jump to navigation

Blog and updates May 21, 2009

Posted by tcarlyle in Uncategorized.
add a comment

Sorry for not posting since so long and I must tell that I probably will not post till June. It is the final month to deliver the thesis and I’m working hard to finalize the report.

The nice thing is that I am planning to put the thesis here before I sumbit it. So if someone has patience and time to read so many pages about smart cards, trust and identity, I’ll be looking forward to hear your feedback. 


Well, talk to you later because I gotta hurry to write 😉


Web 2.0, mashups, dandyID and SIMidea April 1, 2009

Posted by tcarlyle in identity management, mashup, SIM Cards.
Tags: , , , , , ,

Well, I am working with a friend in a mobile solution for the Excitera Mobile Cup and our application (that unfortunatelly I can’t give much more details now)  is in the Web 2.0 and Mashup world. I joined him on the competition because of my interest in mobile applications and expertise in the SIM domain. But we are not creating a SIM mashup, although with the Smart Card Web Services it would be possible. Actually the whole thing I mentioned in the last post of turning the SIM into a self signed IdP for reputation based systems could be very well explored by mashups if the SIM Card web service offers an API to retrieve attribute information to Value Added Services. Then, the sim could be responsible for the secure handshake for the attribute sharing just as the https implementation defined in the OMA Standards for the Smart Card Web Services.

Actually, one of the applications I was thinking when I started my thesis was to mix the potential of context information stored in all of our identities with the location information from GPS, Cell ID, Wlan positioning or any other position technology accessible to the SIM (even if through a satsa or other connection to the mobile).  The idea was to have the sim as the secure storage of the identities and the entity that would deal with the handshake of sharing the identity attributes (and also location attribute) with the Value Added Services.

For the identity management, actually there is already a mashup API provider that is trying to create a central point for attribute and contact sharing of all our tons of digital identities. This service provider is the DandyID. The idea is pretty good, although I dont like their name =) I’ve just tried it really fast and I think they may have added too many ID providers in the list (maybe they could have left the main ones in the first identity page and the secondary ones in another page), and I haven’t seen a functionality to already fill my profile based on the information that I already have from my identities. Maybe it is because the application is just in beta, let see.

Back to the mashups and web 2.0, I’d like to share this excellent link that clarified most of my doubts about it. It is kind of hard not to get excited with the mashup potentials when reading it, but I’d say to be somehow carefull with the expectations around mashup applications (I’ll be on the application I’m working with at Excitera). A lot of people are trying to launch web 2.0 apps, get users and, then, try to see how to make money out of it. I do not see much future on those apps as users are less and less keen on paying for services, as last-fm announced that they will charge for the music streaming most people I know start to look for free options. And as this article mentions making money out of advertisement is harder than it may sound.

Due to this personal diving into web 2.0 (without loosing the mobile focust) you may have the risk of seeing more web 2.0 related post here! But, I can assure that most of the posts will still be more related with my thesis work. By the way, soon I’ll post the application description.

Trust March 24, 2009

Posted by tcarlyle in identity management, reputation systems, SIM Cards, trust.
Tags: , , , , ,
add a comment

“Trust – Trust is the characteristic that one entity is willing to rely upon a second entity to execute a set of actions and/or to make set of assertions about a set of subjects and/or scopes.” [from the WS-Trust spec ]

This means that one entity will claim some information about a subject to another that will rely on it. This is pretty much the same trust concept in the Identity Management models described in Cardspace (now codename Geneva), Higgins,  and other centralized approaches (that are actually based on the WS-Trust and WS-Security).

An user register himself (establish a relationship) with an IdP (Idenity Provider). Due to this relationship, the IdP is able to prove and manage user claims. This relationship between the user and the IdP, depending on the claims involved, should be based on SLA and the IdP may have to acquire data from the user (through the registration for example) by a reliable process (by checking the user national ID to be sure that he is an adult and etc).

The mentioned example is what is sometimes described in the literature as policy-based trust. It relies on the security behind the agreements of the Identity authorities which are enforced by certifications, auditions and SLAs. The trust result is a binary trust or not-trust to the claim.

However, trust can also be extended to reputation systems, where entities have their reputation rated by other users, that do not have a relationship build through SLA with them. This is of great usage in scenarios where it is important to generate trust over claims that are somehow subjective or context-dependent (such as: “is this an interesting article?” – that depends for whom, “is the staff of that restaurant friendly?” – that relies on a personal opinion) or when an IdP would not have enough mechanisms or would not be feasible to be responsible for the claims (such as in systems as on-line auctions).

