Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010194043 | TK6570.M6 C46 2008 | Open Access Book | Book | Searching... |
Searching... | 30000010186261 | TK6570.M6 C46 2008 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
An invaluable reference discussing the Generic Authentication Architecture (GAA), its infrastructure, usage and integration into existing networks
Cellular Authentication for Mobile and Internet Services introduces the reader into the field of secure communication for mobile applications, including secure web browsing with a phone or PC, Single Sign-On (SSO), mobile broadcast content protection, secure location services, etc. The book discusses the Generic Authentication Architecture (GAA) of the mobile standardization body 3rd Generation Partnership Project (3GPP) and its American counterpart 3GPP2 in full detail and with all variants. It explains the usage of GAA by various standardization bodies and standardized applications, and also looks at a number of non-standardized ones, such as secure remote login to enterprise environment and card personalization.
Cellular Authentication for Mobile and Internet Services:
Describes the usage of the generic authentication architecture (GAA) by various standardization bodies and standardized applications, covering mobile broadcast / multicast service security, Single Sign-On, HTTPS (i.e. secure web browsing), secure data access, secure location services, etc Provides guidance on how to integrate the generic authentication into existing and future terminals, networks and applications Explains the functionality of the application security in general as well as on application developer level Describes various business scenarios and related security solutions, and covers secure application implementation and integration Brings together essential information (currently scattered across different standardization bodies) on standards in one comprehensive volumeThis excellent all-in-one reference will provide system and protocol designers, application developers, senior software project managers, telecommunication managers and ISP managers with a sound introduction into the field of secure communication for mobile applications. System integrators, advanced students, Ph.D. candidates, and professors of computer science or telecommunications will also find this text very useful.
Author Notes
Silke Holtmanns, Nokia Research Center, Helsinki, Finland is a Researcher in'the at Nokia Research Center (NRC) Helsinki in the Trustworthy Communications and Identities Team of the Internet Core Technology Center. She joined NRC in 2004 in the?Mobile Computer Human-Interaction Competence Area and the Software and Applications Technology Lab. Prior to joining Nokia, she worked at Ericsson Research Department - Service Networks and Applications Technology.
Valtteri Niemi, Nokia Research Center, Helsinki, Finland is a Research Team Leader at NRC and a part-time professor at the University of Turku
Philip Ginzboorg, Nokia Research Center, Helsinki, Finland is a Principal Research Engineer at NRC.
Pekka Laitinen, Nokia Research Center, Helsinki, Finland is a Security Researcher at NRC.
N. Asokan, Helsinki Finland is a part-time Professor at the Helsinki University of Technology.
Table of Contents
Preface | p. ix |
Acknowledgements | p. xi |
1 Introduction | p. 1 |
1.1 Authenticated Key Agreement | p. 1 |
1.2 The Challenge in Authenticated Key Agreement | p. 2 |
1.3 How to Read this Book? | p. 5 |
Reference | p. 6 |
2 Classical Approaches to Authentication and Key Agreement | p. 7 |
2.1 Existing Mobile Security Solutions | p. 7 |
2.1.1 UMTS Security Infrastructure | p. 7 |
2.1.2 Issues in Securing Services with Radio Layer Security | p. 14 |
2.2 General-Purpose Approaches to Authentication and Key Management | p. 16 |
2.2.1 Public Key Infrastructure (PKI) | p. 16 |
2.2.2 Passwords | p. 18 |
2.2.3 Kerberos | p. 19 |
