initial set of slides for tonight
After Width: | Height: | Size: 296 KiB |
After Width: | Height: | Size: 173 KiB |
After Width: | Height: | Size: 146 KiB |
After Width: | Height: | Size: 146 KiB |
After Width: | Height: | Size: 136 KiB |
After Width: | Height: | Size: 69 KiB |
After Width: | Height: | Size: 141 KiB |
After Width: | Height: | Size: 207 KiB |
After Width: | Height: | Size: 247 KiB |
After Width: | Height: | Size: 412 KiB |
After Width: | Height: | Size: 65 KiB |
After Width: | Height: | Size: 179 KiB |
|
@ -0,0 +1,310 @@
|
||||||
|
exploring eUICC and eSIM with pySim, lpac and osmo-smdpp
|
||||||
|
========================================================
|
||||||
|
:revealjsdir: /home/laforge/projects/git/reveal.js
|
||||||
|
:revealjs_width: 1918
|
||||||
|
:revealjs_height: 1070
|
||||||
|
:revealjs_transition: none
|
||||||
|
//:revealjs_theme: night
|
||||||
|
//:revealjs_theme: beige
|
||||||
|
//:revealjs_theme: solarized
|
||||||
|
|
||||||
|
|
||||||
|
:author: Harald Welte <laforge@gnumonks.org>
|
||||||
|
:copyright: 2024 by Harald Welte (License: CC-BY-SA)
|
||||||
|
:backend: slidy
|
||||||
|
:max-width: 45em
|
||||||
|
|
||||||
|
== Overview
|
||||||
|
|
||||||
|
* SIM / UICC / USIM recap
|
||||||
|
* eSIM Principles
|
||||||
|
* eSIM Variants
|
||||||
|
* Putting it all together
|
||||||
|
|
||||||
|
|
||||||
|
== Recap: Classic SIM
|
||||||
|
|
||||||
|
* SIM card introduced with GSM (2G)
|
||||||
|
* single-purpose smart card
|
||||||
|
* fundamental purpose of classic SIM:
|
||||||
|
** storage of configuration data
|
||||||
|
** storage of contacts
|
||||||
|
** storage of SMS
|
||||||
|
** _secure element_ holding the secret per-subscriber key material
|
||||||
|
|
||||||
|
|
||||||
|
== Recap: UICC and USIM Application
|
||||||
|
|
||||||
|
* UICC is a general-purpose multi-application smart card
|
||||||
|
* USIM card application introduced with UMTS (3G)
|
||||||
|
* additional, optional ISIM introduced with VoLTE (4G)
|
||||||
|
* fundamental purpose of USIM/ISIM:
|
||||||
|
** storage of configuration data
|
||||||
|
*** thousands of parameters in hundreds of files
|
||||||
|
** _secure element_ holding the secret per-subscriber key material
|
||||||
|
|
||||||
|
== eSIM in a nutshell
|
||||||
|
|
||||||
|
* virtualisation of the USIM
|
||||||
|
* de-coupling of _SIM profile_ from _physical chip_
|
||||||
|
* the eSIM capable chip is now called *eUICC*
|
||||||
|
* eUICC can hold one or more _SIM profiles_
|
||||||
|
|
||||||
|
== SIM profile
|
||||||
|
|
||||||
|
* File contents of USIM filesystem hierarchy
|
||||||
|
* Secret authentication key material (K + OPc)
|
||||||
|
* OTA key material
|
||||||
|
* PIN, PUK, ADM-PIN, ...
|
||||||
|
* SIM (toolkit) applets
|
||||||
|
|
||||||
|
Format of eSIM profile is specified in the _eUICC Profile Package_ specification by the Trusted Connectivity Alliance (formerly SIMalliance)
|
||||||
|
|
||||||
|
== Quick look at a profile
|
||||||
|
|
||||||
|
DEMO TIME
|
||||||
|
|
||||||
|
== eUICC
|
||||||
|
|
||||||
|
* smart card chip
|
||||||
|
* higher requirements than for classic SIM/UICC
|
||||||
|
** extensive security requirements
|
||||||
|
** various cryptographic functionalities, including ECDSA
|
||||||
|
* electrical interface is ISO 7816 (like SIM/UICC)
|
||||||
|
* transport protocol is ISO 7816 T=0 (like SIM/UICC)
|
||||||
|
* typically soldered on the board or integrated into UE
|
||||||
|
** plastic packaged (micro/nano) SIM sized variants available
|
||||||
|
|
||||||
|
EID:: unique identifier of eUICC (as ICCID is part of *profile*)
|
||||||
|
|
||||||
|
== eUICC
|
||||||
|
|
||||||
|
image::euicc_schematic.png[]
|
||||||
|
|
||||||
|
== Security Domains
|
||||||
|
|
||||||
|
ECASD:: representative of CI/CA
|
||||||
|
ISD-R:: representative of SM-SR
|
||||||
|
ISD-P:: representative of SM-DP. There can be multiple ISD-P for multiple eSIM profiles, but only one is enabled at any given point in time
|
||||||
|
|
||||||
|
|
||||||
|
== eSIM flavors
|
||||||
|
|
||||||
|
* _M2M_ eSIM (released first)
|
||||||
|
* _Consumer_ eSIM (released later)
|
||||||
|
* _IoT_ eSIM (bleeding edge)
|
||||||
|
|
||||||
|
|
||||||
|
== Consumer Model
|
||||||
|
|
||||||
|
* uses client-driven _pull_ model to provision and manage profiles by the end user
|
||||||
|
* HTTPS/TCP/IP protocol used for profile download
|
||||||
|
* Introduces SM-DS and LPA (both don't exist in prior M2M)
|
||||||
|
* no _provisioning profile_ required, as device can e.g. use WiFi to download a profile
|
||||||
|
|
||||||
|
image::esim-consumer-arch.png[eSIM Consumer Architecture,width=1000,align="center"]
|
||||||
|
|
||||||
|
|
||||||
|
== Demo: `pySim-shell` on eUICC
|
||||||
|
|
||||||
|
DEMO TIME
|
||||||
|
|
||||||
|
== Consumer eSIM: LPA
|
||||||
|
|
||||||
|
LPA: Local Profile Assistant
|
||||||
|
|
||||||
|
* software on the client device
|
||||||
|
** can optionally also be fully built-in to the eUICC (LPAe)
|
||||||
|
** standard case with smartphones today is on the device (LPAd)
|
||||||
|
* provides user interface for profile management
|
||||||
|
* talks to local eUICC and to remote SM-DP+
|
||||||
|
|
||||||
|
== Consumer eSIM: SM-DP+
|
||||||
|
|
||||||
|
SM-DP+:: Subscription Manager - Data Preparation (Enhanced)
|
||||||
|
|
||||||
|
* see SM-DP in M2M eSIM
|
||||||
|
* combines SM-DP and SM-SR features (hence the *+* designator)
|
||||||
|
|
||||||
|
== SM-DP+ Functions
|
||||||
|
|
||||||
|
* Profile Package Generation (result: UPP)
|
||||||
|
* Profile Package Protection (result: PPP)
|
||||||
|
* Profile Package Binding (result: BPP)
|
||||||
|
* Profile Package Storage
|
||||||
|
* Profile Package Delivery
|
||||||
|
* SM-DS Event Registration
|
||||||
|
* Remote Profile Management
|
||||||
|
|
||||||
|
== Consumer eSIM: SM-DS
|
||||||
|
|
||||||
|
SM-DS:: Subscription Manager - Discovery Service
|
||||||
|
|
||||||
|
* allows SM-DP+ to reach an eUICC without knowing on which network / via which technology it can be reached
|
||||||
|
* stores notifications issued by SM-DP+ for a given eUICC
|
||||||
|
* LPA is polling SM-DP+ on behalf of eUICC
|
||||||
|
|
||||||
|
== ES8+ Interface
|
||||||
|
|
||||||
|
ES8+ (SM-DP+ - eUICC)
|
||||||
|
|
||||||
