jump to navigation

Finally the thesis November 27, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis, trust, Uncategorized.
Tags: , , ,

After almost six months that I have delivered my thesis, I’m finally posting it here. It turned up to be a very extensive document (about 150 pages), but mainly because we first wanted to assess the capabilities of SIM cards, identities and finally trust frameworks. And as I was working together with the SIM Research Team at Telenor and I do have some experience with SIM from when I worked in Gemalto, we spent several pages on reviewing the SIM capabilities and trying to figure it out the future SIM.  We also touched an aspect that may start to become more present in the SIM cards which is the ability to sense context.

Other pages were spent in getting into the identity management world and this was one part of the thesis which in fact I wished I had more time to go through. I got very interested in going deeper in the field after finally understanding the identity frameworks such as Higgins, Cardspace and specially on the concepts in which they are based. At last we studied a bit about trust models and this was one of the most difficult parts of the thesis as none of us had much an idea of trust modeling and it is a topic that can get very complex if studied deeply.

After this long background, we finally chosen a new application that could be hosted in the state-of-art (or future) SIM cards, take advantage of the fact that the SIM represent one or more identities and that can be used to build trust. That application was what I have proposed in my paper mentioned in the previous post.

The idea is to use the future sim cards to sense each other (either through NFC,  location information and server interaction, wlan, etc), to sense the environment and based on that, attribute a situational trust value for that meeting between the 2 sim holders.  Then with a bunch of those situational trust value, you can infer the user relation. The more context information, the more you can infer.

Based on that idea, we made a small prototype using SunSpots representing those advanced SIM cards and with a simple trust inference model and a test scenario.  It  may sound a simple test and in fact it was, as the thesis focused a bit on bringing a new idea (which is extensively described) and the state-of-art research, having the prototype as a small proof-of-concept.

When I was reviweing the thesis for the paper presentation, I read in Bruce Schneier‘s blog about a paper from some researchers from the Santa Fe institute that used location information and phone calls information to infer the friendship closeness between the people involved in the experiment. The result was that they could predict the level of friendship with 95% accuracy! This pretty much confirm my thesis result =)


Global Platform March 3, 2009

Posted by tcarlyle in global platform, SIM Cards.
Tags: , , , ,
add a comment

I said that I was going to post about context information, but since I’ve been reading about the Global Platform on the last days, I felt that I was better to post about it. Also because, the Global Platform standards are not the easiest ones to read and it would be nice if someone sees this post and comment any wrong interpretation I may have done or assure that what I’m writting is actually right =)

The GlobalPlatform is a cross-industry organization working towards the maintenance and promotion of multi-application smart cards standards. The organization encompass members around 50 from several different industries such as financial institutions, telecommunication providers, smart card and terminal manufacturers, software developers, etc. [An overview of the GlobalPlatform smart card specification]

The relations between the GlobalPlatform and ETSI were initiated in 1999, to standardize the OTA application download and management, and theirs specifications became the de-facto standard for applet management in the java card platform. The standards covers not only the smart cards, but also the terminals and readers that interact with them.

Two of the main components of the Global Platform standards about the cards are the the Security Domains (which can be seen as special types of applications) and the Card Manager, which in the new version of the standards correspond to the Issuer Security Domain, the GlobalPlatform Environment (OPEN) and the Cardholder verification methods.

The card manager represents the card issuer and is the main responsible for the security in the card, since it is the entity that dispatches the APDUs and selects applications inside the card, perform secure memory management, controls the content management (installation, selection and removal of applications in the card) and it controls the card’s life cycle (which is stored in the card Registry).

In the other hand, the security domain represents a secured region under the control of the security domain owner (either the card Issuer or an application provider) and isolated from the other domains. Only the issuer security domain (which is in control of the telecom operator in the case of the SIM cards) can interfere on the others, and this interference is restricted to either the creation or removal of a domain (it can not modify a domain).

The security domains allow the domain owner to provide cryptographic services such as key handling, encryption, decryption, digital signature generation and verification, and those services can be shared with other applications, through mechanisms that depends on the implementation of the GlobalPlatform on the card system (for example shareable interfaces, Java RMI). It is also responsible for verifying the Load File Data Block Signature, Data Authentication Pattern (DAP), for load file operations under its security domain.

