niklas/master_thesis
1
0
Fork 0
mirror of https://sharelatex.tu-darmstadt.de/git/681e0e7a3a9c7c9c6b8bb298 synced 2025-12-07 13:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d84f02b12b8a4053430a979f65f59f9d8bf8a60f
master_thesis/Bibliography.bib
nb72soza Bittner d84f02b12b Update on Overleaf.
2025-05-13 21:57:19 +00:00

428 lines
20 KiB
BibTeX
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
@misc{gsma_sgp21_2021,
title = {{SGP}.21 v2.3 {RSP} {Architecture}},
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2021/07/SGP.21-2.3.pdf},
urldate = {2025-02-24},
author = {{GSMA}},
month = jun,
year = {2021},
file = {PDF:/Users/privat/Zotero/storage/9RWMQ5EI/SGP.21 v2.3 RSP Architecture.pdf:application/pdf},
}
@misc{gsma_sgp22_2024,
title = {{SGP}.22 v2.6 {RSP} {Technical} {Specification}},
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2024/09/SGP.22-v2.6.pdf},
urldate = {2025-02-24},
author = {{GSMA}},
month = sep,
year = {2024},
file = {PDF:/Users/privat/Zotero/storage/5BBQVAT6/SGP.22 v2.6 RSP Technical Specification.pdf:application/pdf},
}
@misc{etsi_etsi_1997,
title = {{ETSI} {GSM} 11.14 {SIM} {Application} {Toolkit}},
url = {https://www.etsi.org/deliver/etsi_gts/11/1114/05.04.00_60/gsmts_1114v050400p.pdf},
urldate = {2025-03-03},
author = {{ETSI}},
month = jul,
year = {1997},
file = {PDF:/Users/privat/Zotero/storage/6TLW4EZW/ETSI GSM 11.14 SIM Application Toolkit.pdf:application/pdf},
}
@misc{etsi_etsi_2020,
title = {{ETSI} {TS} 131 111 {USIM} {Application} {Toolkit}},
url = {https://www.etsi.org/deliver/etsi_ts/131100_131199/131111/16.01.00_60/ts_131111v160100p.pdf},
urldate = {2025-03-03},
author = {{ETSI}},
month = jul,
year = {2020},
file = {PDF:/Users/privat/Zotero/storage/HQ5NC5HT/ETSI TS 131 111 USIM Application Toolkit.pdf:application/pdf},
}
@misc{trusted_connectivity_alliance_st_2009,
title = {S@{T} 01.50 v4.0.0 {S}@{T} {Browser} {Behavior} {Guidlines}},
url = {https://trustedconnectivityalliance.org/wp-content/uploads/2020/01/S@T-01.50-v4.0.0-Release-2009.pdf},
urldate = {2025-01-02},
author = {{Trusted Connectivity Alliance}},
year = {2009},
file = {PDF:/Users/privat/Zotero/storage/XWXLNA5W/S@T 01.50 v4.0.0 S@T Browser Behavior Guidlines.pdf:application/pdf},
}
@misc{etsi_etsi_2023,
title = {{ETSI} {TS} 102 221 {V4}.10.0 {UICC}-{Terminal} interface},
url = {https://www.etsi.org/deliver/etsi_ts/102200_102299/102221/04.10.00_60/ts_102221v041000p.pdf},
urldate = {2025-02-03},
author = {{ETSI}},
month = jun,
year = {2023},
file = {PDF:/Users/privat/Zotero/storage/DAXFX2XH/ETSI TS 102 221 V4.10.0.pdf:application/pdf},
}
@misc{trusted_connectivity_alliance_euicc_2021,
title = {{eUICC} {Profile} {Package}: {Interoperable} {Format} {Technical} {Specification} v3.0},
url = {https://trustedconnectivityalliance.org/wp-content/uploads/2021/05/Profile-interoperability-technical-specification_V3.0-Final.pdf},
urldate = {2025-02-14},
author = {{Trusted Connectivity Alliance}},
month = may,
year = {2021},
file = {PDF:/Users/privat/Zotero/storage/PMG9FK4I/eUICC Profile Package Interoperable Format Technical Specification v3.0.pdf:application/pdf},
