Security Analysis of the eSIM and Concept for a Unified Framework
Security Analysis of the eSIM and Concept for a Unified Framework
| Supervisor(s): | Maximilian Tschirschnitz Ludwig Peuckert |
| Status: | finished |
| Topic: | Others |
| Author: | Johannes Koblbauer |
| Submission: | 2022-09-15 |
| Type of Thesis: | Masterthesis |
DescriptionThe SIM card is a removable "Secure Element" storing a profile to authenticate devices in the mobile network.
The GSMA has defined a new way to load this profile onto devices in 2014 with the “eSIM” (embedded SIM),
which can be permanently embedded inside any device and must allow for changing the profile without changing
the SIM card.
Two different specifications for eSIM are defined by the GSMA: One for M2M devices and one for Consumer devices.
In the M2M architecture, profiles are "pushed" to multiple devices at once, while Consumers must "pull" their
profiles individually.
In this thesis, a structural security analysis is performed for both eSIM standards. We first define a security model
based on the Dolev-Yao attacker. We then check, if and how the system and communication of security assets
(e.g. a profile or encryption keys) are protected against this attacker in terms of the principles of Confidentiality,
Integrity and Authenticity. Our findings show, that state-of-the-art encryption methods and mutual authentication
between the eUICC and provisioning servers prevent common attack vectors. However, we see too much trust placed
in the GSMA CI and the honesty of Mobile Network Operators (MNOs). Certificates cannot be easily revoked and
management requests by MNOs are always trusted by design, which opens up attack strategies for malicious operators.
Based on our findings, we then propose improvements to both architectures. M2M should implement management permission
checks and reduce the key and ownership management complexity. Consumer should improve both the Activation Code
and LPA security, and possibly re-evaluate the usage of its event delivery system. Both systems must implement a CRL
update on the eUICC and remove the profile policy rule "cannot be disabled" to prevent eUICC lock-ins.
As a last step, we present a unification of both eSIM architectures. A merging of the systems would greatly increase the ease of
use and flexibility of the eSIM itself. The Consumer architecture is adapted and extended to fit the requirements of M2M
devices and simultaneously enable a profile "push" and "pull". We introduce an eSIM management portal to manage M2M
eUICCs and enhance the SM-DS to deliver management requests to these eUICCs. This event delivery system is then also
implemented as a Proof of Concept, which demonstrates how easy the integration is in practice.
|
|