nach oben

Wireless Personal Communications

Erschienen in:

01.08.2016

SIMSec: A Key Exchange Protocol Between SIM Card and Service Provider

verfasst von: Kerem Ok, Vedat Coskun, Siddik Binboga Yarman, Cem Cevikbas, Busra Ozdenizci

Erschienen in: Wireless Personal Communications | Ausgabe 4/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Mobile technology is so popular and overdosed adoption is inevitable in today’s world. As the mobile technologies have advanced, Service Providers (SP) have offered services via Smartphones and some of them required secure data communication between the Subscriber Identity Module (SIM) cards on Smartphones and the servers of SP. The latest SIM cards comply with recent specifications including secure domain generation, mobile signatures, pre-installed encryption keys, and other useful security services. Nevertheless, un-keyed SIM cards do not satisfy such requirements, thus end-to-end encryption between the SIM card and SP cannot be provided. In this paper, we provide a key exchange protocol, which creates a symmetric key through the collaborative work of the SIM card and the SP server. After a successful protocol performance, the SIM card and SP can perform end-to-end data encryption. After defining the protocol, we also discuss the security issues and provide a formal security analysis of the protocol using the Casper/FDR tool.

Vorheriger Artikel Distributed Resource Allocation for Multi-cell Cooperative OFDMA Networks with Decode-and-Forward Relaying

Nächster Artikel Practical Signcryption for Secure Communication of Wireless Sensor Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., & Ferguson, N. (1999). The Twofish encryption algorithm: A 128-bit block cipher. New York: Wiley.MATH

Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES-the advanced encryption standard. Berlin: Springer.CrossRefMATH

Schneier, B. (1994). Description of a new variable-length key, 64-bit block cipher (Blowfish). In R. Anderson (Ed.), Fast software encryption (pp. 191–204). Berlin: Springer.

Stallings, W. (2002). The advanced encryption standard. Cryptologia, 26(3), 165–188.CrossRef

Coppersmith, D. (1994). The Data Encryption Standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38(3), 243–250.MathSciNetCrossRefMATH

Barker, W. C., & Barker, E. (2012). NIST Special Publication 800-67 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Revision 1.

Perkov, L., Klisura, A., & Pavkovic, N. (2011). In 34th International convention on recent advances in GSM insecurities (pp. 1502–1506).

ISO/IEC. (2006). ISO/IEC 7812-1:2006. Identification Cards—Identification of issuers—Part 1: Numbering system (3rd ed.).

Smart Card Alliance. Smart card standards and specifications. http://www.smartcardalliance.org/smart-cards-intro-standards/. Accessed 20 April 2016.

10.

GlobalPlatform. GlobalPlatform official web page. http://www.globalplatform.org/. Accessed 20 April 2016.

11.

Sauveron, D. (2009). Multiapplication smart card: Towards an open smart card? Information Security Technical Report, 14(2), 70–78.CrossRef

12.

GlobalPlatform. GlobalPlatform Card Specification v2.2.1. http://www.globalplatform.org/specificationscard.asp. Accessed 20 April 2016.

13.

Coskun, V., Ozdenizci, B., & Ok, K. (2015). The survey on near field communication (NFC) technology. Sensors, 15(6), 13348–13405.CrossRef

14.

Coskun, V., Ok, K., & Ozdenizci, B. (2011). Near field communication (NFC): From theory to practice. Wiley. ISBN: 978-1119971092.

15.

Lu, R., & Cao, Z. (2007). Simple three-party key exchange protocol. Computers and Security, 26(1), 94–97.CrossRef

16.

Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.MathSciNetCrossRefMATH

17.

Camtepe, S. A. (2013). Complexity of increasing the secure connectivity in wireless Ad Hoc Networks. In C. Boyd & L. Simpson (Eds.), Information Security and Privacy (pp. 363–378). Berlin: Springer.CrossRef

18.

Boyko, V., MacKenzie, P., & Patel, S. (2000). Provably secure password-authenticated key exchange using Diffie–Hellman. In B. Preneel (Ed.), Advances in cryptology—Eurocrypt 2000 (pp. 156–171). Berlin: Springer.CrossRef

19.

Abdalla, M., & Pointcheval, D. (2005). Simple password-based encrypted key exchange protocols. In A. Menezes (Ed.), Topics in cryptology–CT-RSA 2005 (pp. 191–208).

20.

International Telecommunication Union. (2007). ITU-T Recommendation X.1035: Password authenticated key exchange (PAK) Protocol. http://www.itu.int/rec/T-REC-X.1035/en.

21.

Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In G. R. Blakley & D. Chaum (Eds.), Advances in cryptology (pp. 47–53). Berlin: Springer.CrossRef

22.

Wu, T. Y., & Tseng, Y. M. (2009). An ID-based mutual authentication and key exchange protocol for low-power mobile devices. The Computer Journal,. doi:10.1093/comjnl/bxp083.

23.

Xie, M., & Wang, L. (2012). One-round identity-based key exchange with Perfect Forward Security. Information Processing Letters, 112(14), 587–591.MathSciNetCrossRefMATH

24.

Ok, K., Coskun, V., Aydin, M. N., & Ozdenizci, B. (2010). Current benefits and future directions of NFC services. In 2010 International conference on education and management technology (ICEMT), (pp. 334–338).

25.

Ozdenizci, B., Coskun, V., & Ok, K. (2015). NFC internal: An indoor navigation system. Sensors, 15(4), 7571–7595.CrossRef

26.

