Mobile Communication Security Controllers
- 2.7k Downloads
Cellular communication via a traditional mobile handset is a ubiquitous part of modern life and as device technology and network performance continues to advance, it becomes possible for laptop computers, Personal Digital Assistants (PDAs) and even electrical meters to better exploit mobile networks for wireless communication. As the diverse demands for network access and value added services increase, so does the importance of maintaining secure and consistent access controls. A critical and well-proven component of the Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) security solution is the smart card in the form of the Subscriber Identity Module (SIM) or USIM, respectively. However, with the enlarged range of communications devices, some manufacturers claim that the hardware selection, chip design, operating system implementation and security concepts are different from traditional mobile phones. This has led to a suggestion that types of “Software SIM” should be used as an alternative to the smart card-based solution. This paper investigates the suggestion.
KeywordsSmart Card Universal Mobile Telecommunication System Near Field Communication Trusted Platform Module Security Element
Originally published in Elsevier Information Security Report 13 (2008); reproduced with kind permission of Elsevier.
- 1.Anderson R (2008). Security engineering: a guide to building dependable distributed systems. John Wiley, New York.Google Scholar
- 2.German Federal Office for Information Security (2011). Protection Profiles. [Online Available] https://www.bsi.bund.de/DE/Themen/ZertifizierungundAnerkennung/ZertifizierungnachCCundITSEC/SchutzprofileProtectionProfiles/schutzprofileprotectionprofiles_node.html.
- 3.EVITA project (20082011). E-Safety vehicle intrusion protected applications. http://www.evita-project.org.
- 4.Hersteller Initiative Software (HIS), Working Group Security (2010). SHE Secure hardware extension version 1.1.Google Scholar
- 5.ISO 11898 (20032007). Road vehicles Controller area network (CAN).Google Scholar
- 6.National Institute of Standards and Technology (2001). FIPS-140-2: Security requirements for cryptographic modules.Google Scholar
- 7.Trusted Computing Group (2011). TPM Main Specification Version 1.2. [Online Available] http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
- 8.Russell R (2008). Virtio: Towards a de-facto standard for virtual I/O devices. ACM SIGOPS Operating Systems, Review (42).Google Scholar
- 9.Debian GNU/Linux FAQ (2011). Basics of the Debian package management system. [Online Available] http://www.debian.org/doc/FAQ/ch-pkg_basics.en.html.
- 10.RSA Laboratories (2004). Cryptographic Token Interface Standard 2.2.Google Scholar
- 11.Universitat Politecnica de Valencia (2012). XtratuM A hypervisor specially designed for real-time embedded systems. [Online Available] www.xtratum.org.Google Scholar
- 12.Standaert FX, Malkin T, Yung M (2009). A unified framework for the analysis of side-channel key recovery attacks. Springer-Verlag, Berlin.Google Scholar
- 13.IEEE 1609. Draft standards for wireless access in vehicular environments.Google Scholar
- 14.ISO 15408 (2007). Information technology Security techniques Evaluation criteria for IT security.Google Scholar
- 15.Scheibel M, Wolf M (2009). Security risk analysis for vehicular IT systems A business model for IT security measures. Embedded Security in Cars Workshop (escar 2009), Dsseldorf, Germany.Google Scholar
- 16.European Commission Information Society (2012). Emergency call (eCall). [Online Available] http://ec.europa.eu/information_society/activities/esafety/ecall/index_en.htm.
- 17.Poulsen K (2010). Hacker Disables More Than 100 Cars Remotely. The WIRED Magazine.Google Scholar
- 18.Eisenbarth T, Kasper T, Moradi A, Paar C et al. (2010). On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. Springer-Verlag, Berlin.Google Scholar
- 19.Koscher K et al. (2010). Experimental security analysis of a modern automobile. IEEE Symposium on Security and Privacy (SP).Google Scholar
- 20.Checkoway S et al. (2011). Comprehensive experimental analyses of automotive attack surfaces. USENIX association.Google Scholar
- 21.Rouf I et al. (2010). Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. USENIX association.Google Scholar
- 22.OVERSEE project (2009–2012). Open Vehicular Secure Platform. http://www.oversee-project.com.