. McGraw-Hill.
Hillebrand, F. (2002). GSM and UMTS: The creation of global mobile communications. John Wiley & Sons, Ltd.
ISO/IEC 9798-4 (1999). Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function. International Organization for Standardization, http://www.iso.org, 2nd edition.
Itani, W. and Kayssi, A. (2004). J2ME application-layer end-to-end security for m-commerce. Journal of Network & Computer Applications, 27:13–32.
JSR-118 JCP (2002). Mobile Information Device Profile, v2.0 (JSR-118). Sun Microsystems, http://java.sun.com.
JSR-177 JCP (2004). Security & Trust Services API (SATSA) (JSR-177). Sun Microsystems, http://java.sun.com.
Litman, J. (2001). Digital Copyright. Prometheus Books, New York.
MacDonald, J. A. and Mitchell, C. J. (2004a). Content centric DRM for mobile vertical market. Information Security Group, Royal Holloway, University of London — Internal paper.
MacDonald, J. A. and Mitchell, C. J. (2004b). Web services security platform using mobile operator credentials. Information Security Group, Royal Holloway, University of London — Internal paper.
MacDonald, J. A., Sirett, W. G., and Mitchell, C. J. (2004). Establishing a security context between server & SIM: A 3 pass mutual AKE protocol with signature & MAC. Information Security Group, Royal Holloway, University of London — Internal paper.
Sun Microsystems (2003). Wireless Toolkit, Version 2.1. Sun Microsystems, http://java.sun.com/products/j2mewtoolkit.
Topley, K. (2002). J2ME In a Nutshell. O’Reilly.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
MacDonald, J.A., Sirett, W., Mitchell, C.J. (2005). Overcoming Channel Bandwidth Constraints in Secure SIM Applications. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds) Security and Privacy in the Age of Ubiquitous Computing. SEC 2005. IFIP Advances in Information and Communication Technology, vol 181. Springer, Boston, MA. https://doi.org/10.1007/0-387-25660-1_35
Download citation
DOI: https://doi.org/10.1007/0-387-25660-1_35
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-25658-0
Online ISBN: 978-0-387-25660-3
eBook Packages: Computer ScienceComputer Science (R0)