Security for Bluetooth Applications |
181 |
|
|
10.3 SIM access
In this section we will discuss security issues and solutions for remote access to a subscription identity module (SIM) [9] over a Bluetooth connection. The SIM access application is provided by a Bluetooth profile. A SIM card is an integrated circuit card used in the GSM mobile telephony system. It is used to hold subscriber information. This information in turn is used to securely connect a mobile phone to a cellular GSM network and it makes it possible for the mobile network operator to securely identify subscribers attaching to the network. Consequently, it also allows the operator to bill the use of mobile network services. The SIM interface is specified in [9] and the card interface follows the ISO/IEC 7816-3 standard [10]. A SIM can be used for a large variety of services offered by GSM service providers.
We start this section by giving a short overview of the SIM access profile. Next, security-related problems and solutions for SIM access are discussed.
10.3.1 The SIM access profile
The Bluetooth SIM access profile defines procedures and protocols for access to a remote SIM over a Bluetooth serial port (RFCOMM) connection. The protocol stack is illustrated in Figure 10.5.
The SIM access messages consists of a header and a payload. The header describes the type and the number of parameters transferred in the message. Messages have been defined for control of the SIM card remotely and to transfer SIM card messages. Two different roles are defined in the profile:
SIM access application |
|
|
|
SIM access application |
||||||
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
||
SIM access profile |
|
|
|
SIM access profile |
||||||
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
RFCOMM |
|
|
SDP |
|
|
|
RFCOMM |
|
|
SDP |
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
LMP |
|
L2CAP |
|
|
|
LMP |
|
L2CAP |
||
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
Baseband |
|
|
|
|
Baseband |
||||
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
Figure 10.5 The SIM access profile communication stack.
182 |
Bluetooth Security |
1.SIM access client;
2.SIM access server.
The SIM access client uses the SIM access profile to connect to another device, the SIM access server, over Bluetooth. The server is the device with the SIM card reader and SIM card attached. A typical usage scenario is illustrated in Figure 10.6. In this scenario, a laptop is connected to a wireless network (WLAN or cellular network). A SIM is needed for subscriber authentication in the wireless network. The laptop does not have a smart card reader and will need to use the phone with a SIM for network access. The SIM card that is needed for the access resides in the phone, and the laptop uses the SIM access profile to access it.
10.3.2 Securing SIM access
The SIM is used for security critical services. The card holds secret keys and subscriber information that must be well protected. The smart card technology provides tamper resistance protection. However, the interface to the card is not protected in any other way than that the card is “opened” with a secret PIN. Once the card is opened, it will perform most tasks that are requested (some tasks may require a second PIN to be entered). The SIM access profile allows the card “interface” to be extended over the Bluetooth link. Consequently, it is very important that the wireless link is well protected. We will describe the security mechanism mandated by the profile [11] and also discuss additional security measures that SIM access profile implementers should take.
SIM access mandates the following:
SIM |
|
|
|
Bluetooth link |
Wireless |
|
network |
|
|
|
|
SIM access |
|
WLAN or |
server with |
|
|
SIM card |
|
cellular link |
SIM access client with network access
Figure 10.6 SIM access profile usage scenario.
Security for Bluetooth Applications |
183 |
|
|
•Security mode 2 or 3 shall be used.
•The client and server must be paired before they set up a SIM access connection.
•A pass-key with length of at least 16 decimal digits shall be used at the pairing. Furthermore, fixed pass-keys are not allowed.
•The server shall always authenticate the client.
•The Bluetooth link between the client and server shall always be encrypted and the key length shall be at least 64 bits.
These requirements ensure a good basic security level for the SIM access connection, since it is not so easy to do a brute force attack on a 16-digit passkey. Furthermore, the Bluetooth authentication and encryption algorithms are sufficiently strong (see Chapter 7). However, a 64-bit encryption key is a little bit too short, and whenever possible a 128-bit key is recommended instead. Entering a 16-digit pass-key can be cumbersome for the user. Actually, users tend to choose low entropy pass-key values when such a long string as 16 digits is required. A better approach than having the user choose the pass-key is to let the server generate the pass-key value and display it to the user. The user then enters the same value into the client device. The pass-key needs to be generated by choosing the pass-key bits uniformly and at random. The improved pairing that we described in Chapter 9 does not have the problem with entering a long pass-key and suits well also for the SIM access profile.
The security required by the SIM access profile gives the necessary basic protection for the message exchange between the client and server. However, there are additional security measures that need to be taken in order to avoid introducing security holes in the SIM access implementation. One of the problems is that in an implementation that just follows the specification, all messages from the client to the server will be accepted and forwarded to the SIM. This is a potential security risk for the sensitive functions in the subscription module. All functions will be available for the remote device, that is, the SIM access client. This device might have been compromised in some way or it might have been infected by a virus or other harmful software. Hence, there must be a way for the server to restrict the access to the subscription module.
This can be achieved if, at the security pairing, the server selects the set of services in the SIM that the client should be allowed to access. The set of services can be a default set, or the server may ask the owner of the server device to decide which services the client should be allowed to access. This should be a subset that limits the damage in case of a compromised client. Then the record of allowed services should be stored in a special and protected access control database. When the client has been authenticated against the server, a filtering