Authors: Kerem Ok, Cem Cevikbas, Vedat Coskun, Mohammed Alsadi, Busra Ozdenizci

Abstract:

Un-keyed SIM cards do not contain the required security infrastructure to provide end-to-end encryption with Service Providers. Hence, new, emerging, or smart services those require end-to-end encryption between SIM card and a Service Provider is impossible. SIMSec key exchange protocol creates symmetric keys between SIM card and Service Provider. After a successful protocol execution, SIM card and Service Provider creates the symmetric keys and can perform end-to-end data encryption when required. In this paper, our aim is to analyze the SIMSec protocol’s security. According to the results, SIM card and Service Provider can generate keys securely using SIMSec protocol.

Keywords: End-to-end Encryption, key exchange, SIM card, Smart card.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1111665

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1881

References:

[1] B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, The Twofish encryption algorithm: a 128-bit block cipher, New York, NY: John Wiley & Sons, Inc., 1999.
[2] J. Daemen, V. Rijmen, The design of Rijndael: AES-the advanced encryption standard, Secaucus, NJ: Springer, 2002
[3] B. Schneier, “Description of a new variable-length key, 64-bit block cipher (Blowfish),” In Fast Software Encryption, R. Anderson, Ed. U.K: Springer, 1994, pp. 191-204.
[4] W. Stallings, W, “The advanced encryption standard,” Cryptologia, vol. 26(3), pp. 165-188, July 2002
[5] D. Coppersmith, “The Data Encryption Standard (DES) and its strength against attacks,” IBM journal of research and development, vol 38(3), pp. 243-250, May 1994
[6] K. Ok, V. Coskun, C. Cevikbas, B. Ozdenizci, “Design of a Key Exchange Protocol between SIM Card and Service Provider,” in Proc. of 23rd Telecommunications forum TELFOR 2015, Belgrade, Serbia, 24-26 Nov ember 2015, pp. 281-284.
[7] Casper: A Compiler for the Analysis of Security Protocols. Available online: http://www.cs.ox.ac.uk/gavin.lowe/Security/Casper/ (Accessed on December 2015).
[8] K. Ok, V. Coskun, R. C. Cevikbas, “Challenges and Risks for a Secure Communication between a Smartcard and a SP through Cellular Network,” International Journal of Advances in Computer Networks and Its Security, vol 4(4), pp. 26-30, December 2014.
[9] V. Coskun, B. Ozdenizci, K. Ok, “The Survey on Near Field Communication,” Sensors vol 15 (6), 13348-13405, June 2015.
[10] B. Ozdenizci, V. Coskun, K. Ok, “NFC Internal: An Indoor Navigation System,” Sensors vol 15 (4), 7571-7595, March 2015.
[11] B. Ozdenizci, K. Ok, V. Coskun, “NFC Loyal for Enhancing Loyalty Services Through Near Field Communication,” Wireless personal communications, vol 68(4), pp. 1923-1942, February 2013.
[12] L. Atzori, A. Iera, G. Morabito, “The internet of things: A survey,” Computer networks vol 54(15), 2787-2805, April 2015.
[13] D. Palma, J. E. Agudo, H. Sánchez, M. M. Macías, “An Internet of Things Example: Classrooms Access Control over Near Field Communication,” Sensors, vol 14, pp. 6998-7012, April 2014.
[14] S. Karnouskos, “Mobile payment: a journey through existing procedures and standardization initiatives,” Communications Surveys & Tutorials, vol 6(4), pp. 44-66, 2004.
[15] H. Rodrigues, R. José, A. Coelho, A. Melro, M. C. Ferreira, J. F. Cunha, M. P. Monteiro, C. Ribeiro, “MobiPag: Integrated Mobile Payment, Ticketing and Couponing Solution Based on NFC,” Sensors, vol 14, pp. 13389-13415, July 2014.
[16] R. Song, “Advanced smart card based password authentication protocol,” Computer Standards & Interfaces, 32(5), pp. 321-325, October 2010.
[17] C. T. Li, C. C. Lee, C. J. Liu, C. W. Lee, “A robust remote user authentication scheme against smart card security breach,” In Data and Applications Security and Privacy XXV, Y. Li, Ed. Virginia: Springer, 2011, pp. 231-238.
[18] M. Badra, P. Urien, “Toward SSL integration in SIM SmartCards,” in Proc. of the Wireless Communications and Networking Conference, Atlanta, 2004, pp. 889-893.
[19] H. Rongyu, X. Guolei, C. Chaowen, X. Hui, Q. Xi, Q. Zheng, “A PK-SIM card based end-to-end security framework for SMS,” Computer Standards & Interfaces, vol. 31(4), pp. 629-641, June 2009
[20] Y. Li, M. Chen, J. Nie, J. “Mobile commerce security model construction based on sms,” in Proc. 7th International Conf. Wireless Communications, Networking and Mobile Computing (WiCOM), Wuhan, China, 2011, pp. 1-3.
[21] K. Markantonakis, K. Mayes, “A Secure Channel protocol for multi-application smart cards based on public key cryptography,” in Communications and Multimedia Security, D. Chadwick, B. Preneel, Ed. U.K.: Springer, 2005, 175, pp. 79-95.
[22] E. Barker, W. Barker, W. Burr, W. Polk, M. Smid, “Recommendation for key management-part 1: General (Revision 3),” NIST special publication, 2006.