Skip to main content
SpringerLink
Log in

SIMSec: A Key Exchange Protocol Between SIM Card and Service Provider

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Mobile technology is so popular and overdosed adoption is inevitable in today’s world. As the mobile technologies have advanced, Service Providers (SP) have offered services via Smartphones and some of them required secure data communication between the Subscriber Identity Module (SIM) cards on Smartphones and the servers of SP. The latest SIM cards comply with recent specifications including secure domain generation, mobile signatures, pre-installed encryption keys, and other useful security services. Nevertheless, un-keyed SIM cards do not satisfy such requirements, thus end-to-end encryption between the SIM card and SP cannot be provided. In this paper, we provide a key exchange protocol, which creates a symmetric key through the collaborative work of the SIM card and the SP server. After a successful protocol performance, the SIM card and SP can perform end-to-end data encryption. After defining the protocol, we also discuss the security issues and provide a formal security analysis of the protocol using the Casper/FDR tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., & Ferguson, N. (1999). The Twofish encryption algorithm: A 128-bit block cipher. New York: Wiley.

    MATH  Google Scholar 

  2. Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES-the advanced encryption standard. Berlin: Springer.

    Book  MATH  Google Scholar 

  3. Schneier, B. (1994). Description of a new variable-length key, 64-bit block cipher (Blowfish). In R. Anderson (Ed.),  Fast software encryption (pp. 191–204). Berlin: Springer.

  4. Stallings, W. (2002). The advanced encryption standard. Cryptologia, 26(3), 165–188.

    Article  Google Scholar 

  5. Coppersmith, D. (1994). The Data Encryption Standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38(3), 243–250.

    Article  MathSciNet  MATH  Google Scholar 

  6. Barker, W. C., & Barker, E. (2012). NIST Special Publication 800-67 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Revision 1.

  7. Perkov, L., Klisura, A., & Pavkovic, N. (2011). In 34th International convention on recent advances in GSM insecurities (pp. 1502–1506).

  8. ISO/IEC. (2006). ISO/IEC 7812-1:2006. Identification Cards—Identification of issuers—Part 1: Numbering system (3rd ed.).

  9. Smart Card Alliance. Smart card standards and specifications. http://www.smartcardalliance.org/smart-cards-intro-standards/. Accessed 20 April 2016.

  10. GlobalPlatform. GlobalPlatform official web page. http://www.globalplatform.org/. Accessed 20 April 2016.

  11. Sauveron, D. (2009). Multiapplication smart card: Towards an open smart card? Information Security Technical Report, 14(2), 70–78.

    Article  Google Scholar 

  12. GlobalPlatform. GlobalPlatform Card Specification v2.2.1. http://www.globalplatform.org/specificationscard.asp. Accessed 20 April 2016.

  13. Coskun, V., Ozdenizci, B., & Ok, K. (2015). The survey on near field communication (NFC) technology. Sensors, 15(6), 13348–13405.

    Article  Google Scholar 

  14. Coskun, V., Ok, K., & Ozdenizci, B. (2011). Near field communication (NFC): From theory to practice. Wiley. ISBN: 978-1119971092.

  15. Lu, R., & Cao, Z. (2007). Simple three-party key exchange protocol. Computers and Security, 26(1), 94–97.

    Article  Google Scholar 

  16. Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.

    Article  MathSciNet  MATH  Google Scholar 

  17. Camtepe, S. A. (2013). Complexity of increasing the secure connectivity in wireless Ad Hoc Networks. In C. Boyd & L. Simpson (Eds.), Information Security and Privacy (pp. 363–378). Berlin: Springer.

    Chapter  Google Scholar 

  18. Boyko, V., MacKenzie, P., & Patel, S. (2000). Provably secure password-authenticated key exchange using Diffie–Hellman. In B. Preneel (Ed.), Advances in cryptology—Eurocrypt 2000 (pp. 156–171). Berlin: Springer.

    Chapter  Google Scholar 

  19. Abdalla, M., & Pointcheval, D. (2005). Simple password-based encrypted key exchange protocols. In A. Menezes (Ed.), Topics in cryptology–CT-RSA 2005 (pp. 191–208).

  20. International Telecommunication Union. (2007). ITU-T Recommendation X.1035: Password authenticated key exchange (PAK) Protocol. http://www.itu.int/rec/T-REC-X.1035/en.

  21. Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In G. R. Blakley & D. Chaum (Eds.), Advances in cryptology (pp. 47–53). Berlin: Springer.

    Chapter  Google Scholar 

  22. Wu, T. Y., & Tseng, Y. M. (2009). An ID-based mutual authentication and key exchange protocol for low-power mobile devices. The Computer Journal,. doi:10.1093/comjnl/bxp083.

    Google Scholar 

  23. Xie, M., & Wang, L. (2012). One-round identity-based key exchange with Perfect Forward Security. Information Processing Letters, 112(14), 587–591.

    Article  MathSciNet  MATH  Google Scholar 

  24. Ok, K., Coskun, V., Aydin, M. N., & Ozdenizci, B. (2010). Current benefits and future directions of NFC services. In 2010 International conference on education and management technology (ICEMT), (pp. 334–338).

  25. Ozdenizci, B., Coskun, V., & Ok, K. (2015). NFC internal: An indoor navigation system. Sensors, 15(4), 7571–7595.

    Article  Google Scholar 

  26. Ozdenizci, B., Ok, K., & Coskun, V. (2013). NFC loyal for enhancing loyalty services through near field communication. Wireless Personal Communications, 68(4), 1923–1942.

