The GSM mobile telecommunication standard describes a network infrastructure that is adopted globally. It provides various security measures to protect the integrity of communicated data and makes sure that only authentic users can make calls and get charged only for calls that they initiated. The following abbreviations are adopted from the GSM specification ETSI TS 100 929 V8.0.0 (2000-10):
A3 authentication algorithm
A5 signalling data and user data encryption algorithm
A8 ciphering key generating algorithm
AuC Authentication Centre
BSS Base Station System
CKSN Ciphering Key Sequence Number
HLR Home Location Register
IMSI International Mobile Subscriber Identity
Kc ciphering key
{M}Kc message M encrypted with ciphering key Kc 
Ki individual subscriber authentication key
LAI Location Area Identity
ME Mobile Equipment
MS Mobile Station
MSC Mobile services Switching Centre
R Random number (also referenced as RAND)
S Signed response (also referenced as SRES)
SIM Subscriber Identity Module
TMSI Temporary Mobile Subscriber Identity
VLR Visitor Location Register
FIG. 1 shows the main system components involved in the security measures of a GSM network. A MS 1 contains a SIM 10 and a ME 11, which are communicatively connected. The SIM 10 is typically implemented on a detachably connectable SIM card. The SIM 10 is configured to perform an A8 and an A3 algorithm and stores the Ki and IMSI data elements. The ME 11 is configured to perform an A5 algorithm and stores Kc, CKSN, LAI and TMSI data elements. A visitor network 2 contains a MSC/BSS 20 and a VLR 21, which are communicatively connected. The MSC/BSS 20 is configured to perform an A5 algorithm and stores Kc and CKSN data elements. The VLR 21 stores IMSI, Kc, LAI, R, S, CKSN and TMSI data elements. A home network 3 contains a HLR 30 and an AuC 31, which are communicatively connected. The HLR 30 stores Kc, IMSI, R and S data elements. The AuC 31 is configured to perform an A3 and an A8 algorithm and stores IMSI and Ki data elements. The ME 11 is communicatively connected to the MSC/BSS 20. The VLR 21 is communicatively connected to the HLR 30. If the MS 1 is located in its home network 3, then the home network 3 and visitor network 2 are one and the same.
The security data elements CKSN, IMSI, Kc, Ki, LAI, R, S and TMSI and the algorithms A3, A5 and A8 are used for protecting data communications and to authenticate a user to the network.
In general, the MS 1 is a consumer electronics device with a SIM 10. Typically the SIM 10 is embedded on a SIM card, but the SIM 10 may be integrated into the MS 1 otherwise. An end user interacts with the MS 1 to make telephone calls and/or data communications in a mobile telecommunications network. Examples of MSs 1 are mobile phones, smartphones and tablet PCs. Other examples are energy metering devices and computing nodes in automotive devices.
Newer generations of MSs 1 leverage increased computing power to implement advanced mobile applications with sophisticated user interfaces.
The visitor network 2 is any network different from the home network 3 and is e.g. a network abroad. An important feature of the GSM standard is the ability for a consumer to use a MS 1 in any visitor network 2 if the home network 3 for that MS 1 has acquired a roaming agreement for cooperation with the visitor network 2. A MS 1 in a visitor network 2 typically operates as if it is located in the home network 3. Security protocols are available to support the concept of a visitor network 2 and facilitate the information exchange between the visitor network 2 and the home network 3.
The GSM mobile telecommunication standard is also known as the 2nd generation mobile telecommunication standard or 2G in short. Later mobile telecommunication standards, such as e.g. UMTS/WCDMA, which is also known as the 3rd generation mobile telecommunication standard or 3G in short, and LTE, which is also known as the 4th generation mobile telecommunications standard or 4G in short, have adopted the GSM security protocol with some extensions. Alternative mobile telecommunication standards, such as e.g. CDMA and CDMA2000, use a security protocol similar to the GSM security protocol.
The extensions to the GSM security protocol as present in the later standards provide additional security capabilities.
With reference to FIG. 2, MSs 1 such as smartphones and tablet PCs enable consumers to adapt the functionality of the MS 1 by installing an application (or app in short) from a so called application distribution server 4. Such application distribution servers 4 typically contain many installable applications for a particular brand and/or type of smartphone or tablet PC. The installation of an application generally is implemented using an internet connection between the MS 1 and the application distribution server 4. The internet connection can use any suitable data network 5, such as e.g. a mobile telecommunication network or WiFi network.
