methics.fi downtime

We experienced some downtime on the office internet connection yesterday and today morning.
We are now back!

Posted in News

Advanced Electronic Signatures and Mobile ID

What are Advanced Electronic Signatures?

An advanced electronic signature (AdES) is an electronic signature that meets the requirements defined by the EU Regulation No 910/2014 on electronic identification and trust services for electronic transactions. This regulation is under a standard framework known as eIDAS-regulation and the most important standards for Mobile ID services are CAdES and XAdES.

For an electronic signature to be considered as advanced, it must meet several requirements:

  1. The user that has signed a document (signatory) is uniquely identified and linked to the signature. This is done with signatory’s certificate.
  2. The signatory has sole control of the signature creation data i.e. a private key is used to create the electronic signature and the private key is protected with a signatory’s PIN.
  3. The signature can identify if its accompanying data has been tampered with after the message was signed. This property is provided by CMS standard and asymmetric cryptography.
  4. If the signed data has been changed, the signature verification fails. This property is provided by CMS standard and asymmetric cryptography.

Advanced electronic signatures are based on one of the Baseline Profiles that have been developed by the European Telecommunications Standards Institute (ETSI). These are:

  • XAdES, XML Advanced Electronic Signatures is an extensions to W3C XML-DSig. XML-DSig uses Cryptographic Message Syntax (CMS) for signature
  • CAdES, CMS Advanced Electronic Signatures is also an extensions to signed data defined in CMS.
  • ASiC Baseline Profile. ASiC (Associated Signature Containers) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or time-stamp tokens into one single container (a zip file).

Additionally eIDAS regulation defines digest formats and special signature application standards like PAdES for pdf-document signing.

How to create Advanced Electronic Signatures with Standard Conformance?

Standard conformance requirements have been defined in the document like Electronic Signatures and Infrastructures (ESI); CAdES Baseline Profile (ETSI TS 103 173).

B-Level

Mobile signatures have B-Level (basic level) conformance fulfilling profiles:

  • CAdES-BES when the signature-policy-id attribute is not present and
  • CAdES-EPES when the signature-policy-id attribute is present.

This is the base profile Kiuru MSSP uses by default. Therefore we can claim that Kiuru MSSP default configuration is conformant to CAdES B-level.

T-Level

T-Level can be achieved in two ways: Application Provider uses external Trusted Time Provider or MSSP (as a Trust Service Provider) generates a time-stamp token. The time token proves that the signature itself actually existed at a certain date and time. This time-stamp is included into the signed data.

MSSP acting as a Trusted Service Provider can be done by connecting Kiuru MSSP with a trustworthy time source aka Time Stamping Authority. In this case Kiuru MSSP can claim T-Level (Trusted time for signature existence) conformance.

Other

Additionally CAdES Baseline Profile defines two more advanced profiles, which are LT-Level (Long Term level) and LTA-Level (Long Term with Archive time-stamps) conformance. Currently these are out of Kiuru MSSP product’s scope.

How to create Advanced Electronic Signatures with Mobile ID?

Advanced electronic signatures basic profiles are CMS signatures with well-specified attributes. The only attribute which may need some extra work for the B-level is the signatory identifier (certificate). Typical Application Provider XAdES software implementation requires a complete certificate chain beforehand and therefore the certificate chain should be available.

This means that before you can request a CAdES or XAdES signature, you need to either authenticate the user with user’s signing key or request user’s signing certificate by other means. Anyhow, this is not a problem for the most of use cases.

For the T-level implementation, the trustworthy time provider is the key challenge. Typical solution is that the MSSP integrates a common timestamp provider for all application providers.

So the advanced electronic signature is requested by preparing signature data and by requesting a standard mobile signature for the data to be signed (DTBS). The MSSP sends the DTBS to the WPKI applet and you can sign the request similarly as a normal authentication request. For your convenience we have added an example XAdES implementation to the Laverca MSSAPI library (GITHUB).

Posted in Blog Tagged with: , , , ,

Laverca Adds Partial Support for XAdES Signatures

XAdES is an XML Signature extension that allows the use of Advanced Electronic Signatures. Laverca 2.0.1 adds a partial support to XAdES in a form of an example using the Esig DSS library.

You can find the latest Laverca release here.

 

Posted in News Tagged with: ,

How to make interoperable authentication applets on SIM cards?

