Password-Based SIMSec Protocol

The purpose of the SIMSec protocol is to provide the infrastructure to enable secured access between theSIM (Subscriber Identity Module) card which doesn’t have an ephemeral key installed during productionand the service provider. This infrastructure has a form based on agreements among the mobile networkmanufacturer, the user, the service provider and the card manufacturer. In order to secure transactions,authentication methods are used based on the fact that both parties can verify that they are the partiesthey claim to be. In this study, the key exchange and authentication models in the literature have beensurveyed and the password-based authentication model is chosen. For the SIMSec protocol, thepassword-based authentication algorithm is integrated into the SIMSec protocol. Thanks to the proposednew structure, phase differences in the SIMSec protocol are shown. As a result, a new key exchangeprotocol is proposed for SIM cards.

PDF

___

[1] He, S., & Paar, I. C. (2007, July). SIM card security. In Seminar Work, Ruhr-University of Bochum
[2] Kapoor, V., Abraham, V. S., & Singh, R. (2008). Elliptic curve cryptography. Ubiquity, 2008(May), 1-8.
[3] Ok, K., Coskun, V., Yarman, S. B., Cevikbas, C., & Ozdenizci, B. (2016). SIMSec: A key exchange protocol between SIM card and service provider. Wireless Personal Communications, 89(4), 1371-1390.
[4] Rongyu, H., Guolei, Z., Chaowen, C., Hui, X., Xi, Q., & Zheng, Q. (2009). A PK-SIM card based end-to-end security framework for SMS. Computer Standards & Interfaces, 31(4), 629-641.
[5] Li, Y., Chen, M., & Nie, J. (2011, September). Mobile commerce security model construction based on sms. In 2011 7th International Conference on Wireless Communications, Networking and Mobile Computing (pp. 1- 3). IEEE.
[6] Badra, M., & Urien, P. (2004, March). Toward SSL integration in SIM smartcards. In 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No. 04TH8733) (Vol. 2, pp. 889-893). IEEE.
[7] Markantonakis, K., & Mayes, K. (2005). A Secure Channel protocol for multi-application smart cards based on public key cryptography. In Communications and Multimedia Security (pp. 79-95). Springer, Boston, MA.
[8] Handschuh, H., & Paillier, P. (1998, September). Smart card crypto-coprocessors for public-key cryptography. In International Conference on Smart Card Research and Advanced Applications (pp. 372-379). Springer, Berlin, Heidelberg.
[9] Schnorr, C. P. (1989, August). Efficient identification and signatures for smart cards. In Conference on the Theory and Application of Cryptology (pp. 239-252). Springer, New York, NY.
[10] Boyd, C., Mathuria, A., & Stebila, D. (2003). Protocols for authentication and key establishment (Vol. 1). Heidelberg: Springer.
[11] Shor, P. W. (1994, November). Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science (pp. 124-134). Ieee.
[12] Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks..
[13] Bellare, M., Pointcheval, D., & Rogaway, P. (2000, May). Authenticated key exchange secure against dictionary attacks. In International conference on the theory and applications of cryptographic techniques (pp. 139-155). Springer, Berlin, Heidelberg.
[14] Boyko, V., MacKenzie, P., & Patel, S. (2000, May). Provably secure password-authenticated key exchange using Diffie-Hellman. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 156- 171). Springer, Berlin, Heidelberg.
[15] MacKenzie, P. (2002). The PAK suite: Protocols for password-authenticated key exchange. In IEEE P1363. 2.
[16] Mackenzie, P. (2001, April). More efficient passwordauthenticated key exchange. In Cryptographers’ Track at the RSA Conference (pp. 361-377). Springer, Berlin, Heidelberg.
[17] Lenstra, A. K., & Verheul, E. R. (2000, August). The XTR public key system. In Annual International Cryptology Conference (pp. 1-19). Springer, Berlin, Heidelberg.
[18] Jablon, D. P. (1996). Strong password-only authenticated key exchange. ACM SIGCOMM Computer Communication Review, 26(5), 5-26.
[19] MacKenzie, P. (2001). On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. IACR Cryptol. ePrint Arch., 2001, 57.
[20] IEEE P1363 Working Group. (2003). Standard specifications for password-based public-key cryptographic techniques. IEEE P1363. 2/D11.
[21] Perlman, R., & Kaufman, C. (2001, August). PDM: A new strong password-based protocol. In Proceedings of the 10th USENIX Security Symposium (pp. 313-321).
[22] Jablon, D. P. (1997, June). Extended password key exchange protocols immune to dictionary attack. In Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (pp. 248-255). IEEE.
[23] Wu, T. D. (1998, March). The Secure Remote Password Protocol. In NDSS (Vol. 98, pp. 97-111).
[24] Kwon, T. (2000). Ultimate solution to authentication via memorable password. Contribution to the IEEE P1363 Study Group.
[25] Lee, W. C. (1995). Mobile cellular telecommunications: analog and digital systems. McGraw-Hill Professional.