Eu 17 Meyer Attacks Against GSMAS M2M Remote Provisioning WP
Eu 17 Meyer Attacks Against GSMAS M2M Remote Provisioning WP
Eu 17 Meyer Attacks Against GSMAS M2M Remote Provisioning WP
Remote Provisioning
1 Introduction
Machine to Machine (M2M) devices (i.e., machines communicating together
without human intervention) are ubiquitous. Some of these devices communi-
cate using cellular networks [14]. To access a 4G cellular network, an M2M device
authenticates using an embedded MFF2 SIM [5], which is issued by a Mobile
Network Operator (MNO). This authentication is achieved using the Authen-
ticated Key Agreement (AKA) protocol [3], which defines seven cryptographic
algorithms, a unique identifier for the subscriber’s device, and a symmetric key
shared between the MNO and the device. These algorithms and the symmetric
key are embedded in MFF2 SIMs. The physical security of SIMs ensures the
confidentiality and integrity of symmetric keys. Moreover, confidentiality and
integrity of algorithms is also ensured, which is important for proprietary imple-
mentations of algorithms. MFF2 SIMs are limited as follows: they are neither
re-programmable (i.e., they are tied to a single subscription during their lifetime)
nor remotely personalizable (i.e., MNOs have to physically upload the symmetric
key onto MFF2 SIMs).
ETSI proposed a specification for embedded SIMs that are both re-programmable
and remotely personalizable, thereby overcoming the limitations of MFF2 SIMs
[6]. Following ETSI’s proposal, industrial researchers, e.g., [2, 7, 17], and aca-
demic researchers, e.g., [20], presented proposals for secure remote provision-
ing schemes. Building upon ETSI’s specification on secure remote provisioning,
GSMA1 released a specification for a next generation SIM, namely, an embedded
UICC. This next generation SIM can support multiple MNOs simultaneously.
Data from each MNO is stored in a Profile. Profiles are remotely provisioned,
and installed into eUICCs. The mechanisms and protocols for remote provision-
ing and managing profiles on eUICCs for M2M devices are described by GSMA’s
“Remote Provisioning Architecture for Embedded UICC” specification [12].
Remote provisioning is a core aspect of GSMA’s specification. To realize re-
mote provisioning, this specification introduces a Subscription Manager (SM),
which acts as an intermediary between MNOs and the eUICC. (This evolution
is motivated by business cases [10, Section 3]. The SM oversees the remote man-
agement of the eUICC and of the profiles installed on this eUICC. The SM is
further separated into two roles: Secure Routing (SM-SR) and Data Preparation
(SM-DP), as depicted in Figure 1.
eUICC
ECASD
(*) (*)
SM-DP SM-SR ISD-R
MNO ISD-P
PM N O
Unlike MFF2 SIMs, which are tied to a single subscription, eUICCs support
several subscriptions simultaneously. This is made possible by eUICC architec-
ture, which is based on GlobalPlatform’s smart card standard [8] and compatible
1
Groupe Spéciale Mobile Association (GSMA) is a consortium of stakeholders in the
telecommunication industry representing operators’ interests worldwide.
with the MFF2 SIM file system.2 GlobalPlatform’s standard specifies the archi-
tecture of smart card platforms and their management. Internal communication
is defined by GlobalPlatform’s OPEN framework, which uses the Application
Protocol Data Unit (APDU) message format. The eUICC architecture makes
use of privileged applications, called Security Domains. These domains have
access to keys and can setup secure channels with external entities. GSMA’s
specification relies on these security domains to isolate profiles (denoted PM N O
in Figure 1) into dedicated applications, each residing in a separated container
(denoted ISD-P in Figure 1).
To secure external communication, eUICCs contain a controlling application
(ECASD) which handles authentication of remote entities based on their certifi-
cates. Furthermore, remote messages pass through a secure channel between the
SM-SR and its representative security domain (denoted ISD-R in Figure 1) on
the eUICC. After processing by the ISD-R, messages are handled by the OPEN
framework and relayed to their destined profile or application, characterized by
a unique number, the AID (application Identifier).
GSMA is promoting their specification for standardization [24, 11]. Any
weakness or flaw in the specification or subsequent standard could have dis-
astrous consequences on the secure deployment of eUICCs. As such, security of
remote provisioning must be analyzed. Indeed, finding and fixing specification
flaws is paramount, because the cost of fixing problems increases exponentially
once production commences.