}
@misc{etsi_ts_2022,
title = {{TS} 102 226 {V17}.0.0 {Remote} {APDU} structure for {UICC} based applications},
language = {en},
author = {{ETSI}},
month = oct,
year = {2022},
file = {PDF:/Users/privat/Zotero/storage/WPCH9N8K/TS 102 226 - V17.0.0 - Smart Cards\; Remote APDU structure for UICC based applications (Release 17).pdf:application/pdf},
}
@misc{nonpointer_estkme_2025,
title = {{eSTK}.me: {The} next generation of swappable consumer {eSIM} cards {\textbar} {Echo}},
shorttitle = {{eSTK}.me},
url = {https://iecho-cc.translate.goog/2024/03/16/estk-me-next-generation-removable-consumer-esim/?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=zh-CN&_x_tr_pto=wapp},
abstract = {让国行手机用上 eSIM支持 iOS 写卡切卡、OTA 远程管理的可插拔 eSIM 卡。},
language = {en},
urldate = {2025-02-24},
author = {nonPointer},
month = feb,
year = {2025},
file = {Snapshot:/Users/privat/Zotero/storage/6IIWBLRP/estk-me-next-generation-removable-consumer-esim.html:text/html},
}
@misc{etsi_etsi_2022,
title = {{ETSI} {TS} 102 221 {V17}.1.0},
url = {https://www.etsi.org/deliver/etsi_ts/102200_102299/102221/17.01.00_60/ts_102221v170100p.pdf},
urldate = {2025-02-16},
author = {{ETSI}},
month = jan,
year = {2022},
file = {PDF:/Users/privat/Zotero/storage/L9JNWCIF/ETSI TS 102 221 V17.1.0.pdf:application/pdf},
}
@misc{gsma_sgp02_2020,
title = {{SGP}.02 v4.1 {Remote} {Provisioning} {Architecture} for {Embedded} {UICC}},
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2020/06/SGP.02-v4.1.pdf},
urldate = {2025-02-16},
author = {{GSMA}},
month = may,
year = {2020},
file = {PDF:/Users/privat/Zotero/storage/Q9BSLLSK/SGP.02 v4.1 Remote Provisioning Architecture for Embedded UICC.pdf:application/pdf},
}
@misc{gsma_ts38_2019,
title = {{TS}.38 {SIM} {Toolkit} {Device} {Requirements} - {User} {Experience} {Enhancements} v2.0},
url = {https://www.gsma.com/newsroom/wp-content/uploads//TS.38-v2.0.pdf},
urldate = {2025-02-17},
author = {{GSMA}},
month = mar,
year = {2019},
file = {PDF:/Users/privat/Zotero/storage/XXQD9Y5B/TS.38 SIM Toolkit Device Requirements - User Experience Enhancements v2.0.pdf:application/pdf},
}
@misc{gsma_sgp22_2025,
title = {{SGP}.22 v2.6.1 {RSP} {Technical} {Specification}},
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2025/04/SGP.22-v2.6.1.pdf},
urldate = {2025-04-29},
author = {{GSMA}},
month = apr,
year = {2025},
file = {PDF:/Users/privat/Zotero/storage/K6CTMKMX/SGP.22 v2.6.1 RSP Technical Specification.pdf:application/pdf},
}
@misc{gsma_sgp22_2023,
title = {{SGP}.22 v3.1 {RSP} {Technical} {Specification}},
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2023/12/SGP.22-v3.1.pdf},
language = {en},
publisher = {GSMA},
author = {{GSMA}},
month = jan,
year = {2023},
note = {SGP.22 v3.1. Published by GSMA for the eSIM ecosystem},
file = {SGP.22-v3.1.pdf:/Users/privat/Zotero/storage/JFU8XMUB/SGP.22-v3.1.pdf:application/pdf},
}
@misc{frank_ruan_frank_2024,
title = {Frank {Ruan}'s {Blog} - {Removable} {eUICCs}...},
url = {https://frank-ruan.com/2024/08/27/removable-euicc/},
language = {en-us},
urldate = {2025-02-22},
