Security analysis of USIM application toolkit and USIM-based authentication systemUSIM 애플리케이션 툴킷 및 USIM 기반 인증 시스템의 보안성 연구

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 223
  • Download : 0
USIM cards are used in GSM, 3G, LTE based mobile network and can be used to support secure authentication mechanism. USIM cards are smartcards, and they can run applet on the card based on USIM application toolkit. While most commercial USIM cards block installation of arbitrary applet by user, some of insecure USIM cards allow third party applet to be installed. Using USIM toolkit application, attacker can eavesdrop radio-related activities, like call information and SMS transmission. Due to the nature of smartcard, USIM card provides strict access control and secure storage. This secure storage can store sensitive information, like PKI certificates. For example, Estonia provides USIM-based PKI certificate system called Mobile ID, which started service in 2007. A Korean operator started this service in April 2013, with different implementation of certificate management application. In this paper, we present USIM application toolkit based malware (in short, USIMkit) and security analysis of Korean USIM-based PKI certificate (KCert). USIMkit is not detectable by mobile operating system, and both installation and removal requires special process. Our tool ShadyUSIM is a USIM application installer based on ShadySIM, using 3GPP API directly. Our analysis showed that there are some security problems in Korean USIM-based KCert, which leaks private key, KCert during certificate installation, and USIM secure storage password during certificate usage. We also implement a small malware that steals abovementioned information from user`s mobile phone.\footnote{The material on this paper was notified to the developer and network operator, and some problems mentioned in this paper are fixed.
Advisors
Kim, Yongdaeresearcher김용대researcher
Description
한국과학기술원 :정보보호대학원,
Publisher
한국과학기술원
Issue Date
2014
Identifier
325007
Language
eng
Description

학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2014.8,[v, 32 p. :]

Keywords

USIM card▼amalware▼acertificate▼amobile network▼aUSIM application toolkit; USIM 카드▼a멀웨어▼a공인인증서▼a이동통신▼aUSIM 애플리케이션 툴킷

URI
http://hdl.handle.net/10203/282839
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=869918&flag=dissertation
Appears in Collection
IS-Theses_Master(석사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0