|
* transported over ES9+ between SM-DP+ and LPA
|
||||||
|
* transported over ES10b between LPA and eUICC
|
||||||
|
|
||||||
|
image::es8p_in_es9p.png[ES8+ in ES9+ and ES10c,width=1700,align="center"]
|
||||||
|
|
||||||
|
== ES9+ Interface
|
||||||
|
|
||||||
|
ES9+ (SM-DP+ - eUICC)
|
||||||
|
|
||||||
|
* utilizes HTTPS over TCP/IP
|
||||||
|
** LPA is client; SM-DP+ is server
|
||||||
|
** client verifies server TLS certificate, like in the web
|
||||||
|
* allows JSON or ASN.1 encoding
|
||||||
|
* some special rules about HTTP headers (X-Admin-Protocol, User-Agent)
|
||||||
|
|
||||||
|
== ES10x Interface
|
||||||
|
|
||||||
|
ES10a/b/c (LPA - eUICC)
|
||||||
|
|
||||||
|
* APDU based interface (like all smart card interfaces)
|
||||||
|
* uses STORE DATA command as transport mechanism
|
||||||
|
|
||||||
|
== Certificate Chain
|
||||||
|
|
||||||
|
image::consumer_cert_chain.png[eSIM Certificate Chain,width=1200,align="center"]
|
||||||
|
|
||||||
|
== Compliance / Security
|
||||||
|
|
||||||
|
* eUICC security: Common Protection Profile, EAL4+
|
||||||
|
* Production Environment + Process Security
|
||||||
|
** GSMA SAS-UP (eUICC personalization)
|
||||||
|
** GSMA SAS-SM (Subscription Management Platforms)
|
||||||
|
* Functional compliance
|
||||||
|
** GSMA test specification / GlobalPlatform test suite
|
||||||
|
* eUICC manufacturers, SM-SR and SM-DP hosting providers *must be GSMA SAS accredited*
|
||||||
|
** enforcement is done via the GSMA PKI: Certificates only issued to accredited entities
|
||||||
|
|
||||||
|
== Consumer eSIM Procedures (SGP.22)
|
||||||
|
|
||||||
|
* Remote Provisioning
|
||||||
|
** Profile Download Initiation
|
||||||
|
** Common Mutual Authentication
|
||||||
|
** Profile Download and Installation
|
||||||
|
* Local Profile Management
|
||||||
|
** Enable / Disable Profile
|
||||||
|
** Add / Delete / List Profile
|
||||||
|
** Set/Edit Nickname
|
||||||
|
* Local eUICC Management
|
||||||
|
** Retrieve EID
|
||||||
|
** eUICC Memory Reset
|
||||||
|
** eUICC Test Memory Reset
|
||||||
|
** Set/Edit Default SM-DP+ Address
|
||||||
|
|
||||||
|
== Consumer eSIM: Download Initiation
|
||||||
|
|
||||||
|
image::consumer_profile_dl_init.png[Download Initiation,width=1300]
|
||||||
|
|
||||||
|
== Consumer eSIM: Download and Install
|
||||||
|
|
||||||
|
image::consumer_dl_and_install.png[Download and Installation,width=1150]
|
||||||
|
|
||||||
|
== Consumer eSIM: Profile Installation
|
||||||
|
|
||||||
|
image::consumer_profile_installation.png[Profile Installation,width=1150]
|
||||||
|
|
||||||
|
== Consumer eSIM: Enable Profile
|
||||||
|
|
||||||
|
image::consumer_enable_profile.png[Enable Profile,width=1050]
|
||||||
|
|
||||||
|
|
||||||
|
== eSIM vs. open source software
|
||||||
|
|
||||||
|
* technically all protocol specs are public
|
||||||
|
** FOSS implementations of all elements are possible in theory
|
||||||
|
* GSMA certification/approval is very expensive
|
||||||
|
** unlikely to happen given the associated cost
|
||||||
|
* only the LPA does not need any kind of certification, so FOSS LPA are possible
|
||||||
|
** `lpac` available from https://github.com/estkme-group/lpac
|
||||||
|
** `LPAdesktop` available from https://github.com/Truphone/LPAdesktop
|
||||||
|
* in IoT eSIM, also the eIM could be implemented as FOSS without certification requirements
|
||||||
|
|
||||||
|
|
||||||
|
== eSIM vs. open source software
|
||||||
|
|
||||||
|
* GSMA SAS rules only apply to eUICC with GSMA certificates/keys
|
||||||
|
* if you can build/get eUICC with certs from your _your own_ CA, you can do what you want
|
||||||
|
* also, there are some Test eUICC with certs/keys documented in SGP.26
|
||||||
|
|
||||||
|
=> we can actually write our own SM-DP+ and use it without GSMA blessing
|
||||||
|
|
||||||
|
|
||||||
|
== Introducing `osmo-smdpp`
|
||||||
|
|
||||||
|
* developed as part pf `pySim` git repo (might change later)
|
||||||
|
* implements ES9+ interface (JSON variant only for now)
|
||||||
|
* implements BSP and ES8+
|
||||||
|
* all the cryptographic elements
|
||||||
|
** profile protection
|
||||||
|
** profile binding
|
||||||
|
** ECDSA
|
||||||
|
** ECKA
|
||||||
|
** key derivation
|
||||||
|
|
||||||
|
== Why `osmo-smdpp`
|
||||||
|
|
||||||
|
* any technology should have a FOSS implementation
|
||||||
|
** that's the red line through 20 years of my work
|
||||||
|
* GSMA specifications are vague/unclear in critical points
|
||||||
|
** even other implementers of SM-DP+ and mobile operators agree to that
|
||||||
|
* GSMA specifications do not contain any test vectors for any of the crypto!
|
||||||
|
* other people like sudoku or crossword puzzles; i liked this topic as challenge
|
||||||
|
|
||||||
|
== Status `osmo-smdpp`
|
||||||
|
|
||||||
|
* successful mutual authentication with test-eUICC
|
||||||
|
* successful eSIM profile download into test-eUICC
|
||||||
|
* lots of gaps at the moment (contributions welcome!)
|
||||||
|
** profile personalization (WIP)
|
||||||
|
** certificate verification (WIP)
|
||||||
|
** no ES2+ interface (to operator)
|
||||||
|
** no ES12 interface (to SM-DS)
|
||||||
|
|
||||||
|
== Demo: `lpac` against `osmo-smdpp`
|
||||||
|
|
||||||
|
let's use `lpac` to download a profile into a test eUICC
|
||||||
|
|
||||||
|
DEMO TIME
|
||||||
|
|
||||||
|
== Demo: `lpac` against production SM-DP+
|
||||||
|
|
||||||
|
let's use `lpac` to download a real-world profile into a GSMA eUICC
|
||||||
|
|
||||||
|
DEMO TIME
|
||||||
|
|
||||||
|
== Thanks
|
||||||
|
|
||||||
|
* Thanks to Chris of mode51 software for his blog posts and email replies
|
||||||
|
* Thanks to people behind python modules like asn1tools, klein, cryptography, pycryptodome
|
||||||
|
|
||||||
|
== Further Reading
|
||||||
|
|
||||||
|
* https://media.ccc.de/v/camp2023-57190-demystifying_esim_technology
|
||||||
|
* https://www.gsma.com/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf
|
||||||
|
* https://www.gsma.com/security/sas-accredited-sites/
|
||||||
|
* https://medium.com/@mode51
|
||||||
|
|
||||||
|
|
||||||
|
[.questions]
|
||||||
|
=== !
|
||||||
|
|
||||||
|
[.bubbles]
|
||||||
|
=== !
|
||||||
|
|
||||||
|
[.hands]
|
||||||
|
=== !
