LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES
Ran Zhou
1
04/21/23
Motivation
Smartphones become the handheld computer and the personal assistant
Growing market has attracted hackers to make the potential for serious security threats on smartphones a reality
UICC serves as the security anchor in mobile networks
GSM Association: the UICC is the strategically best alternative as a secure element for mobile devices [Sma09]
Interface is required to fill the gap between UICC applets and mobile applications
2
04/21/23
Solution Idea
SIMAlliance Open Mobile API: the communication channel
Dual Application Architecture: the basic architecture
An example: Smart OpenID
3
04/21/23
Agenda
Motivation and Solution Idea Basic Technologies State of the Art Smart OpenID Implementation Summary and Future Work
4
04/21/23
Universal Integrated Circuit Card: UICC
The bearer of the subscriber’s identity in cellular networks
Secure element
secure storage, cryptographic functions Secure channel
transmission between the UICC and the server with authenticity, integrity, confidentiality
Wireless PKI
mobile network operator owns root certificate: becomes a certificate authority
5
04/21/23
Open Mobile API
Open Mobile API is established by SIMalliance as an open API between secure element and the mobile applications
• Crypto• Authentication• Secure Storage• PKCS#15• …
6
Open Mobile API
04/21/23
Open Mobile API7
04/21/23
Agenda
Motivation and Solution Idea Basic Technologies State of the Art Smart OpenID Implementation Summary and Future Work
8
04/21/23
State of the Art
Financial applications
online-banking, contactless payment, tickets apps
Enterprise applications
secure Email, ERP, Software as a Service Content protection applications
digital rights management, secure document Authentication applications
generic bootstrapping architecture, public key infrastructure
9
04/21/23
State of the Art
Malwarevirus, Trojan horse, Spyware
Eavesdroppingtraffic (password) on the network
Man-in-the-middleattacker manipulates the transmitted data
Replay attacksa valid data is maliciously repeated or delayed
Phishingacquires data by masquerading as a trustworthy entity
10
04/21/23
State of the Art
Private information is the main aim of the attacker, e.g., password, credit card number etc.
Anti-Malware, secure storage, digital certificate, transport layer security, authentication etc.
Some countermeasures are unusual on smartphone
Existed protocols are vulnerable to different attacks
11
04/21/23
Agenda
Motivation and Solution Idea Basic Technologies State of the Art Smart OpenID Implementation Summary and Future Work
12
04/21/23
OpenID ProviderOpenID Provider
Relying Party
Relying Party
UserUser DeviceDevice
Relying PartiesRelying Parties
Subm
it Ope
nID Association session:
a shared symmetric key +association handle
User authentication
Authentication response: signed with the shared key
OpenID13
Threats to OpenID
Malwarevirus, Trojan horse, Spyware
Eavesdroppingpassword on the network
Man-in-the-middleattacker captures the transmitted password, authentication assertion, optionally alters it
Replay attacksa valid authentication assertion is maliciously repeated
Phishingacquire password by masquerading as an OP
14
04/21/23
Smart OpenID: Concept
Authentication factor something the user knows: password something the user has: smart card something the user is: finger print Using UICC as credential shares a long-term secret (LTS) with the
server derives a key from the LTS and an one-
time password PIN verification to activate the function
15
04/21/23
Network OpenID Provider
Network OpenID Provider
Relying Party
Relying Party
UserUser Local OP Provider =
Mobile Application + UICC Applet
Local OP Provider =
Mobile Application + UICC Applet
Relying PartiesRelying Parties
Association
Signed assertion(with same derivated key)
Smart OpenID
Trust (long-term secret)
Local authentication (with PIN)
Association handle
+ derived key (symmetric)Submit OpenID
Associa
tion Han
dle
16
Smart OpenID
Long-term secret: 64 bytes Association handle: less than 255 bytes Key derivation functions: PBKDF2
use HMAC-SHA-1/HMAC-SHA-256 (hash-based message authentication code) as underlying algorithm
configurable iteration count and derived key length
17
Security Analysis
Smart OpenID Authentication Compromise
UCUser credential
compromise
THTheft of the UICC
PH1Plaintext
Credential phishing
PH3DK Phishing by malicious RP (Type 1)
PH2DK Phishing by mobile
application
PH4DK Phishing by malicious RP (Type 2)
SNSniffing
CRDerived key phishing and cryptanalysis
PCPIN
compromise with Brute-force attack
MMMan-in-the-
middle attack
UKUse of known authentication
response
RPReplay attack
SWSession
swapping attack
18
Security Analysis : Phishing19
UICC App Mobile App Malicious RPBrowser
Local OP = UICC App + Mobile App
Net OP
Auth Request (identifier)
Discovery and Association
Association (S, AH)
Derived Key S = PBKDF2-HMAC-SHA-1(LTS, AH, 64, 64)
Agenda
Motivation and Solution Idea Basic Technologies State of the Art Smart OpenID Implementation Summary and Future Work
20
04/21/23
Implementation
Platform
Android 2.3.5
Java Card UICC 2.2.1 Algorithms
key derivation function: PBKDF2-HMAC-SHA-1
signature: HMAC-SHA-1
21
04/21/23
Demo
04/21/23
22
Performance
Iteration : 64 rounds
AH: 240 bytes
Derived key length: 64 bytes
23
04/21/23
Performance
Derived key length: 64 bytes
24
04/21/23
Agenda
Motivation and Solution Idea Basic Technologies State of the Art Smart OpenID Implementation Summary and Future Work
25
04/21/23
Summary
UICC as secure element on smartphones Dual Application Architecture with Open
Mobile API Improve existed protocols with the UICC Other usages:
Digital certificate Wireless PKI NFC payment …
26
04/21/23
Future Work
Smart OpenID with HMAC-SHA-256 Implementation of other applications
27
04/21/23
28
Thank you!
Questions?
28
04/21/23
Bibliographie
[Sma09] SmartTrust. The role of SIM OTA and the mobile operator in the NFC environment, 4 2009.
29
04/21/23
Smartphone
Mobile phone
voice communication and messaging Feature phone
digital camera, gaming, music and video streaming
Smartphone
modern operating system, high speed connectivity, third-party applications ...
30
04/21/23
Access Control Module31
04/21/23
Security Analysis : Phishing
UICC App Mobile App RPBrowser
Local OP = UICC App + Mobile App
NetOPMalicious App
Auth Request (assoc_handle)
Auth Response (signed assertion)
32
Security Analysis : Phishing
UICC App Mobile App Malicious RPBrowser
Local OP = UICC App + Mobile App
Net OP
Auth Request (identifier)
Redirect to LocalOP (AH)
Auth Request (AH)
Auth Request (AH)
Auth Response (signed assertion)
Auth Request (sa)
Auth Request (sa)
33
Top Related