We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAdela Page
Modified about 1 year ago
Restricted - Confidential Information © GSM Association 2009 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy Sep 2009 JEM Meeting Device Security Update James Moran, GSMA Document Number Meeting Date29 Sep 2009 Meeting VenueLondon, UK For Approval For InformationX Version1.0 Security RestrictionsConfidential
© GSM Association Handset theft considered to be a major social issue with claims that it constitutes 52% of street crime Handset theft has increased 500% in recent years and handsets of the future will be more attractive Significant global media coverage since most of it negative against the industry Onus placed on the operator community to demonstrate social responsibility and implement counter measures Problem not of industry’s making but there is an obligation to help combat it Handset theft - the issue
© GSM Association Consumer need to replace stolen handsets a significant churn factor Thefts of subsidised handsets for use on networks in other markets Handset theft insurance underwriting costs Manipulated handsets impact network quality of service Handset theft – commercial issue
© GSM Association TCAM Involvement Dec Request from Industry to consider regulation submitted in Dec 2002 Sep 2003 – industry agreed objectives and commitments to increase blacklisting and enhance handset security levels Feb 2004 – technical security principles agreed and reporting and correction process submitted to TCAM Oct 2004 – industry progress reports to TCAM initiated – 9 submitted to date Mar 2007 – industry formally rescinded request for regulation based on progress made with industry initiatives Mar 2008 – France agreed that regulation is unnecessary and has now shifted focus to m-commerce Matter is still not closed
© GSM Association Industry Cooperation Co-operative spirit between GSMA and EICTA Mutual recognition of the need to combat handset theft Significant progress made in short period of time – Agreed technical solutions for first time – Formal reporting process put in placed for first time – Improved communications to educate industry Initiatives designed to tackle handset theft on a number of fronts Regular progress reports provided to TCAM
© GSM Association Voluntary Efforts Undertaken by Industry Blacklisting of Stolen Handsets New IMEI Database developed and deployed to replace CEIR Concerted drive to extend EIR use and extensive communications undertaken for operators to connect Significant increase in IMEI Database connectivity across Europe Access to stolen handset data opened up to third party stakeholders
© GSM Association Voluntary Efforts Undertaken by Industry Tackling Black Market Identification of black market hotspots around the world Taxation initiative undertaken to reduce tax levels and associated black market opportunities in identified markets Additional technical countermeasures to prevent the re- use of stolen handsets
© GSM Association Voluntary Efforts Undertaken by Industry Enhanced IMEI Security Technical security design principles agreed with manufacturers Formal IMEI security weakness reporting and correction process developed to deal with compromised products during production life Proactive identification of IMEI security weaknesses ensured with launch of outsourced detection service
© GSM Association Participating Manufacturers
© GSM Association “[Mobile theft] is the dark underbelly of our great success," Craig Ehrlich, chairman of the GSM Association, a mobile industry group, said at the 3GSM World Congress here last week. " Wireless: Thieves take note Monday, March 1, 2004 Cell phone Makers Ally To Combat Handset Theft 27 February 2004 CANNES, France -- Seven of the world's biggest mobile-phone makers have agreed to make changes to handset designs to combat soaring rates of wireless-related crime… the GSM Association said Tuesday. Crackdown on mobile phone theft 9 February 2004 Mobile operators and handset makers are to announce a crackdown on mobile theft in a move that will render handsets stolen in one country useless in another…. Under the latest initiative led by the GSM Association, a global industry body for mobile operators, IMEI numbers will be stored on an international register that can be accessed by all global operators running networks on GSM. International Recognition of Initiatives
© GSM Association Need for IMEI integrity Operators Identifies terminals to support value added services Facilitates market research on user base Determines which terminals may be responsible for technical faults Identifies misuse in fraud detection systems Used in criminal trials Critical to the success of EIR Manufacturers Identifies grey market terminals. Identifies and targets terminals that may need software updates over the network Allows operators to recall terminals on behalf of manufacturers Helps introduce special functions to support terminals that may not work correctly. Discourages theft in their production and delivery processes Regulators Allows exclusion of non-approved terminals which is a license obligation in some markets Identifies handsets for lawful interception and criminal prosecution Consumers Allows consumers stolen handset checks and upholds integrity of used handset market Facilitates proof of purchase for warranty purposes
