Cover image for Cellular authentication for mobile and internet services
Title:
Cellular authentication for mobile and internet services
Publication Information:
London, UK. : Wiley, 2008
Physical Description:
x, 204 p. : ill. ; 26 cm.
ISBN:
9780470723173
Added Author:

Available:*

Library
Item Barcode
Call Number
Material Type
Item Category 1
Status
Searching...
30000010194043 TK6570.M6 C46 2008 Open Access Book Book
Searching...
Searching...
30000010186261 TK6570.M6 C46 2008 Open Access Book Book
Searching...

On Order

Summary

Summary

An invaluable reference discussing the Generic Authentication Architecture (GAA), its infrastructure, usage and integration into existing networks

Cellular Authentication for Mobile and Internet Services introduces the reader into the field of secure communication for mobile applications, including secure web browsing with a phone or PC, Single Sign-On (SSO), mobile broadcast content protection, secure location services, etc. The book discusses the Generic Authentication Architecture (GAA) of the mobile standardization body 3rd Generation Partnership Project (3GPP) and its American counterpart 3GPP2 in full detail and with all variants. It explains the usage of GAA by various standardization bodies and standardized applications, and also looks at a number of non-standardized ones, such as secure remote login to enterprise environment and card personalization.

Cellular Authentication for Mobile and Internet Services:

Describes the usage of the generic authentication architecture (GAA) by various standardization bodies and standardized applications, covering mobile broadcast / multicast service security, Single Sign-On, HTTPS (i.e. secure web browsing), secure data access, secure location services, etc Provides guidance on how to integrate the generic authentication into existing and future terminals, networks and applications Explains the functionality of the application security in general as well as on application developer level Describes various business scenarios and related security solutions, and covers secure application implementation and integration Brings together essential information (currently scattered across different standardization bodies) on standards in one comprehensive volume

This excellent all-in-one reference will provide system and protocol designers, application developers, senior software project managers, telecommunication managers and ISP managers with a sound introduction into the field of secure communication for mobile applications. System integrators, advanced students, Ph.D. candidates, and professors of computer science or telecommunications will also find this text very useful.


Author Notes

Silke Holtmanns, Nokia Research Center, Helsinki, Finland is a Researcher in'the at Nokia Research Center (NRC) Helsinki in the Trustworthy Communications and Identities Team of the Internet Core Technology Center. She joined NRC in 2004 in the?Mobile Computer Human-Interaction Competence Area and the Software and Applications Technology Lab. Prior to joining Nokia, she worked at Ericsson Research Department - Service Networks and Applications Technology.

Valtteri Niemi, Nokia Research Center, Helsinki, Finland is a Research Team Leader at NRC and a part-time professor at the University of Turku

Philip Ginzboorg, Nokia Research Center, Helsinki, Finland is a Principal Research Engineer at NRC.

Pekka Laitinen, Nokia Research Center, Helsinki, Finland is a Security Researcher at NRC.

