掉队者被吃掉:GSM移动银行应用的安全问题

Proceedings. IEEE Workshop on Mobile Computing Systems and Applications Pub Date : 2010-02-22 DOI:10.1145/1734583.1734597

Michael Paik

{"title":"掉队者被吃掉:GSM移动银行应用的安全问题","authors":"Michael Paik","doi":"10.1145/1734583.1734597","DOIUrl":null,"url":null,"abstract":"The first GSM standard was published in 1989 [10], fully two decades ago. Since then, cryptanalysis has weakened or broken significant parts of the original specification. Yet many of these compromised pieces remain in common use, particularly throughout the developing world.\n This state of affairs presents a significant risk given the recent proliferation of high visibility and high value targets within the branchless banking space in the developing world such as M-PESA, GCASH, mChek, and Zap, each of which makes use of SIM Toolkit (STK) security measures, but in an obfuscated manner.\n This paper will present an overview of recent developments in GSM security and outline the need for increased cooperation and standardization in the face of rapidly eroding security measures currently in place for 2G GSM.","PeriodicalId":88972,"journal":{"name":"Proceedings. IEEE Workshop on Mobile Computing Systems and Applications","volume":"279 1","pages":"54-59"},"PeriodicalIF":0.0000,"publicationDate":"2010-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"41","resultStr":"{\"title\":\"Stragglers of the herd get eaten: security concerns for GSM mobile banking applications\",\"authors\":\"Michael Paik\",\"doi\":\"10.1145/1734583.1734597\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The first GSM standard was published in 1989 [10], fully two decades ago. Since then, cryptanalysis has weakened or broken significant parts of the original specification. Yet many of these compromised pieces remain in common use, particularly throughout the developing world.\\n This state of affairs presents a significant risk given the recent proliferation of high visibility and high value targets within the branchless banking space in the developing world such as M-PESA, GCASH, mChek, and Zap, each of which makes use of SIM Toolkit (STK) security measures, but in an obfuscated manner.\\n This paper will present an overview of recent developments in GSM security and outline the need for increased cooperation and standardization in the face of rapidly eroding security measures currently in place for 2G GSM.\",\"PeriodicalId\":88972,\"journal\":{\"name\":\"Proceedings. IEEE Workshop on Mobile Computing Systems and Applications\",\"volume\":\"279 1\",\"pages\":\"54-59\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-02-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"41\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. IEEE Workshop on Mobile Computing Systems and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1734583.1734597\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. IEEE Workshop on Mobile Computing Systems and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1734583.1734597","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 41

摘要

第一个GSM标准发布于1989年[10]，距今整整20年。从那时起，密码分析已经削弱或破坏了原始规范的重要部分。然而，其中许多受损的部件仍在普遍使用，特别是在发展中国家。鉴于最近在发展中国家的无分支银行领域(如M-PESA、GCASH、mChek和Zap)中高可见性和高价值目标的扩散，这种情况带来了重大风险，它们都利用了SIM工具包(STK)的安全措施，但以一种模糊的方式。本文将概述GSM安全的最新发展，并概述面对目前2G GSM安全措施的迅速侵蚀，加强合作和标准化的必要性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Stragglers of the herd get eaten: security concerns for GSM mobile banking applications

The first GSM standard was published in 1989 [10], fully two decades ago. Since then, cryptanalysis has weakened or broken significant parts of the original specification. Yet many of these compromised pieces remain in common use, particularly throughout the developing world. This state of affairs presents a significant risk given the recent proliferation of high visibility and high value targets within the branchless banking space in the developing world such as M-PESA, GCASH, mChek, and Zap, each of which makes use of SIM Toolkit (STK) security measures, but in an obfuscated manner. This paper will present an overview of recent developments in GSM security and outline the need for increased cooperation and standardization in the face of rapidly eroding security measures currently in place for 2G GSM.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings. IEEE Workshop on Mobile Computing Systems and Applications

自引率

0.00%

发文量

期刊最新文献

HotMobile '22: The 23rd International Workshop on Mobile Computing Systems and Applications, Tempe, Arizona, USA, March 9 - 10, 2022 Splitting the bill for mobile data with SIMlets Quantifying the potential of ride-sharing using call description records Enabling the transition to the mobile web with WebSieve The case for psychological computing