Enhanced SIM (ESIM):

a proposal for mobile security

Giuseppe “Gippa” Paternó
Centre for Telecommunications Value-Chain Research
Trinity College Dublin
Dublin 2, Ireland
[email protected]

September 2009

Abstract—The Enhanced SIM wish to address primarily the services are most likely to be a good target from malicious
need of an user to be uniquely identified within corporate and attackers.
Internet resources. By leveraging a public key infrastructure of a The Internet is facing an increasing number of threats both
mobile operator, web sites and corporation can federate with the
operator to authenticate the end user by reusing the technology in the server and the client sides. Attacks are getting more and
that is already available. As a side effect, a number of VAS more sophisticated, involving networks, operating systems and
applications -such as bank services- can take advantage of this applications. As the users are using their mobile devices as a
feature to secure financial transactions over mobile devices. personal and corporate terminal, we expect that such threats
will move into the mobile space sooner or later.
I. I NTRODUCTION Mobile telephone networks are mostly based on GSM (2G)
or UMTS (3G) networks and are considered quite trusted,
The increasing number of Internet web sites and corporate however we expect that next generation mobile networks will
applications increased also the username and password com- be mostly IP-based such as leveraging WiMAX or similar
binations a user should keep track. Some corporate access and layer 2 network medium, with the consequences that IP-based
financial institutes even uses OTP devices: it happens that a networks can have in the security issues.
user can have multiple OTP devices, making uncomfortable to
II. T HE E NHANCED SIM (ESIM)
bring all along. Although some mechanism of single sign-on
and of federation has been adopted, yet the number of OTP Current mobile telephone networks use a Subscriber Identity
devices and username/password combinations are too high. Module (SIM) or an Universal SIM (USIM) that is a special
The physical identity of a user doesn’t change whatever smartcard containing its unique serial number, international
he/she uses a given services: the idea is then to leverage unique number of the mobile user (IMSI), security authentica-
something that a user always brings with him/her. Almost tion and ciphering information, temporary information related
everyone has at least one mobile phone nowadays, making to the local network (also temporary local id that has been
the phone an ideal device to identify an user. The Enhanced issued to the user), list of the services the user has access to
SIM wish to address the need of identifying uniquely the and two passwords (regular PIN and unblocking PUK).
user to every web site and resource by leveraging the X.509 The SIM smartcard is composed of directories and files that
certificates and their corresponding private certificates. are described in detail in the ETSI GSM Technical Specifica-
tions 11.11[1] and 11.14[2]. The file system may be comprised
As a side effect, a number of other services can be accom-
of the following basic forms: a master file (MF)[3], a directory
plished by integrating a security infrastructure into the phone,
file (DF)[3] and an elementary file (EF)[3]. The subscriber and
such as financial services and other value added services
operator information are hold within this structure.
(VAS). In fact, the result of the continuous evolution of the
This paper proposes embedding a cryptographic engine in a
mobile telephone networks and the users’ needs, the mobile
SIM to hold X.509 certificates and the corresponding private
phone is becoming a terminal to access both personal and
cryptographic keys, to be used for authenticating to external
corporate data, such as bank/financial services.
or remote applications. When shipped, the SIM will hold a
Financial and bank services access through the mobile are
key-pair generated at the personalisation stage by the mobile
becoming more popular among consumers and small business:
operator and signed with the operator Certification Authority.
thanks to the introduction of the Mobile Virtual Network
This implementation of a SIM is referred from now on as
Operators (MVNO), many banks creates their own MVNO
Enhanced SIM (or ESIM).
giving access to their bank services through applications stored
on the SIM itself and created with the SIM Application III. S MARTCARD SPECIFICATIONS
Toolkit. As applications made with the SIM toolkit are ba- Recent studies of the author [4] state that the smartcard
sically exchanging Short Messages (SMS) in plain-text, these market for authentication is unclear at the moment. While the
standard for the reader access is focused on the well-accepted B. ESIM certificate
CCID specification, middleware access is not standardized yet: When a SIM is created and personalized for the operator at
each manufacturer need its own middleware with a proprietary the factory, it will be pre-loaded with an X.509 key-pair.
