311 lines
8.5 KiB
Plaintext
311 lines
8.5 KiB
Plaintext
exploring eUICC and eSIM with pySim, lpac and osmo-smdpp
|
|
========================================================
|
|
:revealjsdir: /home/laforge/projects/git/reveal.js
|
|
:revealjs_width: 1918
|
|
:revealjs_height: 1070
|
|
:revealjs_transition: none
|
|
//:revealjs_theme: night
|
|
//:revealjs_theme: beige
|
|
//:revealjs_theme: solarized
|
|
|
|
|
|
:author: Harald Welte <laforge@gnumonks.org>
|
|
:copyright: 2024 by Harald Welte (License: CC-BY-SA)
|
|
:backend: slidy
|
|
:max-width: 45em
|
|
|
|
== Overview
|
|
|
|
* SIM / UICC / USIM recap
|
|
* eSIM Principles
|
|
* eSIM Variants
|
|
* Putting it all together
|
|
|
|
|
|
== Recap: Classic SIM
|
|
|
|
* SIM card introduced with GSM (2G)
|
|
* single-purpose smart card
|
|
* fundamental purpose of classic SIM:
|
|
** storage of configuration data
|
|
** storage of contacts
|
|
** storage of SMS
|
|
** _secure element_ holding the secret per-subscriber key material
|
|
|
|
|
|
== Recap: UICC and USIM Application
|
|
|
|
* UICC is a general-purpose multi-application smart card
|
|
* USIM card application introduced with UMTS (3G)
|
|
* additional, optional ISIM introduced with VoLTE (4G)
|
|
* fundamental purpose of USIM/ISIM:
|
|
** storage of configuration data
|
|
*** thousands of parameters in hundreds of files
|
|
** _secure element_ holding the secret per-subscriber key material
|
|
|
|
== eSIM in a nutshell
|
|
|
|
* virtualisation of the USIM
|
|
* de-coupling of _SIM profile_ from _physical chip_
|
|
* the eSIM capable chip is now called *eUICC*
|
|
* eUICC can hold one or more _SIM profiles_
|
|
|
|
== SIM profile
|
|
|
|
* File contents of USIM filesystem hierarchy
|
|
* Secret authentication key material (K + OPc)
|
|
* OTA key material
|
|
* PIN, PUK, ADM-PIN, ...
|
|
* SIM (toolkit) applets
|
|
|
|
Format of eSIM profile is specified in the _eUICC Profile Package_ specification by the Trusted Connectivity Alliance (formerly SIMalliance)
|
|
|
|
== Quick look at a profile
|
|
|
|
DEMO TIME
|
|
|
|
== eUICC
|
|
|
|
* smart card chip
|
|
* higher requirements than for classic SIM/UICC
|
|
** extensive security requirements
|
|
** various cryptographic functionalities, including ECDSA
|
|
* electrical interface is ISO 7816 (like SIM/UICC)
|
|
* transport protocol is ISO 7816 T=0 (like SIM/UICC)
|
|
* typically soldered on the board or integrated into UE
|
|
** plastic packaged (micro/nano) SIM sized variants available
|
|
|
|
EID:: unique identifier of eUICC (as ICCID is part of *profile*)
|
|
|
|
== eUICC
|
|
|
|
image::euicc_schematic.png[]
|
|
|
|
== Security Domains
|
|
|
|
ECASD:: representative of CI/CA
|
|
ISD-R:: representative of SM-SR
|
|
ISD-P:: representative of SM-DP. There can be multiple ISD-P for multiple eSIM profiles, but only one is enabled at any given point in time
|
|
|
|
|
|
== eSIM flavors
|
|
|
|
* _M2M_ eSIM (released first)
|
|
* _Consumer_ eSIM (released later)
|
|
* _IoT_ eSIM (bleeding edge)
|
|
|
|
|
|
== Consumer Model
|
|
|
|
* uses client-driven _pull_ model to provision and manage profiles by the end user
|
|
* HTTPS/TCP/IP protocol used for profile download
|
|
* Introduces SM-DS and LPA (both don't exist in prior M2M)
|
|
* no _provisioning profile_ required, as device can e.g. use WiFi to download a profile