The application distribution server 4 enables a user to find and select an application for installation on the MS 1. The application distribution server 4 may charge a fee for the installation of the application onto the MS 1. An operator of the application distribution server 4 typically compensates a developer or any other rights holder of the application from the charged fee. To support this application distribution server business model, it should be hard for a consumer to obtain an installable application from a ‘rogue’ application distribution server that has no business relationship with the rights holder. Hereto the operating system (OS) of the MS contains application protection facilities that can secure the application. In order for an illegal distributor, hereinafter also referred to as attacker, to be able to redistribute the secured application, the protection measures of the OS need to be compromised. As these application protection facilities rely on privileges managed by the OS, an attacker will typically try to mount an attack to obtain the privilege level(s) for read/write access to all kernel files and storage locations. Having kernel level privileges also allows the attacker to modify other restrictions in the MS, such as e.g. a SIM operator lock. In practice, this so-called jail-break attack has been shown to be possible. A jail-broken MS allows the user to install applications from rogue application distribution servers.
Applications distributed by an application distribution server are dependent on the security features in the kernel of the OS and/or other applications in a MS that might be used for privilege escalation. Typically, if these security features are compromised, all applications in the application distribution server are compromised.
Applications from the application distribution server can be made resistant against a whitebox attack environment, wherein the application is executed in a non-secure environment and protected using software obfuscation techniques. The application is adapted to protect confidential information such as keys.
Software obfuscation is a known technology for implementing software programs such that they are hard to reverse engineer and resistant against a whitebox attack. This technology typically includes the replacing of software functions with a sequence of table lookup operations and merging the function lookup with transform functions that make it substantially infeasible to discover the function and the function parameters. The resulting secured software program performs input and/or output operations that consist of transformed parameters. These transformed parameters may require specific adaptations in modules interfacing with the secured software program.
Data and software obfuscation techniques make use of transformation functions to obfuscate intermediate results. The concept of transformation functions differs from encryption, which is clarified in general with reference to FIG. 3.
Assume that there exists an input domain ID with a plurality of data elements in a non-transformed data space. An encryption function E using some key is defined that is configured to accept the data elements of input domain ID as an input to deliver a corresponding encrypted data element in an output domain OD. By applying a decryption function D using a key that corresponds to the key used by the encryption function E, the original data elements of input domain ID can be obtained by applying the decryption function D to the data elements of output domain OD. In a non-secure environment (typically referred to as “whitebox”), an adversary is assumed to know input and output data elements and have access to internals of encryption function E during execution. Unless extra precautions are taken in this environment, the key can be derived.
Additional security can be obtained in a non-secured environment by applying transformation functions to the input domain ID and output domain OD, i.e. the transformation functions are input- and output operations. Transformation function T1 maps data elements from the input domain ID to transformed data elements of transformed input domain ID′ of a transformed data space. Similarly, transformation function T2 maps data elements from the output domain OD to the transformed output domain OD′. Transformed encryption and decryption functions E′ and D′ can now be defined between ID′ and OD′. In case inverse transformations are to be performed, e.g. when results are to be communicated to the non-transformed space, T1 and T2 are injections.
Using transformation functions T1, T2, together with encryption techniques implies that, instead of inputting data elements of input domain ID to encryption function E to obtain encrypted data elements of output domain OD, transformed data elements of domain ID′ are input to transformed encryption function E′ by applying transformation function T1. Transformed encryption function E′ combines the inverse transformation function T1−1 and the transformation function T2 in the encryption operation to protect the confidential information, such as the key. Then transformed encrypted data elements of domain OD′ are obtained. Keys for encryption functions E or decryption function D cannot be retrieved when analyzing input data and output data in the transformed data space.
One of the transformation functions T1, T2 should be a non-trivial function. In case, T1 is a trivial function, the input domains ID and ID′ are typically the same domain. In case, T2 is a trivial function, the output domains are typically the same domain.
In general, secured software applications use transformed intermediate results which are unusable when intercepted. This property enables the protection of confidential data in secured software applications.
There is a need for an improved technology for enabling the execution of a general purpose software application in a MS, while preventing the execution of the application or a binary copy of the application in another MS, without the above identified drawbacks of the prior art.