Abstract
Mobile technology is so popular and overdosed adoption is inevitable in today’s world. As the mobile technologies have advanced, Service Providers (SP) have offered services via Smartphones and some of them required secure data communication between the Subscriber Identity Module (SIM) cards on Smartphones and the servers of SP. The latest SIM cards comply with recent specifications including secure domain generation, mobile signatures, pre-installed encryption keys, and other useful security services. Nevertheless, un-keyed SIM cards do not satisfy such requirements, thus end-to-end encryption between the SIM card and SP cannot be provided. In this paper, we provide a key exchange protocol, which creates a symmetric key through the collaborative work of the SIM card and the SP server. After a successful protocol performance, the SIM card and SP can perform end-to-end data encryption. After defining the protocol, we also discuss the security issues and provide a formal security analysis of the protocol using the Casper/FDR tool.
Similar content being viewed by others
References
Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., & Ferguson, N. (1999). The Twofish encryption algorithm: A 128-bit block cipher. New York: Wiley.
Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES-the advanced encryption standard. Berlin: Springer.
Schneier, B. (1994). Description of a new variable-length key, 64-bit block cipher (Blowfish). In R. Anderson (Ed.), Fast software encryption (pp. 191–204). Berlin: Springer.
Stallings, W. (2002). The advanced encryption standard. Cryptologia, 26(3), 165–188.
Coppersmith, D. (1994). The Data Encryption Standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38(3), 243–250.
Barker, W. C., & Barker, E. (2012). NIST Special Publication 800-67 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Revision 1.
Perkov, L., Klisura, A., & Pavkovic, N. (2011). In 34th International convention on recent advances in GSM insecurities (pp. 1502–1506).
ISO/IEC. (2006). ISO/IEC 7812-1:2006. Identification Cards—Identification of issuers—Part 1: Numbering system (3rd ed.).
Smart Card Alliance. Smart card standards and specifications. http://www.smartcardalliance.org/smart-cards-intro-standards/. Accessed 20 April 2016.
GlobalPlatform. GlobalPlatform official web page. http://www.globalplatform.org/. Accessed 20 April 2016.
Sauveron, D. (2009). Multiapplication smart card: Towards an open smart card? Information Security Technical Report, 14(2), 70–78.
GlobalPlatform. GlobalPlatform Card Specification v2.2.1. http://www.globalplatform.org/specificationscard.asp. Accessed 20 April 2016.
Coskun, V., Ozdenizci, B., & Ok, K. (2015). The survey on near field communication (NFC) technology. Sensors, 15(6), 13348–13405.
Coskun, V., Ok, K., & Ozdenizci, B. (2011). Near field communication (NFC): From theory to practice. Wiley. ISBN: 978-1119971092.
Lu, R., & Cao, Z. (2007). Simple three-party key exchange protocol. Computers and Security, 26(1), 94–97.
Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.
Camtepe, S. A. (2013). Complexity of increasing the secure connectivity in wireless Ad Hoc Networks. In C. Boyd & L. Simpson (Eds.), Information Security and Privacy (pp. 363–378). Berlin: Springer.
Boyko, V., MacKenzie, P., & Patel, S. (2000). Provably secure password-authenticated key exchange using Diffie–Hellman. In B. Preneel (Ed.), Advances in cryptology—Eurocrypt 2000 (pp. 156–171). Berlin: Springer.
Abdalla, M., & Pointcheval, D. (2005). Simple password-based encrypted key exchange protocols. In A. Menezes (Ed.), Topics in cryptology–CT-RSA 2005 (pp. 191–208).
International Telecommunication Union. (2007). ITU-T Recommendation X.1035: Password authenticated key exchange (PAK) Protocol. http://www.itu.int/rec/T-REC-X.1035/en.
Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In G. R. Blakley & D. Chaum (Eds.), Advances in cryptology (pp. 47–53). Berlin: Springer.
Wu, T. Y., & Tseng, Y. M. (2009). An ID-based mutual authentication and key exchange protocol for low-power mobile devices. The Computer Journal,. doi:10.1093/comjnl/bxp083.
Xie, M., & Wang, L. (2012). One-round identity-based key exchange with Perfect Forward Security. Information Processing Letters, 112(14), 587–591.
Ok, K., Coskun, V., Aydin, M. N., & Ozdenizci, B. (2010). Current benefits and future directions of NFC services. In 2010 International conference on education and management technology (ICEMT), (pp. 334–338).
Ozdenizci, B., Coskun, V., & Ok, K. (2015). NFC internal: An indoor navigation system. Sensors, 15(4), 7571–7595.
