Update on Overleaf.

Chapters/Implementation.tex

@@ -5,9 +5,33 @@
 %************************************************
 \glsresetall % Resets all acronyms to not used
 
+% - Goal of this thesis is security analysis using differential testing
+% - first idea (naive implementation): use simtrace2 to capture traffic between the LPA (ue) and euicc
+% - simtrace2 sends apdus to socket via udp packet -> read data from socket -> analyse apdu command for instruction type
+% - save recored traffic to file 
+% - insert other euicc into pcsc card reader -> replay each apdu to euicc
+% - check for differences in the responses
+% - problem: rsp uses signed nonces -> can't replay data
+% - next idea: implement lpa to perform actions via code -> not rely on manual interaction with esim manufacturer lpa app, manufacturer lpa introduce traffic that is not necessary for the intended action
+% - use the lpa to produce traffic for the euicc in the pcsc card reader, but mutate it before sending
+% - record the returned status codes and check if different euicc behaves the same (crashes at the same point or returns the same status word)
+% - on the slower side -> rsp is stateful and we rely on the sm-dp+ from the profile vendor
+% - small problem: we basically just fuzz the asn1 parser of the euicc sometimes
+% - alternative: fuzz valid input data
+% - oss-fuzz proposes python hypothesis as a framework for fuzzing via python
+% - python hypothesis: property based testing library -> we define input structure and hypothesis produces data that is valid for the given structure
+% - tests for edge cases
+% - in the following section i will go into details on how each implementation works
+
 \section{Tracing}
 \label{sec:tracing}
 
+% functions: 
+% - trace traffic from the simtrace2, map the traffic to function calls i.e. identify which function the call handles, record the traced traffic
+% - replay: replay the previously recorded traffic to euicc in pcsc reader, check 
+% parts:
+% - card: 
+
 \section{LPA}
 \label{sec:lpa}