|
||||||
|
|
||||||
|
|
||||||
|
== EOF
|
||||||
|
|
||||||
|
End of File
|
|
@ -0,0 +1,687 @@
|
||||||
|
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, minimal-ui"><title>exploring eUICC and eSIM with pySim, lpac and osmo-smdpp</title><meta name="author" content="Harald Welte <laforge@gnumonks.org>"><meta name="copyright" content="2024 by Harald Welte (License: CC-BY-SA)"><link rel="stylesheet" href="/home/laforge/projects/git/reveal.js/dist/reset.css"><link rel="stylesheet" href="/home/laforge/projects/git/reveal.js/dist/reveal.css"><link rel="stylesheet" href="/home/laforge/projects/git/reveal.js/dist/theme/black.css" id="theme"><!--This CSS is generated by the Asciidoctor reveal.js converter to further integrate AsciiDoc's existing semantic with reveal.js--><style type="text/css">.reveal div.right {
|
||||||
|
float: right
|
||||||
|
}
|
||||||
|
|
||||||
|
/* source blocks */
|
||||||
|
.reveal .listingblock.stretch > .content {
|
||||||
|
height: 100%
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal .listingblock.stretch > .content > pre {
|
||||||
|
height: 100%
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal .listingblock.stretch > .content > pre > code {
|
||||||
|
height: 100%;
|
||||||
|
max-height: 100%
|
||||||
|
}
|
||||||
|
|
||||||
|
/* auto-animate feature */
|
||||||
|
/* hide the scrollbar when auto-animating source blocks */
|
||||||
|
.reveal pre[data-auto-animate-target] {
|
||||||
|
overflow: hidden;
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal pre[data-auto-animate-target] code {
|
||||||
|
overflow: hidden;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* add a min width to avoid horizontal shift on line numbers */
|
||||||
|
code.hljs .hljs-ln-line.hljs-ln-n {
|
||||||
|
min-width: 1.25em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* tables */
|
||||||
|
table {
|
||||||
|
border-collapse: collapse;
|
||||||
|
border-spacing: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
table {
|
||||||
|
margin-bottom: 1.25em;
|
||||||
|
border: solid 1px #dedede
|
||||||
|
}
|
||||||
|
|
||||||
|
table thead tr th, table thead tr td, table tfoot tr th, table tfoot tr td {
|
||||||
|
padding: .5em .625em .625em;
|
||||||
|
font-size: inherit;
|
||||||
|
text-align: left
|
||||||
|
}
|
||||||
|
|
||||||
|
table tr th, table tr td {
|
||||||
|
padding: .5625em .625em;
|
||||||
|
font-size: inherit
|
||||||
|
}
|
||||||
|
|
||||||
|
table thead tr th, table tfoot tr th, table tbody tr td, table tr td, table tfoot tr td {
|
||||||
|
display: table-cell;
|
||||||
|
line-height: 1.6
|
||||||
|
}
|
||||||
|
|
||||||
|
td.tableblock > .content {
|
||||||
|
margin-bottom: 1.25em
|
||||||
|
}
|
||||||
|
|
||||||
|
td.tableblock > .content > :last-child {
|
||||||
|
margin-bottom: -1.25em
|
||||||
|
}
|
||||||
|
|
||||||
|
table.tableblock, th.tableblock, td.tableblock {
|
||||||
|
border: 0 solid #dedede
|
||||||
|
}
|
||||||
|
|
||||||
|
table.grid-all > thead > tr > .tableblock, table.grid-all > tbody > tr > .tableblock {
|
||||||
|
border-width: 0 1px 1px 0
|
||||||
|
}
|
||||||
|
|
||||||
|
table.grid-all > tfoot > tr > .tableblock {
|
||||||
|
border-width: 1px 1px 0 0
|
||||||
|
}
|
||||||
|
|
||||||
|
table.grid-cols > * > tr > .tableblock {
|
||||||
|
border-width: 0 1px 0 0
|
||||||
|
}
|
||||||
|
|
||||||
|
table.grid-rows > thead > tr > .tableblock, table.grid-rows > tbody > tr > .tableblock {
|
||||||
|
border-width: 0 0 1px
|
||||||
|
}
|
||||||
|
|
||||||
|
table.grid-rows > tfoot > tr > .tableblock {
|
||||||
|
border-width: 1px 0 0
|
||||||
|
}
|
||||||
|
|
||||||
|
table.grid-all > * > tr > .tableblock:last-child, table.grid-cols > * > tr > .tableblock:last-child {
|
||||||
|
border-right-width: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
table.grid-all > tbody > tr:last-child > .tableblock, table.grid-all > thead:last-child > tr > .tableblock, table.grid-rows > tbody > tr:last-child > .tableblock, table.grid-rows > thead:last-child > tr > .tableblock {
|
||||||
|
border-bottom-width: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
table.frame-all {
|
||||||
|
border-width: 1px
|
||||||
|
}
|
||||||
|
|
||||||
|
table.frame-sides {
|
||||||
|
border-width: 0 1px
|
||||||
|
}
|
||||||
|
|
||||||
|
table.frame-topbot, table.frame-ends {
|
||||||
|
border-width: 1px 0
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal table th.halign-left, .reveal table td.halign-left {
|
||||||
|
text-align: left
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal table th.halign-right, .reveal table td.halign-right {
|
||||||
|
text-align: right
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal table th.halign-center, .reveal table td.halign-center {
|
||||||
|
text-align: center
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal table th.valign-top, .reveal table td.valign-top {
|
||||||
|
vertical-align: top
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal table th.valign-bottom, .reveal table td.valign-bottom {
|
||||||
|
vertical-align: bottom
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal table th.valign-middle, .reveal table td.valign-middle {
|
||||||
|
vertical-align: middle
|
||||||
|
}
|
||||||
|
|
||||||
|
table thead th, table tfoot th {
|
||||||
|
font-weight: bold
|
||||||
|
}
|
||||||
|
|
||||||
|
tbody tr th {
|
||||||
|
display: table-cell;
|
||||||
|
line-height: 1.6
|
||||||
|
}
|
||||||
|
|
||||||
|
tbody tr th, tbody tr th p, tfoot tr th, tfoot tr th p {
|
||||||
|
font-weight: bold
|
||||||
|
}
|
||||||
|
|
||||||
|
thead {
|
||||||
|
display: table-header-group
|
||||||
|
}
|
||||||
|
|
||||||
|
.reveal table.grid-none th, .reveal table.grid-none td {
|
||||||
|
border-bottom: 0 !important
|
||||||
|
}
|
||||||
|
|
||||||
|
/* kbd macro */
|
||||||
|
kbd {
|
||||||
|
font-family: "Droid Sans Mono", "DejaVu Sans Mono", monospace;
|
||||||
|
display: inline-block;
|
||||||
|
color: rgba(0, 0, 0, .8);
|
||||||
|
font-size: .65em;
|
||||||
|
line-height: 1.45;
|
||||||
|
background: #f7f7f7;
|
||||||
|
border: 1px solid #ccc;
|
||||||
|
-webkit-border-radius: 3px;
|
||||||
|
border-radius: 3px;
|
||||||
|
-webkit-box-shadow: 0 1px 0 rgba(0, 0, 0, .2), 0 0 0 .1em white inset;
|
||||||
|
box-shadow: 0 1px 0 rgba(0, 0, 0, .2), 0 0 0 .1em #fff inset;
|
||||||
|
margin: 0 .15em;
|
||||||
|
padding: .2em .5em;
|
||||||
|
vertical-align: middle;
|
||||||
|
position: relative;
|
||||||
|
top: -.1em;
|
||||||
|
white-space: nowrap
|
||||||
|
}
|
||||||
|
|
||||||
|
.keyseq kbd:first-child {
|
||||||
|
margin-left: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
.keyseq kbd:last-child {
|
||||||
|
margin-right: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
/* callouts */
|
||||||
|
.conum[data-value] {
|
||||||
|
display: inline-block;
|
||||||
|
color: #fff !important;
|
||||||
|
background: rgba(0, 0, 0, .8);
|
||||||
|
-webkit-border-radius: 50%;
|
||||||
|
border-radius: 50%;
|
||||||
|
text-align: center;
|
||||||
|
font-size: .75em;
|
||||||
|
width: 1.67em;
|
||||||
|
height: 1.67em;
|
||||||
|
line-height: 1.67em;
|
||||||
|
font-family: "Open Sans", "DejaVu Sans", sans-serif;
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: bold
|
||||||
|
}
|
||||||
|
|
||||||
|
.conum[data-value] * {
|
||||||
|
color: #fff !important
|
||||||
|
}
|
||||||
|
|
||||||
|
.conum[data-value] + b {
|
||||||
|
display: none
|
||||||
|
}
|
||||||
|
|
||||||
|
.conum[data-value]:after {
|
||||||
|
content: attr(data-value)
|
||||||
|
}
|
||||||
|
|
||||||
|
pre .conum[data-value] {
|
||||||
|
position: relative;
|
||||||
|
top: -.125em
|
||||||
|
}
|
||||||
|
|
||||||
|
b.conum * {
|
||||||
|
color: inherit !important
|
||||||
|
}
|
||||||
|
|
||||||
|
.conum:not([data-value]):empty {
|
||||||
|
display: none
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Callout list */
|
||||||
|
