December 4, 2009 at 00:33

How to turn a SIM card into a web server

    SIM card interaction with the outside world


    Not so long ago, I began to understand GSM - firstly, the topic itself is very interesting, and secondly, it is useful to me for a duty. =)

    In the course of the next searches on the Internet, I came across an interesting article that describes the communication interfaces of a mobile phone and a SIM card. I won’t retell the entire article, I just note that based on it, the evolution of these interfaces includes the following main stages: GSM Phase 1 , GSM Phase 2 and the JavaCard specification for special SIM cards that can run a very cropped Java Virtual Machine. At the end of the article was the following text:

    PS And for the final expansion of horizons of consciousness, look for the words “How to turn SIM card into Web Server” in Google :)

    Which I actually did. As a result, I received an interesting English-language text , a free translation of which (as far as I am able and able) I intend to cite below.

    Technology Description


    Today, most of the worries about the wireless Internet are caused by the benefits of accessing the World Wide Web using mobile networks. Mini-and WAP-browsers seek to turn a mobile phone into a full-fledged laptop (while the latter begins to modestly recede under the onslaught of mobile platforms). At the same time, relatively few “reverse” thoughts arise - what does the mobile network offer the Web.
    There is still no generally accepted solution for secure, reliable authentication, which is the main prerequisite for large-scale customer billing. Various attempts were made to provide the necessary security technology on the Internet, but not one of them was widespread - in practice, all approaches were recognized as either too unsafe or too difficult for the end user. Due to its strong resemblance to a credit card, a smart card is an appropriate option, but the necessary infrastructure for smart card-based solutions is too complex and expensive to install and configure.
    GSM, in turn, provides a widely used security infrastructure in the form of symmetric keys distributed in SIM. Over 250 million subscribers (I think the data is more than outdated ) do not part with these portable smart cards, storing them in their mobile phones. Thus, it is possible to consider a mobile phone as such a “wireless card reader” with an additional “feature” in the form of an input / output channel for user access to applications inside the SIM.

    The theme of this work is that while the Web provides its content to mobile phones, mobile phones can bring their reliability to the Web. The idea is to provide GSM SIM authentication and authorization to Web applications in a simple and friendly way, such as a Web server. Servers like WebSIM, like any others, use the TCP / IP protocol and are accessible from Internet hosts via HTTP. Specific services provided by a SIM-based server, such as authentication, can be implemented on a SIM using CGI scripts.
    image
    Technically, this is achieved by implementing a web server in GSM SIM and resolving HTTP requests to SIM and HTTP responses from it. From the GSM point of view, this HTTP server provides certain parts of the existing GSM SIM application programming interface (ETSI GSM 11.11 and GSM 11.14) to the Internet. This makes communicating with the SIM in a mobile phone identical to communicating with any other web server on the Internet, providing transparent access to the SIM (for example, for authentication).

    Having an HTTP server in SIM, we need to connect it to the Internet. An elegant approach would be to use a mobile phone as a router for SIM. Moreover, if we do not want to assign a separate IP address for the SIM, we can configure listening on port 80 on the mobile phone in the SIM applet.
    This approach, although it easily integrates with technologies such as GPRS, imposes additional requirements on the mobile phone model and the creation of a new ETSI standard. Even if such a standard is agreed on time, it will take at least 2-3 years to enter the market. Therefore, another approach was invented, which can be implemented using protocols and equipment already available today.

    The difficulties listed above can be circumvented with a solution that is very common on the Internet proxy server. Having set up a proxy for SIM on the Web, we made it possible to deliver packets via SMS directly to SIM. Thus, we are not dependent on the telephone and use existing and widely used protocols and standards.
    image
    The process of communicating with SIM via proxy and SMS is as follows:
    1. The Internet host sends an HTTP request to the SIM proxy.
    2. The proxy packs the request in a specially tagged SMS and sends it to SIM.
    3. The SIM sends the incoming SMS to the appropriate handler (based on the tag).
    4. The HTTP packet is retrieved and processed by the web server in SIM.
    5. The HTTP response is again packaged in SMS and sent back to the proxy.
    6. The proxy retrieves the HTTP response from SMS and sends it back to the host that sent the request.

    As a result, SIM can be accessed by any Internet host, and in addition there are additional features:
    • implementation of a firewall between the Internet and GSM
    • denial of service attacks
    • NAT between the Internet address of the SIM and the GSM address of the mobile phone in which this SIM is located
    • providing billing for WebSIM services
    • elimination of the need to implement the TCP / IP stack in SIM.

    So...


    This general description ends. The article also discusses the implementation of the basic web server according to the described scheme and examples of its operation. I won’t describe them (I’m just not sure how much this article will be interesting to anyone at all, therefore I don’t want to try in vain), I’ll just note that the applet is written in Java and has a size of about 7 kb (with additional tricks it can be shrunk up to 5 kb) and implements the basic functionality of HTTP 1.0, which allows you to expand its functionality if you wish without a sharp increase in the size of the application.

    Thanks for attention!

    Question:In your opinion, how relevant is this idea today (after all, the article itself dates from the year 2000)? And personally, it’s not entirely clear to me why SMS delivery speed, which can be sooo small (and generally not guaranteed), is not taken into account ...

    PS: This article went through the sandbox, so thanks to the unknown mikeSP for the invite and be lenient :)

    PPS: Yes, and ready to listen to comments / suggestions!
    Tags:

    Also popular now: