| |
| |
Preface | |
| |
| |
Acknowledgements | |
| |
| |
| |
Introduction | |
| |
| |
| |
Authenticated Key Agreement | |
| |
| |
| |
The Challenge in Authenticated Key Agreement | |
| |
| |
| |
How to Read this Book? | |
| |
| |
Reference | |
| |
| |
| |
Classical Approaches to Authentication and Key Agreement | |
| |
| |
| |
Existing Mobile Security Solutions | |
| |
| |
| |
UMTS Security Infrastructure | |
| |
| |
| |
Issues in Securing Services with Radio Layer Security | |
| |
| |
| |
General-Purpose Approaches to Authentication and Key Management | |
| |
| |
| |
Public Key Infrastructure (PKI) | |
| |
| |
| |
Passwords | |
| |
| |
| |
Kerberos | |
| |
| |
| |
Radio Layer and General Purpose Security Mechanisms | |
| |
| |
| |
Requirements for GAA | |
| |
| |
References | |
| |
| |
| |
Generic Authentication Architecture | |
| |
| |
| |
Overview of Generic Authentication Architecture | |
| |
| |
| |
Rationales for Design Decisions | |
| |
| |
| |
A Bird's Eye View of GAA | |
| |
| |
| |
Foundations of GAA | |
| |
| |
| |
Architectural Elements of GAA | |
| |
| |
| |
Bootstrapping | |
| |
| |
| |
Authentication | |
| |
| |
| |
Variations of the Generic Bootstrapping Architecture | |
| |
| |
| |
GBA_ME | |
| |
| |
| |
GBA_U | |
| |
| |
| |
2G GBA | |
| |
| |
| |
Detection of Bootstrapping Variants by the NAF | |
| |
| |
| |
3GPP2 GBA | |
| |
| |
| |
Building Blocks of GAA | |
| |
| |
| |
Introduction | |
| |
| |
| |
PKI Portal | |
| |
| |
| |
HTTPS Support | |
| |
| |
| |
Key Distribution Service | |
| |
| |
| |
Key Distribution for Terminal to Remote Device Usage | |
| |
| |
| |
Key Distribution for UICC to Terminal Usage | |
| |
| |
| |
Other Architectural Issues | |
| |
| |
| |
Access Control Mechanisms in GAA | |
| |
| |
| |
Local Policy Enforcement in the BSF | |
| |
| |
| |
USS usage for NAFs | |
| |
| |
| |
Identities in GAA | |
| |
| |
| |
Identity Privacy and Unlinkability | |
| |
| |
| |
Usability and GAA | |
| |
| |
| |
Split Terminal | |
| |
| |
| |
Interoperator GAA: Using GAA Across Operator Boundaries | |
| |
| |
| |
Security Considerations of GAA | |
| |
| |
| |
Overview of 3GPP GAA Specifications | |
| |
| |
References | |
| |
| |
| |
Applications Using Generic Authentication Architecture | |
| |
| |
| |
Standardized Usage Scenarios | |
| |
| |
| |
Authentication Using GAA | |
| |
| |
| |
HTTP Digest Authentication | |
| |
| |
| |
Pre-Shared Key TLS | |
| |
| |
| |
Proxy Mode Authentication | |
| |
| |
| |
Referrer Mode Authentication | |
| |
| |
| |
Broadcast Mobile TV Service | |
| |
| |
| |
Security Goals | |
| |
| |
| |
Service Architecture | |
| |
| |
| |
Message Flow Example | |
| |
| |
| |
Tracing Source of Leaked Keys | |
| |
| |
| |
Further Standardized Usage Scenarios | |
| |
| |
| |
Additional Usage Scenarios | |
| |
| |
| |
Secure Enterprise Login | |
| |
| |
| |
Personalization for Payments and Securing Public Transport Tickets | |
| |
| |
| |
Secure Messaging in Delay and Disruption-prone Environments | |
| |
| |
| |
Terminal to Terminal Security | |
| |
| |
| |
Transitive Trust in IP Multimedia Subsystems (IMS) | |
| |
| |
References | |
| |
| |
| |
Guidance for Deploying GAA | |
| |
| |
| |
Integration with Application Servers | |
| |
| |
| |
Introduction | |
| |
| |
| |
Username / Password Replacement | |
| |
| |
| |
NAF Library | |
| |
| |
| |
Apache Web Server | |
| |
| |
| |
J2EE Servers | |
| |
| |
| |
Direct Usage of NAF Library | |
| |
| |
| |
Web Services Direct Usage | |
| |
| |
| |
Integration with OS Security | |
| |
| |
| |
Threats for GAA Implementations in Open Platform UEs | |
| |
| |
| |
Access Control Requirements | |
| |
| |
| |
Basic Access Control in Practice: Integration in the Series 60 Platform | |
| |
| |
| |
Extended Access Control: Design Options | |
| |
| |
| |
Other Platforms | |
| |
| |
| |
Integration with Identity Management Systems | |
| |
| |
| |
Introduction | |
| |
| |
| |
GAA Interworking with Liberty ID-FF | |
| |
| |
| |
Integration of GAA into Mobile Networks | |
| |
| |
| |
Integration of HLR into GAA | |
| |
| |
| |
Key Lifetime Setting in BSF | |
| |
| |
| |
Usage of SIM Cards in GAA (2G GBA) | |
| |
| |
| |
Charging and GAA | |
| |
| |
| |
GAA Integration into Large Networks | |
| |
| |
References | |
| |
| |
| |
Future Trends | |
| |
| |
| |
Standardization Outlook | |
| |
| |
| |
GBA Push | |
| |
| |
| |
GAA User Privacy | |
| |
| |
| |
GAA in Evolved Packet Systems (EPSs) and Mobile IP (MIP) | |
| |
| |
| |
Outlook for GAA | |
| |
| |
References | |
| |
| |
Terminology and Abbreviations | |
| |
| |
Index | |