© GSM Association Technical principles to secure IMEI’s Necessary to educate operators and manufacturers on technical ways to protect IMEI Nine technical principles agreed to ensure and strengthen handset integrity Technical principles have been published for the guidance of operators and manufacturers Principles provide operators with technical criteria to assess IMEI security levels when purchasing handsets Handsets compliant with the technical requirements will emerge by end 2005
© GSM Association Technical principles 1. Uploading, downloading and storage of executable code and sensitive data 2. Protection of components’ executable code and sensitive data 3. Protection against exchange of data/ software between devices 4. Protection of executable code and sensitive data from external attacks 5. Prevention of download of a previous software version 6. Detection of, and response to, unauthorised tampering 7. Software quality measures 8. Hidden menus 9. Prevention of hardware substitution
© GSM Association IMEI weakness reporting Process designed to facilitate reporting and correction of identified IMEI security weaknesses Process notifies operators and manufacturers of identified weaknesses and engages with manufacturers centrally Further example of accelerated cooperation with manufacturers on security levels Manufacturers invited to participate by signing participation agreement and non-disclosure agreements Supported by World’s leading manufacturers Scheme launched in June 2004 and operators could submit reports
© GSM Association Reporting Process Report of IMEI compromise submitted to GSMA by operator Report logged and initial assessment carried out by GSMA Report passed to manufacturer for acknowledgement & response within 42 days Manufacturer reports on findings & indicates when secure product will be shipped Subsequent resolution will result in withdrawal of notification Failure to respond/rectify results in notification to GSMA members Operators informed via InfoCentre
© GSM Association Motivation for Development of Outsourced Service Problem IMEI is fundamental enabler for value-add services IMEI security is indicative of overall level of handset security Security levels provided to date are insufficient Security breaches and weakness are not reported and are unresolved Operators are ill equipped to identify and report problems Proposed Solution Establish an outsourced service where GSMA will be provided with IMEI security reports for distribution to GSMA members and manufacturers Overall Objective Improve handset security levels by having faults corrected Ensure lessons learned from hacks feeds into future design
© GSM Association Timeline Nov 07 – EMC approved TG1 Dec 07 – Funding requirements submitted in GSMA Business Plan Jan 08 – Contractual arrangements and commercial terms agreed Feb 08 – Funding availability confirmed following budget approval Mar 08 – Contracts signed with Phonesec and launch announced Apr 08 – Service launched
© GSM Association Service Components Detection of security compromise claims – Proactive identification of claims from public and non-public sources – List of devices submitted to GSMA on monthly basis – IMEI security and SIM lock Validation of security compromise claims – Selected handsets notified to Phonesec and the hacking tool is obtained – Tests conducted on the device to change the IMEI – Detailed report submitted to GSMA for provision to device manufacturer Evaluation of corrective measures – Manufacturers propose solutions within 42 days and details are provided to GSMA – GSMA requests a corrected handset and Phonesec check effectiveness of countermeasures
© GSM Association Handset Security Steering Group Ensure IMEI Security are provided in accordance with contract and budget Maintain documentation and identify and deliver ongoing improvements Review list of handsets submitted on a monthly basis and select models for validation Review and analyse IMEI security statistics supplied by the service provider Promote and communicate the importance of enhanced IMEI security levels to all stakeholders
© GSM Association Observations to date Service provided by Phonesec – 17 monthly reports received to date – 338 compromised devices reported – 78% attributable to 2 manufacturers – 6 new manufacturers signed up to reporting process this year – Only HTC and Research in Motion have refused to participate 32 validations requested to date – 22 resolved – 21 countermeasures proposed – 10 in progress – No countermeasures evaluated due to budget restrictions Security levels increasing 2008/09 saw 17% fewer comprised devices than previous year Most recent quarter shows 51% decrease on the same period 1 year earlier
© GSM Association Thank you for your attention Any questions ??? James Moran GSMA Association
Insert your company logo here (on slide master). Insert your company logo here (on slide master) Developed by the Department of Communications, Information.
