TISPHANIE, bringing the truth about the security of mobile phones

Abstract : Until quite recently, security hasn't been such a big of a concern for mobile phones, apart for some professional or governmental phones like PMRs. For consumer products, the phone itself managed basic features like IMEI protection or SIM lock, delegating most security-related tasks to the (U)SIM card. With the advent of complex phone architectures running open operating systems, consumer phones have been flooded with a whole plethora of value-added applications requiring relatively high levels of security: mobile TV, mobile payment, geo-localisation or even VoIP for enterprise applications. Similar issues arise for professional phones which are migrating to the digital IP world with multiple ‘other' communication channels (Bluetooth, WiFi...). The picture becomes even more complex with the apparition of third party service or data providers. Given the complexity of this arena, it is important to guarantee a homogeneous level of security among the different building blocks of the mobile phone.     The aim of the TISPHANIE project is to provide tools and methodologies for tallying the security level of today's mobile phones in order to give to the different players (telecom operators, applications' providers, forensic organisations) means to test the critical components of mobile phones (consumer products, PDAs, PMRs) used for value-added or sensitive applications. In order to do so, the project is built on the following stepping-stones: identifying critical assets, defining attacks, setting up those attacks both on the hardware & software levels, specifying and testing counter-measures and defining a methodology for performing such security assessments.     In this exposé, we present the consortium's results on the first stage of the project. We hence define a methodology for classifying assets along three main axes: the hardware-software axis (different hardware platforms and different Operating Systems), the actors' axis (end-users, telecom operators, service providers, third party applications' developers) and the value-added applications axis (mobile TV, NFC payment...). We then present the different threats and possible attack scenarios pertaining to those threats, whether they involve hardware-based attacks, software-related ones, attacks involving communication interfaces like Bluetooth or weaknesses buried into some of the cryptographic processes involved.     With this, we have the backbone of the entire TISPHANIE project and an outline of the technical work that shall be done during the next two years by the consortium. To our best knowledge TISPHANIE is the first project of its kind to be laying down the foundations of what shall be a thorough and complete analysis of the security of mobile phones.
Type de document :
Communication dans un congrès
e-smart 2010, Sep 2010, Sophia-Antipolis, France
Liste complète des métadonnées

https://hal-emse.ccsd.cnrs.fr/emse-00541000
Contributeur : Jacques Jean-Alain Fournier <>
Soumis le : lundi 29 novembre 2010 - 15:55:18
Dernière modification le : mercredi 29 novembre 2017 - 15:14:30

Identifiants

  • HAL Id : emse-00541000, version 1

Collections

Citation

Jacques Jean-Alain Fournier, Anthony Ferrari. TISPHANIE, bringing the truth about the security of mobile phones. e-smart 2010, Sep 2010, Sophia-Antipolis, France. 〈emse-00541000〉

Partager

Métriques

Consultations de la notice

155