|
|
|
|
image::esim-consumer-arch.png[eSIM Consumer Architecture,width=1000,align="center"]
|
|
|
|
|
|
== Demo: `pySim-shell` on eUICC
|
|
|
|
DEMO TIME
|
|
|
|
== Consumer eSIM: LPA
|
|
|
|
LPA: Local Profile Assistant
|
|
|
|
* software on the client device
|
|
** can optionally also be fully built-in to the eUICC (LPAe)
|
|
** standard case with smartphones today is on the device (LPAd)
|
|
* provides user interface for profile management
|
|
* talks to local eUICC and to remote SM-DP+
|
|
|
|
== Consumer eSIM: SM-DP+
|
|
|
|
SM-DP+:: Subscription Manager - Data Preparation (Enhanced)
|
|
|
|
* see SM-DP in M2M eSIM
|
|
* combines SM-DP and SM-SR features (hence the *+* designator)
|
|
|
|
== SM-DP+ Functions
|
|
|
|
* Profile Package Generation (result: UPP)
|
|
* Profile Package Protection (result: PPP)
|
|
* Profile Package Binding (result: BPP)
|
|
* Profile Package Storage
|
|
* Profile Package Delivery
|
|
* SM-DS Event Registration
|
|
* Remote Profile Management
|
|
|
|
== Consumer eSIM: SM-DS
|
|
|
|
SM-DS:: Subscription Manager - Discovery Service
|
|
|
|
* allows SM-DP+ to reach an eUICC without knowing on which network / via which technology it can be reached
|
|
* stores notifications issued by SM-DP+ for a given eUICC
|
|
* LPA is polling SM-DP+ on behalf of eUICC
|
|
|
|
== ES8+ Interface
|
|
|
|
ES8+ (SM-DP+ - eUICC)
|
|
|
|
* transported over ES9+ between SM-DP+ and LPA
|
|
* transported over ES10b between LPA and eUICC
|
|
|
|
image::es8p_in_es9p.png[ES8+ in ES9+ and ES10c,width=1700,align="center"]
|
|
|
|
== ES9+ Interface
|
|
|
|
ES9+ (SM-DP+ - eUICC)
|
|
|
|
* utilizes HTTPS over TCP/IP
|
|
** LPA is client; SM-DP+ is server
|
|
** client verifies server TLS certificate, like in the web
|
|
* allows JSON or ASN.1 encoding
|
|
* some special rules about HTTP headers (X-Admin-Protocol, User-Agent)
|
|
|
|
== ES10x Interface
|
|
|
|
ES10a/b/c (LPA - eUICC)
|
|
|
|
* APDU based interface (like all smart card interfaces)
|
|
* uses STORE DATA command as transport mechanism
|
|
|
|
== Certificate Chain
|
|
|
|
image::consumer_cert_chain.png[eSIM Certificate Chain,width=1200,align="center"]
|
|
|
|
== Compliance / Security
|
|
|
|
* eUICC security: Common Protection Profile, EAL4+
|
|
* Production Environment + Process Security
|
|
** GSMA SAS-UP (eUICC personalization)
|
|
** GSMA SAS-SM (Subscription Management Platforms)
|
|
* Functional compliance
|
|
** GSMA test specification / GlobalPlatform test suite
|
|
* eUICC manufacturers, SM-SR and SM-DP hosting providers *must be GSMA SAS accredited*
|
|
** enforcement is done via the GSMA PKI: Certificates only issued to accredited entities
|
|
|
|
== Consumer eSIM Procedures (SGP.22)
|
|
|
|
* Remote Provisioning
|
|
** Profile Download Initiation
|
|
** Common Mutual Authentication
|
|
** Profile Download and Installation
|
|
* Local Profile Management
|
|
** Enable / Disable Profile
|
|
** Add / Delete / List Profile
|
|
** Set/Edit Nickname
|
|
* Local eUICC Management
|
|
** Retrieve EID
|
|
** eUICC Memory Reset
|
|
** eUICC Test Memory Reset
|
|
** Set/Edit Default SM-DP+ Address
|
|
|
|
== Consumer eSIM: Download Initiation
|
|
|
|
image::consumer_profile_dl_init.png[Download Initiation,width=1300]
|
|
|
|
== Consumer eSIM: Download and Install
