[Cryptography] Compromised SIMs, was Lenovo
John Levine
johnl at iecc.com
Mon Feb 23 16:00:43 EST 2015
>The real problem is the "static" part. Shared secrets may be an expedient
>solution, but if the natural destiny of secrets is not eventually be shared
>a little too much. Of course, there is the option of switching to a new SIM
>card, but that only works if that card is not already compromised. The
>reliance of pre-programmed SIM amounts to a design with a single point of
>catastrophic failure.
Well, yeah, but what else are you going to do?
The phone is a generic computer, the SIM has the shared secret that
allows the phone to identify the customer to the phone company and set
up a secure channel to the phone switch. The point of a SIM is that
it is easy to distribute and use to bootstrap the channel between the
phone and the switch. You can buy SIM packages from vending machines
in the arrival hall at many airports and have your phone set up with a
local number before you get on the train into town.
The other approach, still used by some CDMA carriers in North America,
is to use the phone's IMEI (serial number) as the key and provide it
and the account info to the phone company out of band, typically via a
web site or maybe in person at a phone store. That has its own whole
set of issues.
Thought experiment:
ICANN and Verisign store the root zone signing keys in a physical HSM.
Imagine that the factory where they make the HSMs was subject to the
same attack as the one on the SIM factory. How confident would you be
in DNSSEC?
Extra credit: do you believe that such an attack has happened? Why or
why not?
R's,
John
More information about the cryptography
mailing list