Security Analysis of Embedded SIM Remote Provisioning Protocol Using SPIN

Security Analysis of Embedded SIM Remote Provisioning Protocol Using SPIN

연구 분야: Analysis

학회: ICCNS '21: Proceedings of the 2021 11th International Conference on Communication and Network Security

Abstract: With the advent of the 5G era, embedded SIM (eSIM) technology has been created to meet the needs of M2M technology. In earlier years, the GSMA provided a detailed description of the architecture and configuration protocol of the eSIM over-the-air writing technology. The remote configuration protocol of eSIM cards is divided into the processes of configuration file download, installation, activation, de-activation, and deletion. In this protocol, there are attacks such as identity impersonation threats, tampering threats, denial of service and eavesdropping threats, etc. This paper analyzes the security of key session establishment during the download and the installation of configuration files. And it uses a four-channel parallel method to simulate the session establishment process. The attacker is modeled based on the Dolev-Yao model. Through the test of the SPIN model detection tool, it is found that the attacker can intercept information from eSIM and SM-DP during the establishment of the key session. However, because the attacker lacks the key, he cannot obtain valid information from the obtained ciphertext. Therefore, the attacker cannot forge or modify the message. Our work proves the security of the eSIM system.