Security Analysis of the Consumer Remote SIM Provisioning Protocol

Remote SIM provisioning (RSP) for consumer devices is the protocol specified by the GSM Association for downloading SIM profiles into a secure element in a mobile device. The process is commonly known as eSIM, and it is expected to replace removable SIM cards. The security of the protocol is critical because the profile includes the credentials with which the mobile device will authenticate to the mobile network. In this paper, we present a formal security analysis of the consumer RSP protocol. We model the multi-party protocol in applied pi calculus, define formal security goals, and verify them in ProVerif. The analysis shows that the consumer RSP protocol protects against a network adversary when all the intended participants are honest. However, we also model the protocol in realistic partial compromise scenarios where the adversary controls a legitimate participant or communication channel. The security failures in the partial compromise scenarios reveal weaknesses in the protocol design. The most important observation is that the security of RSP depends unnecessarily on it being encapsulated in a TLS tunnel. Also, the lack of pre-established identifiers means that a compromised download server anywhere in the world or a compromised secure element can be used for attacks against RSP between honest participants. Additionally, the lack of reliable methods for verifying user intent can lead to serious security failures. Based on the findings, we recommend practical improvements to RSP implementations, to future versions of the specification, and to mobile operator processes to increase the robustness of eSIM security.Comment: 33 pages, 8 figures, Associated ProVerif model files located at https://github.com/peltona/rsp_mode

Techno-economic Analysis of 5G Local Area Access in Industrial Machine-to-Machine Communications

Billions of connected devices, new application requirements, deployment scenarios and business models are driving the evolution of the next generation 5G networks. 5G will be the key to tap into the business potential for 2020 and beyond. Industrial machine-to-machine (M2M) communications will have highly demanding connectivity requirements. These requirements will be vastly different depending on the specific use case and will require customized connectivity. This thesis builds possible future scenarios and value networks for 5G local area industrial M2M communications beyond 2020 with a 10 years time frame. The case of Industrial M2M communications is discussed by classifying the future requirements and the business potential, which is discussed using market statistics and forecasts from various sources. By diving into the ongoing research, the promising 5G technology enablers are explored with a possible 5G technical architecture. The theory of the methods used, scenario planning and value network configurations, is explained before formulating the future scenarios and value networks. Interviews with industry experts were organised to find the current situation of industrial internet, market trends and future uncertainties. This forms the basis for future scenarios and identifying most important roles and actors that take part in the value networks. The resulting four future scenarios indicate how the future of 5G M2M ecosystem will shape up and helps all stakeholders to plan and strategize. The resulting five value networks explore the actors, role distributions and value creation. The value networks are then mapped on to the scenarios, displaying the consistency of the results. These results can help identify the possibilities of value creation, new business models and market changes