niklas/master_thesis
1
0
Fork 0
mirror of https://sharelatex.tu-darmstadt.de/git/681e0e7a3a9c7c9c6b8bb298 synced 2025-12-08 05:27:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
070da5b5226ed280c09a34db05e7707b1d533589
master_thesis/Chapters/Implementation.tex
nb72soza Bittner 070da5b522 Update on Overleaf.
2025-05-19 16:00:46 +00:00

51 lines
2.2 KiB
TeX
Raw Blame History

% !TeX root = ../Thesis.tex
%************************************************
\chapter{Implementation}\label{ch:implementation}
%************************************************
\glsresetall % Resets all acronyms to not used
% - Goal of this thesis is security analysis using differential testing
% - first idea (naive implementation): use simtrace2 to capture traffic between the LPA (ue) and euicc
% - simtrace2 sends apdus to socket via udp packet -> read data from socket -> analyse apdu command for instruction type
% - save recored traffic to file
% - insert other euicc into pcsc card reader -> replay each apdu to euicc
% - check for differences in the responses
% - problem: rsp uses signed nonces -> can't replay data
% - next idea: implement lpa to perform actions via code -> not rely on manual interaction with esim manufacturer lpa app, manufacturer lpa introduce traffic that is not necessary for the intended action
% - use the lpa to produce traffic for the euicc in the pcsc card reader, but mutate it before sending
% - record the returned status codes and check if different euicc behaves the same (crashes at the same point or returns the same status word)
% - on the slower side -> rsp is stateful and we rely on the sm-dp+ from the profile vendor
% - small problem: we basically just fuzz the asn1 parser of the euicc sometimes
% - alternative: fuzz valid input data
% - oss-fuzz proposes python hypothesis as a framework for fuzzing via python
% - python hypothesis: property based testing library -> we define input structure and hypothesis produces data that is valid for the given structure
% - tests for edge cases
% - in the following section i will go into details on how each implementation works
\section{Tracing}
\label{sec:tracing}
% functions:
% - trace traffic from the simtrace2, map the traffic to function calls i.e. identify which function the call handles, record the traced traffic
% - replay: replay the previously recorded traffic to euicc in pcsc reader, check
% parts:
% - card:
\section{LPA}
\label{sec:lpa}
\section{Fuzzing}
\label{sec:fuzzing}
\subsection{Data Fuzzing}
\label{subsec:data_fuzzing}
\subsection{APDU Fuzzing}
\label{subsec:apdu_fuzzing}
\section{CLI}
\label{sec:cli}
\lipsum[4]
Reference in New Issue View Git Blame Copy Permalink