Annals of Telecommunications ( IF 1.9 ) Pub Date : 2020-08-19 , DOI: 10.1007/s12243-020-00791-2 Abu Shohel Ahmed , Mukesh Thakur , Santeri Paavolainen , Tuomas Aura
In mobile communication, User Equipment (UE) authenticates a subscriber to a Mobile Network Operator (MNO) using credentials from the MNO specified SIM profile that is securely stored inside the SIM card. Traditionally, a change in a subscriber’s SIM profile, such as a change in a subscription, requires replacement of the physical SIM card. To address this shortcoming, the GSM Association (GSMA) has specified the consumer Remote SIM Provisioning (RSP) protocol. The protocol enables remote provisioning of SIM profiles from a server to SIM cards, also known as the embedded Universal Integrated Circuit Card (eUICC). In RSP, any GSMA-certified server is trusted by all eUICCs, and consequently any server can provision SIM profiles to all eUICCs, even those not originating from the MNO associated with the GSMA-certified RSP server. Consequently, an attacker, by compromising a server, can clone a genuine SIM profile and provision it to other eUICCs. To address this security problem, we present SIM Profile Transparency Protocol (SPTP) to detect malicious provisioning of SIM profiles. SPTP assures to the eUICC and the MNO that all SIM provisioning actions—both approved and unapproved—leave a permanent, non-repudiatable trail. We evaluate security guarantees provided by SPTP using a formal model, implement a prototype for SPTP, and evaluate the prototype against a set of practical requirements.
中文翻译:
消费者远程SIM设置协议的SIM卡配置文件的透明度
在移动通信中,用户设备(UE)使用安全存储在SIM卡中的MNO指定的SIM配置文件中的凭据,向移动网络运营商(MNO)认证订户。传统上,订户的SIM卡配置文件的更改(例如订户的更改)要求更换物理SIM卡。为了解决此缺点,GSM协会(GSMA)已指定消费者远程SIM供应(RSP)协议。该协议支持将SIM配置文件从服务器远程配置到SIM卡(也称为嵌入式通用集成电路卡(eUICC))。在RSP中,所有eUICC都信任任何经过GSMA认证的服务器,因此,任何服务器都可以向所有eUICC提供SIM配置文件,即使这些配置文件不是源自与GSMA认证的RSP服务器关联的MNO。所以,攻击者可以通过破坏服务器来克隆真实的SIM卡配置文件并将其提供给其他eUICC。为了解决此安全问题,我们提出了SIM卡配置文件透明协议(SPTP),以检测SIM卡配置文件的恶意配置。SPTP向eUICC和MNO保证,所有SIM设置操作(包括已批准和未批准)都将留下永久的,不可重复的线索。我们使用正式模型评估SPTP提供的安全保证,为SPTP实施原型,并根据一组实际要求评估该原型。SPTP向eUICC和MNO保证,所有SIM设置操作(包括已批准和未批准)都将留下永久的,不可重复的线索。我们使用正式模型评估SPTP提供的安全保证,为SPTP实施原型,并根据一组实际要求评估该原型。SPTP向eUICC和MNO保证,所有SIM设置操作(包括已批准和未批准)都将留下永久的,不可重复的线索。我们使用正式模型评估SPTP提供的安全保证,为SPTP实施原型,并根据一组实际要求评估该原型。
京公网安备 11010802027423号