The interoperability of SIM card applets (SIM Toolkit applications) is an important requirement in today’s mobile communication business. It is normal practice for MNOs to have SIM cards from different SIM vendors. These different cards come with different characteristics including differences in ETSI library versions, Java Card versions, GlobalPlatform API releases etc. The SIM cards are highly standardized in the ETSI Smart Card Platform (SCP) technical specifications. Cryptography and Java Card technologies are also highly standardized even though these technologies have been evolving for a long time. The common problem is that there are still small hidden obstacles and differences in the card platform implementations that every new software must be properly tested and verified.

For the purpose of this blog, we have identified two different legacy approaches to solving SIM toolkit application interoperability issues in mobile communication business.

The first approach is to write detailed specifications in ETSI or in other standardization forums. The GSMA Mobile Connect specification tries to solve CPAS8 applet interoperability in this way. The CPAS8 applet specification has only small number of options and the specification is very detailed. SIMalliance has also published corresponding “Mobile Connect SIM Applet Interoperability Stepping Stones” specification for the CPAS8 applet. The biggest pro of this approach is that the specifications become industry standards meaning anyone can use the specification to develop an authentication applet. This approach is good when a company has enough development resources to follow yet another specification and related conventions. However, the con of this approach is that industry specification and standardization endeavor often takes long, produces large documentation that is sometimes difficult to read/understand and often times, does not cover everything (covers only the most common interoperability issues).

The second approach is the one taken by some SIM card vendors. SIM card vendors have a slightly different approach for interoperability. Gemalto (GTO) has a VMAC applet certification procedure and Giesecke & Devrient (GD) has a WIB applet certification procedure. Pro of this approach is that someone makes some business by checking the applet interoperability and therefore quality control is higher than when vendors just follow new GSMA/SIMalliance specifications. Con in this model is that the applet issuer like GTO or GD will be better positioned in the applet (and SIM card) market than other players. They can control the speed of new certified cards and monitor the other vendor’s products etc.

Methics takes a new approach to the interoperability issues. The Alauda Applet was developed with interoperability in mind; hence the applet supports cards from all SIM card vendors. An accompanying testing tool – the AlaudaTool – is provided in the applet package for applet/card interoperability testing. The pro of this approach is that you can easily test various product combinations and get clear test reports quickly. It is also cost efficient to deploy applets on every possible new SIM platforms. Con is that the testing tool depends on the applet specification and it is quite hard to develop new tools. To minimize required new development work for each new applet specification we have developed an applet test framework and nowadays we can just define new applet functional tests by just adding new simple Java JUnit tests.

Posted in Blog Tagged with: , ,

MNOs – Enablers for Mobile Signature Services

Mobile Network Operators (MNOs) across the world are central to the adoption and deployment of Mobile Signature Services such as Mobile ID and Mobile Connect. The purpose of this blog is to describe how uniquely placed MNOs are in driving change in authentication services on the internet and also profit from it.

The need for a strong authentication based user account management for service providers cannot be overemphasized. In the last couple of years, the use of authentication methods such as username/password combination, one-time passwords (OTP) have been proven to not only be weak but to be out of date in the 21st century web applications. Time and time again, we have read stories of massive account breaches or been victims ourselves of privacy breaches. The world understands that there is a need for better authentication solutions than username/password and MNOs are in the right position to solve this niggling headache that is refusing to go away.

Before now, the solutions that were prescribed, were either secure but with bad user experience or designed with usability in mind but with too many security holes to be usable. Another problem of these solutions was that they were not scalable. Therefore, they find more usage in enterprise applications rather than mass market adoption.

Mobile Signature Services

One solution which is not only highly secure but also scalable, with good user experience is digital signature based mobile authentication solution. This suite of solutions is referred to as Mobile Signature Service (MSS) or simply Mobile ID.

Mobile Network Operators are an important player in Mobile ID business. They are enablers for the business and as such, can use their unmatched position in the market to create new revenue streams for their business as well as drive adoption of better authentication solutions on the internet.

MNOs, provide highly secure SIM cards that host the applets which enable mobile ID services. Today, the SIM card is one of the most secure and widely spread devices owned by the people around the world. The SIM card is tamper proof and follows even the most stringent smart card security requirements. Yet this highly secure device is completely owned by MNOs and is already in the hands of billions of people around the world (at last count, over 4.5 billion subscribers).

