This book describes the current and most probable future wireless security solutions. The focus is on the technical discussion of existing systems and new trends like Internet of Things (IoT). It also discusses existing and potential security threats, presents methods for protecting systems, operators and end-users, describes security systems attack types and the new dangers in the ever-evolving Internet. The book functions as a practical guide describing the evolvement of the wireless environment, and how to ensure the fluent continuum of the new functionalities, whilst minimizing the potential risks in network security.

Jyrki Penttinen has worked in mobile telecommunications with network operators and manufacturers since 1994. He has theoretical knowledge and operational experience of end-to-end architectures and functioning of major mobile communications systems, including GSM/GPRS/EDGE, UMTS/HSPA and LTE/LTE-A with their respective evolution paths. He has worked in research and operational activities in both radio and core network domains, including planning, optimization, measurements, system architectures and services. He joined Giesecke & Devrient Mobile Security team in 2014, currently focusing on the security solutions and future trends of the industry.

About the Author xii

Preface xiii

Acknowledgements xv

Abbreviations xvi

1 Introduction 1

1.1 Introduction 1

1.2 Wireless Security 2

1.2.1 Background and Advances 2

1.2.2 Statistics 2

1.2.3 Wireless Threats 4

1.2.4 M2M Environment 9

1.3 Standardization 10

1.3.1 The Open Mobile Alliance (OMA) 10

1.3.2 The International Organization for Standardization (ISO) 12

1.3.3 The International Telecommunications Union (ITU) 14

1.3.4 The European Telecommunications Standards Institute (ETSI) 14

1.3.5 The Institute of Electrical and Electronics Engineers (IEEE) 15

1.3.6 The Internet Engineering Task Force (IETF) 16

1.3.7 The 3rd Generation Partnership Project (3GPP) 16

1.3.8 The 3rd Generation Partnership Project 2 (3GPP2) 25

1.3.9 The GlobalPlatform 25

1.3.10 The SIMalliance 26

1.3.11 The Smartcard Alliance 27

1.3.12 The GSM Association (GSMA) 27

1.3.13 The National Institute of Standards and Technology (NIST) 28

1.3.14 The National Highway Transportation and Safety Administration (NHTSA) 28

1.3.15 Other Standardization and Industry Forums 28

1.3.16 The EMV Company (EMVCo) 29

1.3.17 The Personal Computer/Smartcard (PC/SC) 29

1.3.18 The Health Insurance Portability and Accountability Act (HIPAA) 29

1.3.19 The Common Criteria (CC) 29

1.3.20 The Evaluation Assurance Level (EAL) 30

1.3.21 The Federal Information Processing Standards (FIPS) 31

1.3.22 Biometric Standards 31

1.3.23 Other Related Entities 32

1.4 Wireless Security Principles 32

1.4.1 General 32

1.4.2 Regulation 33

1.4.3 Security Architectures 33

1.4.4 Algorithms and Security Principles 33

1.5 Focus and Contents of the Book 36

References 38

2 Security of Wireless Systems 42

2.1 Overview 42

2.1.1 Overall Security Considerations in the Mobile Environment 42

2.1.2 Developing Security Threats 43

2.1.3 RF Interferences and Safety 45

2.2 Effects of Broadband Mobile Data 46

2.2.1 Background 46

2.2.2 The Role of Networks 47

2.2.3 The Role of Apps 50

2.2.4 UE Application Development 52

2.2.5 Developers 55

2.2.6 The Role of the SIM/UICC 56

2.2.7 Challenges of Legislation 57

2.2.8 Updating Standards 58

