Page 27 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 27
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
attacks that can be widely packaged and deployed. Device manufacturers must be involved to ensure that
critical updates are part of the device life cycle.
R7 – Ensure that security libraries offered by the operating system are correctly designed and implemented
and that the cipher suites they support are sufficiently strong. This will help to address risks to confidentiality
as detailed above.
R8 – The handset operating system should be configured in a way to reduce the size of the trusted computing
base. This is an essential part of secure operating system design and is crucial to reducing the attack surface.
Usability indicators for end users interacting with the operating system can also help make clear when users
are potentially operating on compromised documents containing malware. Integration of operating system
services with secure hardware facilities on the mobile platform (e.g., trusted execution environments and
secure enclaves on the chip, can further protect operating systems against compromise.
3.4 Mobile phone SIM card
Role within the ecosystem
The SIM card is an integrated circuit chip that is intended to securely store the international mobile subscriber
identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile
telephony devices. In some cases, the SIM card is used as a secure element for storage of sensitive data
and execution of applications, particularly in early-generation feature phones where tools such as the SIM
Application Toolkit can provide functionality directly through the SIM card’s capabilities, which many mobile
banking applications take advantage of. In smartphones, the SIM card can still be leveraged to retrieve
information about customer identity, but per Recommendation [ITU-T Y.2740], high security level DFS should
use their own authentication credentials.
Security threats and vulnerabilities
Access control
Past work has demonstrated that SIM cards are vulnerable to privilege escalation attacks based on a variety
of threat vectors. Over-the-air updates to SIM cards that arrive via SMS messaging have been shown to use
the insecure DES cipher [3], which is very easy to compromise. The result of a cracked update to a SIM card
includes the ability to compromise Java applications on board the card, some of which have been demonstrated
to be vulnerable. This could potentially allow for cloning of IMSIs and SIM authentication keys, allowing for
vast unauthorized access to mobile services.
Authentication
Based on the attack against SIM card updates detailed above, coupled with the potential issues with Java
virtual machine implementations on Java SIM cards, an adversary can perform cloning attacks against a user’s
mobile identity, putting many copies of these credentials out into the open. Such an attack would compromise
authentication.
Non-repudiation
There are no facilities for non-repudiation at the SIM level, given the lack of digital signature usage.
Data confidentiality
Data confidentiality is at risk based on the insecure SIM updates that are performed with known-weak ciphers
such as DES and A5/1.
13