PKCS11 or CSP library to interface with a cryptographic A key generation command will be issued to the on-board
engine. java applet, the public key submitted to the operator’s CA and
The GSM market needs a well established standard to the signed public certificate loaded on the card.
interface with the SIM, as it represent one of the core part of The certificate subject will have the common name set to
the GSM network itself. Most of the smartcard manufacturer the card IMSI value, other values are optional but must reflect
are converging over the JavaCard specifications[5], and its the Certification Authority values. For example, organization
specification should represent the minimum standard over the (O) must reflect the mobile operator name and the country
Enhanced SIM implementation. code (C) set to the one specified by the IMSI value.
However, the Java Card technology provides an architecture Certificate renewals will be fulfilled using the SCEP proto-
for open application development for smart cards, using the col.
Java programming language. Basically, the smartcard contains
C. Provisioning
a Java Virtual Machine (JVM) capable of running java code
on the card microprocessor; this Java code is referred to as an The certificate lifecycle can be easily integrated into an
applet. A Java applet therefore should provide cryptographic operator provisioning system. When the SIM is issued, the
function to the middleware in the mobile device. key-pair is generated in the factory and then signed with the
In an ESIM, the identified applet is the Musclecard applet as operator CA. If the SIM is stolen or replaced, the certificate
defined in the MUSCLE Cryptographic Card Edge Definition will be revoked from the operator.
for Java Enabled Smartcards specifications[6][7][8]. V. API S ACCESS
The card manufacturer, upon request of the operator, can Each device manufacturer must publish APIs to access
optionally provide dual contact and contactless cards so that the keys infrastructure, either to internal applications as well
leveraging the JavaCard specifications will open the card for as third parties, if possible leveraging and integrating with
other possible application scenarios. the existing on-board certificate management. For example,
Windows Mobile devices can leverage the CertificateStore
IV. C ERTIFICATE LIFECYCLE APIs[9] or iPhone the keychain service[10].
By leveraging these APIs, third party application that al-
A. Certification Authority ready uses these APIs can integrate the on-board certificate.
For example, on-board Web Browsers can optionally permit
Each operator must have a Certification Authority (CA),
certificate login to a server whenever required, a VPN software
who is responsible of signing the certificate on-board the ESIM
can use the certificate for login purposes and device storage
and to manage certificates lifecycle. It is strongly suggested
can be encrypted with the user public key.
that the CA follows the common criteria specifications.
Each operator has to publish the following CA information: VI. C RYPTOGRAPHIC ENGINE ACCESS
• CA root certificate URL Mobile devices should expose crypto services to standard
• The URL of the Certificate Revocation List (CRL) for computers. Through this feature, the phone device and the SIM
off-line verification can be used to access corporate resources and public sites.
• Online Certificate Status Protocol (OCSP) responder (op- The manufacturer should expose the ESIM applet by em-
tional) for on-line verification ulating a standard smartcard reader. When this feature is
available by the manufacturer, the mobile device must have a
The place in which those information are stored must be cable that is able to connect to a standard USB port interface
made publically available to other operators. It is strongly in the computer and emulate a smartcard reader following
suggested that the ESIM preload the CA public certificate of the USB CCID specifications. The advantage of USB CCID
the operators with which it has relationship. The mobile device specification is that almost well accepted across multiple
has to retrieve CRL URL and OCSP responder information operating systems such as Linux, Microsoft Windows, Sun
from the CA certificate. Furthermore, the public key for lawful Solaris and Apple Mac OS X.
interception certificate has to be clearly specified, as discussed
later in section VIII. VII. A PPLICATIONS
The mobile device should update regularly the associated The ESIM together with API access within the device can
CRLs over a well-defined Access Point Name (APN). The address a large number of applications that can take advantage
mobile operator can optionally send its own CRL via OTA of the security infrastructure provided.
Provisioning. The CRL is a key part of ensuring that the peer This chapter, however, don’t wish to address the specifi-
certificate has not been revoked. Whenever a data connection cations of the application themselves, rather wants to give
is available, the mobile device should try attempting the OCSP examples on how this security infrastructure can be deployed
verification (when available by the operator) first. in common scenarios.
