exploring eUICC and eSIM with pySim, lpac and osmo-smdpp ======================================================== :revealjsdir: /home/laforge/projects/git/reveal.js :revealjs_width: 1918 :revealjs_height: 1070 :revealjs_transition: none //:revealjs_theme: night //:revealjs_theme: beige //:revealjs_theme: solarized :author: Harald Welte :copyright: 2024 by Harald Welte (License: CC-BY-SA) :backend: slidy :max-width: 45em == Overview * SIM / UICC / USIM recap * eSIM Principles * eSIM Variants * Putting it all together == Recap: Classic SIM * SIM card introduced with GSM (2G) * single-purpose smart card * fundamental purpose of classic SIM: ** storage of configuration data ** storage of contacts ** storage of SMS ** _secure element_ holding the secret per-subscriber key material == Recap: UICC and USIM Application * UICC is a general-purpose multi-application smart card * USIM card application introduced with UMTS (3G) * additional, optional ISIM introduced with VoLTE (4G) * fundamental purpose of USIM/ISIM: ** storage of configuration data *** thousands of parameters in hundreds of files ** _secure element_ holding the secret per-subscriber key material == eSIM in a nutshell * virtualisation of the USIM * de-coupling of _SIM profile_ from _physical chip_ * the eSIM capable chip is now called *eUICC* * eUICC can hold one or more _SIM profiles_ == SIM profile * File contents of USIM filesystem hierarchy * Secret authentication key material (K + OPc) * OTA key material * PIN, PUK, ADM-PIN, ... * SIM (toolkit) applets Format of eSIM profile is specified in the _eUICC Profile Package_ specification by the Trusted Connectivity Alliance (formerly SIMalliance) == Quick look at a profile DEMO TIME == eUICC * smart card chip * higher requirements than for classic SIM/UICC ** extensive security requirements ** various cryptographic functionalities, including ECDSA * electrical interface is ISO 7816 (like SIM/UICC) * transport protocol is ISO 7816 T=0 (like SIM/UICC) * typically soldered on the board or integrated into UE ** plastic packaged (micro/nano) SIM sized variants available EID:: unique identifier of eUICC (as ICCID is part of *profile*) == eUICC image::euicc_schematic.png[] == Security Domains ECASD:: representative of CI/CA ISD-R:: representative of SM-SR ISD-P:: representative of SM-DP. There can be multiple ISD-P for multiple eSIM profiles, but only one is enabled at any given point in time == eSIM flavors * _M2M_ eSIM (released first) * _Consumer_ eSIM (released later) * _IoT_ eSIM (bleeding edge) == Consumer Model * uses client-driven _pull_ model to provision and manage profiles by the end user * HTTPS/TCP/IP protocol used for profile download * Introduces SM-DS and LPA (both don't exist in prior M2M) * no _provisioning profile_ required, as device can e.g. use WiFi to download a profile image::esim-consumer-arch.png[eSIM Consumer Architecture,width=1000,align="center"] == Demo: `pySim-shell` on eUICC DEMO TIME == Consumer eSIM: LPA LPA: Local Profile Assistant * software on the client device ** can optionally also be fully built-in to the eUICC (LPAe) ** standard case with smartphones today is on the device (LPAd) * provides user interface for profile management * talks to local eUICC and to remote SM-DP+ == Consumer eSIM: SM-DP+ SM-DP+:: Subscription Manager - Data Preparation (Enhanced) * see SM-DP in M2M eSIM * combines SM-DP and SM-SR features (hence the *+* designator) == SM-DP+ Functions * Profile Package Generation (result: UPP) * Profile Package Protection (result: PPP) * Profile Package Binding (result: BPP) * Profile Package Storage * Profile Package Delivery * SM-DS Event Registration * Remote Profile Management == Consumer eSIM: SM-DS SM-DS:: Subscription Manager - Discovery Service * allows SM-DP+ to reach an eUICC without knowing on which network / via which technology it can be reached * stores notifications issued by SM-DP+ for a given eUICC * LPA is polling SM-DP+ on behalf of eUICC == ES8+ Interface ES8+ (SM-DP+ - eUICC) * transported over ES9+ between SM-DP+ and LPA * transported over ES10b between LPA and eUICC image::es8p_in_es9p.png[ES8+ in ES9+ and ES10c,width=1700,align="center"] == ES9+ Interface ES9+ (SM-DP+ - eUICC) * utilizes HTTPS over TCP/IP ** LPA is client; SM-DP+ is server ** client verifies server TLS certificate, like in the web * allows JSON or ASN.1 encoding * some special rules about HTTP headers (X-Admin-Protocol, User-Agent) == ES10x Interface ES10a/b/c (LPA - eUICC) * APDU based interface (like all smart card interfaces) * uses STORE DATA command as transport mechanism == Certificate Chain image::consumer_cert_chain.png[eSIM Certificate Chain,width=1200,align="center"] == Compliance / Security * eUICC security: Common Protection Profile, EAL4+ * Production Environment + Process Security ** GSMA SAS-UP (eUICC personalization) ** GSMA SAS-SM (Subscription Management Platforms) * Functional compliance ** GSMA test specification / GlobalPlatform test suite * eUICC manufacturers, SM-SR and SM-DP hosting providers *must be GSMA SAS accredited* ** enforcement is done via the GSMA PKI: Certificates only issued to accredited entities == Consumer eSIM Procedures (SGP.22) * Remote Provisioning ** Profile Download Initiation ** Common Mutual Authentication ** Profile Download and Installation * Local Profile Management ** Enable / Disable Profile ** Add / Delete / List Profile ** Set/Edit Nickname * Local eUICC Management ** Retrieve EID ** eUICC Memory Reset ** eUICC Test Memory Reset ** Set/Edit Default SM-DP+ Address == Consumer eSIM: Download Initiation image::consumer_profile_dl_init.png[Download Initiation,width=1300] == Consumer eSIM: Download and Install image::consumer_dl_and_install.png[Download and Installation,width=1150] == Consumer eSIM: Profile Installation image::consumer_profile_installation.png[Profile Installation,width=1150] == Consumer eSIM: Enable Profile image::consumer_enable_profile.png[Enable Profile,width=1050] == eSIM vs. open source software * technically all protocol specs are public ** FOSS implementations of all elements are possible in theory * GSMA certification/approval is very expensive ** unlikely to happen given the associated cost * only the LPA does not need any kind of certification, so FOSS LPA are possible ** `lpac` available from https://github.com/estkme-group/lpac ** `LPAdesktop` available from https://github.com/Truphone/LPAdesktop * in IoT eSIM, also the eIM could be implemented as FOSS without certification requirements == eSIM vs. open source software * GSMA SAS rules only apply to eUICC with GSMA certificates/keys * if you can build/get eUICC with certs from your _your own_ CA, you can do what you want * also, there are some Test eUICC with certs/keys documented in SGP.26 => we can actually write our own SM-DP+ and use it without GSMA blessing == Introducing `osmo-smdpp` * developed as part pf `pySim` git repo (might change later) * implements ES9+ interface (JSON variant only for now) * implements BSP and ES8+ * all the cryptographic elements ** profile protection ** profile binding ** ECDSA ** ECKA ** key derivation == Why `osmo-smdpp` * any technology should have a FOSS implementation ** that's the red line through 20 years of my work * GSMA specifications are vague/unclear in critical points ** even other implementers of SM-DP+ and mobile operators agree to that * GSMA specifications do not contain any test vectors for any of the crypto! * other people like sudoku or crossword puzzles; i liked this topic as challenge == Status `osmo-smdpp` * successful mutual authentication with test-eUICC * successful eSIM profile download into test-eUICC * lots of gaps at the moment (contributions welcome!) ** profile personalization (WIP) ** certificate verification (WIP) ** no ES2+ interface (to operator) ** no ES12 interface (to SM-DS) == Demo: `lpac` against `osmo-smdpp` let's use `lpac` to download a profile into a test eUICC DEMO TIME == Demo: `lpac` against production SM-DP+ let's use `lpac` to download a real-world profile into a GSMA eUICC DEMO TIME == Thanks * Thanks to Chris of mode51 software for his blog posts and email replies * Thanks to people behind python modules like asn1tools, klein, cryptography, pycryptodome == Further Reading * https://media.ccc.de/v/camp2023-57190-demystifying_esim_technology * https://www.gsma.com/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf * https://www.gsma.com/security/sas-accredited-sites/ * https://medium.com/@mode51 [.questions] === ! [.bubbles] === ! [.hands] === ! == EOF End of File