.hdlist > table, .colist > table {
|
||||||
|
border: 0;
|
||||||
|
background: none
|
||||||
|
}
|
||||||
|
|
||||||
|
.hdlist > table > tbody > tr, .colist > table > tbody > tr {
|
||||||
|
background: none
|
||||||
|
}
|
||||||
|
|
||||||
|
td.hdlist1, td.hdlist2 {
|
||||||
|
vertical-align: top;
|
||||||
|
padding: 0 .625em
|
||||||
|
}
|
||||||
|
|
||||||
|
td.hdlist1 {
|
||||||
|
font-weight: bold;
|
||||||
|
padding-bottom: 1.25em
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Disabled from Asciidoctor CSS because it caused callout list to go under the
|
||||||
|
* source listing when .stretch is applied (see #335)
|
||||||
|
* .literalblock+.colist,.listingblock+.colist{margin-top:-.5em} */
|
||||||
|
.colist td:not([class]):first-child {
|
||||||
|
padding: .4em .75em 0;
|
||||||
|
line-height: 1;
|
||||||
|
vertical-align: top
|
||||||
|
}
|
||||||
|
|
||||||
|
.colist td:not([class]):first-child img {
|
||||||
|
max-width: none
|
||||||
|
}
|
||||||
|
|
||||||
|
.colist td:not([class]):last-child {
|
||||||
|
padding: .25em 0
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Override Asciidoctor CSS that causes issues with reveal.js features */
|
||||||
|
.reveal .hljs table {
|
||||||
|
border: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Callout list rows would have a bottom border with some reveal.js themes (see #335) */
|
||||||
|
.reveal .colist > table th, .reveal .colist > table td {
|
||||||
|
border-bottom: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fixes line height with Highlight.js source listing when linenums enabled (see #331) */
|
||||||
|
.reveal .hljs table thead tr th, .reveal .hljs table tfoot tr th, .reveal .hljs table tbody tr td, .reveal .hljs table tr td, .reveal .hljs table tfoot tr td {
|
||||||
|
line-height: inherit
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Columns layout */
|
||||||
|
.columns .slide-content {
|
||||||
|
display: flex;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns.wrap .slide-content {
|
||||||
|
flex-wrap: wrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns.is-vcentered .slide-content {
|
||||||
|
align-items: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column {
|
||||||
|
display: block;
|
||||||
|
flex-basis: 0;
|
||||||
|
flex-grow: 1;
|
||||||
|
flex-shrink: 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column > * {
|
||||||
|
padding: .75rem;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* See #353 */
|
||||||
|
.columns.wrap .slide-content > .column {
|
||||||
|
flex-basis: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-full {
|
||||||
|
flex: none;
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-four-fifths {
|
||||||
|
flex: none;
|
||||||
|
width: 80%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-three-quarters {
|
||||||
|
flex: none;
|
||||||
|
width: 75%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-two-thirds {
|
||||||
|
flex: none;
|
||||||
|
width: 66.6666%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-three-fifths {
|
||||||
|
flex: none;
|
||||||
|
width: 60%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-half {
|
||||||
|
flex: none;
|
||||||
|
width: 50%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-two-fifths {
|
||||||
|
flex: none;
|
||||||
|
width: 40%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-one-third {
|
||||||
|
flex: none;
|
||||||
|
width: 33.3333%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-one-quarter {
|
||||||
|
flex: none;
|
||||||
|
width: 25%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.is-one-fifth {
|
||||||
|
flex: none;
|
||||||
|
width: 20%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.has-text-left {
|
||||||
|
text-align: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.has-text-justified {
|
||||||
|
text-align: justify;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.has-text-right {
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.has-text-left {
|
||||||
|
text-align: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.has-text-justified {
|
||||||
|
text-align: justify;
|
||||||
|
}
|
||||||
|
|
||||||
|
.columns .slide-content > .column.has-text-right {
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
.text-left {
|
||||||
|
text-align: left !important
|
||||||
|
}
|
||||||
|
|
||||||
|
.text-right {
|
||||||
|
text-align: right !important
|
||||||
|
}
|
||||||
|
|
||||||
|
.text-center {
|
||||||
|
text-align: center !important
|
||||||
|
}
|
||||||
|
|
||||||
|
.text-justify {
|
||||||
|
text-align: justify !important
|
||||||
|
}
|
||||||
|
|
||||||
|
.footnotes {
|
||||||
|
border-top: 1px solid rgba(0, 0, 0, 0.2);
|
||||||
|
padding: 0.5em 0 0 0;
|
||||||
|
font-size: 0.65em;
|
||||||
|
margin-top: 4em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.byline {
|
||||||
|
font-size:.8em
|
||||||
|
}
|
||||||
|
ul.byline {
|
||||||
|
list-style-type: none;
|
||||||
|
}
|
||||||
|
ul.byline li + li {
|
||||||
|
margin-top: 0.25em;
|
||||||
|
}
|
||||||
|
</style></head><body><div class="reveal"><div class="slides"><section class="title" data-state="title"><h1>exploring eUICC and eSIM with pySim, lpac and osmo-smdpp</h1><p class="byline">
|
||||||
|
<span class="author">Harald Welte <laforge@gnumonks.org></span>
|
||||||
|
</p></section><section id="_overview"><h2>Overview</h2><div class="slide-content"><div class="ulist"><ul><li><p>SIM / UICC / USIM recap</p></li><li><p>eSIM Principles</p></li><li><p>eSIM Variants</p></li><li><p>Putting it all together</p></li></ul></div></div></section>
|
||||||
|
<section id="_recap_classic_sim"><h2>Recap: Classic SIM</h2><div class="slide-content"><div class="ulist"><ul><li><p>SIM card introduced with GSM (2G)</p></li><li><p>single-purpose smart card</p></li><li><p>fundamental purpose of classic SIM:</p><div class="ulist"><ul><li><p>storage of configuration data</p></li><li><p>storage of contacts</p></li><li><p>storage of SMS</p></li><li><p><em>secure element</em> holding the secret per-subscriber key material</p></li></ul></div></li></ul></div></div></section>
|
||||||
|
<section id="_recap_uicc_and_usim_application"><h2>Recap: UICC and USIM Application</h2><div class="slide-content"><div class="ulist"><ul><li><p>UICC is a general-purpose multi-application smart card</p></li><li><p>USIM card application introduced with UMTS (3G)</p></li><li><p>additional, optional ISIM introduced with VoLTE (4G)</p></li><li><p>fundamental purpose of USIM/ISIM:</p><div class="ulist"><ul><li><p>storage of configuration data</p><div class="ulist"><ul><li><p>thousands of parameters in hundreds of files</p></li></ul></div></li><li><p><em>secure element</em> holding the secret per-subscriber key material</p></li></ul></div></li></ul></div></div></section>
|
||||||
|
<section id="_esim_in_a_nutshell"><h2>eSIM in a nutshell</h2><div class="slide-content"><div class="ulist"><ul><li><p>virtualisation of the USIM</p></li><li><p>de-coupling of <em>SIM profile</em> from <em>physical chip</em></p></li><li><p>the eSIM capable chip is now called <strong>eUICC</strong></p></li><li><p>eUICC can hold one or more <em>SIM profiles</em></p></li></ul></div></div></section>
|
||||||
|
<section id="_sim_profile"><h2>SIM profile</h2><div class="slide-content"><div class="ulist"><ul><li><p>File contents of USIM filesystem hierarchy</p></li><li><p>Secret authentication key material (K + OPc)</p></li><li><p>OTA key material</p></li><li><p>PIN, PUK, ADM-PIN, …​</p></li><li><p>SIM (toolkit) applets</p></li></ul></div>
|
||||||
|
<div class="paragraph"><p>Format of eSIM profile is specified in the <em>eUICC Profile Package</em> specification by the Trusted Connectivity Alliance (formerly SIMalliance)</p></div></div></section>
|
||||||
|
<section id="_quick_look_at_a_profile"><h2>Quick look at a profile</h2><div class="slide-content"><div class="paragraph"><p>DEMO TIME</p></div></div></section>