author = {{Frank Ruan}},
month = aug,
year = {2024},
file = {Snapshot:/Users/privat/Zotero/storage/25NJYNJL/removable-euicc.html:text/html},
}
@misc{gsma_esim_2024,
title = {{eSIM} {Consumer} and {IoT} {Specifications}},
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/esim-specification/},
abstract = {The below content provides the status of the eSIM specifications that have been published by GSMA and a comprehensive way to link the core specifications with the related test and requirement specifications. Architecture Specifications Technical Specifications Test Specifications GSMA EID Definition and Assignment Compliance Specifications To notify Software changes on eUICC certified products there is a GSMA […]},
language = {en-US},
urldate = {2025-01-04},
journal = {eSIM},
author = {{GSMA}},
year = {2024},
file = {Snapshot:/Users/privat/Zotero/storage/84VDANVV/esim-specification.html:text/html},
}
@misc{security_research_labs_github_2019,
title = {{GitHub} - srlabs/{SIMTester}: {A} tool to test {SIM} card security},
url = {https://github.com/srlabs/SIMTester/tree/main},
urldate = {2025-01-02},
author = {{Security Research Labs}},
year = {2019},
file = {GitHub - srlabs/SIMTester\: A tool to test SIM card security:/Users/privat/Zotero/storage/WQD9GVYP/main.html:text/html},
}
@misc{enea_simjacker_2019,
title = {Simjacker},
url = {https://www.enea.com/info/simjacker/},
language = {en-GB},
urldate = {2025-01-02},
journal = {Enea},
author = {{ENEA}},
year = {2019},
file = {PDF:/Users/privat/Zotero/storage/UYMWY5RR/Simjacker.pdf:application/pdf;Snapshot:/Users/privat/Zotero/storage/MAIKW559/simjacker.html:text/html},
}
@misc{paljak_globalplatformpro_2024,
title = {{GlobalPlatformPro}},
copyright = {LGPL-3.0},
url = {https://github.com/martinpaljak/GlobalPlatformPro},
abstract = {<EFBFBD><EFBFBD> <20><> Manage applets and keys on JavaCard-s like a pro},
urldate = {2025-01-02},
author = {Paljak, Martin},
month = dec,
year = {2024},
note = {original-date: 2014-01-15T15:34:22Z},
keywords = {cli, globalplatform, java, javacard, sdk, smartcard},
}
@inproceedings{zhao_securesim_2021,
address = {New York, NY, USA},
series = {{MobiCom} '21},
title = {{SecureSIM}: rethinking authentication and access control for {SIM}/{eSIM}},
isbn = {978-1-4503-8342-4},
shorttitle = {{SecureSIM}},
url = {https://dl.acm.org/doi/10.1145/3447993.3483254},
doi = {10.1145/3447993.3483254},
abstract = {The SIM/eSIM card stores critical information for a mobile user to access the 4G/5G network. In this work, we uncover three vulnerabilities of the current SIM practice. We show that the PIN-based access control may expose the in-SIM data to an adversary through both hardware and software. Once exposed, such in-SIM information can be used to reconstruct various keys used for device authentication, data encryption, etc. They thus enable a number of attacks, including traffic eavesdropping, man-in-the-middle attack, impersonation, etc. The fundamental problem is that, the current SIM design does not offer proper authentication and fine-grained access control to hundreds of in-SIM files for various in-card applets and off-card units. We next propose a new solution that offers both authentication and fine-grained access control. Our implementation and evaluation have confirmed the viability of our proposal.},
