Offloading Cryptographic Services to the SIM Card

Resumo

Mobile OS security relies heavily on cryptography. Features like file or device encryption and secure keystores are essential to protect user data from intrusions. As smartphones increasingly gain popularity, mobile platforms keep evolving their hardware and software modules that work as cryptographic providers for the rest of the system. These solutions are usually designed to resist software attacks by introducing a Trusted Execution Environment (TEE). This kind of protection is not enough when physical control over the device is lost. Secure elements such as smart cards, on the other hand, include a set of protections that make them physically tamper resistant devices. In this paper we propose the use of the SIM card, the only universally present secure element in mobile phones, as a cryptographic provider and put forward a proof-of-concept prototype developed under Android OS. We also present the results of a performance evaluation that was conducted and study the impact on battery consumption, comparing our solution to the default implementation of an Android mobile phone. Despite some performance limitations our approach proves to be a valid alternative to provide enhanced security features on any smartphone.