|
||||||
|
<section id="_euicc"><h2>eUICC</h2><div class="slide-content"><div class="ulist"><ul><li><p>smart card chip</p></li><li><p>higher requirements than for classic SIM/UICC</p><div class="ulist"><ul><li><p>extensive security requirements</p></li><li><p>various cryptographic functionalities, including ECDSA</p></li></ul></div></li><li><p>electrical interface is ISO 7816 (like SIM/UICC)</p></li><li><p>transport protocol is ISO 7816 T=0 (like SIM/UICC)</p></li><li><p>typically soldered on the board or integrated into UE</p><div class="ulist"><ul><li><p>plastic packaged (micro/nano) SIM sized variants available</p><div class="dlist"><dl><dt class="hdlist1">EID</dt><dd><p>unique identifier of eUICC (as ICCID is part of <strong>profile</strong>)</p></dd></dl></div></li></ul></div></li></ul></div></div></section>
|
||||||
|
<section id="_euicc_2"><h2>eUICC</h2><div class="slide-content"><div class="imageblock"><img src="euicc_schematic.png" alt="euicc schematic"></div></div></section>
|
||||||
|
<section id="_security_domains"><h2>Security Domains</h2><div class="slide-content"><div class="dlist"><dl><dt class="hdlist1">ECASD</dt><dd><p>representative of CI/CA</p></dd><dt class="hdlist1">ISD-R</dt><dd><p>representative of SM-SR</p></dd><dt class="hdlist1">ISD-P</dt><dd><p>representative of SM-DP. There can be multiple ISD-P for multiple eSIM profiles, but only one is enabled at any given point in time</p></dd></dl></div></div></section>
|
||||||
|
<section id="_esim_flavors"><h2>eSIM flavors</h2><div class="slide-content"><div class="ulist"><ul><li><p><em>M2M</em> eSIM (released first)</p></li><li><p><em>Consumer</em> eSIM (released later)</p></li><li><p><em>IoT</em> eSIM (bleeding edge)</p></li></ul></div></div></section>
|
||||||
|
<section id="_consumer_model"><h2>Consumer Model</h2><div class="slide-content"><div class="ulist"><ul><li><p>uses client-driven <em>pull</em> model to provision and manage profiles by the end user</p></li><li><p>HTTPS/TCP/IP protocol used for profile download</p></li><li><p>Introduces SM-DS and LPA (both don’t exist in prior M2M)</p></li><li><p>no <em>provisioning profile</em> required, as device can e.g. use WiFi to download a profile</p></li></ul></div>
|
||||||
|
<div class="imageblock" style="text-align: center"><img src="esim-consumer-arch.png" alt="eSIM Consumer Architecture" width="1000"></div></div></section>
|
||||||
|
<section id="_demo_pysim_shell_on_euicc"><h2>Demo: <code>pySim-shell</code> on eUICC</h2><div class="slide-content"><div class="paragraph"><p>DEMO TIME</p></div></div></section>
|
||||||
|
<section id="_consumer_esim_lpa"><h2>Consumer eSIM: LPA</h2><div class="slide-content"><div class="paragraph"><p>LPA: Local Profile Assistant</p></div>
|
||||||
|
<div class="ulist"><ul><li><p>software on the client device</p><div class="ulist"><ul><li><p>can optionally also be fully built-in to the eUICC (LPAe)</p></li><li><p>standard case with smartphones today is on the device (LPAd)</p></li></ul></div></li><li><p>provides user interface for profile management</p></li><li><p>talks to local eUICC and to remote SM-DP+</p></li></ul></div></div></section>
|
||||||
|
<section id="_consumer_esim_sm_dp"><h2>Consumer eSIM: SM-DP+</h2><div class="slide-content"><div class="dlist"><dl><dt class="hdlist1">SM-DP+</dt><dd><p>Subscription Manager - Data Preparation (Enhanced)</p><div class="ulist"><ul><li><p>see SM-DP in M2M eSIM</p></li><li><p>combines SM-DP and SM-SR features (hence the <strong>+</strong> designator)</p></li></ul></div></dd></dl></div></div></section>
|
||||||
|
<section id="_sm_dp_functions"><h2>SM-DP+ Functions</h2><div class="slide-content"><div class="ulist"><ul><li><p>Profile Package Generation (result: UPP)</p></li><li><p>Profile Package Protection (result: PPP)</p></li><li><p>Profile Package Binding (result: BPP)</p></li><li><p>Profile Package Storage</p></li><li><p>Profile Package Delivery</p></li><li><p>SM-DS Event Registration</p></li><li><p>Remote Profile Management</p></li></ul></div></div></section>
|
||||||
|
<section id="_consumer_esim_sm_ds"><h2>Consumer eSIM: SM-DS</h2><div class="slide-content"><div class="dlist"><dl><dt class="hdlist1">SM-DS</dt><dd><p>Subscription Manager - Discovery Service</p><div class="ulist"><ul><li><p>allows SM-DP+ to reach an eUICC without knowing on which network / via which technology it can be reached</p></li><li><p>stores notifications issued by SM-DP+ for a given eUICC</p></li><li><p>LPA is polling SM-DP+ on behalf of eUICC</p></li></ul></div></dd></dl></div></div></section>
|
||||||
|
<section id="_es8_interface"><h2>ES8+ Interface</h2><div class="slide-content"><div class="paragraph"><p>ES8+ (SM-DP+ - eUICC)</p></div>
|
||||||
|
<div class="ulist"><ul><li><p>transported over ES9+ between SM-DP+ and LPA</p></li><li><p>transported over ES10b between LPA and eUICC</p></li></ul></div>
|
||||||
|
<div class="imageblock" style="text-align: center"><img src="es8p_in_es9p.png" alt="ES8+ in ES9+ and ES10c" width="1700"></div></div></section>
|
||||||
|
<section id="_es9_interface"><h2>ES9+ Interface</h2><div class="slide-content"><div class="paragraph"><p>ES9+ (SM-DP+ - eUICC)</p></div>
|
||||||
|
<div class="ulist"><ul><li><p>utilizes HTTPS over TCP/IP</p><div class="ulist"><ul><li><p>LPA is client; SM-DP+ is server</p></li><li><p>client verifies server TLS certificate, like in the web</p></li></ul></div></li><li><p>allows JSON or ASN.1 encoding</p></li><li><p>some special rules about HTTP headers (X-Admin-Protocol, User-Agent)</p></li></ul></div></div></section>
|
||||||
|
<section id="_es10x_interface"><h2>ES10x Interface</h2><div class="slide-content"><div class="paragraph"><p>ES10a/b/c (LPA - eUICC)</p></div>
|
||||||
|
<div class="ulist"><ul><li><p>APDU based interface (like all smart card interfaces)</p></li><li><p>uses STORE DATA command as transport mechanism</p></li></ul></div></div></section>
|
||||||
|
<section id="_certificate_chain"><h2>Certificate Chain</h2><div class="slide-content"><div class="imageblock" style="text-align: center"><img src="consumer_cert_chain.png" alt="eSIM Certificate Chain" width="1200"></div></div></section>
|
||||||
|
<section id="_compliance_security"><h2>Compliance / Security</h2><div class="slide-content"><div class="ulist"><ul><li><p>eUICC security: Common Protection Profile, EAL4+</p></li><li><p>Production Environment + Process Security</p><div class="ulist"><ul><li><p>GSMA SAS-UP (eUICC personalization)</p></li><li><p>GSMA SAS-SM (Subscription Management Platforms)</p></li></ul></div></li><li><p>Functional compliance</p><div class="ulist"><ul><li><p>GSMA test specification / GlobalPlatform test suite</p></li></ul></div></li><li><p>eUICC manufacturers, SM-SR and SM-DP hosting providers <strong>must be GSMA SAS accredited</strong></p><div class="ulist"><ul><li><p>enforcement is done via the GSMA PKI: Certificates only issued to accredited entities</p></li></ul></div></li></ul></div></div></section>
|
||||||
|
<section id="_consumer_esim_procedures_sgp_22"><h2>Consumer eSIM Procedures (SGP.22)</h2><div class="slide-content"><div class="ulist"><ul><li><p>Remote Provisioning</p><div class="ulist"><ul><li><p>Profile Download Initiation</p></li><li><p>Common Mutual Authentication</p></li><li><p>Profile Download and Installation</p></li></ul></div></li><li><p>Local Profile Management</p><div class="ulist"><ul><li><p>Enable / Disable Profile</p></li><li><p>Add / Delete / List Profile</p></li><li><p>Set/Edit Nickname</p></li></ul></div></li><li><p>Local eUICC Management</p><div class="ulist"><ul><li><p>Retrieve EID</p></li><li><p>eUICC Memory Reset</p></li><li><p>eUICC Test Memory Reset</p></li><li><p>Set/Edit Default SM-DP+ Address</p></li></ul></div></li></ul></div></div></section>
|
||||||
|