2.2.4 Radio Layer and General Purpose Security Mechanisms | p. 19 |
2.3 Requirements for GAA | p. 20 |
References | p. 21 |
3 Generic Authentication Architecture | p. 23 |
3.1 Overview of Generic Authentication Architecture | p. 23 |
3.1.1 Rationales for Design Decisions | p. 23 |
3.1.2 A Bird's Eye View of GAA | p. 25 |
3.2 Foundations of GAA | p. 30 |
3.2.1 Architectural Elements of GAA | p. 30 |
3.2.2 Bootstrapping | p. 33 |
3.2.3 Authentication | p. 39 |
3.3 Variations of the Generic Bootstrapping Architecture | p. 41 |
3.3.1 GBA_ME | p. 42 |
3.3.2 GBA_U | p. 42 |
3.3.3 2G GBA | p. 47 |
3.3.4 Detection of Bootstrapping Variants by the NAF | p. 48 |
3.3.5 3GPP2 GBA | p. 54 |
3.4 Building Blocks of GAA | p. 66 |
3.4.1 Introduction | p. 66 |
3.4.2 PKI Portal | p. 72 |
3.4.3 HTTPS Support | p. 74 |
3.4.4 Key Distribution Service | p. 74 |
3.4.4.1 Key Distribution for Terminal to Remote Device Usage | p. 74 |
3.4.4.2 Key Distribution for UICC to Terminal Usage | p. 77 |
3.5 Other Architectural Issues | p. 79 |
3.5.1 Access Control Mechanisms in GAA | p. 79 |
3.5.1.1 Local Policy Enforcement in the BSF | p. 80 |
3.5.1.2 USS usage for NAFs | p. 81 |
3.5.2 Identities in GAA | p. 82 |
3.5.3 Identity Privacy and Unlinkability | p. 84 |
3.5.4 Usability and GAA | p. 84 |
3.5.5 Split Terminal | p. 84 |
3.5.6 Interoperator GAA: Using GAA Across Operator Boundaries | p. 89 |
3.5.7 Security Considerations of GAA | p. 91 |
3.6 Overview of 3GPP GAA Specifications | p. 96 |
References | p. 100 |
4 Applications Using Generic Authentication Architecture | p. 105 |
4.1 Standardized Usage Scenarios | p. 105 |
4.1.1 Authentication Using GAA | p. 105 |
4.1.1.1 HTTP Digest Authentication | p. 107 |
4.1.1.2 Pre-Shared Key TLS | p. 111 |
4.1.1.3 Proxy Mode Authentication | p. 112 |
4.1.1.4 Referrer Mode Authentication | p. 116 |
4.1.2 Broadcast Mobile TV Service | p. 119 |
4.1.2.1 Security Goals | p. 123 |
4.1.2.2 Service Architecture | p. 123 |
4.1.2.3 Message Flow Example | p. 126 |
4.1.2.4 Tracing Source of Leaked Keys | p. 130 |
4.1.3 Further Standardized Usage Scenarios | p. 131 |
4.2 Additional Usage Scenarios | p. 135 |
4.2.1 Secure Enterprise Login | p. 136 |
4.2.2 Personalization for Payments and Securing Public Transport Tickets | p. 138 |
4.2.3 Secure Messaging in Delay and Disruption-prone Environments | p. 140 |
4.2.4 Terminal to Terminal Security | p. 141 |
4.2.5 Transitive Trust in IP Multimedia Subsystems (IMS) | p. 144 |
References | p. 148 |
5 Guidance for Deploying GAA | p. 153 |
5.1 Integration with Application Servers | p. 153 |
5.1.1 Introduction | p. 153 |
5.1.2 Username / Password Replacement | p. 154 |
5.1.3 NAF Library | p. 155 |
5.1.3.1 Apache Web Server | p. 156 |
5.1.3.2 J2EE Servers | p. 157 |
5.1.3.3 Direct Usage of NAF Library | p. 158 |
5.1.4 Web Services Direct Usage | p. 159 |
5.2 Integration with OS Security | p. 159 |
5.2.1 Threats for GAA Implementations in Open Platform UEs | p. 160 |
5.2.2 Access Control Requirements | p. 161 |
5.2.3 Basic Access Control in Practice: Integration in the Series 60 Platform | p. 162 |
5.2.4 Extended Access Control: Design Options | p. 163 |
5.2.5 Other Platforms | p. 165 |
5.3 Integration with Identity Management Systems | p. 166 |
5.3.1 Introduction | p. 166 |
5.3.2 GAA Interworking with Liberty ID-FF | p. 167 |
5.4 Integration of GAA into Mobile Networks | p. 170 |
5.4.1 Integration of HLR into GAA | p. 170 |
5.4.2 Key Lifetime Setting in BSF | p. 173 |
5.4.3 Usage of SIM Cards in GAA (2G GBA) | p. 175 |
5.4.4 Charging and GAA | p. 177 |
5.4.5 GAA Integration into Large Networks | p. 178 |
References | p. 180 |
6 Future Trends | p. 183 |
6.1 Standardization Outlook | p. 183 |
6.1.1 GBA Push | p. 183 |
6.1.2 GAA User Privacy | p. 185 |
6.1.3 GAA in Evolved Packet Systems (EPSs) and Mobile IP (MIP) | p. 187 |
6.2 Outlook for GAA | p. 189 |
References | p. 192 |
Terminology and Abbreviations | p. 193 |
Index | p. 201 |