Fixed Mobile Convergence

Fixed Mobile Convergence

Fixed Mobile Convergence Dr. Stephan Spitz Giesecke & Devrient GmbH Division Telecommunication Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security solutions 3. The Future ETSI Security Workshop 2007 Seite 2 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security solutions 3. The Future ETSI Security Workshop 2007 Seite 3 Definition of Fixed Mobile Convergence, … The aim of Fixed Mobile Convergence (FMC) is to provide fixed and mobile services with a single phone or personal device, which could switch between networks ad hoc. Wikipedia ETSI Security Workshop 2007 Seite 4 … but also Network Convergence ETSI Security Workshop 2007 Seite 5 Strong Convergence Drivers TECHNOLOGY COMPETITION Multiplicity of access Disruptive business methods models Multimedia and real- Price pressure time networking Eroding revenue New standards CONVERGENCE Move to IP infrastructure Intersection IT and Telecom USER “Value rich services” PREFERENCES CONSOLIDATION Integrated value rich services Lower costs Personalized and mobile Bigger brands Secure communications Media/entertainment into Telecom/IT ETSI Security Workshop 2007 Seite 6 Standardization Bodies TISPAN (Telecoms & Internet converged Services & Protocols for Advanced Networks ) specifications of 3GPP ensure integration between fixed and mobile solutions based on 3GPP IMS (IP Multimedia Subsystem) http://www.etsi.org/tispan/; WG7 SEC security Fixed Mobile Convergence Alliance (FMCA, http://www.thefmca.com ) WiMAX Forum (http://www.wimaxforum.org ) ETSI Security Workshop 2007 Seite 7 Some FMC Examples TwinTel (http://www.arcor.de/privat/twintel.jsp) in Germany: Arcor offers a mobile GSM handset which can also be used for making calls trough the ADSL line BT Fusion* (http://www.btfusionorder.bt.com/ )in England: British Telecom offers a Vodafone handset also capable of making calls through the ADSL line. Beautiful Phone (http://www.beautifulphone.com/html/en/) in France: neuf cegetel offers also a combined fixed mobile phone. Free a french Internet provider (http://adsl.free.fr/ ), develops a WiFi mesh network of HD „freeboxes“ to be used to provide mobile telephony unik: Orange offers a single telephone, a single number, a single address book, at home or on the move www.unik.orange.fr ETSI Security Workshop 2007 Seite 8 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security solutions 3. The Future ETSI Security Workshop 2007 Seite 9 EAP in general “Only” authentication to the WLAN access point (no end-to-end security) EAP is specified in RFC 3748 A lot of EAP authentication mechanisms are available (40) e.g. EAP-MD5, EAP-TLS,… (U)SIM relevant are EAP-SIM based on 2G authentication EAP-AKA based on 3G authentication ETSI Security Workshop 2007 Seite 10 EAP-SIM RFC 4186 specifies an authentication mechanism in which a SIM´s encryption key used in GSM systems is applied for EAP authentication For security reasons triplets are used, because GSM key length is considered as to short Both sides (supplicant and authenticator) have to share the same symmetric (GSM authentication) key for the authentication process Different implementation variants on the SIM are possible depending on the communication between ME and SIM ETSI Security Workshop 2007 Seite 11 EAP-AKA RFC 4187 specifies an EAP authentication mechanism based on an USIM and the UMTS AKA (Authentication and Key Agreement) protocol The authentication vector used with AKA is applied for this special EAP authentication With the UMTS authentication also the provider/authenticator is authenticated by the handset/supplicant Both sides (supplicant and authenticator) have to share the same symmetric (UMTS authentication) key for the authentication process No technical challenge for the USIM card itself, but again different implementation variants on the USIM are possible depending on the communication between ME and SIM ETSI Security Workshop 2007 Seite 12 ISIM (IP Multimedia Subsystem) SIM 1/2 The IMS (IP Multimedia Subsystem) specified by the 3GPP TISPAN offers among other services Push-To-Talk, VoIP, Video and Content Sharing, Instant Messaging and Unified Messaging ISIM Functionality: Authentication to the operator or carrier supporting an IMS service via the Generic Bootstrapping Architecture (GBA) USIM and ISIM security algorithm are the same with IMS AKA i.e. authentication based on pre-shared symmetric keys The AKA authentication vector again is applied for IMS AKA authentication (like EAP-AKA) ETSI Security Workshop 2007 Seite 13 ISIM (IP Multimedia Subsystem) SIM 2/2 Confidential Data stored on ISIM: user’s subscription level, keys i.e. authentication and security information and the private identity of the subscriber The private identity is linked to a public identity e.g. a SIP URI “user@mynet” or TEL URI “+49-89-4119-0@mynet”. Moreover an IMS private identity can be resolved from the user’s IMSI ISIM and USIM functionality can be easily combined on one module ETSI Security Workshop 2007 Seite 14 Fixed Mobile Convergence (FMC) 1. What is FMC ? Technology Status of FMC 2. Existing (U/I)SIM-based FMC security solutions 3. The Future ETSI Security Workshop 2007 Seite 15 The Future: FMC and G&D´s GalaxSIM The Smart Card becomes fully network enabled The Smart Card can act independently as network node (no master slave communication as in ISO7816 specified any longer) The Smart Card offers security/web services based on the IP protocol The Smart Card becomes more than an authentication token, because it can directly participate in the Internet traffic Lsat, but not least: From the Internet point of view the Smart Card world is “proprietary” (T=0/1, APDUs,..) ETSI Security Workshop 2007 Seite 16 Future Use Cases The Smart Card can directly exchange confidential data with a standard Internet-Server by an end-to-end secured connection (no break of the security chain in the mobile) The Smart Card triggers actions in the Internet e.g. by a HTTP-Request (no more master-slave communication!) The Smart Card can communicate with other network components via RPC (Remote Procedure Calls) e.g. Web Services The Smart Card i.e. the Smart Card Web Server can directly display confidential information in conjunction with mTransaction and mCommerce via an Browser on the mobile ETSI Security Workshop 2007 Seite 17 Interoperability and Connectivity Status Quo GalaxSIM (Internet Smart Card 2G/3G Mobile Model) Network Phone Personal Devices Intern-Networking Internet PDAs, Multimedia based on IP Phones Connectivity GSM/UMTS System GSM/ UMTS Applications Smart Card Middleware Services / Consumer T=O SC OS Application Applications Protocols based on 2G/3G IP Smart Card APDUs App. ETSI Security Workshop 2007 Seite 18 Thank you for your attention! ETSI Security Workshop 2007 Seite 19.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    19 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us