DeepAI AI Chat
Log In Sign Up

Security Analysis of the Consumer Remote SIM Provisioning Protocol

by   Abu Shohel Ahmed, et al.

Remote SIM provisioning (RSP) for consumer devices is the protocol specified by the GSM Association for downloading SIM profiles into a secure element in a mobile device. The process is commonly known as eSIM, and it is expected to replace removable SIM cards. The security of the protocol is critical because the profile includes the credentials with which the mobile device will authenticate to the mobile network. In this paper, we present a formal security analysis of the consumer RSP protocol. We model the multi-party protocol in applied pi calculus, define formal security goals, and verify them in ProVerif. The analysis shows that the consumer RSP protocol protects against a network adversary when all the intended participants are honest. However, we also model the protocol in realistic partial compromise scenarios where the adversary controls a legitimate participant or communication channel. The security failures in the partial compromise scenarios reveal weaknesses in the protocol design. The most important observation is that the security of RSP depends unnecessarily on it being encapsulated in a TLS tunnel. Also, the lack of pre-established identifiers means that a compromised download server anywhere in the world or a compromised secure element can be used for attacks against RSP between honest participants. Additionally, the lack of reliable methods for verifying user intent can lead to serious security failures. Based on the findings, we recommend practical improvements to RSP implementations, to future versions of the specification, and to mobile operator processes to increase the robustness of eSIM security.


page 1

page 2

page 3

page 4


Formal Analysis of 5G Authentication

Mobile communication networks connect much of the world's population. Th...

Formal Modelling and Security Analysis of Bitcoin's Payment Protocol

The Payment Protocol standard BIP70, specifying how payments in Bitcoin ...

HDMI-Walk: Attacking HDMI Distribution Networks via Consumer Electronic Control Protocol

The High Definition Multimedia Interface (HDMI) is the de-facto standard...

Adversary Models for Mobile Device Authentication

Mobile device authentication has been a highly active research topic for...

Secure Memory Erasure in the Presence of Man-in-the-Middle Attackers

Memory erasure protocols serve to clean up a device's memory before the ...

Flexible Anonymous Network

Internet technologies have been designed from guidelines like the robust...

SimplyMime: A Control at Our Fingertips

The utilization of consumer electronics, such as televisions, set-top bo...