vedder 2011 01 etsi sec ws final...6th etsi security ws 3 world class standards the smart card...
TRANSCRIPT
Footer text (edit in View : Header and Footer)
The UICC
Dr. Klaus VedderChairman ETSI TC SCP
6th ETSI Security WS
Sophia Antipolis, France
19-20 January 2010
Recent Work of ETSI TC Smart Card Platform
6th ETSI Security WS 2
World Class Standards
SIMs, USIMs, R-UIMs, CSIMs…. in 2010
You could stack the SIMs, USIMs, R-UIMS, CSIMs …delivered to the market in
2010
to a tower
3,040 km high
go more than 40 times around the world!
575 km
If you place the SIMs, USIMs, R-UIMs, CSIMs, …. ever delivered to the market next to
each other you could
6th ETSI Security WS 3
World Class Standards
The Smart Card Market
10501390
20402650
3200 34003700
280336
410
510
650750
860
0
1000
2000
3000
4000
5000
6000
2004 2005 2006 2007 2008 2009 2010e
Source: Eurosmart
CAGR 2
4%
M. units
Industry & Government Payment Telecommunication
14691889
3446
CAGR 05-09
23%
22%
25%
2656
41854520
4995
Note:
The current
estimate for 2010
is 4 billion units
6th ETSI Security WS 4
World Class Standards
ETSI TC Smart Card Platform
� 23 Years of Dedication and Real-life Experience
� TC SCP founded in March 2000 as the successor of SMG9, the people which specified the most successful smart card application ever with over 4 billion subscribers using one or more of the over 20 billion SIMs, USIMs, R-UIMs, CSIMs, … delivered to the market
� ETSI TC SCP has published over fifty specifications on smart cards covering all areas from administrative commands to APIs, browsers, Internet connectivity, Machine-to-Machine (M2M), new interfaces for high speed and NFC as well as related test specifications
� all can be downloaded free of charge from the ETSI website
The specifications are application agnostic and are not restricted to the world of telecommunications.
They can be used as a (secure) platform for basically any application.
4
6th ETSI Security WS 5
World Class Standards
Structure and Officials
SCP Plenary
Chairman: Klaus Vedder, G&DVice Chairman: Tim Evans, IlluminismoVice Chairman: Denis Praca, Gemalto
SCP Requirement WG
Chairman: Colin Hamling, TelefónicaVice Chairman: Heiko Kruse, Sagem Orga
Vice Chairman: Denis Praca, Gemalto
SCP Testing WG
Chairman: Andreas Bertling, Comprion
Vice Chairman: Christophe Dubois, Gemalto
SCP Technical WG
Chairman: Paul Jolivet, LGVice Chairman: Sebastian Hans, Oracle
5
6th ETSI Security WS 6
World Class Standards
Description
� SCP� Final acceptance of Work Items to be progressed by Working Groups
� Acceptance for publication of all Technical Specifications, Technical Reports and Change Requests to published documents
� Input to its work is received from ETSI members as well as 3GPP, 3GPP2, GlobalPlatform, GSMA, GSMA SCaG, Global Certification Forum (GCF), NFC Forum, OMA, WiMAX Forum, …
� SCP REQ� Working Group SCP REQ is responsible for developing the requirements for
the Smart Card Platform
� SCP TEC� Working Group SCP TEC is responsible for the technical realisation of the
requirements developed by SCP REQ and accepted by SCP
� SCP TEST� Working Group SCP TEST is responsible for the development of test
specifications for deliverables produced by SCP TEC and accepted by SCP
6
6th ETSI Security WS 7
World Class Standards
The UICC - the Multi-application Platform
The UICC is the smart card platformproviding a clear separation of lower layers and applications residing on it
UICCa technology agnostic platform
ID
eHealth
Payment
PublicTransport
USIM SIM
Phonebook
(U)SAT
Specified by
TC SCP
Fir
ew
all
s b
etw
ee
n a
pp
lic
ati
on
sp
rovid
ed
by s
ma
rt c
ard
su
pp
lie
r
6th ETSI Security WS 8
World Class Standards
Complete revamp of the UICC
� New interfaces� IC_USB interface for high-speed contact communication
• modification of USB 2.0 on the physical layer for direct (non-pluggable) connections between chips; higher layers are not affected and run transparently without modifications on the IC_USB interface
• nominal speed of 12 megabit per second• use of existing contact layout of the smart card (C4 and C8)
� Single Wire Protocol and Host Controller Interface• contactless communication (Near Field Communication)
� Secure Channel to an end point terminal (to support, for instance, OMA BCAST)
� Support for large memory� part of the IC_USB specification
� A jump into the IP world� IP Connectivity for the UICC remote management over IP� Migration of the SIM toolkit framework over IP
� API for the Smart Card Web Server� New user interface (consistent interface across the range of handsets)� Web like look and feel (using the browser in the handset)
while retaining the security attributes
VCC
RST
CLK
USB
GND
SWP
I/O
USB
6th ETSI Security WS 9
World Class Standards
The Smart Card Web Server
A full-fledged Web server on the UICC -
