fixed mobile convergence - etsi · seite 3 etsi security workshop 2007 fixed mobile convergence...

19
Fixed Mobile Convergence Dr. Stephan Spitz Giesecke & Devrient GmbH Division Telecommunication

Upload: vokien

Post on 04-Apr-2018

220 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Fixed Mobile Convergence

Dr. Stephan Spitz

Giesecke & Devrient GmbHDivision Telecommunication

Page 2: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 2

ETSI Security Workshop 2007

Fixed Mobile Convergence (FMC)

1. What is FMC ? Technology Status of FMC

2. Existing (U/I)SIM-based FMC security solutions

3. The Future

Page 3: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 3

ETSI Security Workshop 2007

Fixed Mobile Convergence (FMC)

1. What is FMC ? Technology Status of FMC

2. Existing (U/I)SIM-based FMC security solutions

3. The Future

Page 4: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 4

ETSI Security Workshop 2007

Definition of Fixed Mobile Convergence, …

The aim of Fixed Mobile Convergence (FMC) is to provide fixed and mobile services with a single phone or personal device, which could switch between networks ad hoc.

Wikipedia

Page 5: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 5

ETSI Security Workshop 2007

… but also Network Convergence

Page 6: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 6

ETSI Security Workshop 2007

Strong Convergence Drivers

CONVERGENCE

TECHNOLOGY COMPETITION

Move to IP infrastructure

Intersection IT and Telecom

“Value rich services”USER

PREFERENCES

Integrated value rich services

Personalized and mobile

Secure communications

Disruptive business models

Price pressure

Eroding revenue

Multiplicity of access methods

Multimedia and real-time networking

New standards

CONSOLIDATION

Lower costs

Bigger brands

Media/entertainment into Telecom/IT

Page 7: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 7

ETSI Security Workshop 2007

Standardization Bodies

TISPAN (Telecoms & Internet converged Services & Protocols

for Advanced Networks ) specifications of 3GPP ensure

integration between fixed and mobile solutions based on

3GPP IMS (IP Multimedia Subsystem)

http://www.etsi.org/tispan/; WG7 SEC security

Fixed Mobile Convergence Alliance (FMCA,

http://www.thefmca.com )

WiMAX Forum (http://www.wimaxforum.org )

Page 8: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 8

ETSI Security Workshop 2007

Some FMC Examples

TwinTel (http://www.arcor.de/privat/twintel.jsp) in Germany: Arcor offers a mobile GSM handset which can also be used for making calls trough the ADSL line

BT Fusion* (http://www.btfusionorder.bt.com/ )in England: British Telecom offers a Vodafone handset also capable of making calls through the ADSL line.

Beautiful Phone (http://www.beautifulphone.com/html/en/) in France: neuf cegetel offers also a combined fixed mobile phone.

Free a french Internet provider (http://adsl.free.fr/ ), develops a WiFimesh network of HD „freeboxes“ to be used to provide mobile telephony

unik: Orange offers a single telephone, a single number, a single address book, at home or on the move www.unik.orange.fr

Page 9: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 9

ETSI Security Workshop 2007

Fixed Mobile Convergence (FMC)

1. What is FMC ? Technology Status of FMC

2. Existing (U/I)SIM-based FMC security solutions

3. The Future

Page 10: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 10

ETSI Security Workshop 2007

EAP in general

“Only” authentication to the WLAN access point (no end-to-end security)

EAP is specified in RFC 3748

A lot of EAP authentication mechanisms are available (40) e.g. EAP-MD5, EAP-TLS,…