urldate = {2024-12-16},
booktitle = {Proceedings of the 27th {Annual} {International} {Conference} on {Mobile} {Computing} and {Networking}},
publisher = {Association for Computing Machinery},
author = {Zhao, Jinghao and Ding, Boyan and Guo, Yunqi and Tan, Zhaowei and Lu, Songwu},
month = oct,
year = {2021},
pages = {451--464},
file = {Full Text PDF:/Users/privat/Zotero/storage/Q4DJCTU5/Zhao et al. - 2021 - SecureSIM rethinking authentication and access control for SIMeSIM.pdf:application/pdf},
}
@misc{welte_euicc_2024,
title = {{eUICC} and {eSIM} {Developer} {Manual}},
url = {https://euicc-manual.osmocom.org/},
abstract = {This is the Osmocom eUICC and eSIM Developer Manual.},
language = {en-US},
urldate = {2024-12-16},
journal = {eUICC and eSIM Developer Manual},
author = {Welte, Harald},
year = {2024},
file = {Snapshot:/Users/privat/Zotero/storage/R4ACBEUQ/euicc-manual.osmocom.org.html:text/html},
}
@misc{welte_pysim_2024,
title = {pysim},
copyright = {GPL-2.0},
url = {https://gitea.osmocom.org/sim-card/pysim},
abstract = {python libraires and command line tools for SIM/UICC/USIM/ISIM card analysis and programming},
urldate = {2024-12-16},
publisher = {Osmocom},
author = {Welte, Harald and Maier, Philipp and Herle, Supreeth and Yanitskiy, Vadim},
month = dec,
year = {2024},
note = {original-date: 2016-01-18T08:48:09Z},
keywords = {3gpp, cellular, osmocom, sim, telecommunications, usim-cards},
}
@misc{welte_sysmoeuicc1_2024,
title = {{sysmoEUICC1} {User} {Manual}},
url = {https://www.sysmocom.de/manuals/sysmoeuicc-manual.pdf},
language = {en},
publisher = {Sysmocom},
author = {Welte, Harald},
year = {2024},
file = {PDF:/Users/privat/Zotero/storage/LAU8TCF3/Welte - sysmoEUICC1 User Manual.pdf:application/pdf},
}
@misc{gsma_esim_2018,
title = {{eSIM} {Whitepaper}},
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf},
publisher = {GSMA},
author = {{GSMA}},
year = {2018},
file = {esim-whitepaper.pdf:/Users/privat/Zotero/storage/5URD9U72/esim-whitepaper.pdf:application/pdf},
}
@article{mckeeman_differential_1998,
title = {Differential {Testing} for {Software}},
volume = {10},
url = {https://www.cs.swarthmore.edu/~bylvisa1/cs97/f13/Papers/DifferentialTestingForSoftware.pdf},
abstract = {Differential testing, a form of random testing,
is a component of a mature testing technology
for large software systems. It complements
regression testing based on commercial test
suites and tests locally developed during prod-
uct development and deployment. Differential
testing requires that two or more comparable
systems be available to the tester. These sys-
tems are presented with an exhaustive series
of mechanically generated test cases. If (we
might say when) the results differ or one of
the systems loops indefinitely or crashes, the
tester has a candidate for a bug-exposing test.
