Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
This conference talk explores vulnerabilities in the consumer Remote SIM Provisioning (RSP) protocol that enables eSIM downloads to mobile devices. Discover how the GSMA-defined protocol works for downloading SIM profiles to secure elements in phones, and understand the critical security implications for mobile authentication and communication. Learn about the formal methods analysis that revealed several security weaknesses, including over-reliance on TLS encapsulation, problematic trust assumptions regarding download servers, and security risks from compromised secure elements in mobile devices. Examine how the lack of pre-established identifiers contributes to these vulnerabilities and how insufficient verification of user intent can lead to SIM swapping-like attacks. The presenters, Dr. Abu Shohel Ahmed and Professor Tuomas Aura from Aalto University, offer practical solutions for mitigating these vulnerabilities in current eSIM deployments and suggest protocol improvements for enhanced security.
