Attacks Against GSMA’s M2M Remote Provisioning (Short Paper)

Meyer, Maxime; Quaglia, Elizabeth A.; Smyth, Ben

doi:10.1007/978-3-662-58387-6_13

Cited by 7 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cellphones can be compromised by different cyber-attacks [79], [80]. For hardened devices with stricter security polices and white listed software, attacks are more difficult in general but they also remain susceptible to physical or over-the-air cloning of USIM [81], [82], for leaking of application layer credentials enabling masquerading attacks, for physical hacking, as well as for thefts or losses of devices. Public safety devices may also rely on centralized security management (for delivery of patches, enforcement of software configuration, updating of security policies, as well as access to revoked certificate information and virus databases) and thus prolonged isolation may damage devices' security levels.…”

Section: Threat Scenarios In the User Device Domainmentioning

confidence: 99%

Securing Public Safety Communications on Commercial and Tactical 5G Networks: A Survey and Future Research Directions

Suomalainen

Julku

Vehkaperä

et al. 2021

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

The forthcoming communication networks for public safety authorities rely on the fifth generation (5G) of mobile networking technologies. Police officers, paramedics, border guards, as well as fire and rescue personnel, will connect through commercial operator's access network and rapidly deployable tactical bubbles. This transition from closed and dedicated infrastructure to hybrid architecture will expand the threat surface and expose mission-critical applications and sensitive information to cyber and physical adversaries. We explore and survey security architecture and enablers for prioritized public safety communication in 5G networks. We identify security threat scenarios and analyze enabling vulnerabilities, threat actors, attacks vectors, as well as risk levels. Security enablers are surveyed for tactical access and core networks, commercial infrastructure, and mission-critical applications, starting from push-to-talk and group video communication and leading to situational-awareness and remote-controlled systems. Two solutions are trialed and described in more detail: remote attestation enhanced access control for constrained devices, and securing of satellite backhauls. We also discuss future research directions highlighting the need for enablers to automate security of rapid deployments, for military-grade cost-effective customizations of commercial network services to ensure robustness, and for hardening of various types of public safety equipment.

show abstract

Section: Threat Scenarios In the User Device Domainmentioning

confidence: 99%

Securing Public Safety Communications on Commercial and Tactical 5G Networks: A Survey and Future Research Directions

Suomalainen

Julku

Vehkaperä

et al. 2021

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

show abstract

“…The evolution towards next generation telecommunications is exciting, but not without risk; flawed systems have the potential to cost society dearly, in terms of both lost liberties and financial costs. As such, similarly to the security analysis done by Meyer et al in [15], it will be important to analyze in detail the mechanisms behind remote provisioning to be sure that the properties offered by the current model will hold for eUICCs, especially in term of security as it is paramount for operators. Such an overview is helping in that regard by easing the comprehension of those technical specification.…”

Section: Closing Remarksmentioning

confidence: 99%

An Overview of GSMA's M2M Remote Provisioning Specification

Meyer,

Quaglia,

Smyth

2019

Preprint

Self Cite

View full text Add to dashboard Cite

M2M devices are ubiquitous, and there is a growing tendency to connect such devices to mobile networks. Network operators are investigating new solutions to lower their costs and to address usability issues. Embedded SIM cards with remote provisioning capability are one of the most promising solutions. GSMA, the leading consortium on mobile network standards, has proposed a specification for such an embedded SIM card, called eUICC. The specification describes eUICC architecture and a remote provisioning mechanism. Embodiments of this specification have the potential to disrupt the telecommunications market: eUICCs will be shipped to device manufacturers and then remotely provisioned with a subscription, whereas (currently) SIMs must be provisioned prior to shipping. In this article, we present a comprehensive overview of GSMA's specification and its motivation. In particular, we describe the technology and the protocols involved in remote provisioning.

show abstract