“application” layer security Tim Wright Communications Security and Advanced Development Group Vodafone Limited
Security and Fraud, 2000
the word is 09.03.00
Contents ● ● ● ● ●
Introduction to public key cryptography WAP security MExE and MExE security Introduction to Java / J2ME Issues and challenges for application layer security
Security and Fraud, 2000
the word is 09.03.00
Digital signatures and PK ●
●
● ● ●
Secret key cryptography - good where you trust who you’re talking to Public key crypto where you don’t or have problems transmitting keys A private key for every public key Encrypt with public key and decrypt with private Or the reverse - sign with private key, verify with public
Security and Fraud, 2000
the word is 09.03.00
Certificates ● ● ●
● ● ●
Public keys can be public but could be changed Possibility of spoofing Certificate is a public key signed with a “higher” private key Need a public key to verify that private key End up with a root at the top Public Key Infrastructure, PKI, is: ●
●
●
Certification Authorities (CA), from which certificates are obtained Registration Authorities (RA), that check identity of client before certificate is issued interfaces between these and other nodes
Security and Fraud, 2000
the word is 09.03.00
WAP - services ● ●
Initially just browsing Future: ● ● ● ●
mobile e-commerce downloaded scripts and applications telephony control (WTA) links to external devices
the word is
Security and Fraud, 2000
09.03.00
WAP - security ●
Transport security ●
●
Application security ●
●
WMLScript support for digital signature (SignText), end to end client authentication
WAP identity module ●
●
WTLS
Storage and processing of sensitive security parameters
Wireless PKI ●
To support transport security and application security
Security and Fraud, 2000
the word is 09.03.00
WTLS ● ●
●
WTLS is the wireless equivalent of SSL/TLS Extends from WAP client to WAP gateway or WAP server New certificate format “WTLS certificate” ●
●
●
compact, but can only be used for WAP gateway/server authentication
WAP clients need to be initialised with appropriate root public keys by trusted means - preferably on a SIM or at terminal manufacture end to end transport layer security is still WTLS, redirected to a new gateway
Security and Fraud, 2000
the word is 09.03.00
Digital signatures in WAP ●
●
●
● ●
WMLScript function in WML pages to call signing or client authentication function Allows users to sign web documents and forms and/or be authenticated to end point WML provider can receive and verify signed documents from users Can be used to secure e-commerce transactions Could provide non repudiation
Security and Fraud, 2000
the word is 09.03.00
WIM ● ●
●
●
Specification of an interface to a security module No specification of hardware security (best solution is IC card) WIM uses RSA PKCS#15 specification for directory structure and ASN.1 encoding of cryptographic parameters WIM can be ● ● ●
on separate IC card (ICC) same ICC as SIM integrated into SIM
Security and Fraud, 2000
the word is 09.03.00
WPKI ● ● ● ● ●
Definition of certificate profiles for WAP applications Standardised way for client to obtain a certificate Specifies installation of trusted root keys Provides method of securing WTA PKI not required if just WAP gateway/server authentication and traffic encryption is needed
Security and Fraud, 2000
the word is 09.03.00
Signed content in WAP ● ●
● ●
EFI - External Function Interface (WAP 1.4) Framework for WMLScripts to access functions external to the phone - second ICC, IrDA, Bluetooth, GPS Signed content may be the security mechanism Signed content is to be used for WTA security in the long term
Security and Fraud, 2000
the word is 09.03.00
WAP security - issues ●
Few roots on the browser ● ● ●
●
Installation of new roots on the terminal ● ●
●
opens up PKI commercially opens up holes in WAP security
Effect of false base station ●
●
Will there be at least one root that is on all terminals? Or will VASP’s need multiple certificates? Operator provided root on the SIM
MSISDN pass through for user/client id
Few roots - means no restrictions on what root certificates can be used for?
Security and Fraud, 2000
the word is 09.03.00
MExE ● ●
● ● ●
Mobile Execution Environment Framework for download of scripts, applets, applications and phone software to mobile phones Making the phone more like a PC/PDA Standardised environment - write once, run anywhere MExE classmarks ● ●
Classmark 1: applications are written in WMLScript Classmark 2: applications are written in Java
Security and Fraud, 2000
the word is 09.03.00
MExE security ● ●
● ●
●
Mobile code for mobile phones Downloaded code can make calls, change MMI, look at user data, …. Dangerous! MExE therefore has untrusted and trusted applications Trusted applications are digitally signed by their originator and can do much more than untrusted applications
Security and Fraud, 2000
the word is 09.03.00
MExE trusted domains ●
Three trusted execution domains ● ● ●
●
●
●
Operator Manufacture Third party
Trusted application can only execute if signature can be verified on the client Root public keys loaded onto terminal by secure means Operator and third party keys can be loaded onto SIM
Security and Fraud, 2000
the word is 09.03.00
User permission in MExE ●
●
●
Applications cannot be installed without user permission Applications cannot carry out functions without user permission Three types of user permission ● ● ●
●
Single action Session Blanket
Trade-off between flexibility of security architecture and usability of the service ● ●
How much will user understand? How easy is it to fool the user?
Security and Fraud, 2000
the word is 09.03.00
A bit about Java ● ● ● ●
Write once, run anywhere - platform independent Anywhere that has the “Java Virtual Machine” Code transmitted is small Designed to be secure, in that the JVM can control what functions and memory can be accessed by an application
Security and Fraud, 2000
the word is 09.03.00
A bit more
Java Java Application Programming Interfaces (API’s)
Java Virtual Machine Platform OS Security and Fraud, 2000
the word is 09.03.00
Java Phone ●
●
● ●
Phone manufacturers could write all the phone software in Java Enable easier software re-use, and easier development through standard O/S environment Download of upgrades via MExE PersonalJava is too big - kJava, KVM developed
Security and Fraud, 2000
the word is 09.03.00
KVM ● ● ● ●
Virtual Machine re-written from scratch API’s re-written and optimised for “limited” devices Core API’s have been defined “Profiles”, sets of mandatory and optional API’s are being defined via Java Specification Requests (JSR’s)
Security and Fraud, 2000
the word is 09.03.00
KVM uses ● ● ●
KVM will bring phone and PDA together Download of applications to phone will be a reality Opportunities ● ●
● ●
for services for fraud
Security architecture not yet clear Untrusted code can still be dangerous
Security and Fraud, 2000
the word is 09.03.00
The future’s bright, it’s a rainbow ●
There are no issues with application layer security? ● ●
●
● ● ●
Mobile network operator provides bearer services Security at the application layer provided by the value added service provider (VASP)
Terminal and infrastructure manufacturers want terminals to support many services Increased terminal value Increased numbers of service providers Increased network usage - operators should be happy
Security and Fraud, 2000
the word is 09.03.00
Clouds on the horizon ● ●
●
●
●
Operator wants to move up the value chain Operators concerned that they will be held responsible for fraud at the application layer Issues of trust - operators know each other - they don’t know the VASP’s But security implies control, and control implies control of services, commercial control Application layer security can become a battleground
Security and Fraud, 2000
the word is 09.03.00
Challenges and opportunities ●
New and more parties involved in service provision ●
●
● ● ●
new, complex trust model
Profit potential is enormous - security left by the wayside? Security is considered important Balance between flexibility and usability/security Let’s keep the mobile Internet clean
Security and Fraud, 2000
the word is 09.03.00