2.2.9 3GPP System Evolution 58

2.3 GSM 59

2.3.1 The SIM 60

2.3.2 Authentication and Authorization 62

2.3.3 Encryption of the Radio Interface 63

2.3.4 Encryption of IMSI 65

2.3.5 Other GSM Security Aspects 65

2.4 UMTS/HSPA 66

2.4.1 Principles of 3G Security 66

2.4.2 Key Utilization 68

2.4.3 3G Security Procedures 69

2.5 Long Term Evolution 71

2.5.1 Protection and Security Principles 71

2.5.2 X.509 Certificates and Public Key Infrastructure (PKI) 71

2.5.3 IPsec and Internet Key Exchange (IKE) for LTE Transport Security 72

2.5.4 Traffic Filtering 73

2.5.5 LTE Radio Interface Security 74

2.5.6 Authentication and Authorization 78

2.5.7 LTE/SAE Service Security - Case Examples 79

2.5.8 Multimedia Broadcast and Multicast Service (MBMS) and enhanced MBMS (eMBMS) 83

2.6 Security Aspects of Other Networks 91

2.6.1 CDMA (IS-95) 91

2.6.2 CDMA2000 93

2.6.3 Broadcast Systems 94

2.6.4 Satellite Systems 94

2.6.5 Terrestrial Trunked Radio (TETRA) 95

2.6.6 Wireless Local Area Network (WLAN) 96

2.7 Interoperability 102

2.7.1 Simultaneous Support for LTE/SAE and 2G/3G 102

2.7.2 VoLTE 105

2.7.3 CS Fallback 105

2.7.4 Inter-operator Security Aspects 106

2.7.5 Wi-Fi Networks and Offload 106

2.7.6 Femtocell Architecture 108

References 109

3 Internet of Things 112

3.1 Overview 112

3.2 Foundation 113

3.2.1 Definitions 113

3.2.2 Security Considerations of IoT 115

3.2.3 The Role of IoT 115

3.2.4 IoT Environment 117

3.2.5 IoT Market 120

3.2.6 Connectivity 121

3.2.7 Regulation 122

3.2.8 Security Risks 123

3.2.9 Cloud 128

3.2.10 Cellular Connectivity 129

3.2.11 WLAN 133

3.2.12 Low-Range Systems 133

3.3 Development of IoT 140

3.3.1 GSMA Connected Living 140

3.3.2 The GlobalPlatform 141

3.3.3 Other Industry Forums 141

3.4 Technical Description of IoT 142

3.4.1 General 142

3.4.2 Secure Communication Channels and Interfaces 143

3.4.3 Provisioning and Key Derivation 144

3.4.4 Use Cases 144

References 148

4 Smartcards and Secure Elements 150

4.1 Overview 150

4.2 Role of Smartcards and SEs 151

4.3 Contact Cards 153

4.3.1 ISO/IEC 7816-1 154

4.3.2 ISO/IEC 7816-2 155

4.3.3 ISO/IEC 7816-3 155

4.3.4 ISO/IEC 7816-4 157

4.3.5 ISO/IEC 7816-5 157

4.3.6 ISO/IEC 7816-6 157

4.3.7 ISO/IEC 7816-7 157

4.3.8 ISO/IEC 7816-8 157

4.3.9 ISO/IEC 7816-9 158

4.3.10 ISO/IEC 7816-10 158

4.3.11 ISO/IEC 7816-11 158

4.3.12 ISO/IEC 7816-12 158

4.3.13 ISO/IEC 7816-13 158

4.3.14 ISO/IEC 7816-15 158

4.4 The SIM/UICC 159

4.4.1 Terminology 159

4.4.2 Principle 159

4.4.3 Key Standards 160

4.4.4 Form Factors 161

4.5 Contents of the SIM 164

4.5.1 UICC Building Blocks 164

4.5.2 The SIM Application Toolkit (SAT) 167

4.5.3 Contents of the UICC 168

4.6 Embedded SEs 168

4.6.1 Principle 168

4.6.2 M2M Subscription Management 169

4.6.3 Personalization 172

4.6.4 M2M SIM Types 173

4.7 Other Card Types 174

4.7.1 Access Cards 174

4.7.2 External SD Cards 175

4.8 Contactless Cards 175

4.8.1 ISO/IEC Standards 175

4.8.2 NFC 176

4.9 Electromechanical Characteristics of Smartcards 178

4.9.1 HW Blocks 178

4.9.2 Memory 178

4.9.3 Environmental Classes 179

4.10 Smartcard SW 181

4.10.1 File Structure 181

4.10.2 Card Commands 183

4.10.3 Java Card 184

4.11 UICC Communications 184

4.11.1 Card Communications 184

4.11.2 Remote File Management 185

References 186

5 Wireless Payment and Access Systems 188

5.1 Overview 188

5.2 Wireless Connectivity as a Base for Payment and Acc…