论文信息 - Design, Installation and Execution of a Security Agent for Mobile Stations

Design, Installation and Execution of a Security Agent for Mobile Stations

In this paper we present a methodology and protocol for establishing a security context between a Mobile Operator's application server and a GSM/UMTS SIM card. The methodology assumes that the already issued Mobile Station is capable but unprepared. The proposed scheme creates a secure entity within the Mobile Station “Over The Air” (OTA). This secure entity can then be used for subsequent SIM authentications enabling m-Commerce, DRM or web service applications. To validate our proposal we have developed a proof of concept model to install and execute the security context using readily available J2ME, Java Card, J2SE and J2EE platforms, with the KToolBar MIDP2.0 emulator tool from Sun, and a Gemplus Java Card.

[1] Markus G. Kuhn,et al. Tamper resistance: a cautionary note , 1996 .

[2] Sun Fire V20z. Sun Microsystems , 1996 .

[3] Wolfgang Rankl,et al. Smart Card Handbook , 1997 .

[4] Anthony Watson,et al. Time as an Aid to Improving Security in Smart Cards , 1999, Conference on Information Security Management & Small Systems Security.

[5] Ludovic Rousseau. Secure Time in a Portable Device , 2001 .

[6] Konstantinos Markantonakis. Is the Performance of Smart Card Cryptographic Functions the Real Bottleneck? , 2001, SEC.

[7] Scott B. Guthery,et al. Mobile Application Development with SMS and the SIM Toolkit , 2001 .

[8] Sean Murphy,et al. Cryptography: A Very Short Introduction , 2002 .

[9] N Levine. GSM and UMTS: the creation of global mobile communication , 2002 .

[10] Annette Wagner,et al. MIDP 2.0 Style Guide for the Java 2 Platform (The Java Series) , 2003 .

[11] J.A. MacDonald,et al. Using The GSM/UMTS SIM to Secure Web Services , 2005, Second IEEE International Workshop on Mobile Commerce and Services.

[12] Chris J. Mitchell,et al. Overcoming Channel Bandwidth Constraints in Secure SIM Applications , 2005, SEC.