A. Short Messaging Service (or SRTP)[14]. The SRTP defines a profile of RTP (Real-
Although operators’ core telephone network is considered time Transport Protocol) that addresses encryption, message
somehow trusted, it is possible to spoof the source of the authentication and integrity, and replay protection to the RTP
short message. Most banks, especially those who also owns data.
a Mobile Virtual Network Operator (MVNO), uses the SIM
D. IEEE 802.1x
Application Tookit to query bank services: the toolkit leverage
SIM to exchange SMS with the services to perform the IEEE 802.1X is an IEEE Standard for port-based Network
requested actions. Access Control and it’s part of the IEEE 802.1 group of
SMS are also used as an authentication mechanism that send networking protocols. It provides an authentication mechanism
a One Time Password (OTP) to the end-user. Spoofing SMS to devices wishing to attach to a LAN, either establishing
can lead to data leaking in these areas or even misuse the a point-to-point connection or preventing it if authentication
device, as the attack described in [11]. fails. It is used for most wireless 802.11 access points and is
Using certificates to sign SMS can ensure that the message based on the Extensible Authentication Protocol (EAP).
is sent by a valid entity in the telephone network and is not Through the use of the certificate embedded into the SIM,
spoofed, ensuring that the source is verified. To interactive the mobile device can join a Wireless network protected via
messages, the mobile device should display to the end-user EAP-TLS, for example public hot-spots based on IEEE 802.11
that the message is signed and verified. a/b/g, WiMAX or future wireless protocols that use IEEE
Whenever a signature is applied to the SMS, all services that 802.1x as authentication standard.
relies on the Short Message Service, including applications
based on the SIM Toolkit, must verify that the signature is VIII. L AWFUL INTERCEPTION
valid. SIM Application Toolkits can also allow to encrypt Lawful interception is required in some countries. X.509
data using a specified public key that can be included in the certificates used in cryptography are an obstacle to lawful
application. interception, therefore this factor must be taken into consider-
Note that signing SMS means that the message will not fit ation.
a single short message that is limited to 160 characters. SMS Each mobile operator should generate a key-pair exclusively
reassembly is a critical part of the process: a single message for lawful interception and the private key must be kept in
dropped means that the whole content is lost. This has to be a smartcard or in a secure device such as HSM so that
taken into consideration when designing applications with the wiretapping can be made possible, yet secure. The public
SIM Toolkit and on the receiver side. certificate must be stored in the ESIM in a well-known location
and made available to application requiring it, such as the
B. Remote Device Wiping Short Messaging Service, using common APIs.
Devices and laptops are sometimes target of criminal organi- It is a key factor that is the home operator owning the
zations to gather precious information about a company, such wiretapping certificate, not the visiting operators in which the
as copying confidential information. Even an unintentional loss user is roaming. This ensures privacy of communication in
can represent a damage to the person that holds private data those countries that offers GSM or other mobile services but
on board. has a different privacy regulation. It is important to stress
By leveraging the certificate system, an operator can send that the user is responsible of its content in his/her home
a special short message for wiping the device remotely. The country, while ensuring content privacy while roaming. If an
issuing operator will send a special signed SMS that contains international crime is committed, local government justice can
instruction for the device for an immediate wipe. As the ask for wiretapping following the international justice.
message is received at the mobile terminal, the device must For the services based on SIM Tooklit, such as banking
immediately wipe its memory, without prompting the user and application, that are in need of the confidential information,
even if it’s in standby. the lawful interception should not be made available by the
operator itself. Instead, the service provider should maintain
C. IP-based telephony logs and provide information to local government authorities
The convergence to IP-based telephony, widely adopted upon requests.
now in landline communication, is expected to have the same
IX. C RITICISM
spread adoption when next generation mobile networks such
as WiMAX will be available. Certification Authorities and public key infrastructure had
The certificates can be used to secure IP-based phone not the expected success: it had a wide adoption on the server
communication, as the current weakness of the protocol is side for web access, but not on the client site. We are facing
that an attacker can listen to the conversation with easy to a low adoption for the client authentication, maybe associated
find tools such as Cain & Abel[12]. For example, ESIM can to the costs involved in maintaining a PKI infrastructure and
be used to protect the SIP protocol with TLS[13] or generate the usability issues for an end user. However smart cards and
a random AES key in the Secure Real-time Transport Protocol client X.509 authentication are slowly begin their adoption
where sensitive data is involved, such as government agencies [8] ——, “An open middleware for smart-cards,” Computer Science
and military armies. Software Engineering (CSSE) Journal, 2005. [Online]. Available:
http://retis.sssup.it/%7Etommaso/publications/CSSE-2005.pdf
History told us that in the past peer-to-peer cryptographic [9] Microsoft. Windows mobile certificatestore apis description. [Online].