UICC is the secure interface to the Internet� accessed by the Internet browser of the (mobile) device
� gives services on the UICC a Web look and feel
The SCWS combines� the benefits of the World Wide Web
• ease of use and administration
• dynamic content
� and the UICC
• platform for VAS
• the user’s home page
• OTP, Instant messenger
• Web Pages with FAQ to save calls to the Operator
• access to services based on new technologies such as NFC
• security and over-the-air administration (OTA)
Packetdata
http
xHtml
6th ETSI Security WS 10
World Class Standards
Contactless Mobile Terminals
The Mobile Terminal works like a contactless card for payment, personal banking, ticketing, access control, …and as as a card reader for the applications on the Secure Element
Mobile Phone CPU
The Single Wire Protocol (SWP) is the standardised I/F
between UICC and the Contactless Front End (CLF)
NFC chip for contactless
transmission
Contactless
applications
on USIM (or
mobile)
Mobile Phone CPU
Contactless
applications
on USIM,
SE or mobile
Secure Element (SE)
6th ETSI Security WS 11
World Class Standards
Security Capabilities on the UICC
SWP HCI Secure OS
ISD
ISD
ISDG
P A
PI
SD TSMn
Java CardTM API
Issuer applications
(U)SIMMNO
App 1
SD TSM1TrustSector TSM1
TrustSector TSMn
MNOApp 2
App 1 App 2 App 3
App 1 App 2 App 3
Glo
bal P
latfo
rm
6th ETSI Security WS 12
World Class Standards
TC SCP – Major Achievements in 2010
� Publication of M2M specification
� Environmental conditions and new form factors for the UICC
� Publication of test specifications for the USB interface*
� Set of two specifications (terminal and UICC features)
� Completion of test specifications for UICC based NFC*
� Two new specifications to complete the set of five for SWP and HCI
� Specification of a UICC API for Java CardTM for contactless applications
� Test specification for SCWS Application Invocation API for Java CardTM
� Technical Report on UICC in Mobile Broadband Notebook
� Upon request by the GSMA
* The development of these Technical Specifications was done by an ETSI STF (Specialist Task Force) with half the budget provided by ETSI and half by the participating companies
12
6th ETSI Security WS 13
World Class Standards
New Specifications and Reports
� UICC in Mobile Broadband Notebook (TR 102 906) � Analyses the integration of UICCs in Mobile Broadband Notebooks� Describes the different market initiatives � Provides a non-exclusive set of use cases
� Test specification for SCWS Application Invocation API for Java CardTM; Test Environment and Annexes (TS 102 835)� Core specification (TS 102 588) defines an API that allows a UICC based
SCWS to forward Http requests to an Applet and to receive the response from the Applet. It also defines an API for the Applet to register and unregister to the SCWS
� The test specification describes the technical characteristics and methods for testing this API including procedures and testing tools
� UICC Application Programming Interface for Java Card™ for contactless applications (TS 102 705)� Provisioning of access for a contactless Applet to the services provided by
the Host Controller Interface (HCI) protocol for the communication via the Contactless Front End (CLF)
� Registration of contactless parameters and management of contactless Applets in card emulation mode is defined in "GlobalPlatform Amendment C"
6th ETSI Security WS 14
World Class Standards
New Specifications: Testing the Contactless Interface
� The two new test specifications on the Host Controller Interfacecomplete the set of five test specifications on NFC employing the UICC and using the Single Wire Protocol (SWP) for communication between the UICC and the NFC chip in the terminal
� TS 102 695 - Smart Cards; Test specification for the Host Controller Interface (HCI)
• Part 1: Terminal features
• covers the minimum characteristics which are considered necessary for the terminal in order to provide compliance to TS 102 622 UICC - Contactless Front-end (CLF) Interface; Host Controller Interface (HCI)
• Part 3: Host Controller features
• covers additional test cases for the Host Controller to those specified in part 1
• also tests for host controller features which are transparent to the terminal
6th ETSI Security WS 15
World Class Standards
New Specifications: Testing the USB Interface
� Complete set of specifications for the USB interface of the UICC
� Interface specification (USB_IC) published in late 2007
� Test specifications for both the terminal and the UICC now also available to allow interoperability testing
• TS 102 922-1 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 1:Terminal features
• TS 102 922-2 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 2:UICC features
� What is the future of this interface?
