Page 28 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 28

ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               Communication security

               Communications are also at risk based on the insecure SIM updates that are performed with known-weak
               ciphers such as DES and A5/1.

               Data integrity

               There are no integrity mechanisms built into the SIM card communication.


               Availability

               DFS solutions relying on the presence and use of a specific SIM card run the risk of unavailability if the SIM
               card is damaged, lost, or stolen.


               Privacy

               The loss of a SIM card can mean that an attacker who stole this information could then learn the identity of
               the victim by examining the IMSI number that is securely stored by the SIM card itself.


               Mitigation strategies

               R9 – Harden the security of SIM cards by using strong cryptographic ciphers, and protect updates through
               whitelisting techniques such as in-network filtering. As documented by [4], the following solutions could aid
               in improving the security of the SIM card infrastructure:

               •    SIM cards should use strong cryptographic ciphers with sufficiently long keys, should not disclose signed
                    plaintexts, and must implement Java software that is resistant to attack.

               •    At the handset level, providing the user with the ability to trust or distrust certain binary-based SMS
                    messages could prevent malicious updates to the SIM card.
               •    In-network SMS filtering could allow whitelisting of SMS updates, but would need to be a feature
                    implemented by the provider.

               3.5    Mobile network: Base station and link to handset


               Role within the ecosystem

               The link between the base station and the mobile handset is the primary communication mechanism for
               DFS, and unless the mobile device has other functionality, e.g., the ability to make Wi-Fi connections, it is the
               exclusive conduit for information destined for or retrieved from the network. Notably, in systems where apps
               are not delivered to handsets but open networks are instead used (e.g., SMS and USSD-based communication),
               this link is the only part of the overall architecture where encryption is in place on data transmitted to and
               from the consumer – once data is received at the base station, it is sent unencrypted through the provider
               networks. It is vital to the sustainability and feasibility of a DFS system that this link be robust, reliable, and
               virtually ubiquitous.


               Security threats and vulnerabilities


               Access control
               Any compromise of access control mechanisms, such as malicious insiders obtaining access to the base station,
               can capture information as it is decrypted by the base station.






                14
   23   24   25   26   27   28   29   30   31   32   33