Transparency of SIM profiles for the consumer remote SIM provisioning protocol

Simple item page
dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorAhmed, Abu Shohelen_US
dc.contributor.authorThakur, Mukeshen_US
dc.contributor.authorPaavolainen, Santerien_US
dc.contributor.authorAura, Tuomasen_US
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.departmentDepartment of Communications and Networkingen
dc.contributor.groupauthorNetwork Security and Trusten
dc.contributor.groupauthorProfessorship Aura Tuomasen
dc.contributor.groupauthorHelsinki Institute for Information Technology (HIIT)en
dc.contributor.organizationEricsson Oy
dc.date.accessioned2021-02-02T09:12:09Z
dc.date.available2021-02-02T09:12:09Z
dc.date.issued2020-08-19en_US
dc.description| openaire: EC/H2020/779984/EU//SOFIE Lataa oa-artikkeli, kun julkaistu.
dc.description.abstractIn mobile communication, User Equipment (UE) authenticates a subscriber to a Mobile Network Operator (MNO) using credentials from the MNO specified SIM profile that is securely stored inside the SIM card. Traditionally, a change in a subscriber’s SIM profile, such as a change in a subscription, requires replacement of the physical SIM card. To address this shortcoming, the GSM Association (GSMA) has specified the consumer Remote SIM Provisioning (RSP) protocol. The protocol enables remote provisioning of SIM profiles from a server to SIM cards, also known as the embedded Universal Integrated Circuit Card (eUICC). In RSP, any GSMA-certified server is trusted by all eUICCs, and consequently any server can provision SIM profiles to all eUICCs, even those not originating from the MNO associated with the GSMA-certified RSP server. Consequently, an attacker, by compromising a server, can clone a genuine SIM profile and provision it to other eUICCs. To address this security problem, we present SIM Profile Transparency Protocol (SPTP) to detect malicious provisioning of SIM profiles. SPTP assures to the eUICC and the MNO that all SIM provisioning actions—both approved and unapproved—leave a permanent, non-repudiatable trail. We evaluate security guarantees provided by SPTP using a formal model, implement a prototype for SPTP, and evaluate the prototype against a set of practical requirements.en
dc.description.versionPeer revieweden
dc.format.extent16
dc.format.mimetypeapplication/pdfen_US
dc.identifier.citationAhmed, A S, Thakur, M, Paavolainen, S & Aura, T 2020, 'Transparency of SIM profiles for the consumer remote SIM provisioning protocol', Annals of Telecommunications - Annales des Telecommunications. https://doi.org/10.1007/s12243-020-00791-2en
dc.identifier.doi10.1007/s12243-020-00791-2en_US
dc.identifier.issn0003-4347
dc.identifier.issn1958-9395
dc.identifier.otherPURE UUID: dea60331-5ee2-491f-a5ac-cab9c1daae3aen_US
dc.identifier.otherPURE ITEMURL: https://research.aalto.fi/en/publications/dea60331-5ee2-491f-a5ac-cab9c1daae3aen_US
dc.identifier.otherPURE FILEURL: https://research.aalto.fi/files/55558677/Ahmed2020_Article_TransparencyOfSIMProfilesForTh.pdf
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/102606
dc.identifier.urnURN:NBN:fi:aalto-202102021908
dc.language.isoenen
dc.publisherSpringer
dc.relationinfo:eu-repo/grantAgreement/EC/H2020/779984/EU//SOFIE Lataa oa-artikkeli, kun julkaistu.en_US
dc.relation.fundinginfoOpen access funding provided by Aalto University. This work has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 779984.
dc.relation.ispartofseriesAnnals of Telecommunications - Annales des Telecommunicationsen
dc.rightsopenAccessen
dc.subject.keywordConsumer RSPen_US
dc.subject.keywordeSIM securityen_US
dc.subject.keywordSIM profile cloningen_US
dc.subject.keywordTransparencyen_US
dc.titleTransparency of SIM profiles for the consumer remote SIM provisioning protocolen
dc.typeA1 Alkuperäisartikkeli tieteellisessä aikakauslehdessäfi
dc.type.versionpublishedVersion

Files

Collections

[article-cris] Perustieteiden korkeakoulu / SCI