Skip to main content
SpringerLink
Log in

Attacks Against GSMA’s M2M Remote Provisioning (Short Paper)

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10957))

Included in the following conference series:

Abstract

GSMA is developing and standardizing specifications for embedded SIM cards with remote provisioning, called eUICCs, which are expected to revolutionize the cellular network subscription model. We study GSMA’s “Remote Provisioning Architecture for Embedded UICC” specification, which focuses on M2M devices, and we analyze the security of remote provisioning. Our analysis reveals weaknesses in the specification that would result in eUICCs being vulnerable to attacks: we demonstrate how a network adversary can exhaust an eUICC’s memory, and we identify three classes of attacks by malicious insiders that prevent service. We disclosed our findings to GSMA; GSMA confirmed the validity of these attacks and acknowledged their potential to disrupt the cellular industry. We propose fixes, which GSMA is incorporating into its specification. Thus, we improve security of next generation telecommunication networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Meyer, Quaglia and Smyth provide a detailed introduction to GSMA’s specification [17].

  2. 2.

    Immutable characteristics of eUICCs, set at manufacture time, are signed by the manufacturer and stored, with other mutable information, into the EIS file. The EIS file is issued by the manufacturer to the first SM-SR responsible for the eUICC.

  3. 3.

    The SM-SR should perform the check to prevent a similar attack by the SM-DP.

References

  1. Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0028165

    Chapter  Google Scholar 

  2. Berard, X., Gachon, D.: Method for remotely delivering a full subscription profile to a UICC over IP, November 2013. US Patent App. 13/991,846

    Google Scholar 

  3. Berbecaru, D., Lioy, A.: On the robustness of applications based on the SSL and TLS security protocols. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, pp. 248–264. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73408-6_18

    Chapter  MATH  Google Scholar 

  4. Blom, R., Norrman, K., Naslund, M., Rommer, S., Sahlin, B.: Security in the evolved packet system. Technical report, February 2010

    Google Scholar 

  5. ETSI: Smart Cards; Embedded UICC; Requirements Specification (V. 12.0.0). Technical Specification 103 383, September 2013

    Google Scholar 

  6. Girard, P., Proust, P.: Method for managing content on a secure element connected to an equipment, November 2013. US Patent App. 13/991,823

    Google Scholar 

  7. GlobalPlatform: Card Specification (V. 2.3). Technical Specification GPC\(\_\)SPE\(\_\)034, October 2015

    Google Scholar 

  8. Gow, D.: Telefónica hit by record €152m anti-trust fine, July 2007. goo.gl/Dvx6kk. Accessed 6 Dec 2016

  9. GSMA: GSMA announces mobile industry initiative to create a global remote provisioning specification for consumer devices, March 2015

    Google Scholar 

  10. GSMA: Business Process for Remote SIM Provisioning in M2M (V.1.0). Technical Specification CLP.05, February 2015

    Google Scholar 

  11. GSMA: Remote Provisioning Architecture for Embedded UICC (V. 3.1). Technical Specification SGP.02, May 2016

    Google Scholar 

  12. GSMA: M2M IoT Trust Model (V. 1.0). Technical Specification SGP.15, November 2017

    Google Scholar 

  13. GSMA: Remote Provisioning Architecture for Embedded UICC (V. 3.2). Technical Specification SGP.02, June 2017

    Google Scholar 

  14. Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: Annual Computer Security Applications Conference, pp. 265–276. IEEE (2001)

    Google Scholar 

  15. Langley, A.: Further improving digital certificate security, December 2013. goo.gl/kRHHD6. Accessed 16 Jan 2017

  16. Merrien, L., Berard, X., Gachon, D.: Method for transmitting a SIM application of a first terminal to a second terminal, May 2014. US Patent App. 13/991,542

    Google Scholar 

  17. Meyer, M., Quaglia, E.A., Smyth, B.: Overview of GSMA remote provisioning specification (2017). https://bensmyth.com/publications/2017-eUICC-overview/

  18. Microsoft: Fraudulent Digital Certificates Could Allow Spoofing, August 2011. goo.gl/bLbSQM. Accessed 16 Jan 2017

  19. Park, J., Baek, K., Kang, C.: Secure profile provisioning architecture for embedded UICC. In: International Conference on Availability, Reliability and Security, pp. 297–303. IEEE (2013)

    Google Scholar 

  20. Schneier, B.: Cyberwar, June 2007. goo.gl/SJW3oU. Accessed 12 Oct 2016

  21. Schultz, E.E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)

    Article  Google Scholar 

  22. Sierra Wireless: The eUICC opportunity: harness the power of IoT eSIMS. White paper (2017)

    Google Scholar 

  23. Smyth, B., Pironti, A.: Truncating TLS connections to violate beliefs in web applications. In: USENIX Workshop on Offensive Technologies. USENIX Association (2013). see also INRIA tech. rep. hal-01102013 (2015)

    Google Scholar 

  24. Thomas, D.: France hits orange with & €350m antitrust fine, December 2015. goo.gl/B8z1Xf. Accessed 6 Dec 2016

  25. Vermeulen, J.: Why it is legal for FNB to SIM-lock its smartphones, September 2016. https://goo.gl/xbX5zn. Accessed 16 Jan 2017

  26. Wood, A.D., Stankovic, J.A.: Denial of service in sensor networks. Computer 35(10), 54–62 (2002)

    Article  Google Scholar 

  27. Xie, L., Zhu, S.: Message dropping attacks in overlay networks: attack detection and attacker identification. ACM Trans. Inf. Syst. Secur. 11(3), 15 (2008)

    Article  Google Scholar 

Download references

Acknowledgments

This work was largely conducted at Huawei’s Mathematical and Algorithmic Sciences Lab in France.

Author information

Authors and Affiliations

  1. Vade Secure Technology Inc., Paris, France

    Maxime Meyer

  2. Information Security Group - Royal Holloway, University of London, London, UK

    Maxime Meyer & Elizabeth A. Quaglia

  3. Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg City, Luxembourg

    Ben Smyth

Authors
  1. Maxime Meyer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elizabeth A. Quaglia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ben Smyth
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maxime Meyer .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University College London, London, UK

    Sarah Meiklejohn

  2. Security Research Laboratories, NEC, Kawasaki, Japan

    Kazue Sako

Rights and permissions

Reprints and permissions

Copyright information

© 2018 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Meyer, M., Quaglia, E.A., Smyth, B. (2018). Attacks Against GSMA’s M2M Remote Provisioning (Short Paper). In: Meiklejohn, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10957. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58387-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-58387-6_13

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-58386-9

  • Online ISBN: 978-3-662-58387-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation