In the last article we spoke a little about what an eSIM is and what people think about it – this time, we will concentrate on the facts and the security risks that come along with such an interesting innovation.
It’s a conflictive topic for MNOs, vendors, manufacturers, end users – everyone who sees a great opportunity in eSIMs – and it wouldn’t be an exaggeration to say that they have been doing a great job at mostly avoiding the subject of security or the implementation of a common standard in order to facilitate the communication between the operators and the devices.
Since eSIMs are embedded into the device and can’t be taken out, the user has to switch networks remotely every time. A third party or a subscription manager is needed to establish the connection between the MNO and the device, sending out all the data that the user needs to download in order to initiate the service. The idea is that this information will remain on the device to indulge in network swapping if the user has a multi-profile and has had contact with other networks before. One of the people in the past article expressed a distrust of the intermediary as they will be responsible for the safe delivery of the data to the end user – it presents an opportunity that could be abused because the security measures are lacking. The subscription manager and its SM-SR (security routing) and SM-DP (data preparation) functions have to be certified according to a GSMA agreed certification scheme and implement a controlled access only to authorized security realms. These realms, in turn, need to have additional protection against attacks. In the mutual authentication, the entities that have to authenticate each other are SM-DP and SM-SR, and vice-versa.
Authenticity, confidentiality and availability – those are the three key factors in a secure M2M communication. The vulnerability of the wireless networks invites vast possibilities of eavesdropping, among many other infringements such as:
- Physical attack
The insertion of a valid authentication token into a manipulated device.
- Compromise of credentials
Force attacks on authentication algorithms and tokens.
- Configuration attacks
Fraudulent software update or bizarre configuration changes, mis-configuration by the owner, subscriber, user or it could also mean the compromise of the access control lists.
- Protocol attacks on the device
Man-in-the-middle (the attacker alters what is thought to be a direct communication between two parties) and denial-of-service (DoS) attacks.
- Attacks on the Core Network
The biggest concern of the MNOs would be the DoS attacks against the core network which include changing the device’s physical location without authorization or attacks on the radio access network, using a manipulated device.
- User data and integrity privacy attacks
Users and devices eavesdropping or masquerading as other users/subscribers, or the reveal of confidential data to unauthorized third parties, such as the user’s network ID.
What can be done to prevent these security risks?
Three key components are to be taken into account: the eSIM manufacturer, eSIM, SM-SR, SM-DP, MNO and the customer. They all belong to a security haven where the cryptography for the eSIM certificate generation should be stored by the manufacturer. Mutual authentication should be required in order to establish a secure communication. The eSIM has to be created according to a standard established by the GSMA and the manufacturer has to be in line with the Common Criteria EAL4+ (4th level of the Evaluation Assurance Level which aims to complete a security evaluation) to ensure the complete data removal in case of a profile deletion. The eSIM should be also capable of rejecting any operations on it if they’re in conflict with the policy rules of any of the profiles it has been assigned.
Embedded mobile devices would be more vulnerable to tampering than a traditional mobile device; in those cases, the attacker would most likely take out the SIM and insert it in a different device, triggering its detection. But with an EM device, it might take a lot longer to detect fraudulent activity. The MNOs need to keep their eyes peeled and invest more into fraud management – here are a few possible recommendations if any suspicions arise:
- Restricting services to the minimum.
- Limit traffic volume.
- Restrict IMSIs to work only with a specific range of IMSIs (International Mobile Subscriber Identity)
- Securely provide EM applications through the use of IPSec.
Does this mean people’s fears have been confirmed? Yes and no. Physical SIM cards will exist collaterally for a while, so those who distrust the eSIM security measures could perfectly enjoy the traditional way of doing things until the storm hits and the experts learn from the painful experience. However, the hesitant ones might find themselves in a hurdle when the new eSIM devices start appearing — MNOs will work hard to obtain profit from this new horizon. Sooner or later, these people will find themselves with an outdated, disconnected device and a series of intentionally underperforming services and disinterested customer service to passive-aggressively prompt them to modernise.
But generally, being cautious about these things is not a sign of an early onset of paranoia; it is completely natural to be protective of our personal data.
It would be naïve to assume that the legal professionals are the only professionals in this field – thanks to the Internet, now anyone can learn absolutely anything, therefore the possibilities and dangers increase by a tenfold. It is necessary to update the security measures regularly, collect data, collect feedback about their performance and listen to the consumers – they are the ones who are keeping everyone in business after all. It is time to look beyond the profits.
For more about eSIM and all the strategic challenges we see in the world of Roaming and Interconnect contact us at firstname.lastname@example.org