In those cases, every individual taking part on the system and being able to create or support a claim is somehow an IdP. This mechanism, in general rely on a system or entity that offer an identity to the user so he can act as an “IdP” and which offers the IT infrastructure for those users to play that role. This entity or system can have a more neutral role as offering the IT infrastructure and the rules for the claim stating and support, or it may have a more active role such as mediating and filtering claims, giving special weights to some users claim based or requesting and validating information about the user that will act as an “IdP, in order to raise the trust over him.

By having each user as an IdP, they can establish digital relationship between themselves based on long-term relationship such as friendship or less established relations such as both were engaged in a operation that evolved trust (such as an online purchase) and everything was ok. Those long-term or short-term relations  could be exmplored to build a trust network, a web-of-trust, somehow similar to a federation (but more loose as it is not based in contracts).

This good article about reputation trust models describes, some researchdone towards the development of trust metrics that can predict the trustworthiness of a person or claim based on the relationship between the person or the claim owner and the trust network of the person who is accessing the claim. It actually points the concepts of Global Trust Metric which takes in consideration the opinion of the whole network in order to trace the trustworthiness of the claim and the Local Trust Network which restricts the trust building on taking into account just the feedback from users on the same trust network as the user who is checking the veracity of the claim.

This other arcticle, comments on the success of using reputation systems build over individual on-line feedbacks to provide reasonable trust in systems that seems really risky such as on-line auctions . Moreover, this kind of reputation based information is being more and more accredit and now represent a big weight in user’s decisions varying from choosing a music album to buy or which company to invest. Due to the fast dynamic of today’s world and the widespread of information, the lack of knowledge in some decisions is being compensated by information gathered through trust relationships.

I see a big trend in the usage of reputation systems for more and more cases. As an example wikipedia as a collaborative environment has a pretty similar trust base as a reputation system, and it is accepted by a great number of people as a very reliable information source (this post in fact shows that the wikipedia is as accurate as the Britannica encyclopedia). Based on that, I am currently reading about trust models in order to built seamless Local Trust Network based on the sim card pervasiveness, the new cool features showing up in the mobiles and the sim idenitities. In case you are looking for similar reading, please feel free to share and to ask me for arcticles I may have collected.

PayPal joins global Platform March 10, 2009

Posted by tcarlyle in Uncategorized.
add a comment

This does not correspond to this week’s post, but it is worth mentioning =) Even more, since I was writing about Global Platform last week.

Well, now PayPaly has joined the consortium! http://www.paymentsnews.com/2009/03/paypal-joins-globalplatform-to-help-develop-mobile-best-practices.html

I think that the paypall could be integrated in several smart cards (as sim cards as well) applications! It could enhance and provide some flexible and more loose e-purse functionality or even add some mechanisms to strengthen virtual auctions.

I’m looking forward for what will be coming next.

Global Platform March 3, 2009

Posted by tcarlyle in global platform, SIM Cards.
Tags: , , , ,
add a comment

I said that I was going to post about context information, but since I’ve been reading about the Global Platform on the last days, I felt that I was better to post about it. Also because, the Global Platform standards are not the easiest ones to read and it would be nice if someone sees this post and comment any wrong interpretation I may have done or assure that what I’m writting is actually right =)

The GlobalPlatform is a cross-industry organization working towards the maintenance and promotion of multi-application smart cards standards. The organization encompass members around 50 from several different industries such as financial institutions, telecommunication providers, smart card and terminal manufacturers, software developers, etc. [An overview of the GlobalPlatform smart card specification]

The relations between the GlobalPlatform and ETSI were initiated in 1999, to standardize the OTA application download and management, and theirs specifications became the de-facto standard for applet management in the java card platform. The standards covers not only the smart cards, but also the terminals and readers that interact with them.

Two of the main components of the Global Platform standards about the cards are the the Security Domains (which can be seen as special types of applications) and the Card Manager, which in the new version of the standards correspond to the Issuer Security Domain, the GlobalPlatform Environment (OPEN) and the Cardholder verification methods.

The card manager represents the card issuer and is the main responsible for the security in the card, since it is the entity that dispatches the APDUs and selects applications inside the card, perform secure memory management, controls the content management (installation, selection and removal of applications in the card) and it controls the card’s life cycle (which is stored in the card Registry).

In the other hand, the security domain represents a secured region under the control of the security domain owner (either the card Issuer or an application provider) and isolated from the other domains. Only the issuer security domain (which is in control of the telecom operator in the case of the SIM cards) can interfere on the others, and this interference is restricted to either the creation or removal of a domain (it can not modify a domain).