(1) DownloadProfile
(2) GetEIS
(3a) CreateISDP
(3b) create new ISD-P
ISD-P
(5)
(5)
eUICC
Smart Card
SM-DP SM-SR ISD-R
Framework
(1) CreateISDP
(6) updateEIS
ISD-P AID
ISD-P AID
new
(1) ISD-PAID
timeout (2)
Return APDU
Function and APDU Command
Return timeout
Timeline
It is not possible to recover from this attack (e.g., by deleting the created ISD-
P), since the specification restricts profile deletion to MNOs or SM-DPs. And, to
delete a profile, an MNO or an SM-DP has to send a DeleteProfile command
containing the ISD-P AID of the concerned profile to the SM-SR. However, as
depicted by (9) in Figure 3, the SM-DP receives the ISD-P AID from the return
message of the CreateISDP command. As this return message is dropped by
the adversary, the ISD-P AID is lost, thus, neither the MNO nor the SM-DP
can delete an orphaned profile. A procedure called Master Delete is defined
in the specification to allow an SM-SR to delete profiles not maintained by
operators anymore [12, Section 3.10]. However, this mechanism only works for
fully installed profiles, which is not the case here. Consequently, the master
delete procedure cannot be applied. In fact, there is no mechanism defined in
the specifications for the SM-SR or the eUICC to delete orphaned ISD-Ps. If the
attack is repeated to exhaust the eUICC’s memory, only profiles existing on the
eUICC before the attack can be used later.
This attack would cause financial loss, because it prevents operators from
providing network service. Moreover, it is not possible to recover from it and
any trace of the attack is minimal (only a lost message), making the attack even
valuable. For example, an operator, with a profile on an eUICC, could collude
with a network adversary and deliberately fill the eUICC memory. The attack
is similar to a permanent denial of service, a class of attack already targeting
connected devices [4].
3.3 Countermeasure
The attack can be prevented by creating a mechanism on the card to manage
ISD-P creation. Once an ISD-P is created, this mechanism awaits the next logical
instruction of the DownloadProfile process. If the awaited instruction is not
received on time, the ISD-P is automatically deleted by this mechanism and a
notification is sent to the SM-SR. As such, even if the notification is dropped
too, the orphaned ISD-P is deleted. This mechanism could be implemented as
an extension of the GlobalPlatform framework.
4.3 Countermeasure
This attack can be prevented by protecting the eUICC’s mutable characteristics.
To achieve this, the values sent by the eUICC to the SM-SR during an AuditEIS
could be signed using the eUICC’s private key.6 Hence, the SM-DP can be as-
sured of the value’s integrity. The signature should also contain a timestamp to
prevent replay attacks by the SM-SR.
5.2 Countermeasure
This attack can be avoided if an upper bound on profile size is defined. When
a request for a new profile is made by an operator, the SM-DP and the SM-SR
would check the size of the profile to be created with this maximal size.7
GSMA’s specification defines a set of policy rules for managing the life cycle
of profiles. These policy rules are stored in a file (POL1) inside each profile.
They specify whether a profile can be disabled, can be deleted, or should be
deleted once it is disabled. A profile’s policy rules are initialized by the MNO
during profile creation and can only be modified when the profile is enabled. An
unsynchronized copy of these rules is maintained in the EIS file stored by the
SM-SR. Policy rules can only be changed by the MNO owning the profile, that
MNO is also responsible for updating EIS accordingly.
The policy rule CannotBeDisabled locks an eUICC to a profile. This lock
forces devices to connect to a specific network, it is a feature of the existing
subscription model[26]. It is typically used in the context of subsidizing sub-
scriptions. The eUICC lock feature can be set multiple times, while, for 4G
networks, once a device is unlocked, it is not possible to lock it again.
At a high level, policy rule CannotBeDisabled is either true or false for the
enabled profile. We show that this rule introduces a weakness that can result in
an eUICC being locked to an undesirable operator’s profile, without regard for
the initial value of the rule. We demonstrate that a malicious MNO can launch an
attack when rule CannotBeDisabled is false (§6.2.1) and that an opportunistic
MNO can take advantage of its position when the rule is true (§6.2.2).
7
The SM-SR should perform the check to prevent the SM-DP launching a similar
attack
6.2.1 Rule CannotBeDisabled is false Suppose all of an eUICC’s profiles
have set the policy rule CannotBeDisabled to false. Further suppose a mali-
cious MNO is interested in blocking other operators’ profiles. For this, the ma-
licious operator installs its profile (see Section 2.1), enables it and sets policy
rule CannotBeDisabled to true. The MNO owning the previously enabled profile
will receive a notification from the SM-SR indicating that its profile has been
disabled, but, the operator cannot re-enable its profile as the new one cannot
be disabled. The eUICC is locked to the malicious operator’s profile. Moreover,
this new profile cannot be disabled and, consequently, cannot be deleted. The
following examples present scenarios whereby eUICCs might be locked:
Supply chain attack. Assuming devices are powered-on once manufactured, and
then shipped to their destination, and further assuming that devices are passing
along the border of a country where operators have an aggressive market strat-
egy, one operator could install a profile on all devices inside the container. Such
attacks could also occur while devices are in production or in storage.