Ozdenizci, B., Ok, K., & Coskun, V. (2013). NFC loyal for enhancing loyalty services through near field communication. Wireless Personal Communications, 68(4), 1923–1942.
Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.
Welbourne, E., Battle, L., Cole, G., Gould, K., Rector, K., Raymer, S., et al. (2009). Building the internet of things using RFID: The RFID ecosystem experience. Internet Computing, 13(3), 48–55.
Karnouskos, S. (2004). Mobile payment: A journey through existing procedures and standardization initiatives. Communications Surveys and Tutorials, 6(4), 44–66.
Coskun, V., Ozdenizci, B., Ok, K., Alsadi, M., & Soylemezgiller, F. (2013). Design and development of NFC enabled loyalty system. In Proceedings of the 6th international conference of advanced computer systems and networks: Design and application, Lviv, Ukraine (pp. 16–18).
Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5), 321–325.
Li, C. T., Lee, C. C., Liu, C. J., & Lee, C. W. (2011). A robust remote user authentication scheme against smart card security breach. In Y. Li (Ed.), Data and applications security and privacy XXV (pp. 231–238). Berlin: Springer.
Badra, M., & Urien, P. (2004). Toward SSL integration in SIM SmartCards. In Wireless communications and networking conference, 2004. WCNC. 2004 IEEE (Vol. 2, pp. 889–893).
Rongyu, H., Guolei, Z., Chaowen, C., Hui, X., Xi, Q., & Zheng, Q. (2009). A PK-SIM card based end-to-end security framework for SMS. Computer Standards and Interfaces, 31(4), 629–641.
Li, Y., Chen, M., & Nie, J. (2011). Mobile commerce security model construction based on sms. In Wireless communications, networking and mobile computing (WiCOM), 7th International Conference on 2011 (pp. 1–3).
Markantonakis, K., & Mayes, K. (2005). A Secure Channel protocol for multi-application smart cards based on public key cryptography, Communications and Multimedia Security, (Vol. 175, pp. 79–95). US: Springer.
Ok, K., Coskun, V., & Cevikbas, R. C. (2014). Challenges and risks for a secure communication between a smartcard and a SP through cellular network. International Journal of Advances in Computer Networks and Its Security, 4(4), 26–30.
Ok, K., Coskun, V., Cevikbas, C., & Ozdenizci, B. (2015). Design of a key exchange protocol between SIM card and service provider. In 2015 23rd telecommunications forum telfor (TELFOR) (pp. 281–284). IEEE.
3rd Generation Partnership Project 2 / 3GPP2. (2007). X.S0028-100-0 cdma2000 Packet data services: Wireless local area network (WLAN) interworking—Access to internet. http://www.3gpp2.org/public_html/specs/X.S0028-100-0_v1.0_070405.pdf. Last Access Date 20 April 2016.
3rd Generation Partnership Project 2 / 3GPP2. (2010). Over-the-air service provisioning of mobile stations in spread spectrum systems. http://www.3gpp2.org/public_html/specs/C.S0016-D%20v1.0_OTASP.pdf. Last Access Date 20 April 2016.
Sterckx, M., Gierlichs, B., Preneel, B., & Verbauwhede, I. (2009). Efficient implementation of anonymous credentials on Java Card smart cards. In First IEEE international workshop on information forensics and security, (pp. 106–110).
Borst, J., Preneel, B., & Rijmen, V. (2001). Cryptography on smart cards. Computer Networks, 36(4), 423–435.
Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2006). Recommendation for key management-part 1: General (Revision 3). NIST special publication.
Lowe, G. Casper: A compiler for the analysis of security protocols. http://www.cs.ox.ac.uk/gavin.lowe/Security/Casper/. Accessed 20 April 2016.
Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557–594.
Lamberger, M., & Mendel, F. (2011). Higher-order differential attack on reduced SHA-256. IACR Cryptology ePrint Archive, 2011, 37.
Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis (pp. 30–45). Berlin: Springer.
Acknowledgments
This work is funded by TÜBİTAK (The Scientific and Technological Research Council Of Turkey, www.tubitak.gov.tr/en) and Turkcell Technology (www.turkcell.com.tr) under TÜBİTAK project Grant Number 1505–5130053.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ok, K., Coskun, V., Yarman, S.B. et al. SIMSec: A Key Exchange Protocol Between SIM Card and Service Provider. Wireless Pers Commun 89, 1371–1390 (2016). https://doi.org/10.1007/s11277-016-3326-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3326-5