The security domains allow the domain owner to provide cryptographic services such as key handling, encryption, decryption, digital signature generation and verification, and those services can be shared with other applications, through mechanisms that depends on the implementation of the GlobalPlatform on the card system (for example shareable interfaces, Java RMI). It is also responsible for verifying the Load File Data Block Signature, Data Authentication Pattern (DAP), for load file operations under its security domain.

Each application is linked to a security domain and they can access the services of their domain to perform cryptographic functions and ensure confidentiality and integrity during personalization and runtime. The application is initially associated with the Security Domain which loads it, but it can be extradited to another security domain during the loading process or afterward.

Therefore, there are two approaches for the SIM card to host a secure application from a third party service provider.

In the first approach, the application could have its security domain created during the personalization phase of the card (before it leaves the factory) and have the domain keys created at that phase, so the initial keys would be only managed at the secure personalization site. Then, the master key (which generated each card key) can be managed only inside the HSM (Hardware Security Module) and without the disclosure of the key to the issuer. Due to the fact that the operator does not know the key values at any point, this option can be considered more secure for the content provider (that could be a bank for example), but once the keys have already been created, their value can be later updated, but their characteristics (size, algorithm used) cant be changed.

The second solution involves the creation of the service provider security domain via OTA, targeting the card manager and using the issuer domain to put a temporary key. Then the temporary master key is transferred to the Service Provider which can use it to update the card. This case leaves more flexibility, once the choices of defining the security domain are taken after the card has been issued (so it can also target the legacy cards already on the market). In the other hand, the service provider may not accept on having the telecom operator with the key information in the beginning of the process.

The main issue here is that the banks or very secure service providers have very high security requirements that unable to go for the last mentioned approach. And it is somehow complicated and may be even expensive to exchange master keys and personalize security domains for too many service providers in advance. Although the issuer can generate a few RFU master keys and card keys to be used afterwards, and, as long as the master keys are protected under a secure storage such as a HSM, the service provider could exchange the key later and take the advantage the user’s with cards that have already been personalized have his key.

It seems that in this new release of  the GlobalPlatform Standard (the 2.2) the Card Content Management can be performed by relying exclusively on asymmetric cryptography and PKI. I’ll try to take a look into it.

Accelerometers in the SIM Card? February 20, 2009

Posted by tcarlyle in SIM Cards.
Tags: ,
1 comment so far

The sim card world is really moving fast =) After the news at the end of last year that announced that Sagem is working on a SIM Card with GPS embedded, javacard 3.0, the huge amount of trials on NFC, now oberthur seems to be embedding an accelerometer in the SIM Card: http://www.engadget.com/2009/02/16/motion-detecting-simsense-sim-card-opens-new-world-of-possibilit/

I wonder if both the GPS and accelerometer embedded will be closed in the domain of  both Sagem and Oberthur respectively. Or will they be later incorporated in all smart cards, and the java card will handle those? Unfortunately, there is not much information available about those 2 new sim solutions. How are those connected physically to the microcontroller,  how would it be possible for a developer to use them, will another manufacturer have to implement it in a different way, etc.

Opening the architecture of this connection and working towards a standardization could strentgh even more the sim potential. It would give more arguments on having the sim and the javacard as a platform, instead of the mobile devices. There is already some argumentation towards having the secure module of NFCs handsets on the SIM or in a trusted element in the mobile. As well as there are discussions on having a soft SIM (a sim application inside a trusted element different from a smart card) for the M2M cases.

In any case, those are good news for my thesis about the future sim, and how to build a trust application in the sim using context information and identity context information. By the way, I have read quite a lot about context information this week, but Ill leave the post about it for the weekend on the beggining of the next week.

First Post! Me, my thesis and this blog February 17, 2009

Posted by tcarlyle in Me, SIM Cards, Thesis.
Tags: , , , , ,

Well, my name is Thomas Carlyle Vilarinho, I’ve lived most of my life in Brazil where I’ve graduated  as a Computer Systems Engineer. Recently I’ve came to Scandinavia to pursue a Masters in order to deepen  my  technical knowledge, to acquire more international experience and specialize in  mobile computing and data security (but also to learn a little bit more on project management and mobile and security business).

I am currently writing my thesis on the state of art of the SIM cards (actually on the future of it!), identification schemes and using those two together to build trust. More details can be found at http://wiki.unik.no/index.php/Communications/TrustedService . Actually the detailed work status is not open for everyone to view because there may be some confidential information (I’m doing the project together with Telenor).

But I will most likely post some of the public information in here. And actually one of the reasons to build this blog is to publish some of the public content I’ve been through on the thesis and possibly some other technical information that may interest the others. As an ex-editor of the electric engineering student association, it is good to be writing again =)