N. Asokan, Helsinki Finland is a part-time Professor at the Helsinki University of Technology.


Table of Contents

Prefacep. ix
Acknowledgementsp. xi
1 Introductionp. 1
1.1 Authenticated Key Agreementp. 1
1.2 The Challenge in Authenticated Key Agreementp. 2
1.3 How to Read this Book?p. 5
Referencep. 6
2 Classical Approaches to Authentication and Key Agreementp. 7
2.1 Existing Mobile Security Solutionsp. 7
2.1.1 UMTS Security Infrastructurep. 7
2.1.2 Issues in Securing Services with Radio Layer Securityp. 14
2.2 General-Purpose Approaches to Authentication and Key Managementp. 16
2.2.1 Public Key Infrastructure (PKI)p. 16
2.2.2 Passwordsp. 18
2.2.3 Kerberosp. 19
2.2.4 Radio Layer and General Purpose Security Mechanismsp. 19
2.3 Requirements for GAAp. 20
Referencesp. 21
3 Generic Authentication Architecturep. 23
3.1 Overview of Generic Authentication Architecturep. 23
3.1.1 Rationales for Design Decisionsp. 23
3.1.2 A Bird's Eye View of GAAp. 25
3.2 Foundations of GAAp. 30
3.2.1 Architectural Elements of GAAp. 30
3.2.2 Bootstrappingp. 33
3.2.3 Authenticationp. 39
3.3 Variations of the Generic Bootstrapping Architecturep. 41
3.3.1 GBA_MEp. 42
3.3.2 GBA_Up. 42
3.3.3 2G GBAp. 47
3.3.4 Detection of Bootstrapping Variants by the NAFp. 48
3.3.5 3GPP2 GBAp. 54
3.4 Building Blocks of GAAp. 66
3.4.1 Introductionp. 66
3.4.2 PKI Portalp. 72
3.4.3 HTTPS Supportp. 74
3.4.4 Key Distribution Servicep. 74
3.4.4.1 Key Distribution for Terminal to Remote Device Usagep. 74
3.4.4.2 Key Distribution for UICC to Terminal Usagep. 77
3.5 Other Architectural Issuesp. 79
3.5.1 Access Control Mechanisms in GAAp. 79
3.5.1.1 Local Policy Enforcement in the BSFp. 80
3.5.1.2 USS usage for NAFsp. 81
3.5.2 Identities in GAAp. 82
3.5.3 Identity Privacy and Unlinkabilityp. 84
3.5.4 Usability and GAAp. 84
3.5.5 Split Terminalp. 84
3.5.6 Interoperator GAA: Using GAA Across Operator Boundariesp. 89
3.5.7 Security Considerations of GAAp. 91
3.6 Overview of 3GPP GAA Specificationsp. 96
Referencesp. 100
4 Applications Using Generic Authentication Architecturep. 105
4.1 Standardized Usage Scenariosp. 105
4.1.1 Authentication Using GAAp. 105
4.1.1.1 HTTP Digest Authenticationp. 107
4.1.1.2 Pre-Shared Key TLSp. 111
4.1.1.3 Proxy Mode Authenticationp. 112
4.1.1.4 Referrer Mode Authenticationp. 116
4.1.2 Broadcast Mobile TV Servicep. 119
4.1.2.1 Security Goalsp. 123
4.1.2.2 Service Architecturep. 123
4.1.2.3 Message Flow Examplep. 126
4.1.2.4 Tracing Source of Leaked Keysp. 130
4.1.3 Further Standardized Usage Scenariosp. 131
4.2 Additional Usage Scenariosp. 135
4.2.1 Secure Enterprise Loginp. 136
4.2.2 Personalization for Payments and Securing Public Transport Ticketsp. 138
4.2.3 Secure Messaging in Delay and Disruption-prone Environmentsp. 140
4.2.4 Terminal to Terminal Securityp. 141
4.2.5 Transitive Trust in IP Multimedia Subsystems (IMS)p. 144
Referencesp. 148
5 Guidance for Deploying GAAp. 153
5.1 Integration with Application Serversp. 153
5.1.1 Introductionp. 153
5.1.2 Username / Password Replacementp. 154
5.1.3 NAF Libraryp. 155
5.1.3.1 Apache Web Serverp. 156
5.1.3.2 J2EE Serversp. 157
5.1.3.3 Direct Usage of NAF Libraryp. 158
5.1.4 Web Services Direct Usagep. 159
5.2 Integration with OS Securityp. 159
5.2.1 Threats for GAA Implementations in Open Platform UEsp. 160
5.2.2 Access Control Requirementsp. 161
5.2.3 Basic Access Control in Practice: Integration in the Series 60 Platformp. 162
5.2.4 Extended Access Control: Design Optionsp. 163
5.2.5 Other Platformsp. 165
5.3 Integration with Identity Management Systemsp. 166
5.3.1 Introductionp. 166
5.3.2 GAA Interworking with Liberty ID-FFp. 167
5.4 Integration of GAA into Mobile Networksp. 170
5.4.1 Integration of HLR into GAAp. 170
5.4.2 Key Lifetime Setting in BSFp. 173
5.4.3 Usage of SIM Cards in GAA (2G GBA)p. 175
5.4.4 Charging and GAAp. 177
5.4.5 GAA Integration into Large Networksp. 178
Referencesp. 180
6 Future Trendsp. 183
6.1 Standardization Outlookp. 183
6.1.1 GBA Pushp. 183
6.1.2 GAA User Privacyp. 185
6.1.3 GAA in Evolved Packet Systems (EPSs) and Mobile IP (MIP)p. 187
6.2 Outlook for GAAp. 189
Referencesp. 192
Terminology and Abbreviationsp. 193
Indexp. 201