Each application is linked to a security domain and they can access the services of their domain to perform cryptographic functions and ensure confidentiality and integrity during personalization and runtime. The application is initially associated with the Security Domain which loads it, but it can be extradited to another security domain during the loading process or afterward.

Therefore, there are two approaches for the SIM card to host a secure application from a third party service provider.

In the first approach, the application could have its security domain created during the personalization phase of the card (before it leaves the factory) and have the domain keys created at that phase, so the initial keys would be only managed at the secure personalization site. Then, the master key (which generated each card key) can be managed only inside the HSM (Hardware Security Module) and without the disclosure of the key to the issuer. Due to the fact that the operator does not know the key values at any point, this option can be considered more secure for the content provider (that could be a bank for example), but once the keys have already been created, their value can be later updated, but their characteristics (size, algorithm used) cant be changed.

The second solution involves the creation of the service provider security domain via OTA, targeting the card manager and using the issuer domain to put a temporary key. Then the temporary master key is transferred to the Service Provider which can use it to update the card. This case leaves more flexibility, once the choices of defining the security domain are taken after the card has been issued (so it can also target the legacy cards already on the market). In the other hand, the service provider may not accept on having the telecom operator with the key information in the beginning of the process.

The main issue here is that the banks or very secure service providers have very high security requirements that unable to go for the last mentioned approach. And it is somehow complicated and may be even expensive to exchange master keys and personalize security domains for too many service providers in advance. Although the issuer can generate a few RFU master keys and card keys to be used afterwards, and, as long as the master keys are protected under a secure storage such as a HSM, the service provider could exchange the key later and take the advantage the user’s with cards that have already been personalized have his key.

It seems that in this new release of  the GlobalPlatform Standard (the 2.2) the Card Content Management can be performed by relying exclusively on asymmetric cryptography and PKI. I’ll try to take a look into it.

Accelerometers in the SIM Card? February 20, 2009

Posted by tcarlyle in SIM Cards.
Tags: ,
1 comment so far

The sim card world is really moving fast =) After the news at the end of last year that announced that Sagem is working on a SIM Card with GPS embedded, javacard 3.0, the huge amount of trials on NFC, now oberthur seems to be embedding an accelerometer in the SIM Card: http://www.engadget.com/2009/02/16/motion-detecting-simsense-sim-card-opens-new-world-of-possibilit/

I wonder if both the GPS and accelerometer embedded will be closed in the domain of  both Sagem and Oberthur respectively. Or will they be later incorporated in all smart cards, and the java card will handle those? Unfortunately, there is not much information available about those 2 new sim solutions. How are those connected physically to the microcontroller,  how would it be possible for a developer to use them, will another manufacturer have to implement it in a different way, etc.

Opening the architecture of this connection and working towards a standardization could strentgh even more the sim potential. It would give more arguments on having the sim and the javacard as a platform, instead of the mobile devices. There is already some argumentation towards having the secure module of NFCs handsets on the SIM or in a trusted element in the mobile. As well as there are discussions on having a soft SIM (a sim application inside a trusted element different from a smart card) for the M2M cases.

In any case, those are good news for my thesis about the future sim, and how to build a trust application in the sim using context information and identity context information. By the way, I have read quite a lot about context information this week, but Ill leave the post about it for the weekend on the beggining of the next week.

First Post! Me, my thesis and this blog February 17, 2009

Posted by tcarlyle in Me, SIM Cards, Thesis.
Tags: , , , , ,

Well, my name is Thomas Carlyle Vilarinho, I’ve lived most of my life in Brazil where I’ve graduated  as a Computer Systems Engineer. Recently I’ve came to Scandinavia to pursue a Masters in order to deepen  my  technical knowledge, to acquire more international experience and specialize in  mobile computing and data security (but also to learn a little bit more on project management and mobile and security business).

I am currently writing my thesis on the state of art of the SIM cards (actually on the future of it!), identification schemes and using those two together to build trust. More details can be found at http://wiki.unik.no/index.php/Communications/TrustedService . Actually the detailed work status is not open for everyone to view because there may be some confidential information (I’m doing the project together with Telenor).

But I will most likely post some of the public information in here. And actually one of the reasons to build this blog is to publish some of the public content I’ve been through on the thesis and possibly some other technical information that may interest the others. As an ex-editor of the electric engineering student association, it is good to be writing again =)