6.3 Countermeasure
Moreover, GSMA are working with us to incorporate our fixes into their specifi-
cation. Indeed, GSMA has released an updated specification [13] which includes
some of our fixes. Thus, we have improved security of next generation telecom-
munication networks.
8 Conclusion
Acknowledgments
References
1. Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Inter-
national Workshop on Security Protocols. pp. 125–136. Springer (1997)
2. Berard, X., Gachon, D.: Method for remotely delivering a full subscription profile
to a uicc over ip (December 2013), US Patent App. 13/991,846
3. Blom, R., Norrman, K., Naslund, M., Rommer, S., Sahlin, B.: Security in the
Evolved Packet System. Tech. rep. (February 2010)
4. Cimpanu, C.: New malware intentionally bricks iot devices. https:
//www.bleepingcomputer.com/news/security/new-malware-intentionally-
bricks-iot-devices/ (April 2017), accessed: 2017-04-11
8
Email communication, August 2017.
5. ETSI: Smart Cards; Machine to Machine UICC; Physical and logical characteristics
(Release 9). Technical Specifications 102 671 (April 2010)
6. ETSI: Smart Cards; Embedded UICC; Requirements Specification (Release 12.0.0).
Technical Specifications 103 383 (September 2013)
7. Girard, P., Proust, P.: Method for managing content on a secure element connected
to an equipment (November 2013), US Patent App. 13/991,823
8. GlobalPlatform: Card Specification (Version 2.3). Technical specifications (October
2015)
9. Gow, D.: Telefónica hit by record e152m anti-trust fine. https://www.
theguardian.com/business/2007/jul/04/media (July 2007), accessed: 2016-12-
06
10. GSMA: Business Process for Remote SIM Provisioning in M2M. Technical Speci-
fications 1.0 (February 2015)
11. GSMA: GSMA announces mobile industry initiative to create a global remote
provisioning specification for consumer devices (March 2015)
12. GSMA: Remote Provisioning Architecture for Embedded UICC. Technical Speci-
fications 3.1 (May 2016)
13. GSMA: Remote Provisioning Architecture for Embedded UICC. Technical Speci-
fications 3.2 (June 2017)
14. GSMA Intelligence: Cellular M2M forecasts: unlocking growth. Tech. rep. (Febru-
ary 2015)
15. Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In:
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th
Annual. pp. 265–276. IEEE (2001)
16. Langley, A.: Further improving digital certificate security. https://security.
googleblog.com/2013/12/further-improving-digital-certificate.html (De-
cember 2013), accessed: 2017-01-16
17. Merrien, L., Berard, X., Gachon, D.: Method for transmitting a sim application of
a first terminal to a second terminal (May 2014), US Patent App. 13/991,542
18. Meyer, M., Quaglia, E.A., Smyth, B.: Overview of GSMA Remote Provi-
sioning Specification (2017), https://bensmyth.com/publications/2017-eUICC-
overview/
19. Microsoft: Fraudulent digital certificates could allow spoofing. https://technet.
microsoft.com/library/security/2607712 (August 2011), accessed: 2017-01-16
20. Park, J., Baek, K., Kang, C.: Secure profile provisioning architecture for embedded
uicc. In: Availability, Reliability and Security (ARES), 2013 Eighth International
Conference on. pp. 297–303. IEEE (2013)
21. Rounds, M., Pendgraft, N.: Diversity in network attacker motivation: A literature
review. In: Computational Science and Engineering, 2009. CSE’09. International
Conference on. vol. 3, pp. 319–323. IEEE (2009)
22. Schneier, B.: Cyberwar. https://www.schneier.com/blog/archives/2007/06/
cyberwar.html (June 2007), accessed: 2016-10-12
23. Schultz, E.E.: A framework for understanding and predicting insider attacks. Com-
puters & Security 21(6), 526–531 (2002)
24. Sierra Wireless: The eUICC opportunity: harness the power of IoT eSIMS. White
paper (2017)
25. Thomas, D.: France hits Orange with e350m antitrust fine. https://www.ft.com/
content/d20d7882-a4b7-11e5-a91e-162b86790c58 (December 2015), accessed:
2016-12-06
26. Vermeulen, J.: Why it is legal for FNB to SIM-lock its smartphones.
https://mybroadband.co.za/news/smartphones/178714-why-it-is-legal-
for-fnb-to-sim-lock-its-smartphones.html (September 2016), accessed:
2017-01-16
27. Wood, A.D., Stankovic, J.A.: Denial of service in sensor networks. computer 35(10),
54–62 (2002)
28. Xie, L., Zhu, S.: Message dropping attacks in overlay networks: Attack detection
and attacker identification. ACM Transactions on Information and System Security
(TISSEC) 11(3), 15 (2008)