<section id="_consumer_esim_download_initiation"><h2>Consumer eSIM: Download Initiation</h2><div class="slide-content"><div class="imageblock"><img src="consumer_profile_dl_init.png" alt="Download Initiation" width="1300"></div></div></section>
|
||||||
|
<section id="_consumer_esim_download_and_install"><h2>Consumer eSIM: Download and Install</h2><div class="slide-content"><div class="imageblock"><img src="consumer_dl_and_install.png" alt="Download and Installation" width="1150"></div></div></section>
|
||||||
|
<section id="_consumer_esim_profile_installation"><h2>Consumer eSIM: Profile Installation</h2><div class="slide-content"><div class="imageblock"><img src="consumer_profile_installation.png" alt="Profile Installation" width="1150"></div></div></section>
|
||||||
|
<section id="_consumer_esim_enable_profile"><h2>Consumer eSIM: Enable Profile</h2><div class="slide-content"><div class="imageblock"><img src="consumer_enable_profile.png" alt="Enable Profile" width="1050"></div></div></section>
|
||||||
|
<section id="_esim_vs_open_source_software"><h2>eSIM vs. open source software</h2><div class="slide-content"><div class="ulist"><ul><li><p>technically all protocol specs are public</p><div class="ulist"><ul><li><p>FOSS implementations of all elements are possible in theory</p></li></ul></div></li><li><p>GSMA certification/approval is very expensive</p><div class="ulist"><ul><li><p>unlikely to happen given the associated cost</p></li></ul></div></li><li><p>only the LPA does not need any kind of certification, so FOSS LPA are possible</p><div class="ulist"><ul><li><p><code>lpac</code> available from <a href="https://github.com/estkme-group/lpac" class="bare">https://github.com/estkme-group/lpac</a></p></li><li><p><code>LPAdesktop</code> available from <a href="https://github.com/Truphone/LPAdesktop" class="bare">https://github.com/Truphone/LPAdesktop</a></p></li></ul></div></li><li><p>in IoT eSIM, also the eIM could be implemented as FOSS without certification requirements</p></li></ul></div></div></section>
|
||||||
|
<section id="_esim_vs_open_source_software_2"><h2>eSIM vs. open source software</h2><div class="slide-content"><div class="ulist"><ul><li><p>GSMA SAS rules only apply to eUICC with GSMA certificates/keys</p></li><li><p>if you can build/get eUICC with certs from your <em>your own</em> CA, you can do what you want</p></li><li><p>also, there are some Test eUICC with certs/keys documented in SGP.26</p></li></ul></div>
|
||||||
|
<div class="paragraph"><p>⇒ we can actually write our own SM-DP+ and use it without GSMA blessing</p></div></div></section>
|
||||||
|
<section id="_introducing_osmo_smdpp"><h2>Introducing <code>osmo-smdpp</code></h2><div class="slide-content"><div class="ulist"><ul><li><p>developed as part pf <code>pySim</code> git repo (might change later)</p></li><li><p>implements ES9+ interface (JSON variant only for now)</p></li><li><p>implements BSP and ES8+</p></li><li><p>all the cryptographic elements</p><div class="ulist"><ul><li><p>profile protection</p></li><li><p>profile binding</p></li><li><p>ECDSA</p></li><li><p>ECKA</p></li><li><p>key derivation</p></li></ul></div></li></ul></div></div></section>
|
||||||
|
<section id="_why_osmo_smdpp"><h2>Why <code>osmo-smdpp</code></h2><div class="slide-content"><div class="ulist"><ul><li><p>any technology should have a FOSS implementation</p><div class="ulist"><ul><li><p>that’s the red line through 20 years of my work</p></li></ul></div></li><li><p>GSMA specifications are vague/unclear in critical points</p><div class="ulist"><ul><li><p>even other implementers of SM-DP+ and mobile operators agree to that</p></li></ul></div></li><li><p>GSMA specifications do not contain any test vectors for any of the crypto!</p></li><li><p>other people like sudoku or crossword puzzles; i liked this topic as challenge</p></li></ul></div></div></section>
|
||||||
|
<section id="_status_osmo_smdpp"><h2>Status <code>osmo-smdpp</code></h2><div class="slide-content"><div class="ulist"><ul><li><p>successful mutual authentication with test-eUICC</p></li><li><p>successful eSIM profile download into test-eUICC</p></li><li><p>lots of gaps at the moment (contributions welcome!)</p><div class="ulist"><ul><li><p>profile personalization (WIP)</p></li><li><p>certificate verification (WIP)</p></li><li><p>no ES2+ interface (to operator)</p></li><li><p>no ES12 interface (to SM-DS)</p></li></ul></div></li></ul></div></div></section>
|
||||||
|
<section id="_demo_lpac_against_osmo_smdpp"><h2>Demo: <code>lpac</code> against <code>osmo-smdpp</code></h2><div class="slide-content"><div class="paragraph"><p>let’s use <code>lpac</code> to download a profile into a test eUICC</p></div>
|
||||||
|
<div class="paragraph"><p>DEMO TIME</p></div></div></section>
|
||||||
|
<section id="_demo_lpac_against_production_sm_dp"><h2>Demo: <code>lpac</code> against production SM-DP+</h2><div class="slide-content"><div class="paragraph"><p>let’s use <code>lpac</code> to download a real-world profile into a GSMA eUICC</p></div>
|
||||||
|
<div class="paragraph"><p>DEMO TIME</p></div></div></section>
|
||||||
|
<section id="_thanks"><h2>Thanks</h2><div class="slide-content"><div class="ulist"><ul><li><p>Thanks to Chris of mode51 software for his blog posts and email replies</p></li><li><p>Thanks to people behind python modules like asn1tools, klein, cryptography, pycryptodome</p></li></ul></div></div></section>
|
||||||
|
<section><section id="_further_reading"><h2>Further Reading</h2><div class="slide-content"><div class="ulist"><ul><li><p><a href="https://media.ccc.de/v/camp2023-57190-demystifying_esim_technology" class="bare">https://media.ccc.de/v/camp2023-57190-demystifying_esim_technology</a></p></li><li><p><a href="https://www.gsma.com/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf" class="bare">https://www.gsma.com/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf</a></p></li><li><p><a href="https://www.gsma.com/security/sas-accredited-sites/" class="bare">https://www.gsma.com/security/sas-accredited-sites/</a></p></li><li><p><a href="https://medium.com/@mode51" class="bare">https://medium.com/@mode51</a></p></li></ul></div></div></section><section class="questions"></section><section class="bubbles"></section><section class="hands"></section></section>
|
||||||
|
<section id="_eof"><h2>EOF</h2><div class="slide-content"><div class="paragraph"><p>End of File</p></div></div></section></div></div><script src="/home/laforge/projects/git/reveal.js/dist/reveal.js"></script><script>Array.prototype.slice.call(document.querySelectorAll('.slides section')).forEach(function(slide) {
|
||||||
|
if (slide.getAttribute('data-background-color')) return;
|
||||||
|
// user needs to explicitly say he wants CSS color to override otherwise we might break custom css or theme (#226)
|
||||||
|
if (!(slide.classList.contains('canvas') || slide.classList.contains('background'))) return;
|
||||||
|
var bgColor = getComputedStyle(slide).backgroundColor;
|
||||||
|
if (bgColor !== 'rgba(0, 0, 0, 0)' && bgColor !== 'transparent') {
|
||||||
|
slide.setAttribute('data-background-color', bgColor);
|
||||||
|
slide.style.backgroundColor = 'transparent';
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// More info about config & dependencies:
|
||||||
|
// - https://github.com/hakimel/reveal.js#configuration
|
||||||
|
// - https://github.com/hakimel/reveal.js#dependencies
|
||||||
|
Reveal.initialize({
|
||||||
|
// Display presentation control arrows
|
||||||
|
controls: true,
|
||||||
|
// Help the user learn the controls by providing hints, for example by
|
||||||
|
// bouncing the down arrow when they first encounter a vertical slide
|
||||||
|
controlsTutorial: true,
|
||||||
|
// Determines where controls appear, "edges" or "bottom-right"
|
||||||
|
controlsLayout: 'bottom-right',
|
||||||
|