� Currently no “active” implementations
• No SIMS, USIMS, R-UIMS, … with megabytes of memory deployed
� T=0 interface sufficient for the “normal” SIM, USIM, R-UIM, … ?
• T=1 never took off due to interoperability issues
6th ETSI Security WS 16
World Class Standards
M2M Specification Completed� TS 102 671: Smart Cards; Machine to Machine UICC; Physical and logical
characteristics� Machine-to-Machine (M2M) specific constraints such as data retention, temperature,
memory update cycles, vibration resistance, humidity
� Two new form factors for M2M use
• MFF1: socketable 8 pin solution
• MFF2: SON8
SON85mm x 6mm
6th ETSI Security WS 17
World Class Standards
M2M System Overview
A sensor inside a machine
Out through a wireless
transmitter
Over a network
Into a software application
Integrated into a
business process
Sensor M2M Module
M2M Terminal
UICC
Smart metering
MiddlewareSatellite/Cellular Network Fleet
Management
Environmental monitoring
Security
6th ETSI Security WS 18
World Class Standards
The challenge of M2M
M2M module
M2M terminal
M2M enabled device
M2M UICC
UICC manufacturer
MNO
Modem manufacturer
OEM
Vending machinemanufacturer
Vending machineoperator
WhichSubscription?
May have to bechangeable
after deployment!
6th ETSI Security WS 19
World Class Standards
Management of M2M Subscriptions
� UICCs may be embedded in M2M devices at M2M production site� This may be in advance of choice of country of deployment and
network operator
� Network operator may be changed during life time of the device
� This requires remote management of subscriptions in M2M UICCs
� Remote profiling and activation of UICCs
� Subscription portability between operators
The overall security shall be at least equivalent to that achieved with current removable SIM cards, processes and OTA management
� Securely updateable M2M UICC operating system, secure download and management of security and subscription data � TS 102 225: Secured packet structure for UICC based applications
6th ETSI Security WS 20
World Class Standards
Endless possibilities for M2M applications
The low maintenance mousetrap
� Companies producing food attract small animals; it just smells good to them.
� For hygienic reasons one cannot use classical mousetraps (no blood!) or cats to cater for the mice. The mice have to be caught alive. But the trap has to be checked every 12 hours.
� This new electronic mousetrap sends, once a mouse has been trapped, an SMS to the maintenance people person.
� No batteries are required as the mouse itself produces the energy needed to activate the system and send the SMS (“energy harvesting“).
6th ETSI Security WS 21
World Class Standards
SCP: Major Completed Topics
In addition to eight deliverables the following topics were concluded
� CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to a single client interfacing with the modem � AT Commands for UICC interaction, description of AT commands that can be
issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem
� In close co-operation with 3GPP
� Confidential Applications: allows 3rd party applications to be loaded and executed within a secure and private environment� In close co-operation with GlobalPlatform
� Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks � Requirements on interface management while allowing evolution of the
existing set of specifications. Potential areas are the USB interface, power management and negotiation, the voltage class used to secure thedeployment of the use cases
6th ETSI Security WS 22
World Class Standards
SCP: Current and Future Work
� CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to multiple clients interfacing with the modem
� AT Commands for UICC interaction, description of AT commands that can be issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem
� API for secure channels
� Support of P2P mode in contactless interface specifications� Specification of requirements and use cases for Peer to Peer contactless mode support in the UICC� To facilitate communication between applications on different UICCs
� UICC next generation Run Time Environment (RTE) to support multi-tasking of the UICC with more than one interface
� Test specifications to be realised this year � Evolution the test specification for UICC API for Java Card™ to Rel-7
� Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks � Security requirements still to be addressed
� Technical solution for a new framework for application and services migration over IP/USB� Framework allowing service discovery, registration and invocation over IP/USB
� Use cases and requirements related to the usage of the UICC in an M2M context (with emphasis on creating inputs for M441)
� Creation of conformance test specification covering UICC conformance requirements specified in ETSI TS 102 221
6th ETSI Security WS 23
World Class Standards
Convergence of Daily Life Security-based Applications
Pay Communicate
Identify
6th ETSI Security WS 24
World Class Standards
Vision: Tomorrow in my Mobile Wallet
6th ETSI Security WS 25
World Class Standards
Visit the
ETSI SCP websitefor details on meetings, current work items, documents, …
www.etsi.org
Next SCP Plenary Meeting:02-04 March here at ETSI
6th ETSI Security WS 26
World Class Standards
The UICC is everywhere
(in the form of the SIM,
USIM, R-UIM, CSIM, …)
6th ETSI Security WS 27
World Class Standards
Dr. Klaus Vedder
Group Senior Vice PresidentGiesecke & Devrient GmbHPrinzregentenstr. 15981607 MunichGermany