Another important attribute of MNOs in this industry is “Know Your Customer” (KYC). MNOs will know their customers – In fact, in most countries of the world, especially in developing countries, including Nigeria, Pakistan, Kenya etc. a subscriber must register with their MNO on the activation of their mobile subscription be it prepaid or postpaid. This offers MNOs the unique opportunity of becoming Identity Verification Service Providers.

With the knowledge of their customers and SIM cards already in the hands of subscribers, MNOs can deploy MSSP solutions to not only offer Identity Verification Services but also become Authentication and Secure Communication Providers. Thus, with their distinctive placing, MNOs can utilize their unique assets to provide authentication services to web service providers.

Internet of Things

There is also an opportunity for MNOs in this era of Internet of Things (IoT). Today, across the world, we are hooking more and more devices to the internet including important infrastructure devices such as smart meters, traffic lights, weather sensors, CCTV cameras etc.

This presents MNOs with a fantastic opportunity to become managed security solutions provider for IoT. Through mobile ID solutions, MNOs can create authentication and secure communication channel for secure IoT communication. In the future, this will become an even easier proposition for MNOs with the development of eSIMs. MNOs just have to be Agile in grabbing this opportunity.

In conclusion, it seems like the MNOs are sitting on a gold mine of opportunities. It is surprising that MNOs are slow in taking advantage of this opportunity today. We are convinced that with the unique position of the MNOs, mobile signature services offers them a future-proof revenue stream.

Posted in Blog Tagged with: , , ,

Mobile ID SMS Bearer Latency in Some Mobile Network Technologies

The motivation of this blog post is to show an estimation of the time to complete a mobile ID transaction using SMS bearer in some mobile network technologies like 2G, 3G, and 4G.

The figure below describes the flow of a typical user authentication in the mobile ID service.

Figure 1: Example Mobile ID Transaction flow

When an Application Provider service requests user authentication from the MSSP (2), the MSSP sends a mobile signature request via a SMSC to the end user device (over the air, 3.) After signing, a SIM card creates a response and sends it back to the MSSP via the SMSC (4).

Considering that users are often impatient and cannot tolerate long wait times in between request and response flows (access request and access granted), the mobile ID service response time matters.

Mobile ID responsiveness is hugely influenced by:

  • Mobile network technology standard (4G, 3G, 2G)
  • Number of SMS (especially the length of the DTBS/DTBD).
  • Mobile network and service quality

The network technology standard specifies the latency and bandwidth of the network, which determines how fast an SMS message is delivered over the network. The latency of an SMS message in 2G is understandably higher than the latency in newer standards such as 3G or 4G.

The number of SMS is dependent on the cryptographic technology in use. On the Alauda P38 Lighting SIM card applet the number of request SMSs is 1, and number of response SMSs is 1 for 256 bit ECDSA signatures to 2 for 2kb RSA signatures.

Additionally, if the SMSC does a store-and-forward handling of the messages, it increases delivery latency both ways.

Other factors, which may influence responsiveness to a certain degree include:

  • Network signal strength
  • Mobile device attributes such as mobile OS etc.

The table below shows mobile ID performance figures in different mobile network technology standards, using 2K RSA. These figures have been measured in DNA network, Espoo, Finland, 2017.

Mobile Network Technology Round-trip time, seconds

4G

4 – 7

3G

6 – 9

2G

14 – 20

Table 1: Estimated Mobile ID SMS Round-Trip Times (Finland)

Table 1 above and figure 2 below, show that the transaction time in the Kiuru MSSP platform is more or less negligible, with complete round-trip time (Signature request and responses) in the MSSP, only a fraction of a second (200 milliseconds). The bottleneck is the network latency. The round-trip time varies between 4 – 7 seconds in 4G, and 14 – 20 seconds in 2G.

Figure 2: Mobile ID transaction times (graph)

Below is the figure obtainable in Switzerland (Swisscom, Zürich, 2017) using the Swiss Mobile ID. Time measurements have been done with higher resolution ☺

Mobile Network Technology Round-trip time, seconds

4G

3.2

3G

5.0

2G

14.3

Table 2: Mobile ID Communication Round-trip Times (Switzerland)

As shown in the above table, the importance of the mobile network standard in use cannot be over emphasized, with performance improvement of 11 seconds from 2G to 4G.