mechanism such as PGP or SSH were the preferred method- Available: http://msdn.microsoft.com/en-us/library/dd187703.aspx
ologies for security over adopting the PKI infrastructure. [10] Apple. Keychain services concepts. [Online]. Available:
http://developer.apple.com/DOCUMENTATION/Security/Conceptual/
On the mobile operator side, mediation through third parties keychainServConcepts/02concepts/concepts.html
comes to disasters, such as what happened to WAP and other [11] A. Greenberg, “How to hijack ’every iphone in the world’,”
operator-mediated initiatives. Forbes, 2009. [Online]. Available: http://www.forbes.com/2009/07/28/
hackers-iphone-apple-technology-security-hackers.html
However, I believe that the pitfalls of these systems are [12] M. Montoro, “Cain & abel.” [Online]. Available: http://www.oxid.it/
mainly due to costs and the “usability” factor from an user [13] T. Kaji, K. Hoshino, T. Fujishiro, O. Takata, A. Yato, K. Takeuchi,
perspective. For example, WAP on one side had poor rendering and S. Tezuka, “Tls handshake method based on sip,” Proceedings of
the International Multiconference on Computer Science and Information
of web pages, basically because there were no standards on Technology.
the mobile web browsers and each one need to be an exception [14] M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman,
on the WAP gateways, on the other the costs of web surfing “The secure real-time transport protocol (srtp),” IETF, March 2004.
[Online]. Available: http://www.rfc-editor.org/rfc/rfc3711.txt
over mobile was too high. [15] F. Fucci and R. Giacchi, “System based on a sim card performing
From a security perspective, the user should not be aware of services with high security features and relative method,” World
the underlying security technology that must be transparent to Intellectual Property Organization, 2009. [Online]. Available:
http://www.wipo.int/pctdb/en/fetch.jsp?LANG=ENG&DBSELECT=
the end-user. When the user enter his/her PIN, it must unlock PCT&SERVER TYPE=19-10&SORT=41273866-KEY&TYPE
also the on-board certificate chains so that he will notice no FIELD=256&IDB=0&IDOC=1628445&C=10&ELEMENT SET=
difference, but he/she is having real security. B&RESULT=2&TOTAL=6&START=1&DISP=25&FORM=SEP-0/
HITNUM,B-ENG,DP,MC,AN,PA,ABSUM-ENG&SEARCH IA=
PosteMobile, the MVNO owned by Poste Italiane (italian IB2008054047&QUERY=(FP/giacchi)+
post), filed a patent[15] that describe their methodology, based
on the X.509 public key infrastructure, to secure data exchange
between the SIM Toolkit Application and the webservice
that interacts with the PostePay service, the pre-paid credit
card service of Poste Italiane. Such a successfully example
demonstrates that a public key infrastructure can be widely
adopted without the actual knowledge of the underlying secu-
rity technology from an user. However the system adopted by
PosteMobile is limited only to the SMS messages exchange,
while the ESIM proposal has the potential of addressing more
security needs.
X. ACKNOWLEDGES
Many thanks to Prof. Donal O’Mahony, director of CTVR
at Trinity College Dublin (Ireland), that made this publication
possible. Tommaso Cucinotta and Ludovic Rousseau for the
precious suggestions.
R EFERENCES
[1] Digital cellular telecommunications system (Phase 2+); Specification of
the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface
(GSM 11.11). ETSI, 1995, vol. GSM Technical Specification.
[2] Digital cellular telecommunications system (Phase 2+); Specification of
the SIM Application Toolkit for the Subscriber Identity Module - Mobile
Equipment (SIM - ME) interface (GSM 11.14). ETSI, 1996, vol. GSM
Technical Specifications.
[3] “Iso 7816-4 smart card standard: Part 4: Interindustry commands for
interchange,” International Organization for Standardization (ISO), 2005.
[4] G. Paternò, “Exploring smartcards, an independent look to technologies
and market,” Tech. Rep., 2008. [Online]. Available: http://www.
gpaterno.com/publications/2008/Exploring Smartcards.pdf
[5] Java card technology specifications. [Online]. Available: http://java.sun.
com/javacard/
[6] D. Corcoran and T. Cucinotta, MUSCLE Cryptographic Card Edge
Definition for Java Enabled Smartcards, 2001, no. 1.2.1.
[7] T. Cucinotta, M. D. Natale, and D. Corcoran, “A protocol for pro-
grammable smart cards,” in Proceeedings of 14th International Work-
shop on Database and Expert Systems Applications (DEXA 2003), IEEE.
Prague, Czech Republic: IEEE Computer Society Press, September
2003, pp. 369–374.