restricted - confidential information © gsm association 2009 all gsma meetings are conducted in...
TRANSCRIPT
Restricted - Confidential Information
© GSM Association 2009
All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy
Sep 2009 JEM MeetingDevice Security Update
James Moran, GSMA
Document Number
Meeting Date 29 Sep 2009
Meeting Venue London, UK
For Approval
For Information X
Version 1.0
Security Restrictions Confidential
© GSM Association 2009 2
Handset theft considered to be a major social issue with claims that it constitutes 52% of street crime
Handset theft has increased 500% in recent years and handsets of the future will be more attractive
Significant global media coverage since 2003 - most of it negative against the industry
Onus placed on the operator community to demonstrate social responsibility and implement counter measures
Problem not of industry’s making but there is an obligation to help combat it
Handset theft - the issue
© GSM Association 2009 3
Consumer need to replace stolen handsets a significant churn factor
Thefts of subsidised handsets for use on networks in other markets
Handset theft insurance underwriting costs
Manipulated handsets impact network quality of service
Handset theft – commercial issue
© GSM Association 2009 4
TCAM Involvement
Dec 2002 - Request from Industry to consider regulation submitted in Dec 2002
Sep 2003 – industry agreed objectives and commitments to increase blacklisting and enhance handset security levels
Feb 2004 – technical security principles agreed and reporting and correction process submitted to TCAM
Oct 2004 – industry progress reports to TCAM initiated – 9 submitted to date
Mar 2007 – industry formally rescinded request for regulation based on progress made with industry initiatives
Mar 2008 – France agreed that regulation is unnecessary and has now shifted focus to m-commerce
Matter is still not closed
© GSM Association 2009 5
Industry Cooperation
Co-operative spirit between GSMA and EICTA
Mutual recognition of the need to combat handset theft
Significant progress made in short period of time– Agreed technical solutions for first time– Formal reporting process put in placed for first time– Improved communications to educate industry
Initiatives designed to tackle handset theft on a number of fronts
Regular progress reports provided to TCAM
© GSM Association 2009 6
Voluntary Efforts Undertaken by Industry
Blacklisting of Stolen Handsets
New IMEI Database developed and deployed to replace CEIR
Concerted drive to extend EIR use and extensive communications undertaken for operators to connect
Significant increase in IMEI Database connectivity across Europe
Access to stolen handset data opened up to third party stakeholders
© GSM Association 2009 7
Voluntary Efforts Undertaken by Industry
Tackling Black Market
Identification of black market hotspots around the world
Taxation initiative undertaken to reduce tax levels and associated black market opportunities in identified markets
Additional technical countermeasures to prevent the re-use of stolen handsets
© GSM Association 2009 8
Voluntary Efforts Undertaken by Industry
Enhanced IMEI Security
Technical security design principles agreed with manufacturers
Formal IMEI security weakness reporting and correction process developed to deal with compromised products during production life
Proactive identification of IMEI security weaknesses ensured with launch of outsourced detection service
© GSM Association 2009 9
Participating Manufacturers
© GSM Association 2009 10
“[Mobile theft] is the dark underbelly of our great success," Craig Ehrlich, chairman of the GSM Association, a mobile industry group, said at the 3GSM World Congress here last week.
"
Wireless: Thieves take noteMonday, March 1, 2004
Cell phone Makers Ally To Combat Handset Theft27 February 2004
CANNES, France -- Seven of the world's biggest mobile-phone makers have agreed to make changes to handset designs to combat soaring rates of wireless-related crime… the GSM Association said Tuesday.
Crackdown on mobile phone theft9 February 2004
Mobile operators and handset makers are to announce a crackdown on mobile theft in a move that will render handsets stolen in one country useless in another…. Under the latest initiative led by the GSM Association, a global industry body for mobile operators, IMEI numbers will be stored on an international register that can be accessed by all global operators running networks on GSM.
