Secure Cryptographic Operations on SIM Card for Mobile Financial Services
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 33122
Secure Cryptographic Operations on SIM Card for Mobile Financial Services

Authors: Kerem Ok, Serafettin Senturk, Serdar Aktas, Cem Cevikbas

Abstract:

Mobile technology is very popular nowadays and it provides a digital world where users can experience many value-added services. Service Providers are also eager to offer diverse value-added services to users such as digital identity, mobile financial services and so on. In this context, the security of data storage in smartphones and the security of communication between the smartphone and service provider are critical for the success of these services. In order to provide the required security functions, the SIM card is one acceptable alternative. Since SIM cards include a Secure Element, they are able to store sensitive data, create cryptographically secure keys, encrypt and decrypt data. In this paper, we design and implement a SIM and a smartphone framework that uses a SIM card for secure key generation, key storage, data encryption, data decryption and digital signing for mobile financial services. Our frameworks show that the SIM card can be used as a controlled Secure Element to provide required security functions for popular e-services such as mobile financial services.

Keywords: SIM Card, mobile financial services, cryptography, secure data storage.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1126373

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2069

References:


[1] Electronic Banking System. http://www.electrobank.com/ebaeb.htm, Last Access: Aug. 15, 2016.
[2] Master Card, www.mastercard.com, Last Access: Aug. 15, 2016.
[3] The International PGP Home Page, http://www.pgpi.org, Last Access: Aug. 15, 2016.
[4] Gartner Says Worldwide Smartphone Sales Grew 3.9 Percent in First Quarter of 2016. Online at: http://www.gartner.com/newsroom/id/3323017, Last Access: Aug. 15, 2016.
[5] Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., & Rajarajan, M., “Android security: a survey of issues, malware penetration, and defenses,” IEEE Communications Surveys & Tutorials, vol. 17, no. 2, pp. 998-1022, 2015.
[6] Teufl, P., Andreas, F., Daniel, H., Alexander M., Alexander, O., Thomas Z., “Android encryption systems,” in Proc. 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), Denmark, pp. 1-8, 2014.
[7] Android Keystore System, https://developer.android.com/training/articles/keystore.html, Last Access: Aug. 15, 2016.
[8] Cooijmans, T., de Ruiter, J., Poll, E, “Analysis of secure key storage solutions on Android,” in Proc. 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, USA, pp. 11-20, 2014.
[9] Ok, K., Coskun, V., Yarman, S.B., Cevikbas, C., Ozdenizci, B., “SIMSec: A Key Exchange Protocol between SIM Card and Service Provider,” Wireless Personal Communications, vol. 89, no. 4, pp. 1371-1390, 2016.
[10] Perkov, L., Ana, K., and Nikola, P., “Recent advances in GSM insecurities,” in Proc. MIPRO 34th International Convention, Croatia, 2011, pp. 1502-1506.
[11] Ahmad, Z., Francis, L., Ahmed, T., Lobodzinski, C., Audsin, D. Jiang, P., “Enhancing the Security of Mobile Applications by using TEE and (U) SIM,” in Proc. 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 10th International Conference on Autonomic and Trusted Computing (UIC/ATC), Italy, pp. 575-582, 2013.