eSIM下载协议中的漏洞.pdf

《eSIM下载协议中的漏洞.pdf》由会员分享，可在线阅读，更多相关《eSIM下载协议中的漏洞.pdf（35页珍藏版）》请在三个皮匠报告上搜索。

1、Vulnerabilities in the eSIM download protocolPresentersAbu Shohel Ahmed,Aalto UniversityTuomas Aura,Aalto UniversityJoint work withAleksi Peltonen,CISPAMohit Sethi,Kone and Aalto UniversityWho are we?our storyHey,I am working on implementing eSIM download protocolHow do I know the protocol is secure

2、?We could apply formal verification to find outLets do itShohel Ahmed,security researcherTuomas Aura,ProfessorMohit SethiAleksi PeltonenTalk outline1.eSIM and the Consumer Remote SIM Provisioning(RSP)protocol2.Research methodology3.Discovered vulnerabilities What did we find Why does it matter What

3、can we do about itFrom SIM to eSIM SIM contains credentials for authenticating a mobile network subscriber eSIMreplaces removable SIM with downloadable SIM profiles Installed into an embedded secure chip(eUICC)Managed from phone settings or an appConsumer eSIM user experienceActivation code approach

4、 User inputs SM-DP+server address and activation code Manual entry or QR codeLPA:1$sm-$95A9CB26933E7f1CDefault server approach eUICC or app has a default SM-DP+server address Operator need to know the device EID to order profileEID:89049032000001000000044883019442Secret one-time codeSM-DP+addressCon

5、sumer eSIM user experienceActivation code approach User inputs SM-DP+server address and activation code Manual entry or QR codeLPA:1$sm-$95A9CB26933E7f1CDefault server approach eUICC or app has a default SM-DP+server address Operator need to know the device EID to order profileEID:890490320000010000

6、00044883019442Identifies the device,privacy sensitive dataHow does it work under-the-hood?Mobile networkoperatorMNOeSIM provisioning server SM-DP+UserApp(built-in or user-authorized)Secure chipeUICCWeb or physical shopvisitBackend APIApp UIInternal APISIMprofiledownloadPhone21a1b3a3bTLSSecure channe