We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAdela Page
Modified over 2 years ago
Restricted - Confidential Information © GSM Association 2009 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy Sep 2009 JEM Meeting Device Security Update James Moran, GSMA Document Number Meeting Date29 Sep 2009 Meeting VenueLondon, UK For Approval For InformationX Version1.0 Security RestrictionsConfidential
© GSM Association 2009 1 Handset theft considered to be a major social issue with claims that it constitutes 52% of street crime Handset theft has increased 500% in recent years and handsets of the future will be more attractive Significant global media coverage since 2003 - most of it negative against the industry Onus placed on the operator community to demonstrate social responsibility and implement counter measures Problem not of industry’s making but there is an obligation to help combat it Handset theft - the issue
© GSM Association 2009 2 Consumer need to replace stolen handsets a significant churn factor Thefts of subsidised handsets for use on networks in other markets Handset theft insurance underwriting costs Manipulated handsets impact network quality of service Handset theft – commercial issue
© GSM Association 2009 3 TCAM Involvement Dec 2002 - Request from Industry to consider regulation submitted in Dec 2002 Sep 2003 – industry agreed objectives and commitments to increase blacklisting and enhance handset security levels Feb 2004 – technical security principles agreed and reporting and correction process submitted to TCAM Oct 2004 – industry progress reports to TCAM initiated – 9 submitted to date Mar 2007 – industry formally rescinded request for regulation based on progress made with industry initiatives Mar 2008 – France agreed that regulation is unnecessary and has now shifted focus to m-commerce Matter is still not closed
© GSM Association 2009 4 Industry Cooperation Co-operative spirit between GSMA and EICTA Mutual recognition of the need to combat handset theft Significant progress made in short period of time – Agreed technical solutions for first time – Formal reporting process put in placed for first time – Improved communications to educate industry Initiatives designed to tackle handset theft on a number of fronts Regular progress reports provided to TCAM
© GSM Association 2009 5 Voluntary Efforts Undertaken by Industry Blacklisting of Stolen Handsets New IMEI Database developed and deployed to replace CEIR Concerted drive to extend EIR use and extensive communications undertaken for operators to connect Significant increase in IMEI Database connectivity across Europe Access to stolen handset data opened up to third party stakeholders
© GSM Association 2009 6 Voluntary Efforts Undertaken by Industry Tackling Black Market Identification of black market hotspots around the world Taxation initiative undertaken to reduce tax levels and associated black market opportunities in identified markets Additional technical countermeasures to prevent the re- use of stolen handsets
© GSM Association 2009 7 Voluntary Efforts Undertaken by Industry Enhanced IMEI Security Technical security design principles agreed with manufacturers Formal IMEI security weakness reporting and correction process developed to deal with compromised products during production life Proactive identification of IMEI security weaknesses ensured with launch of outsourced detection service
© GSM Association 2009 8 Participating Manufacturers
© GSM Association 2009 9 “[Mobile theft] is the dark underbelly of our great success," Craig Ehrlich, chairman of the GSM Association, a mobile industry group, said at the 3GSM World Congress here last week. " Wireless: Thieves take note Monday, March 1, 2004 Cell phone Makers Ally To Combat Handset Theft 27 February 2004 CANNES, France -- Seven of the world's biggest mobile-phone makers have agreed to make changes to handset designs to combat soaring rates of wireless-related crime… the GSM Association said Tuesday. Crackdown on mobile phone theft 9 February 2004 Mobile operators and handset makers are to announce a crackdown on mobile theft in a move that will render handsets stolen in one country useless in another…. Under the latest initiative led by the GSM Association, a global industry body for mobile operators, IMEI numbers will be stored on an international register that can be accessed by all global operators running networks on GSM. International Recognition of Initiatives
© GSM Association 2009 10 Need for IMEI integrity Operators Identifies terminals to support value added services Facilitates market research on user base Determines which terminals may be responsible for technical faults Identifies misuse in fraud detection systems Used in criminal trials Critical to the success of EIR Manufacturers Identifies grey market terminals. Identifies and targets terminals that may need software updates over the network Allows operators to recall terminals on behalf of manufacturers Helps introduce special functions to support terminals that may not work correctly. Discourages theft in their production and delivery processes Regulators Allows exclusion of non-approved terminals which is a license obligation in some markets Identifies handsets for lawful interception and criminal prosecution Consumers Allows consumers stolen handset checks and upholds integrity of used handset market Facilitates proof of purchase for warranty purposes
© GSM Association 2009 11 Technical principles to secure IMEI’s Necessary to educate operators and manufacturers on technical ways to protect IMEI Nine technical principles agreed to ensure and strengthen handset integrity Technical principles have been published for the guidance of operators and manufacturers Principles provide operators with technical criteria to assess IMEI security levels when purchasing handsets Handsets compliant with the technical requirements will emerge by end 2005
© GSM Association 2009 12 Technical principles 1. Uploading, downloading and storage of executable code and sensitive data 2. Protection of components’ executable code and sensitive data 3. Protection against exchange of data/ software between devices 4. Protection of executable code and sensitive data from external attacks 5. Prevention of download of a previous software version 6. Detection of, and response to, unauthorised tampering 7. Software quality measures 8. Hidden menus 9. Prevention of hardware substitution
© GSM Association 2009 13 IMEI weakness reporting Process designed to facilitate reporting and correction of identified IMEI security weaknesses Process notifies operators and manufacturers of identified weaknesses and engages with manufacturers centrally Further example of accelerated cooperation with manufacturers on security levels Manufacturers invited to participate by signing participation agreement and non-disclosure agreements Supported by World’s leading manufacturers Scheme launched in June 2004 and operators could submit reports
© GSM Association 2009 14 Reporting Process Report of IMEI compromise submitted to GSMA by operator Report logged and initial assessment carried out by GSMA Report passed to manufacturer for acknowledgement & response within 42 days Manufacturer reports on findings & indicates when secure product will be shipped Subsequent resolution will result in withdrawal of notification Failure to respond/rectify results in notification to GSMA members 1 2 3 4 5 6 Operators informed via InfoCentre
© GSM Association 2009 15 Motivation for Development of Outsourced Service Problem IMEI is fundamental enabler for value-add services IMEI security is indicative of overall level of handset security Security levels provided to date are insufficient Security breaches and weakness are not reported and are unresolved Operators are ill equipped to identify and report problems Proposed Solution Establish an outsourced service where GSMA will be provided with IMEI security reports for distribution to GSMA members and manufacturers Overall Objective Improve handset security levels by having faults corrected Ensure lessons learned from hacks feeds into future design
© GSM Association 2009 16 Timeline Nov 07 – EMC approved TG1 Dec 07 – Funding requirements submitted in GSMA 2008-09 Business Plan Jan 08 – Contractual arrangements and commercial terms agreed Feb 08 – Funding availability confirmed following budget approval Mar 08 – Contracts signed with Phonesec and launch announced Apr 08 – Service launched
© GSM Association 2009 17 Service Components Detection of security compromise claims – Proactive identification of claims from public and non-public sources – List of devices submitted to GSMA on monthly basis – IMEI security and SIM lock Validation of security compromise claims – Selected handsets notified to Phonesec and the hacking tool is obtained – Tests conducted on the device to change the IMEI – Detailed report submitted to GSMA for provision to device manufacturer Evaluation of corrective measures – Manufacturers propose solutions within 42 days and details are provided to GSMA – GSMA requests a corrected handset and Phonesec check effectiveness of countermeasures
© GSM Association 2009 18 Handset Security Steering Group Ensure IMEI Security are provided in accordance with contract and budget Maintain documentation and identify and deliver ongoing improvements Review list of handsets submitted on a monthly basis and select models for validation Review and analyse IMEI security statistics supplied by the service provider Promote and communicate the importance of enhanced IMEI security levels to all stakeholders
© GSM Association 2009 19 Observations to date Service provided by Phonesec – 17 monthly reports received to date – 338 compromised devices reported – 78% attributable to 2 manufacturers – 6 new manufacturers signed up to reporting process this year – Only HTC and Research in Motion have refused to participate 32 validations requested to date – 22 resolved – 21 countermeasures proposed – 10 in progress – No countermeasures evaluated due to budget restrictions Security levels increasing 2008/09 saw 17% fewer comprised devices than previous year Most recent quarter shows 51% decrease on the same period 1 year earlier
© GSM Association 2009 20 Thank you for your attention Any questions ??? James Moran GSMA Association firstname.lastname@example.org
Restricted - Confidential Information © GSM Association 2009 IMEI Security Paul Gosden Director of Devices & Smart Card Groups, GSM Association April 24,
Geneva, Switzerland, November 2014 IMEI Ecosystem & its Role in Combatting Use of Counterfeit Devices James Moran, Security Director, GSM Association.
ITIC PERSPECTIVE ON THE EFFECTIVE IMPLEMENTATION OF THE FCTC PROTOCOL ELIZABETH ALLEN ITIC – JULY 2014.
Graffiti Reporting A partnership of Local and State Government; My Local Services App enhancements.
Framework for combating Importation, Supply and Use of Counterfeit/substandard terminals in EACO member states Presenter Mwende Njiraini Communications.
National Electronic Conveyancing Legal Framework First Stakeholder Meeting SYDNEY 16 May 2011.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
The economic regulation of gas processing services Key issues and initial thoughts Ofgem presentation 18 June 2007.
The Global API Federation
The GSMA July 2014 Restricted - Confidential Information
Collaborating with the Quality Code Christopher J Cox Head of Collaborative Partnerships, Nottingham Trent University.
ROMANIA NATIONAL NATURAL GAS REGULATORY AUTHORITY Public Service Obligations in Romanian Gas Sector Ligia Medrea General Manager – Authorizing, Licensing,
Session 3 – Information Security Policies
Car and Van Discount Scheme Industry Seminar: 27 April 2009.
XCALLIBRE Partnership Models. Challenge Challenge: How to… Prevent price and value erosion in the market, Increase brand strength & awareness, Increase.
Texas Nodal 1 Nodal Telemetry Outreach and Recent Changes to Focused Input Testing (FIT) NATF Sep 29, 2009 Stacy Bridges, ERCOT.
Update on ETSI Security work Charles Brookson OCG Security Chairman DOCUMENT #:GSC13-PLEN-57 FOR:Information SOURCE:Charles Brookson AGENDA ITEM:6.3
ISO 9001 Interpretation : Exclusions
Registration Speaker Susan Robinson Job Title Area Manager
© 2017 SlidePlayer.com Inc. All rights reserved.