Mobile terminals may use smart cards, such as Universal Integrated Circuit Cards (UICCs) to access various types of networks. The smart cards may provide services that ensure the integrity and security of personal data.
Generic bootstrapping architecture (GBA) is a standard defined by the Third Generation Partnership Project (3GPP) for authentication of a user of a mobile terminal. GBA relies on a shared secret key between the mobile terminal and an application server. The mobile terminal and the application server are mutually authenticated through an intermediary server, referred to as a bootstrapping server function (BSF), that arranges a security relation between the mobile terminal and the application server. Under GBA, the authentication of the mobile terminal and the server are based on the assumption that the mobile terminal is trusted. This can potentially lead to security vulnerabilities at the mobile terminal or in the interface between the mobile terminal and the smart card.