We understand that from the user’s perspective, user experience deteriorates quickly once it exceeds 20 seconds to authenticate to an AP’s service. And that is why we have worked to reduce the number of SMS messages to a minimum, such that the user wait time is as small as possible.

On the average, we estimate that the maximum wait time should not exceed 8 seconds in 2G, 5 seconds in 3G and 3 seconds using 4G network, irrespective of if 2K RSA or ECC is used.

Future of SMS Bearer

There are two future directions for SMS based communication:

  • SMS-over-IP [ETSI TS 124 341]
  • The 5G network

The SMS-over-IP offers as fast communication as the underlying network technology itself.

The 5G network offers extremely low latency. In 5G network our expectation is less than 2 seconds round-trip.

Posted in Blog Tagged with:

Methics to Launch Mobile ID Standard Solution at Mobile World Congress

Methics will, at the Mobile World Congress (MWC) 2017 in Barcelona, launch the Mobile ID Standard solution, a ready-made, complete and easy-to-deploy solution for Mobile Signature Services. MIDS combines Methics’ robust Kiuru MSSP platform with the well proven Alauda P38 applet for SIM cards.

The MIDS solution is designed to enable fast and simple deployment of mobile signature services by mobile network operators for managed digital authentication and identity services.

Please join us at the Finland Pavilion, located at 5F31 in Hall 5 for the launch on Monday, 27th February, 2017 at 16.00.

For more information, see the MWC press release.

Posted in News Tagged with: , , , ,

SHA-1 Hash Collision Demonstrated – At Predicted Cost Levels

The research result on October 2015 from Dutch CWI did estimate that actual finding of two messages that collide producing same hash value will be possible in cost in order of $100 000. See our previous: SHA-1 is no longer considered secure.

Fresh result from same team with sponsored computing cluster capacity demonstrates that this is indeed correct cost estimate.

Actual Impact of SHA-1 Hash Collisions

The actual impact has not changed in past year and half:

  • Rapid challenge/response processing is safe because finding a collision takes at least hours, probably weeks or months.
  • Long term signature non-repudiation security depends on the value of that signature — if spending $100 000 is low enough cost for somebody to replace whatever is behind given signature, then that long term signature is not safe if it involves SHA-1 hashes.

Previously the cost level of producing this kind of hash collisions has been at levels of so called State Actors. This sub-million cost level is in corporate / criminal organization ball park. Meaning that organizations wanting to do this kind of things have just become a lot more numerous.

When Will SHA-1 Follow MD5?

Both algorithms are built on similar Merkle-Damgård construction, like is also SHA-2 family.

MD5 timeline:

  • MD5 hash algorithm was published in 1992.
  • First public collision was demonstrated in 2004 taking 1 hour in a computer cluster.
  • Collision break in less than 1 second in 2013 with single PC.

SHA-1 timeline:

  • SHA-1 hash algorithm was published in 1995
  • First public collision was demonstrated in 2017 taking a bit over 1 year of time with around 100 device years executed during it.
  • Public collision demo taking 1 hour or less time in ____ ?
  • Collision break in less than 1 second in ____ ?

 

Posted in Blog

Meet us at MWC2017

mwc17_oem_logo_trans_282x100
Methics will be exhibiting the Kiuru MSSP solution for Mobile ID and Mobile Connect Services at the Mobile World Congress 2017. Meet us at the Finland Pavilion, stand 5F31 in Hall 5, where we will be exhibiting the solution.

Please reserve a meeting with us using our contact form, or emailing <methics.sales-at-methics.fi>

Mobile World Congress is the world’s largest annual gathering of experts and industry executives in the mobile industry. The 2017 event will take place in Barcelona between 27 February to 2 March 2017.

 

Posted in News Tagged with: ,

Methics at AfricaCom 2016 – 15th to 17th November, 2016

africacom-smallThe AfricaCom is the largest and most influential Africa-focused tech event in the world – the meeting place for those driving Africa’s digital transformation. With the theme: “Economic Development and Social Empowerment through Digital Connectivity”, AfricaCom 2016, aims to elevate AfricaCom to become a powerful vehicle for digital transformation, economic development and social empowerment.

Methics will be exhibiting our Kiuru MSSP solution for Mobile ID and Mobile Connect Services at the event. Meet us at the TeamFinland stand E24, where we will be demostrating our solution and how it can help your company.

Posted in News