Implementing differential testing is an interest-
ing technical problem. Getting it into use is an
even more interesting social challenge. This
paper is derived from experience in differential
testing of compilers and run-time systems at
DIGITAL over the last few years and recently
at Compaq. A working prototype for testing
C compilers is available on the web.},
language = {en},
number = {1},
author = {McKeeman, William M},
year = {1998},
pages = {100--107},
file = {PDF:/Users/privat/Zotero/storage/UJDPELAV/McKeeman - Differential Testing for Software.pdf:application/pdf},
}
@inproceedings{lisowski_simurai_2024,
title = {\{{SIMurai}\}: {Slicing} {Through} the {Complexity} of \{{SIM}\} {Card} {Security} {Research}},
isbn = {978-1-939133-44-1},
shorttitle = {\{{SIMurai}\}},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/lisowski},
language = {en},
urldate = {2024-12-16},
author = {Lisowski, Tomasz Piotr and Chlosta, Merlin and Wang, Jinjin and Muench, Marius},
year = {2024},
pages = {4481--4498},
file = {Full Text PDF:/Users/privat/Zotero/storage/RB2QNKQP/Lisowski et al. - 2024 - SIMurai Slicing Through the Complexity of SIM Card Security Research.pdf:application/pdf},
}
@article{ahmed_security_2024,
title = {Security {Analysis} of the {Consumer} {Remote} {SIM} {Provisioning} {Protocol}},
volume = {27},
issn = {2471-2566},
url = {https://dl.acm.org/doi/10.1145/3663761},
doi = {10.1145/3663761},
abstract = {Remote SIM provisioning (RSP) for consumer devices is the protocol specified by the GSM Association for downloading SIM profiles into a secure element in a mobile device. The process is commonly known as eSIM, and it is expected to replace removable SIM cards. The security of the protocol is critical because the profile includes the credentials with which the mobile device will authenticate to the mobile network. In this article, we present a formal security analysis of the consumer RSP protocol. We model the multi-party protocol in applied pi calculus, define formal security goals, and verify them in ProVerif. The analysis shows that the consumer RSP protocol protects against a network adversary when all the intended participants are honest. However, we also model the protocol in realistic partial compromise scenarios where the adversary controls a legitimate participant or communication channel. The security failures in the partial compromise scenarios reveal weaknesses in the protocol design. The most important observation is that the security of RSP depends unnecessarily on it being encapsulated in a TLS tunnel. Also, the lack of pre-established identifiers means that a compromised download server anywhere in the world or a compromised secure element can be used for attacks against RSP between honest participants. Additionally, the lack of reliable methods for verifying user intent can lead to serious security failures. Based on the findings, we recommend practical improvements to RSP implementations, future versions of the specification, and mobile operator processes to increase the robustness of eSIM security.},
number = {3},
urldate = {2024-12-16},
journal = {ACM Trans. Priv. Secur.},
author = {Ahmed, Abu Shohel and Peltonen, Aleksi and Sethi, Mohit and Aura, Tuomas},
month = aug,
year = {2024},
pages = {23:1--23:36},
file = {Full Text PDF:/Users/privat/Zotero/storage/JTYF7F4Q/Ahmed et al. - 2024 - Security Analysis of the Consumer Remote SIM Provisioning Protocol.pdf:application/pdf},
}
@article{ahmed_transparency_2021,
title = {Transparency of {SIM} profiles for the consumer remote {SIM} provisioning protocol},
volume = {76},
issn = {1958-9395},
url = {https://doi.org/10.1007/s12243-020-00791-2},
doi = {10.1007/s12243-020-00791-2},