// Visibility rule for backwards navigation arrows; "faded", "hidden"
|
||||||
|
// or "visible"
|
||||||
|
controlsBackArrows: 'faded',
|
||||||
|
// Display a presentation progress bar
|
||||||
|
progress: true,
|
||||||
|
// Display the page number of the current slide
|
||||||
|
slideNumber: false,
|
||||||
|
// Control which views the slide number displays on
|
||||||
|
showSlideNumber: 'all',
|
||||||
|
// Add the current slide number to the URL hash so that reloading the
|
||||||
|
// page/copying the URL will return you to the same slide
|
||||||
|
hash: false,
|
||||||
|
// Push each slide change to the browser history. Implies `hash: true`
|
||||||
|
history: false,
|
||||||
|
// Enable keyboard shortcuts for navigation
|
||||||
|
keyboard: true,
|
||||||
|
// Enable the slide overview mode
|
||||||
|
overview: true,
|
||||||
|
// Disables the default reveal.js slide layout so that you can use custom CSS layout
|
||||||
|
disableLayout: false,
|
||||||
|
// Vertical centering of slides
|
||||||
|
center: true,
|
||||||
|
// Enables touch navigation on devices with touch input
|
||||||
|
touch: true,
|
||||||
|
// Loop the presentation
|
||||||
|
loop: false,
|
||||||
|
// Change the presentation direction to be RTL
|
||||||
|
rtl: false,
|
||||||
|
// See https://github.com/hakimel/reveal.js/#navigation-mode
|
||||||
|
navigationMode: 'default',
|
||||||
|
// Randomizes the order of slides each time the presentation loads
|
||||||
|
shuffle: false,
|
||||||
|
// Turns fragments on and off globally
|
||||||
|
fragments: true,
|
||||||
|
// Flags whether to include the current fragment in the URL,
|
||||||
|
// so that reloading brings you to the same fragment position
|
||||||
|
fragmentInURL: false,
|
||||||
|
// Flags if the presentation is running in an embedded mode,
|
||||||
|
// i.e. contained within a limited portion of the screen
|
||||||
|
embedded: false,
|
||||||
|
// Flags if we should show a help overlay when the questionmark
|
||||||
|
// key is pressed
|
||||||
|
help: true,
|
||||||
|
// Flags if speaker notes should be visible to all viewers
|
||||||
|
showNotes: false,
|
||||||
|
// Global override for autolaying embedded media (video/audio/iframe)
|
||||||
|
// - null: Media will only autoplay if data-autoplay is present
|
||||||
|
// - true: All media will autoplay, regardless of individual setting
|
||||||
|
// - false: No media will autoplay, regardless of individual setting
|
||||||
|
autoPlayMedia: null,
|
||||||
|
// Global override for preloading lazy-loaded iframes
|
||||||
|
// - null: Iframes with data-src AND data-preload will be loaded when within
|
||||||
|
// the viewDistance, iframes with only data-src will be loaded when visible
|
||||||
|
// - true: All iframes with data-src will be loaded when within the viewDistance
|
||||||
|
// - false: All iframes with data-src will be loaded only when visible
|
||||||
|
preloadIframes: null,
|
||||||
|
// Number of milliseconds between automatically proceeding to the
|
||||||
|
// next slide, disabled when set to 0, this value can be overwritten
|
||||||
|
// by using a data-autoslide attribute on your slides
|
||||||
|
autoSlide: 0,
|
||||||
|
// Stop auto-sliding after user input
|
||||||
|
autoSlideStoppable: true,
|
||||||
|
// Use this method for navigation when auto-sliding
|
||||||
|
autoSlideMethod: Reveal.navigateNext,
|
||||||
|
// Specify the average time in seconds that you think you will spend
|
||||||
|
// presenting each slide. This is used to show a pacing timer in the
|
||||||
|
// speaker view
|
||||||
|
defaultTiming: 120,
|
||||||
|
// Specify the total time in seconds that is available to
|
||||||
|
// present. If this is set to a nonzero value, the pacing
|
||||||
|
// timer will work out the time available for each slide,
|
||||||
|
// instead of using the defaultTiming value
|
||||||
|
totalTime: 0,
|
||||||
|
// Specify the minimum amount of time you want to allot to
|
||||||
|
// each slide, if using the totalTime calculation method. If
|
||||||
|
// the automated time allocation causes slide pacing to fall
|
||||||
|
// below this threshold, then you will see an alert in the
|
||||||
|
// speaker notes window
|
||||||
|
minimumTimePerSlide: 0,
|
||||||
|
// Enable slide navigation via mouse wheel
|
||||||
|
mouseWheel: false,
|
||||||
|
// Hide cursor if inactive
|
||||||
|
hideInactiveCursor: true,
|
||||||
|
// Time before the cursor is hidden (in ms)
|
||||||
|
hideCursorTime: 5000,
|
||||||
|
// Hides the address bar on mobile devices
|
||||||
|
hideAddressBar: true,
|
||||||
|
// Opens links in an iframe preview overlay
|
||||||
|
// Add `data-preview-link` and `data-preview-link="false"` to customise each link
|
||||||
|
// individually
|
||||||
|
previewLinks: false,
|
||||||
|
// Transition style (e.g., none, fade, slide, convex, concave, zoom)
|
||||||
|
transition: 'none',
|
||||||
|
// Transition speed (e.g., default, fast, slow)
|
||||||
|
transitionSpeed: 'default',
|
||||||
|
// Transition style for full page slide backgrounds (e.g., none, fade, slide, convex, concave, zoom)
|
||||||
|
backgroundTransition: 'fade',
|
||||||
|
// Number of slides away from the current that are visible
|
||||||
|
viewDistance: 3,
|
||||||
|
// Number of slides away from the current that are visible on mobile
|
||||||
|
// devices. It is advisable to set this to a lower number than
|
||||||
|
// viewDistance in order to save resources.
|
||||||
|
mobileViewDistance: 3,
|
||||||
|
// Parallax background image (e.g., "'https://s3.amazonaws.com/hakim-static/reveal-js/reveal-parallax-1.jpg'")
|
||||||
|
parallaxBackgroundImage: '',
|
||||||
|
// Parallax background size in CSS syntax (e.g., "2100px 900px")
|
||||||
|
parallaxBackgroundSize: '',
|
||||||
|
// Number of pixels to move the parallax background per slide
|
||||||
|
// - Calculated automatically unless specified
|
||||||
|
// - Set to 0 to disable movement along an axis
|
||||||
|
parallaxBackgroundHorizontal: null,
|
||||||
|
parallaxBackgroundVertical: null,
|
||||||
|
// The display mode that will be used to show slides
|
||||||
|
display: 'block',
|
||||||
|
|
||||||
|
// The "normal" size of the presentation, aspect ratio will be preserved
|
||||||
|
// when the presentation is scaled to fit different resolutions. Can be
|
||||||
|
// specified using percentage units.
|
||||||
|
width: 1918,
|
||||||
|
height: 1070,
|
||||||
|
|
||||||
|
// Factor of the display size that should remain empty around the content
|
||||||
|
margin: 0.1,
|
||||||
|
|
||||||
|
// Bounds for smallest/largest possible scale to apply to content
|
||||||
|
minScale: 0.2,
|
||||||
|
maxScale: 1.5,
|
||||||
|
|
||||||
|
// PDF Export Options
|
||||||
|
// Put each fragment on a separate page
|
||||||
|
pdfSeparateFragments: true,
|
||||||
|
// For slides that do not fit on a page, max number of pages
|
||||||
|
pdfMaxPagesPerSlide: 1,
|
||||||
|
|
||||||
|
// Optional libraries used to extend on reveal.js
|
||||||
|
dependencies: [
|
||||||
|
{ src: '/home/laforge/projects/git/reveal.js/plugin/zoom/zoom.js', async: true, callback: function () { Reveal.registerPlugin(RevealZoom) } },
|
||||||
|
{ src: '/home/laforge/projects/git/reveal.js/plugin/notes/notes.js', async: true, callback: function () { Reveal.registerPlugin(RevealNotes) } }
|
||||||
|
],
|
||||||
|
});</script><script>var dom = {};
|
||||||
|
dom.slides = document.querySelector('.reveal .slides');
|
||||||
|
|
||||||
|
function getRemainingHeight(element, slideElement, height) {
|
||||||
|
height = height || 0;
|
||||||
|
if (element) {
|
||||||
|
var newHeight, oldHeight = element.style.height;
|
||||||
|
// Change the .stretch element height to 0 in order find the height of all
|
||||||
|
// the other elements
|
||||||
|
element.style.height = '0px';
|
||||||
|
// In Overview mode, the parent (.slide) height is set of 700px.
