niklas/master_thesis
1
0
Fork 0
mirror of https://sharelatex.tu-darmstadt.de/git/681e0e7a3a9c7c9c6b8bb298 synced 2025-12-08 05:27:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update on Overleaf.

Browse Source
This commit is contained in:
nb72soza Bittner
2025-06-30 16:02:32 +00:00
committed by node
parent c532081e46
commit 05fe378eb5
6 changed files with 67 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Chapters/Introduction.tex
View File

@@ -27,20 +27,33 @@
% security vulnerabilities can have a major impact -> persistence of exploits are high: malicouse profiles may persist accross reboots or even device resets; often low level and invisible -> particularly dangerous and hard to detect
% sims have direct, priviledged, unfiltered access to the baseband
% esim os are closed source and implemented by the manufactruers -> not subject to open review
% strengthens the importance of black-box testing methodologies to uncover implementation specific issues without requiring internal access
% also has potential for undocumented features and backdoors -> esim vendors might introduce update endpoints to update their esim firmware, or add extra functionality outside of the specs
% non standard implementations may introduce bugs or security flaws
% implementation bugs: like any other complex embedded system esim stack are susceptiuble to bugs
% particular dangeros due to the priviledged rele of the esim in device architecture
% esim specs may have been interpretated differently by the different vendors
% differential testing offers automated and scalable method to detect inconsistency in the different implementations -> comparing output of multiple esim on sim implementations against the same inputs
% this thesis addresses need for systematic security and correctness evaluation of esim on sim implementations -> differential testing
% differential testing: compare multiple implementations against each other -> identify anomalies under identical/similar inputs
% goal: uncover functional deviations and security issues in a black-box setting
\section{Contribution}
% implement framework for differential testing of esims (esims and esim on sim)
% containing: fuzzing of structural input when communicating with the esim, fuzzing on transport level, tracing and replaying recordings from one esim to another; make it accessible via cli and as a library for scripting
% this includes custom LPA implementation, APDU mutation engine, and structured fuzzing tools
% using property based testing: generate valid but edge-case-rich inputs targeting high-level esim commands -> detecting errors beyond byte-level malformations
% using the tracing functionality we discover first implementation differences in the implementation
% reverse engineer the update functionality of the estk.me esim
% demonstrate the framworks ability in security research:
% discover and evaluate bug in the profile provisioning process of one manufacturer -> evaluate the impact
% through apdu level differnetial testing, we discover and evaluate bug in the profile provisioning process of one manufacturer -> suggests potential security risk such as certificate validation bypass -> analyze and evaluate potential impact
\section{Outline}
%