This chapter outlines how cellular authentication can be utilized for generic application security. It describes the basic concept of the generic bootstrapping architecture (GBA) that was defined by the 3rd generation partnership project (3GPP) for current networks and outlines the latest developments for future networks.The chapter will provide an overview of the latest technology trends in the area of generic application security.
Key Terms in this Chapter
Mobile Application: Mobile application is an application that resides on a server and can be accessed or consumed by a mobile device. The application may require a dedicated software element in the mobile terminal (e.g., for mobile TV).
Universal Integraged Circuit Card (UICC): UICC is the smart card (e.g., SIM card) used in mobile terminals in GSM and UMTS networks.
Application Security: Application security encompasses a large range of measures taken to prevent incidents with respect to the security policy of an application or the underlying framework. Application security is realized through design and deployment of the application.
Authentication: Authentication is the attempt to verify the digital identity of the sender of an authentication request.
Authentication And Key Agreement (AKA): AKA is a mechanism where a mobile device and mobile network operator authenticate and distribute shared key(s) to be used between them. This process is based on a long-term shared secret that is in the mobile terminal (namely in UICC, e.g., SIM card), and mobile network operators databases (e.g., Home Location Register [HLR]). GBA is based on this process.
Generic Authentication Architecture (GAA): GAA is an architecture that is built on top of GBA that utilizes the shared secret to gain access to service.
Second Generation Generic Bootstrapping Architecture (2G GBA): 2G GBA, describes the usage of the GBA with legacy SIM smart cards. It does not contain the integration of legacy network nodes.
Generic Bootstrapping Architecture (GBA): GBA is an architecture where cellular authentication is used to bootstrap a shared secret between a mobile phone and a network node.
Cellular Authentication: Cellular authentication is the authentication process that is used when a mobile phone is attached to a network (e.g., GSM or UMTS network). This authentication is based on a smart card that is inserted in the mobile phone.