3G Americas Publishes Research Report on Trust and Security in Mobile Applications
Published on: 23rd Oct 2008
Note -- this news article is more than a year old.
3G Americas, a wireless industry trade association representing the GSM family of technologies has published a research report which uncovers the issues for consumers and application providers about attempts to compromise services and applications through such trust and security issues as identity theft, phishing and pharming.
"There is a segment of society that does not trust transactions solely machine-based, particularly where mobile devices are concerned," noted Yale Vinson, Manager, Technical Consulting Telecommunications, Gemalto North America and leader of the 3G Americas work group.
The white paper discusses key applications and services that are on the leading edge of those offered today and in the near future, such as near field communications (NFC), mobile banking, eticketing, mobile broadcast services and mobile payment as well as key security features in place today which the authors claim will give the GSM technology family a decided advantage over other mobile wireless technologies.
"Not surprisingly, the applications that have the greatest revenue potential are also those that are obvious targets for hackers to steal information and use it maliciously," stated Chris Pearson, President of 3G Americas. "The resulting goal is simple: the system that provides the greatest security and trust will be seen as superior to other implementations. That is why today most GSM and HSPA operators have these proven security features in place through authentication mechanisms."
At the heart of the authentication mechanisms employed by the GSM family is the Universal Integrated Circuit Card (UICC) which is a portable token that is recognized in both the mobile and banking industries as the most secure, tamper resistant device for the storage and use of credentials and secret data. The UICC is engineered to include a number of physical and logical countermeasures that make compromising its secrets virtually impossible. To ensure that only the correct user can access the secrets stored in the UICC, the information is protected using a PIN or password which enables two-factor authentication.
Another key advantage enjoyed by GSM family of technologies is the mechanism used to manage the sensitive information stored within the UICC. When the cards are initially produced, the data personalized onto the UICC is loaded in a secure facility that is approved by stringent certification boards appointed by the mobile and banking industries. Later, once in the field, secure data and applications can be remotely managed via the Global Platform which is usually already installed in a GSM operator's network, unlike other access technologies that would require time and cost to install for the operator community.
"When the Secure Element is collocated with the user's mobile network access identity on the same physical device, it ensures that the Mobile Operator is part of the identity value chain and validates that the subscriber using the application is the owner," Vinson commented.
The white paper, "Security and Trust in Mobile Applications," is available for free download on the 3G Americas website at www.3gamericas.org.