(U)SIM relevant are

EAP-SIM based on 2G authentication

EAP-AKA based on 3G authentication

Page 11: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 11

ETSI Security Workshop 2007

EAP-SIM

RFC 4186 specifies an authentication mechanism in which a SIM´s

encryption key used in GSM systems is applied for EAP authentication

For security reasons triplets are used, because GSM key length is

considered as to short

Both sides (supplicant and authenticator) have to share the same

symmetric (GSM authentication) key for the authentication process

Different implementation variants on the SIM are possible depending on

the communication between ME and SIM

Page 12: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 12

ETSI Security Workshop 2007

EAP-AKARFC 4187 specifies an EAP authentication mechanism based on an USIM and the UMTS AKA (Authentication and Key Agreement) protocol

The authentication vector used with AKA is applied for this special EAP authentication

With the UMTS authentication also the provider/authenticator is authenticated by the handset/supplicant

Both sides (supplicant and authenticator) have to share the samesymmetric (UMTS authentication) key for the authentication process

No technical challenge for the USIM card itself, but again different implementation variants on the USIM are possible depending on the communication between ME and SIM

Page 13: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 13

ETSI Security Workshop 2007

ISIM (IP Multimedia Subsystem) SIM 1/2

The IMS (IP Multimedia Subsystem) specified by the 3GPP TISPAN offers

among other services Push-To-Talk, VoIP, Video and Content Sharing,

Instant Messaging and Unified Messaging

ISIM Functionality: Authentication to the operator or carrier supporting

an IMS service via the Generic Bootstrapping Architecture (GBA)

USIM and ISIM security algorithm are the same with IMS AKA i.e.

authentication based on pre-shared symmetric keys

The AKA authentication vector again is applied for IMS AKA

authentication (like EAP-AKA)

Page 14: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 14

ETSI Security Workshop 2007

ISIM (IP Multimedia Subsystem) SIM 2/2

Confidential Data stored on ISIM: user’s subscription level, keys i.e.

authentication and security information and the private identity of the

subscriber

The private identity is linked to a public identity e.g. a SIP URI

“user@mynet” or TEL URI “+49-89-4119-0@mynet”. Moreover an IMS

private identity can be resolved from the user’s IMSI

ISIM and USIM functionality can be easily combined on one module

Page 15: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 15

ETSI Security Workshop 2007

Fixed Mobile Convergence (FMC)

1. What is FMC ? Technology Status of FMC

2. Existing (U/I)SIM-based FMC security solutions

3. The Future

Page 16: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 16

ETSI Security Workshop 2007

The Future: FMC and G&D´s GalaxSIM

The Smart Card becomes fully network enabled

The Smart Card can act independently as network node (no master

slave communication as in ISO7816 specified any longer)

The Smart Card offers security/web services based on the IP protocol

The Smart Card becomes more than an authentication token, because it

can directly participate in the Internet traffic

Lsat, but not least: From the Internet point of view the Smart Card

world is “proprietary” (T=0/1, APDUs,..)

Page 17: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 17

ETSI Security Workshop 2007

Future Use Cases

The Smart Card can directly exchange confidential data with a standard Internet-Server by an end-to-end secured connection (no break of the security chain in the mobile)

The Smart Card triggers actions in the Internet e.g. by a HTTP-Request (no more master-slave communication!)

The Smart Card can communicate with other network components viaRPC (Remote Procedure Calls) e.g. Web Services

The Smart Card i.e. the Smart Card Web Server can directly display confidential information in conjunction with mTransaction and mCommerce via an Browser on the mobile

Page 18: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 18

ETSI Security Workshop 2007

Interoperability and Connectivity

2G/3G

App.

SC OST=O

APDUsSmar

t Car

d Consumer

Applications

Personal Devices

PDAs, Multimedia Phones

Intern-Networkingbased on IP

Services / Application

Protocols based on IP

Smart Card

GSM/ UMTS

Applications

2G/3G

Network

Internet

ConnectivityGSM

/UM

TS S

yste

m Mobile

Phone

Status Quo GalaxSIM (Internet Smart Card

Model)

Middleware

Page 19: Fixed Mobile Convergence - ETSI · Seite 3 ETSI Security Workshop 2007 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security

Seite 19

ETSI Security Workshop 2007

Thank you for your attention!