|
||||||
|
// Restore it temporarily to its natural height.
|
||||||
|
slideElement.style.height = 'auto';
|
||||||
|
newHeight = height - slideElement.offsetHeight;
|
||||||
|
// Restore the old height, just in case
|
||||||
|
element.style.height = oldHeight + 'px';
|
||||||
|
// Clear the parent (.slide) height. .removeProperty works in IE9+
|
||||||
|
slideElement.style.removeProperty('height');
|
||||||
|
return newHeight;
|
||||||
|
}
|
||||||
|
return height;
|
||||||
|
}
|
||||||
|
|
||||||
|
function layoutSlideContents(width, height) {
|
||||||
|
// Handle sizing of elements with the 'stretch' class
|
||||||
|
toArray(dom.slides.querySelectorAll('section .stretch')).forEach(function (element) {
|
||||||
|
// Determine how much vertical space we can use
|
||||||
|
var limit = 5; // hard limit
|
||||||
|
var parent = element.parentNode;
|
||||||
|
while (parent.nodeName !== 'SECTION' && limit > 0) {
|
||||||
|
parent = parent.parentNode;
|
||||||
|
limit--;
|
||||||
|
}
|
||||||
|
if (limit === 0) {
|
||||||
|
// unable to find parent, aborting!
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
var remainingHeight = getRemainingHeight(element, parent, height);
|
||||||
|
// Consider the aspect ratio of media elements
|
||||||
|
if (/(img|video)/gi.test(element.nodeName)) {
|
||||||
|
var nw = element.naturalWidth || element.videoWidth, nh = element.naturalHeight || element.videoHeight;
|
||||||
|
var es = Math.min(width / nw, remainingHeight / nh);
|
||||||
|
element.style.width = (nw * es) + 'px';
|
||||||
|
element.style.height = (nh * es) + 'px';
|
||||||
|
} else {
|
||||||
|
element.style.width = width + 'px';
|
||||||
|
element.style.height = remainingHeight + 'px';
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function toArray(o) {
|
||||||
|
return Array.prototype.slice.call(o);
|
||||||
|
}
|
||||||
|
|
||||||
|
Reveal.addEventListener('slidechanged', function () {
|
||||||
|
layoutSlideContents(1918, 1070)
|
||||||
|
});
|
||||||
|
Reveal.addEventListener('ready', function () {
|
||||||
|
layoutSlideContents(1918, 1070)
|
||||||
|
});
|
||||||
|
Reveal.addEventListener('resize', function () {
|
||||||
|
layoutSlideContents(1918, 1070)
|
||||||
|
});</script></body></html>
|
After Width: | Height: | Size: 154 KiB |
|
@ -0,0 +1,101 @@
|
||||||
|
Retronetworking divf - yate, dhdi-trunkdev and more
|
||||||
|
===================================================
|
||||||
|
:revealjsdir: /home/laforge/projects/git/reveal.js
|
||||||
|
:revealjs_width: 1918
|
||||||
|
:revealjs_height: 1070
|
||||||
|
:revealjs_transition: none
|
||||||
|
//:revealjs_theme: night
|
||||||
|
//:revealjs_theme: beige
|
||||||
|
//:revealjs_theme: solarized
|
||||||
|
|
||||||
|
|
||||||
|
:author: Harald Welte <laforge@gnumonks.org>
|
||||||
|
:copyright: 2023 by Harald Welte (License: CC-BY-SA)
|
||||||
|
:backend: slidy
|
||||||
|
:max-width: 45em
|
||||||
|
|
||||||
|
== Who am I?
|
||||||
|
|
||||||
|
* Harald "LaF0rge" Welte
|
||||||
|
* Recovering Linux Kernel hacker (netfilter/iptables)
|
||||||
|
* Founder of Osmocom (Open Source Mobile Communications)
|
||||||
|
** tons of FOSS projects around mobile comms
|
||||||
|
* Active participant of CCC Camps and congresses since 1999
|
||||||
|
* Dayjob: Implementing cellular protocols across all layers
|
||||||
|
* Hobby: Research on data communications from the 1970s to 1990
|
||||||
|
** *Osmocom retronetworking* project was also operating ISDN + POTS at CCC Camp 2023
|
||||||
|
|
||||||
|
|
||||||
|
== Retronetworking
|
||||||
|
|
||||||
|
* many people enjoy *retrocomputing*
|
||||||
|
** focus is on historical computers (real or emulated)
|
||||||
|
* but what's a computer without communications technology?
|
||||||
|
* *retronetworking* is just like *retrocomputing*
|
||||||
|
** focus is on networking / telecommunications
|
||||||
|
|
||||||
|
== Why
|
||||||
|
|
||||||
|
* because we can
|
||||||
|
* relevance of communication technology to computing
|
||||||
|
** (at least) since the 1980s, home computers / PCs used acoustic couplers and modems
|
||||||
|
* equipment (user side, network side) readily available
|
||||||
|
** NICs, Modems, ISDN-TA, Video Telephones, Fax Machines
|
||||||
|
* personal reasons:
|
||||||
|
** I mostly was a user *back in the day*
|
||||||
|
** now I'm a developer with decades of experience
|
||||||
|
** no chance back then to play with / operate the network side
|
||||||
|
|
||||||
|
== Why (more serious reasons)
|
||||||
|
|
||||||
|
* our society becomes more and more technology-driven
|
||||||
|
* preserving [knowledge about] historical technology is important to preserve our *cultural history*
|
||||||
|
** thanks to Software Heritage Project, even software is now considered *immaterial cultural heritage* by
|
||||||
|
UNESCO
|
||||||
|
* today we still have a chance of collecting and/or documenting *early digital* communications technology
|
||||||
|
* window of opportunity is closing
|
||||||
|
** equipment harder to find once it is all scrapped
|
||||||
|
** software for management / configuration often even harder
|
||||||
|
** people involved in creating it are passing away
|
||||||
|
|
||||||
|
== OCTOI Network
|
||||||
|
|
||||||
|
image::octoi-network.png[width=1800]
|
||||||
|
|
||||||
|
== Joining OCTOI Network
|
||||||
|
|
||||||
|
* get a PBX with E1/PRI/S2M uplink
|
||||||
|
* get an icE1usb device + embedded Linux (rpi, beaglebone, nanopi, ...)
|
||||||
|
** icE1usb available with considerable community discount
|
||||||
|
* connect your system via the internet to the OCTOI hub
|
||||||
|
* interact with hosted services and/or other users
|
||||||
|
|
||||||
|
== How to get in touch?
|
||||||
|
|
||||||
|
* join our forums at https://discourse.osmocom.org/
|
||||||
|
* join our IRC channel `#retronetworking` on `libera.chat`
|
||||||
|
* join our (almost) monthly teleconference `RetroNetCall`
|
||||||
|
* contact me privately if you have stuff to donate
|
||||||
|
** e-mail: `laforge@gnumonks.org`
|
||||||
|
** Fediverse: `@LaF0rge@chaos.social`
|
||||||
|
|
||||||
|
== Further Reading
|
||||||
|
|
||||||
|
* https://osmocom.org/projects/retronetworking/wiki
|
||||||
|
* https://osmocom.org/projects/octoi/wiki
|
||||||
|
* https://projects.osmocom.org/projects/retronetworking/wiki/RetroNetCall
|
||||||
|
|
||||||
|
|
||||||
|
[.questions]
|
||||||
|
=== !
|
||||||
|
|
||||||
|
[.bubbles]
|
||||||
|
=== !
|
||||||
|
|
||||||
|
[.hands]
|
||||||
|
=== !
|
||||||
|
|
||||||
|
|
||||||
|
== EOF
|
||||||
|
|
||||||
|
End of File
|
After Width: | Height: | Size: 64 KiB |