|
|
|
|
image::consumer_dl_and_install.png[Download and Installation,width=1150]
|
|
|
|
== Consumer eSIM: Profile Installation
|
|
|
|
image::consumer_profile_installation.png[Profile Installation,width=1150]
|
|
|
|
== Consumer eSIM: Enable Profile
|
|
|
|
image::consumer_enable_profile.png[Enable Profile,width=1050]
|
|
|
|
|
|
== eSIM vs. open source software
|
|
|
|
* technically all protocol specs are public
|
|
** FOSS implementations of all elements are possible in theory
|
|
* GSMA certification/approval is very expensive
|
|
** unlikely to happen given the associated cost
|
|
* only the LPA does not need any kind of certification, so FOSS LPA are possible
|
|
** `lpac` available from https://github.com/estkme-group/lpac
|
|
** `LPAdesktop` available from https://github.com/Truphone/LPAdesktop
|
|
* in IoT eSIM, also the eIM could be implemented as FOSS without certification requirements
|
|
|
|
|
|
== eSIM vs. open source software
|
|
|
|
* GSMA SAS rules only apply to eUICC with GSMA certificates/keys
|
|
* if you can build/get eUICC with certs from your _your own_ CA, you can do what you want
|
|
* also, there are some Test eUICC with certs/keys documented in SGP.26
|
|
|
|
=> we can actually write our own SM-DP+ and use it without GSMA blessing
|
|
|
|
|
|
== Introducing `osmo-smdpp`
|
|
|
|
* developed as part pf `pySim` git repo (might change later)
|
|
* implements ES9+ interface (JSON variant only for now)
|
|
* implements BSP and ES8+
|
|
* all the cryptographic elements
|
|
** profile protection
|
|
** profile binding
|
|
** ECDSA
|
|
** ECKA
|
|
** key derivation
|
|
|
|
== Why `osmo-smdpp`
|
|
|
|
* any technology should have a FOSS implementation
|
|
** that's the red line through 20 years of my work
|
|
* GSMA specifications are vague/unclear in critical points
|
|
** even other implementers of SM-DP+ and mobile operators agree to that
|
|
* GSMA specifications do not contain any test vectors for any of the crypto!
|
|
* other people like sudoku or crossword puzzles; i liked this topic as challenge
|
|
|
|
== Status `osmo-smdpp`
|
|
|
|
* successful mutual authentication with test-eUICC
|
|
* successful eSIM profile download into test-eUICC
|
|
* lots of gaps at the moment (contributions welcome!)
|
|
** profile personalization (WIP)
|
|
** certificate verification (WIP)
|
|
** no ES2+ interface (to operator)
|
|
** no ES12 interface (to SM-DS)
|
|
|
|
== Demo: `lpac` against `osmo-smdpp`
|
|
|
|
let's use `lpac` to download a profile into a test eUICC
|
|
|
|
DEMO TIME
|
|
|
|
== Demo: `lpac` against production SM-DP+
|
|
|
|
let's use `lpac` to download a real-world profile into a GSMA eUICC
|
|
|
|
DEMO TIME
|
|
|
|
== Thanks
|
|
|
|
* Thanks to Chris of mode51 software for his blog posts and email replies
|
|
* Thanks to people behind python modules like asn1tools, klein, cryptography, pycryptodome
|
|
|
|
== Further Reading
|
|
|
|
* https://media.ccc.de/v/camp2023-57190-demystifying_esim_technology
|
|
* https://www.gsma.com/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf
|
|
* https://www.gsma.com/security/sas-accredited-sites/
|
|
* https://medium.com/@mode51
|
|
|
|
|
|
[.questions]
|
|
=== !
|
|
|
|
[.bubbles]
|
|
=== !
|
|
|
|
[.hands]
|
|
=== !
|
|
|
|
|
|
== EOF
|
|
|
|
End of File
|