International Recognition of Initiatives
© GSM Association 2009 11
Need for IMEI integrity
Operators
• Identifies terminals to support value added services• Facilitates market research on user base• Determines which terminals may be responsible for technical faults• Identifies misuse in fraud detection systems• Used in criminal trials• Critical to the success of EIR
Manufacturers
• Identifies grey market terminals.• Identifies and targets terminals that may need software updates over the network• Allows operators to recall terminals on behalf of manufacturers• Helps introduce special functions to support terminals that may not work correctly.• Discourages theft in their production and delivery processes
Regulators Allows exclusion of non-approved terminals which is a license obligation in some markets• Identifies handsets for lawful interception and criminal prosecution
Consumers• Allows consumers stolen handset checks and upholds integrity of used handset market• Facilitates proof of purchase for warranty purposes
© GSM Association 2009 12
Technical principles to secure IMEI’s
Necessary to educate operators and manufacturers on technical ways to protect IMEI
Nine technical principles agreed to ensure and strengthen handset integrity
Technical principles have been published for the guidance of operators and manufacturers
Principles provide operators with technical criteria to assess IMEI security levels when purchasing handsets
Handsets compliant with the technical requirements will emerge by end 2005
© GSM Association 2009 13
Technical principles
1. Uploading, downloading and storage of executable code and sensitive data
2. Protection of components’ executable code and sensitive data
3. Protection against exchange of data/ software between devices
4. Protection of executable code and sensitive data from external attacks
5. Prevention of download of a previous software version
6. Detection of, and response to, unauthorised tampering
7. Software quality measures
8. Hidden menus
9. Prevention of hardware substitution
© GSM Association 2009 14
IMEI weakness reporting
Process designed to facilitate reporting and correction of identified IMEI security weaknesses
Process notifies operators and manufacturers of identified weaknesses and engages with manufacturers centrally
Further example of accelerated cooperation with manufacturers on security levels
Manufacturers invited to participate by signing participation agreement and non-disclosure agreements
Supported by World’s leading manufacturers
Scheme launched in June 2004 and operators could submit reports
© GSM Association 2009 15
Reporting Process
Report of IMEI compromise submitted to GSMA by operator
Report logged and initial assessment carried out by GSMA
Report passed to manufacturer for acknowledgement & response within 42
days
Manufacturer reports on findings & indicates when secure product will be
shipped
Subsequent resolution will result in withdrawal of notification
Failure to respond/rectify results in notification to GSMA members
1
2
3
4
5
6
Op
erators
info
rmed
via In
foC
entre
© GSM Association 2009 16
Motivation for Development of Outsourced Service
Problem IMEI is fundamental enabler for value-add services IMEI security is indicative of overall level of handset security Security levels provided to date are insufficient Security breaches and weakness are not reported and are
unresolved Operators are ill equipped to identify and report problems
Proposed Solution Establish an outsourced service where GSMA will be provided
with IMEI security reports for distribution to GSMA members and manufacturers
Overall Objective Improve handset security levels by having faults corrected Ensure lessons learned from hacks feeds into future design
© GSM Association 2009 17
Timeline
Nov 07 – EMC approved TG1
Dec 07 – Funding requirements submitted in GSMA 2008-09 Business Plan
Jan 08 – Contractual arrangements and commercial terms agreed
Feb 08 – Funding availability confirmed following budget approval
Mar 08 – Contracts signed with Phonesec and launch announced
Apr 08 – Service launched
© GSM Association 2009 18
Service Components
Detection of security compromise claims– Proactive identification of claims from public and non-public sources– List of devices submitted to GSMA on monthly basis – IMEI security
and SIM lock Validation of security compromise claims
– Selected handsets notified to Phonesec and the hacking tool is obtained
– Tests conducted on the device to change the IMEI– Detailed report submitted to GSMA for provision to device
manufacturer Evaluation of corrective measures
– Manufacturers propose solutions within 42 days and details are provided to GSMA
– GSMA requests a corrected handset and Phonesec check effectiveness of countermeasures
© GSM Association 2009 19
Handset Security Steering Group
Ensure IMEI Security are provided in accordance with contract and budget
Maintain documentation and identify and deliver ongoing improvements
Review list of handsets submitted on a monthly basis and select models for validation
Review and analyse IMEI security statistics supplied by the service provider
Promote and communicate the importance of enhanced IMEI security levels to all stakeholders
© GSM Association 2009 20
Observations to date
Service provided by Phonesec – 17 monthly reports received to date– 338 compromised devices reported – 78% attributable to 2 manufacturers– 6 new manufacturers signed up to reporting process this year– Only HTC and Research in Motion have refused to participate
32 validations requested to date– 22 resolved– 21 countermeasures proposed– 10 in progress– No countermeasures evaluated due to budget restrictions
Security levels increasing• 2008/09 saw 17% fewer comprised devices than previous year• Most recent quarter shows 51% decrease on the same period 1 year earlier
© GSM Association 2009 21
Thank you for your attention
Any questions ???
James Moran
GSMA Association