[CNET] Microsoft Puts Web Server on a Phone

From: Adam Rifkin (Adam@KnowNow.Com)
Date: Thu Apr 05 2001 - 11:54:16 PDT

Just in time for WAP 2.0...


Microsoft puts Web server on a phone
By Will Knight
Special to CNET News.com
April 5, 2001, 9:15 a.m. PT
Researchers at Microsoft's laboratories in Cambridge, England, have managed
to squeeze a minuscule Web server onto a smart card for a GSM mobile phone.

The researchers are more than just showing off, however, saying the
development could lead to new mobile Internet payment methods.

The tiny server, called the WebCamSIM and based on the MS Smart Card
platform, allows an ordinary GSM phone to serve up text to computers over
the Internet. Messages are sent through an SMS (Short Message Service)
gateway, which translates them back and forth into a form that can be
understood by machines on the Internet. The WebCamSIM server can be
programmed with the software tool set for the MS Smart Card.

Kai Rannenberg, a member of the Microsoft Security Group leading the
research, says the technique makes use of the encryption and security built
into GSM networks and therefore represents a cheap and easy way to make
secure payments over the Internet.

Rannenberg added that WebCamSIM could--theoretically--be used to serve up
ordinary Web pages. "There is nothing to stop you, in practice," he says.
"You could deliver a simple text page."

Microsoft's researchers have used the SIM (subscriber identity module) HTTP
server to send and receive simple messages via the Internet. A digital key
requiring a password is stored in the SIM card, which the phone user can use
to confirm a payment or order over the Internet, said Rannenberg. A thief
would need to not only steal and unlock a user's phone but then guess the
identifying code to bypass the security, he said.

Security is key
Analysts agree that adequate security is fundamental to promoting confidence
in mobile Internet technology. The next generation of mobile phone networks,
known as UMTS (Universal Mobile Telecommunications System), or 3G (third
generation), will give mobile devices much higher bandwidth, which in turn
promises to inspire mobile Internet commerce services.

The security of WebCamSIM, however, can only be as strong as its weakest
link, noted John Everitt, a British computer-security consultant. The main
problem is that this relies on the underlying infrastructure of mobile phone
companies," he said. "It depends on how it is secured point to point."

Everitt said a weakness could be found at the point where messages are
translated from SMS format.

Everitt also noted that the encryption protecting GSM is not perfect. GSM
SIM cards generate a 40-bit encryption key for each a phone that logs onto a
network. In 1999, however, researchers at the Weismann Institute in Israel
exploited an alleged weakness in the underlying algorithm to decode GSM
phone messages.

The next generation of networks will raise the stakes by using 128-bit keys,
but UMTS phones will also be considerably more powerful. Rannenberg
acknowledged this will complicate the situation. "This might be more
dangerous with more complex phones," he said.

He also acknowledged that a mobile phone is not ideally suited to acting as
a Web server. GSM mobile phones have a limited amount of memory, typically
around 64 kilobytes. GSM networks also restrict phones to sending just 160
SMS characters at a time, and a user is charged for each individual message.

Nevertheless, SMS messaging has seen surprising popularity among mobile
phone users in Europe. A survey carried out by the GSM Association in
December estimated that more than 200 billion text messages will be sent
this year alone.


I don't want to waste my time, become another casualty of society. I'll never fall in line, become another victim of conformity. -- Sum 41, "FAT LIP"

This archive was generated by hypermail 2b29 : Sun Apr 29 2001 - 20:25:32 PDT