2. Develop Procurement Strategy 2. Develop Procurement Strategy 3. Supplier Evaluation & Selection 3. Supplier Evaluation & Selection 5. Induction & Integration.
Manage an IT Project. Aim This presentation is prepared to support and give a general overview of the ‘How to Manage and IT Project’ Guide and should.
Green Seal Standard for Product Manufacturers, GS-C1 Green Seal Standard for Product Manufacturers, GS-C1 Public Review Webinar September 15, 2010.
Commissioning Development Programme Building choice of high quality support for commissioners Commissioning Support Services: Checkpoint 3 Guidance June.
Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving.
The Project Cycle Management Course presented by Simon Pluess World Alliance of YMCAs.
Establishing Effective Partnerships with State Vocational Rehabilitation Agencies.
1 Interpreting Lessons Learnt from Recent Enforcement Actions Focus on Technology 20 th June, 2013 Mark Dunn Market Planning Manager LexisNexis BIS Risk.
MCCC AND WHAT IT MEANS TO BE A DELEGATE Lisa Christine Meredith Executive Director, MCCC.
1 CURRENT DEVELOPMENTS IN THE REGULATORY FRAMEWORK OF THE EUROPEAN BANKING SYSTEM Prof. Christos Vl. Gortsos Secretary General, HBA May 2008.
IP Audit "We're in an object-oriented, outsourced, and open-sourced world, and organizations are anxious to take steps to ensure that the software they.
NAHU Ethics In Business. Good Ethics is Good Business Why? Maybe its because the insurance industry is so highly regulated. Maybe its because NAHU makes.
Health & Safety Management Health & Safety Management for Quarries Topic Four.
Communication for the open minded Study on user identification methods in card payments, e-payments and mobile payments Summary of recommendations (WP5)
MFG Assessment Application: Assessment Criteria and Metrics 1 Performance assessment criteria and metrics may be used as the basis for determining the.
SharePoint Governance Questions January 2014 ©2014 SUSAN HANLEY LLC.
Invitation to Join Open Health Tools Draft by Skip McGaughey
Competence is the demonstrated ability to apply knowledge and/or skills and, where relevant, personal attributes. A certification scheme contains.
AWARENESS OF ISO 9000 (2000) By C. Das Additional Director ERTL(E),Calcutta.
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.
Patent Strategy Cross- licensing Marc S. Adler 2009 Advanced Licensing Institute at Pierce Law January 2009.
Home Introduction Purpose of this Tutorial Guide for Managers Appendices Role of HR Units Performance Review Meeting Performance Improvement Action Plan.
HUMAN RESOURCES ANNUAL WORKFORCE REPORT 2012/2013.
PCI-DSS Compliance and Payment Card Acceptance Cathy Freeman Cash and Treasury Services Phone:
Workshop on the Registrar Accreditation Agreement Creating new protections for registrants.
Sales Order Cycle Review Report Insert Date. Source: 2 Table of Contents Executive Summary 3 Objective, Scope & Procedures Performed4.
Commissioning Development Programme Building choice of high quality support for commissioners Commissioning Support Services: The Design of Checkpoint.
Examining the Regulatory Landscape Al Berman DRI International NEDRIX Annual Conference October 20, 2009.
SQAs Approach to Quality Assurance of Assessment Matthew McCullagh Quality Manager Welcome.
© 2016 SlidePlayer.com Inc. All rights reserved.