Ozdenizci, B., Ok, K., & Coskun, V. (2013). NFC loyal for enhancing loyalty services through near field communication. Wireless Personal Communications, 68(4), 1923–1942.CrossRef

27.

Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.CrossRefMATH

28.

Welbourne, E., Battle, L., Cole, G., Gould, K., Rector, K., Raymer, S., et al. (2009). Building the internet of things using RFID: The RFID ecosystem experience. Internet Computing, 13(3), 48–55.CrossRef

29.

Karnouskos, S. (2004). Mobile payment: A journey through existing procedures and standardization initiatives. Communications Surveys and Tutorials, 6(4), 44–66.CrossRef

30.

Coskun, V., Ozdenizci, B., Ok, K., Alsadi, M., & Soylemezgiller, F. (2013). Design and development of NFC enabled loyalty system. In Proceedings of the 6th international conference of advanced computer systems and networks: Design and application, Lviv, Ukraine (pp. 16–18).

31.

Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5), 321–325.CrossRef

32.

Li, C. T., Lee, C. C., Liu, C. J., & Lee, C. W. (2011). A robust remote user authentication scheme against smart card security breach. In Y. Li (Ed.), Data and applications security and privacy XXV (pp. 231–238). Berlin: Springer.

33.

Badra, M., & Urien, P. (2004). Toward SSL integration in SIM SmartCards. In Wireless communications and networking conference, 2004. WCNC. 2004 IEEE (Vol. 2, pp. 889–893).

34.

Rongyu, H., Guolei, Z., Chaowen, C., Hui, X., Xi, Q., & Zheng, Q. (2009). A PK-SIM card based end-to-end security framework for SMS. Computer Standards and Interfaces, 31(4), 629–641.CrossRef

35.

Li, Y., Chen, M., & Nie, J. (2011). Mobile commerce security model construction based on sms. In Wireless communications, networking and mobile computing (WiCOM), 7th International Conference on 2011 (pp. 1–3).

36.

Markantonakis, K., & Mayes, K. (2005). A Secure Channel protocol for multi-application smart cards based on public key cryptography, Communications and Multimedia Security, (Vol. 175, pp. 79–95). US: Springer.

37.

Ok, K., Coskun, V., & Cevikbas, R. C. (2014). Challenges and risks for a secure communication between a smartcard and a SP through cellular network. International Journal of Advances in Computer Networks and Its Security, 4(4), 26–30.

38.

Ok, K., Coskun, V., Cevikbas, C., & Ozdenizci, B. (2015). Design of a key exchange protocol between SIM card and service provider. In 2015 23rd telecommunications forum telfor (TELFOR) (pp. 281–284). IEEE.

39.

3rd Generation Partnership Project 2 / 3GPP2. (2007). X.S0028-100-0 cdma2000 Packet data services: Wireless local area network (WLAN) interworking—Access to internet. http://www.3gpp2.org/public_html/specs/X.S0028-100-0_v1.0_070405.pdf. Last Access Date 20 April 2016.

40.

3rd Generation Partnership Project 2 / 3GPP2. (2010). Over-the-air service provisioning of mobile stations in spread spectrum systems. http://www.3gpp2.org/public_html/specs/C.S0016-D%20v1.0_OTASP.pdf. Last Access Date 20 April 2016.

41.

Sterckx, M., Gierlichs, B., Preneel, B., & Verbauwhede, I. (2009). Efficient implementation of anonymous credentials on Java Card smart cards. In First IEEE international workshop on information forensics and security, (pp. 106–110).

42.

Borst, J., Preneel, B., & Rijmen, V. (2001). Cryptography on smart cards. Computer Networks, 36(4), 423–435.CrossRef

43.

Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2006). Recommendation for key management-part 1: General (Revision 3). NIST special publication.

44.

Lowe, G. Casper: A compiler for the analysis of security protocols. http://www.cs.ox.ac.uk/gavin.lowe/Security/Casper/. Accessed 20 April 2016.

45.

Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557–594.MathSciNetCrossRefMATH

46.

Lamberger, M., & Mendel, F. (2011). Higher-order differential attack on reduced SHA-256. IACR Cryptology ePrint Archive, 2011, 37.

47.

Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis (pp. 30–45). Berlin: Springer.MATH

Titel: SIMSec: A Key Exchange Protocol Between SIM Card and Service Provider
verfasst von: Kerem Ok
Vedat Coskun
Siddik Binboga Yarman
Cem Cevikbas
Busra Ozdenizci
Publikationsdatum: 01.08.2016
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 4/2016
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-016-3326-5

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Kryptowährungen/© gopixa / Getty Images / iStock, MG4 aus China auf dem Prüfstand im ADAC-Technik-Zentrum in Landsberg am Lech/© ADAC e.V., Chassis eines Elektrofahrzeugs/© chesky / stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Sustainibility Finance/© Robert Kneschke / stock.adobe.com / Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2016

Effect of Joint Detection in Far User on Non-orthogonal Multiple Access Downlink

Shared Secret Key Generation Protocol in Wireless Networks Based on the Phase of MIMO Fading Channels

RETRACTED ARTICLE: Mobile Cloud Computing: The Taxonomy and Comparison of Mobile Cloud Computing Application Models

An Efficient Hybrid MANET-DTN Routing Scheme for OLSR

Distributed Resource Allocation for Multi-cell Cooperative OFDMA Networks with Decode-and-Forward Relaying

Unequal Luby Transform Based on Block Weight Shift (ULT-BWS) for Error Resilient Video Transmission

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.