An invaluable reference discussing the Generic Authentication Architecture (GAA), its infrastructure, usage and integration into existing networksCellular Authentication for Mobile and Internet Services introduces the reader into the field of secure communication for mobile applications, including secure web browsing with a phone or PC, Single Sign-On (SSO), mobile broadcast content protection, secure location services, etc. The book discusses the Generic Authentication Architecture (GAA) of the mobile standardization body 3rd Generation Partnership Project (3GPP) and its American counterpart 3GPP2 in full detail and with all variants. It explains the usage of GAA by various standardization bodies and standardized applications, and also looks at a number of non-standardized ones, such as secure remote login to enterprise environment and card personalization. Cellular Authentication for Mobile and Internet Services:Describes the usage of the generic authentication architecture (GAA) by various standardization bodies and standardized applications, covering mobile broadcast / multicast service security, Single Sign-On, HTTPS (i.e. secure web browsing), secure data access, secure location services, etcProvides guidance on how to integrate the generic authentication into existing and future terminals, networks and applicationsExplains the functionality of the application security in general as well as on application developer levelDescribes various business scenarios and related security solutions, and covers secure application implementation and integrationBrings together essential information (currently scattered across different standardization bodies) on standards in one comprehensive volumeThis excellent all-in-one reference will provide system and protocol designers, application developers, senior software project managers, telecommunication managers and ISP managers with a sound introduction into the field of secure communication for mobile applications. System integrators, advanced students, Ph.D. candidates, and professors of computer science or telecommunications will also find this text very useful.
Author(s): Silke Holtmanns, Valtteri Niemi, Philip Ginzboorg, Pekka Laitinen, N. Asokan
Edition: 1
Year: 2008
Language: English
Pages: 212
Cellular Authentication for Mobile and Internet Services......Page 1
Contents......Page 7
Preface......Page 11
Acknowledgements......Page 13
1.1 Authenticated Key Agreement......Page 15
1.2 The Challenge in Authenticated Key Agreement......Page 16
1.3 How to Read this Book?......Page 19
Reference......Page 20
2.1.1 UMTS Security Infrastructure......Page 21
2.1.2 Issues in Securing Services with Radio Layer Security......Page 28
2.2.1 Public Key Infrastructure (PKI)......Page 30
2.2.2 Passwords......Page 32
2.2.4 Radio Layer and General Purpose Security Mechanisms......Page 33
2.3 Requirements for GAA......Page 34
References......Page 35
3.1.1 Rationales for Design Decisions......Page 37
3.1.2 A Bird’s Eye View of GAA......Page 39
3.2.1 Architectural Elements of GAA......Page 44
3.2.2 Bootstrapping......Page 47
3.2.3 Authentication......Page 53
3.3 Variations of the Generic Bootstrapping Architecture......Page 55
3.3.2 GBA_U......Page 56
3.3.3 2G GBA......Page 61
3.3.4 Detection of Bootstrapping Variants by the NAF......Page 62
3.3.5 3GPP2 GBA......Page 68
3.4.1 Introduction......Page 80
3.4.2 PKI Portal......Page 86
3.4.4.1 Key Distribution for Terminal to Remote Device Usage......Page 88
3.4.4.2 Key Distribution for UICC to Terminal Usage......Page 91
3.5.1 Access Control Mechanisms in GAA......Page 93
3.5.1.1 Local Policy Enforcement in the BSF......Page 94
3.5.1.2 USS usage for NAFs......Page 95
3.5.2 Identities in GAA......Page 96
3.5.4 Usability and GAA......Page 98
3.5.5 Split Terminal......Page 101
3.5.6 Interoperator GAA: Using GAA Across Operator Boundaries......Page 103
3.5.7 Security Considerations of GAA......Page 105
3.6 Overview of 3GPP GAA Specifications......Page 110
References......Page 114
4.1.1 Authentication Using GAA......Page 119
4.1.1.1 HTTP Digest Authentication......Page 121
4.1.1.2 Pre-Shared Key TLS......Page 125
4.1.1.3 Proxy Mode Authentication......Page 126
4.1.1.4 Referrer Mode Authentication......Page 130
4.1.2 Broadcast Mobile TV Service......Page 133
4.1.2.2 Service Architecture......Page 137
4.1.2.3 Message Flow Example......Page 140
4.1.2.4 Tracing Source of Leaked Keys......Page 144
4.1.3 Further Standardized Usage Scenarios......Page 145
4.2 Additional Usage Scenarios......Page 149
4.2.1 Secure Enterprise Login......Page 150
4.2.2 Personalization for Payments and Securing Public Transport Tickets......Page 152
4.2.3 Secure Messaging in Delay and Disruption-prone Environments......Page 154
4.2.4 Terminal to Terminal Security......Page 155
4.2.5 Transitive Trust in IP Multimedia Subsystems (IMS)......Page 158
References......Page 162
5.1.1 Introduction......Page 167
5.1.2 Username / Password Replacement......Page 168
5.1.3 NAF Library......Page 169
5.1.3.1 Apache Web Server......Page 170
5.1.3.2 J2EE Servers......Page 171
5.1.3.3 Direct Usage of NAF Library......Page 172
5.2 Integration with OS Security......Page 173
5.2.1 Threats for GAA Implementations in Open Platform UEs......Page 174
5.2.2 Access Control Requirements......Page 175
5.2.3 Basic Access Control in Practice: Integration in the Series 60 Platform......Page 176
5.2.4 Extended Access Control: Design Options......Page 177
5.2.5 Other Platforms......Page 179
5.3.1 Introduction......Page 180
5.3.2 GAA Interworking with Liberty ID-FF......Page 181
5.4.1 Integration of HLR into GAA......Page 184
5.4.2 Key Lifetime Setting in BSF......Page 187
5.4.3 Usage of SIM Cards in GAA (2G GBA)......Page 189
5.4.4 Charging and GAA......Page 191
5.4.5 GAA Integration into Large Networks......Page 192
References......Page 194
6.1.1 GBA Push......Page 197
6.1.2 GAA User Privacy......Page 199
6.1.3 GAA in Evolved Packet Systems (EPSs) and Mobile IP (MIP)......Page 201
6.2 Outlook for GAA......Page 203
References......Page 206
Terminology and Abbreviations......Page 207
Index......Page 215
