niklas/master_thesis
1
0
Fork 0
mirror of https://sharelatex.tu-darmstadt.de/git/681e0e7a3a9c7c9c6b8bb298 synced 2025-12-08 05:27:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update on Overleaf.

Browse Source
This commit is contained in:
nb72soza Bittner
2025-07-06 10:44:03 +00:00
committed by node
parent b6be91e4d9
commit 9e6e16c2f6
5 changed files with 46 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Chapters/Introduction.tex
View File

@@ -53,7 +53,7 @@ As \gls{esim} support becomes standard in newly released phones, it also introdu
% differential testing: compare multiple implementations against each other -> identify anomalies under identical/similar inputs
% goal: uncover functional deviations and security issues in a black-box setting
Despite the \gls{esim} architecture being built with security in mind and standardized by the GSMA, ETSI, and 3GPP, implementations are left to individual manufacturers. While the specifications provide a common baseline, the actual firmware and OS implementations remain proprietary and closed-source. This means they are not open to public review and may include undocumented features, backdoors, or custom update mechanisms beyond the published standards.
Despite the \gls{esim} architecture being built with security in mind and standardized by the \gls{gsma}, \gls{etsi}, and \gls{3gpp}, implementations are left to individual manufacturers. While the specifications provide a common baseline, the actual firmware and OS implementations remain proprietary and closed-source. This means they are not open to public review and may include undocumented features, backdoors, or custom update mechanisms beyond the published standards.
These implementation-specific deviations pose significant security risks. \glspl{esim} operate at a privileged layer of the system architecture, with direct and largely unfiltered access to the device's baseband. Vulnerabilities within this stack can result in persistent malware, surviving reboots or even factory resets, and often remain invisible to users. Bugs in the implementation of profile provisioning, certificate validation, or update mechanisms can therefore have severe and long-lasting consequences.
@@ -92,7 +92,7 @@ We use the framework to analyze several commercial eSIM-on-SIM implementations.
% Chapter 6: discuss the implications of our findings and reflect on potential weaknesses in current esim on sim deployment models
% in the last chapter: concludes thesis, outlines possible future work, including testing of IoT specific features, and supporting proactive commands
The thesis begins with an overview of \gls{sim} and \gls{esim} technologies in \cref{ch:background}, along with the \gls{rsp} architecture, to establish the necessary technical background. It also introduces the relevant standards developed by the GSMA, ETSI, and 3GPP.
The thesis begins with an overview of \gls{sim} and \gls{esim} technologies in \cref{ch:background}, along with the \gls{rsp} architecture, to establish the necessary technical background. It also introduces the relevant standards developed by the \gls{gsma}, \gls{etsi}, and \gls{3gpp}.
In \cref{ch:relatedwork}, it surveys related work in the domain of \gls{sim} and \gls{esim} security, focusing on academic literature, emulation frameworks, and software tools used for analysis.