    Article  Google Scholar 

  27. Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.

    Article  MATH  Google Scholar 

  28. Welbourne, E., Battle, L., Cole, G., Gould, K., Rector, K., Raymer, S., et al. (2009). Building the internet of things using RFID: The RFID ecosystem experience. Internet Computing, 13(3), 48–55.

    Article  Google Scholar 

  29. Karnouskos, S. (2004). Mobile payment: A journey through existing procedures and standardization initiatives. Communications Surveys and Tutorials, 6(4), 44–66.

    Article  Google Scholar 

  30. Coskun, V., Ozdenizci, B., Ok, K., Alsadi, M., & Soylemezgiller, F. (2013). Design and development of NFC enabled loyalty system. In Proceedings of the 6th international conference of advanced computer systems and networks: Design and application, Lviv, Ukraine (pp. 16–18).

  31. Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5), 321–325.

    Article  Google Scholar 

  32. Li, C. T., Lee, C. C., Liu, C. J., & Lee, C. W. (2011). A robust remote user authentication scheme against smart card security breach. In Y. Li (Ed.),  Data and applications security and privacy XXV (pp. 231–238). Berlin: Springer.

  33. Badra, M., & Urien, P. (2004). Toward SSL integration in SIM SmartCards. In Wireless communications and networking conference, 2004. WCNC. 2004 IEEE (Vol. 2, pp. 889–893).

  34. Rongyu, H., Guolei, Z., Chaowen, C., Hui, X., Xi, Q., & Zheng, Q. (2009). A PK-SIM card based end-to-end security framework for SMS. Computer Standards and Interfaces, 31(4), 629–641.

    Article  Google Scholar 

  35. Li, Y., Chen, M., & Nie, J. (2011). Mobile commerce security model construction based on sms. In Wireless communications, networking and mobile computing (WiCOM), 7th International Conference on 2011 (pp. 1–3).

  36. Markantonakis, K., & Mayes, K. (2005). A Secure Channel protocol for multi-application smart cards based on public key cryptography, Communications and Multimedia Security, (Vol. 175, pp. 79–95). US: Springer.

    Google Scholar 

  37. Ok, K., Coskun, V., & Cevikbas, R. C. (2014). Challenges and risks for a secure communication between a smartcard and a SP through cellular network. International Journal of Advances in Computer Networks and Its Security, 4(4), 26–30.

    Google Scholar 

  38. Ok, K., Coskun, V., Cevikbas, C., & Ozdenizci, B. (2015). Design of a key exchange protocol between SIM card and service provider. In 2015 23rd telecommunications forum telfor (TELFOR)  (pp. 281–284). IEEE.

  39. 3rd Generation Partnership Project 2 / 3GPP2. (2007). X.S0028-100-0 cdma2000 Packet data services: Wireless local area network (WLAN) interworking—Access to internet. http://www.3gpp2.org/public_html/specs/X.S0028-100-0_v1.0_070405.pdf. Last Access Date 20 April 2016.

  40. 3rd Generation Partnership Project 2 / 3GPP2. (2010). Over-the-air service provisioning of mobile stations in spread spectrum systems. http://www.3gpp2.org/public_html/specs/C.S0016-D%20v1.0_OTASP.pdf. Last Access Date 20 April 2016.

  41. Sterckx, M., Gierlichs, B., Preneel, B., & Verbauwhede, I. (2009). Efficient implementation of anonymous credentials on Java Card smart cards. In First IEEE international workshop on information forensics and security, (pp. 106–110).

  42. Borst, J., Preneel, B., & Rijmen, V. (2001). Cryptography on smart cards. Computer Networks, 36(4), 423–435.

    Article  Google Scholar 

  43. Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2006). Recommendation for key management-part 1: General (Revision 3). NIST special publication.

  44. Lowe, G. Casper: A compiler for the analysis of security protocols. http://www.cs.ox.ac.uk/gavin.lowe/Security/Casper/. Accessed 20 April 2016.

  45. Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557–594.

    Article  MathSciNet  MATH  Google Scholar 

  46. Lamberger, M., & Mendel, F. (2011). Higher-order differential attack on reduced SHA-256. IACR Cryptology ePrint Archive, 2011, 37.

    Google Scholar 

  47. Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis (pp. 30–45). Berlin: Springer.

    MATH  Google Scholar 

Download references

Acknowledgments

This work is funded by TÜBİTAK (The Scientific and Technological Research Council Of Turkey, www.tubitak.gov.tr/en) and Turkcell Technology (www.turkcell.com.tr) under TÜBİTAK project Grant Number 1505–5130053.

Author information

Authors and Affiliations

  1. Information Technologies Department, Isik University, Istanbul, Turkey

    Kerem Ok, Vedat Coskun & Busra Ozdenizci

  2. Electrical and Electronics Engineering Department, Istanbul University, Istanbul, Turkey

    Siddik Binboga Yarman

  3. Turkcell Technology, Istanbul, Turkey

    Cem Cevikbas

Authors
  1. Kerem Ok
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vedat Coskun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Siddik Binboga Yarman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Cem Cevikbas
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Busra Ozdenizci
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vedat Coskun.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ok, K., Coskun, V., Yarman, S.B. et al. SIMSec: A Key Exchange Protocol Between SIM Card and Service Provider. Wireless Pers Commun 89, 1371–1390 (2016). https://doi.org/10.1007/s11277-016-3326-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3326-5

Keywords

Search

Navigation