Transparency of SIM profiles for the consumer remote SIM provisioning protocol

Thumbnail Image

Access rights

openAccess
publishedVersion

URL

Journal Title

Journal ISSN

Volume Title

A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)

Authors

Date

2020-08-19

Department

Department of Computer Science
Department of Communications and Networking

Major/Subject

Mcode

Degree programme

Language

en

Pages

16

Series

Annals of Telecommunications - Annales des Telecommunications

Abstract

In mobile communication, User Equipment (UE) authenticates a subscriber to a Mobile Network Operator (MNO) using credentials from the MNO specified SIM profile that is securely stored inside the SIM card. Traditionally, a change in a subscriber’s SIM profile, such as a change in a subscription, requires replacement of the physical SIM card. To address this shortcoming, the GSM Association (GSMA) has specified the consumer Remote SIM Provisioning (RSP) protocol. The protocol enables remote provisioning of SIM profiles from a server to SIM cards, also known as the embedded Universal Integrated Circuit Card (eUICC). In RSP, any GSMA-certified server is trusted by all eUICCs, and consequently any server can provision SIM profiles to all eUICCs, even those not originating from the MNO associated with the GSMA-certified RSP server. Consequently, an attacker, by compromising a server, can clone a genuine SIM profile and provision it to other eUICCs. To address this security problem, we present SIM Profile Transparency Protocol (SPTP) to detect malicious provisioning of SIM profiles. SPTP assures to the eUICC and the MNO that all SIM provisioning actions—both approved and unapproved—leave a permanent, non-repudiatable trail. We evaluate security guarantees provided by SPTP using a formal model, implement a prototype for SPTP, and evaluate the prototype against a set of practical requirements.

Description

| openaire: EC/H2020/779984/EU//SOFIE Lataa oa-artikkeli, kun julkaistu.

Keywords

Consumer RSP, eSIM security, SIM profile cloning, Transparency

Other note

DOI

10.1007/s12243-020-00791-2

Citation

Ahmed, A S, Thakur, M, Paavolainen, S & Aura, T 2020, 'Transparency of SIM profiles for the consumer remote SIM provisioning protocol', Annals of Telecommunications - Annales des Telecommunications. https://doi.org/10.1007/s12243-020-00791-2

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202102021908

Collections

[article-cris] Perustieteiden korkeakoulu / SCI