SIMspeak - Towards an Open and Secure Application Platform for GSM SIMs

  • Authors:

  • Roger Kehr;Hendrik Mieves

  • Affiliations:

  • -;-

  • Venue:
  • E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
  • Year:
  • 2001

Quantified Score

Hi-index 0.00

Visualization

Abstract

Today mobile operators are in the possession of the SIM application toolkit technology available in their GSM SIM smartcards plugged into the mobile handsets of their subscribers. Although there are roughly 500 mio. SIMs deployed all over the world, they are not integrated into the Internet yet. With the WebSIM approach [6] we have demonstrated how SIMs can be integrated into the Internet by means of a tiny HTTP server implemented in a SIMto provide value-added services running on top of the SIM toolkit.In this contribution we propose to further extend this approach by making SIMs accessible as open and secure execution platforms for mobile code. Here, open means that virtually anybody in the Internet can use this mobile code platform, and secure means that both - platform and subscriber - cannot be harmed by malicious code. Such a platform can be provided by operators upon which third-party service providers can build their applications which would benefit from the security context of the smartcard they run inside.The SIMspeak system is comprised of an off-card compiler, a verifier, and a corresponding card-resident interpreter, which can interpret code that has been pushed by an Internet service provider into a customer's SIM. We describe the underlying trust model of SIMspeak, its architecture, language, and protocols. Furthermore we present approaches for end-to-end security that influence the design of the compiler, verifier, and interpreter and we give an overview on the current status of our implementation.