abstract = {In mobile communication, User Equipment (UE) authenticates a subscriber to a Mobile Network Operator (MNO) using credentials from the MNO specified SIM profile that is securely stored inside the SIM card. Traditionally, a change in a subscribers SIM profile, such as a change in a subscription, requires replacement of the physical SIM card. To address this shortcoming, the GSM Association (GSMA) has specified the consumer Remote SIM Provisioning (RSP) protocol. The protocol enables remote provisioning of SIM profiles from a server to SIM cards, also known as the embedded Universal Integrated Circuit Card (eUICC). In RSP, any GSMA-certified server is trusted by all eUICCs, and consequently any server can provision SIM profiles to all eUICCs, even those not originating from the MNO associated with the GSMA-certified RSP server. Consequently, an attacker, by compromising a server, can clone a genuine SIM profile and provision it to other eUICCs. To address this security problem, we present SIM Profile Transparency Protocol (SPTP) to detect malicious provisioning of SIM profiles. SPTP assures to the eUICC and the MNO that all SIM provisioning actions—both approved and unapproved—leave a permanent, non-repudiatable trail. We evaluate security guarantees provided by SPTP using a formal model, implement a prototype for SPTP, and evaluate the prototype against a set of practical requirements.},
language = {en},
number = {3},
urldate = {2024-12-16},
journal = {Annals of Telecommunications},
author = {Ahmed, Abu Shohel and Thakur, Mukesh and Paavolainen, Santeri and Aura, Tuomas},
month = apr,
year = {2021},
keywords = {Consumer RSP, eSIM security, SIM profile cloning, Transparency},
pages = {187--202},
file = {Full Text PDF:/Users/privat/Zotero/storage/JSB5G2YT/Ahmed et al. - 2021 - Transparency of SIM profiles for the consumer remote SIM provisioning protocol.pdf:application/pdf},
}
@misc{osmocom_simtrace_nodate,
title = {{SIMtrace} 2 - {Open} {Source} {Mobile} {Communications}},
url = {https://osmocom.org/projects/simtrace2/wiki},
urldate = {2025-05-11},
author = {{Osmocom}},
file = {Wiki - SIMtrace 2 - Open Source Mobile Communications:/Users/privat/Zotero/storage/YGSSZYR3/wiki.html:text/html},
}
@misc{welte_wireshark_nodate,
title = {Wireshark {GSM} {SIM} dissector},
url = {https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-gsm_sim.c},
abstract = {Read-only mirror of Wireshark\&\#39;s Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won\&\#39;t let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab...},
urldate = {2025-05-11},
publisher = {Wireshark},
author = {Welte, Harald},
file = {Snapshot:/Users/privat/Zotero/storage/LCYMD2GY/packet-gsm_sim.html:text/html},
}
@misc{petercxy_openeuicc_nodate,
title = {{OpenEUICC}},
url = {https://gitea.angry.im/PeterCxy/OpenEUICC},
abstract = {eSIM LPA (Local Profile Assistant) implementation for Android. System privilege or ARA-M allowlisting required.},
urldate = {2025-05-11},
author = {{PeterCxy}},
file = {Snapshot:/Users/privat/Zotero/storage/45U7S476/OpenEUICC.html:text/html},
}
@misc{esimmoe_minilpa_nodate,
title = {{MiniLPA}},
url = {https://github.com/EsimMoe/MiniLPA},
urldate = {2025-05-11},
author = {{EsimMoe}},
file = {GitHub - EsimMoe/MiniLPA\: Professional LPA UI:/Users/privat/Zotero/storage/CMWHRGQM/MiniLPA.html:text/html},
}
@misc{icedtangerine_easylpac_2025,
title = {{EasyLPAC}},
copyright = {MIT},
url = {https://github.com/creamlike1024/EasyLPAC},
abstract = {lpac GUI Frontend},
urldate = {2025-05-11},
author = {{IcedTangerine}},
month = may,
year = {2025},
note = {original-date: 2024-01-09T04:56:09Z},
keywords = {esim, lpa, sgp22},
}
@misc{osmocom_open_nodate,
title = {Open {Source} {Mobile} {Communications}},
url = {https://osmocom.org/},
urldate = {2025-05-11},
author = {{Osmocom}},
file = {Open Source Mobile Communications:/Users/privat/Zotero/storage/GBAJJJN5/osmocom.org.html:text/html},
}
@misc{estkme_lpac_2025,
title = {lpac},
copyright = {AGPL-3.0},
url = {https://github.com/estkme-group/lpac},
abstract = {C-based eUICC LPA},
urldate = {2025-05-11},
publisher = {eSTK.me Group},
author = {{estk.me}},
month = may,
year = {2025},
note = {original-date: 2023-09-21T04:12:56Z},
keywords = {sgp22, euicc},
}
@misc{security_research_labs_simtester_2025,
title = {{SIMTester}},
url = {https://github.com/srlabs/SIMTester},
abstract = {A tool to test SIM card security},
urldate = {2025-05-11},
publisher = {Security Research Labs},
author = {{Security Research Labs}},
month = may,
year = {2025},
note = {original-date: 2022-10-25T09:34:57Z},
}
Reference in New Issue View Git Blame Copy Permalink