Smart Card & Identity News A New Flavour for eCash

More documents

Recommendations

Info

Indian GSM Phone Networks Fail to Meet Basic Encryption Standards Eli Hizkiyev The recent revelations from an Indian company that it can ‘tumble’ and clone the credentials of mobile phone SIM cards over the airwaves will make anyone in security give a sigh. But when they hear that it is apparently because certain Indian GSM carriers are using the A5/0 minimal encryption system on their cellular networks, then the only response is frustration. Once again, we have to face the fact that GSM voice calls can no longer be considered secure. What adds insult to injury is that it appears that the Indian cellular networks are switching off most of their encryption to ease the load on their networks. The problem is that, even if A5/1 encryption is switched on, it can be cracked and facilitate eavesdropping - as researcher Karsten Nohl and his team started demonstrating some 18 months ago. If the cellular networks only use the more basic A5/0 encryption, it also becomes possible to clone SIM card identities and make calls charged to the legitimate user's account. What makes the Indian network issue relevant and concerning, is that many of the UK GSM carriers are also hitting digital gridlock on their networks in city areas at peak time, raising the question as to whether they too are lowering the encryption technology used on their calls to cope with the demand? It is interesting to note that none of the Indian cellular carriers were prepared to comment on the report, despite the news appearing in The Hindu newspaper, which has a circulation of 1.5 million amongst the English language speakers of India, as well as a global audience via its web site of many millions more. The problem for the carriers - as one of the researchers commented on in the report - is that the cracked calls appear to be coming from the subscriber's number, so it's difficult to see how they can stop these calls, apart from looking for excessive usage and/or calls to international/premium rate destinations that may be flagged as suspicious or unusual. The takeout from this story - and from previous reports of the A5/1 encryption system on GSM calls being cracked - is to switch to using 3G cellular services when making business and/or sensitive calls. However, since the A5/3 encryption mechanism used on 3G calls is a derivative of the MISTY Feistel crypto methodology - and some carriers are reportedly lowering the level of encryption - there is a danger that the diluted 3G encryption system can be cracked in a few hours, as was reported at the start of 2010 (http://bit.ly/xAOpeA). The real bottom line is that cellular calls - in common with all wireless transmissions - are inherently less secure than wired telephony, for the simple reason that the mobile device can only automatically authenticate itself over the airwaves. Put simply, this means that all of the data transmitted can also be eavesdropped by hackers who - if they are able to crack the underlying encryption system, all variants of which have clearly been found to be wanting - can monitor the data stream and eavesdrop on the voice plus data transmissions. This Indian newspaper report raises a number of security questions on several fronts, and this is before we even start to discuss the number of people using their smartphone for Internet banking... Smart Card & Identity News • March 2012 16
World News In Brief OTI Files Patent Infringement Suite against T-Mobile On Track Innovations Ltd. (OTI) announce the filing of a patent infringement lawsuit alleging that T-Mobile USA, Inc. sells NFC enabled phones that infringe OTI's U.S. Patent No. 6,045,043. NFC technology enables contactless payments with mobile phones, loyalty programs, data mining, and other applications. The lawsuit is pending in the United States District Court for the Southern District of New York, Case No. 12-CV-2224. "We believe in the strength and value of our intellectual property and have the resources to protect it," said Oded Bashan, OTI Chairman and CEO. " We are also happy to provide innovative technology and partner with others in the industry to facilitate the growing future of contactless payments, data capture, loyalty programs, and more." Shipments of NFC-enabled Handsets Reached 30 Million Units in 2011 According to a new research report by Berg Insight, global sales of handsets featuring NFC increased ten-fold in 2011 to 30 million units. Growing at a compound annual growth rate (CAGR) of 87.8 percent, shipments are forecasted to reach 700 million units in 2016. The global rise in smartphone adoption is also driving higher attach rates for other wireless connectivity technologies in handsets including GPS, Bluetooth and WLAN. These connectivity technologies are already a standard feature on highend smartphones and most medium- and low-end models. Declining costs will also enable broader integration in the feature phone segment that is rapidly gaining smartphone-like functionality. Watchdata Wins 2012 Asian Sesames Award with SIMpass-SC Watchdata Technologies has won the prestigious Asian Sesames Award for the second time in three years. It won this year with its breakthrough mobile payment solution, called SIMpass-SC, which transforms any existing mobile phone handset into a full-function NFC device. Smart Card & Identity News • March 2012 The SIMpass-SC technology embeds a secure element, an active front end and an antenna into a single dual-interface SIM card form factor, providing one of the most elegant and practical ways to deploy the widely accepted NFC technology in mobile phone handsets in any existing market, from highly developed urban centres to the remotest locations on the planet, even in regions with few banks and very poor financial infrastructure. "The SIMpass-SC solution is a significant improvement in mobile payment technology, and we feel privileged to help advance the frontiers of knowledge in this market," said Michael Yu, President of International Business at Watchdata. NFC Forum and GlobalPlatform Partner to Accelerate Deployment of Interoperable NFC Solutions GlobalPlatform has entered into a Memorandum of Understanding (MoU) with the NFC Forum. The partnership aims to harmonize specification activity to support the development of interoperable, multiapplication NFC-based mobile solutions in the wider mobile services ecosystem, and to support NFC Forum certification activities. To accelerate the deployment of new mass market NFC-based use cases, the NFC community and wider mobile services sector must establish neutral, sustainable and scalable infrastructures that support secure communication between all stakeholders and technology platforms. This new, formal partnership will open up opportunities for innovative solutions across multiple industries by leveraging the NFC Forum's deep technical knowledge and extensive library of NFC-based standards and GlobalPlatform Specifications for managing contactless services, which serve multiple actors and support several business models. NXP and HID Global Enable Mobile Access for NFC Phones NXP Semiconductors N.V. and HID Global announce their collaboration to introduce a global, generic Mobile Access solution for NFC-enabled mobile phones. NFC enables the secure and convenient sharing of information from one device to another over short distances based upon existing contactless standards, making it ideal for deploying easy-to use mobile access control applications. 17
Page 1 and 2: dentity News • Smart Card & Ident
Page 3 and 4: What I’m hinting at here is that
Page 5 and 6: The second approach to handling low
Page 7 and 8: Overall Growth in CEE Cards Market
Page 9 and 10: World News In Brief Cryptomathic In
Page 11 and 12: Such standards help the industry wo
Page 13 and 14: Cajasiete intends to extend this ty
Page 15: Created to recognise the developmen
Page 19 and 20: iCAM7000 series for applications ra

Smart Card & Identity News A New Flavour for eCash

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?