mirror of
https://sharelatex.tu-darmstadt.de/git/681e0e7a3a9c7c9c6b8bb298
synced 2025-12-07 13:18:00 +00:00
747 lines
33 KiB
BibTeX
747 lines
33 KiB
BibTeX
|
||
@article{ahmed_transparency_2021,
|
||
title = {Transparency of {SIM} profiles for the consumer remote {SIM} provisioning protocol},
|
||
volume = {76},
|
||
issn = {1958-9395},
|
||
url = {https://doi.org/10.1007/s12243-020-00791-2},
|
||
doi = {10.1007/s12243-020-00791-2},
|
||
abstract = {In mobile communication, User Equipment (UE) authenticates a subscriber to a Mobile Network Operator (MNO) using credentials from the MNO specified SIM profile that is securely stored inside the SIM card. Traditionally, a change in a subscriber’s SIM profile, such as a change in a subscription, requires replacement of the physical SIM card. To address this shortcoming, the GSM Association (GSMA) has specified the consumer Remote SIM Provisioning (RSP) protocol. The protocol enables remote provisioning of SIM profiles from a server to SIM cards, also known as the embedded Universal Integrated Circuit Card (eUICC). In RSP, any GSMA-certified server is trusted by all eUICCs, and consequently any server can provision SIM profiles to all eUICCs, even those not originating from the MNO associated with the GSMA-certified RSP server. Consequently, an attacker, by compromising a server, can clone a genuine SIM profile and provision it to other eUICCs. To address this security problem, we present SIM Profile Transparency Protocol (SPTP) to detect malicious provisioning of SIM profiles. SPTP assures to the eUICC and the MNO that all SIM provisioning actions—both approved and unapproved—leave a permanent, non-repudiatable trail. We evaluate security guarantees provided by SPTP using a formal model, implement a prototype for SPTP, and evaluate the prototype against a set of practical requirements.},
|
||
language = {en},
|
||
number = {3},
|
||
urldate = {2024-12-16},
|
||
journal = {Annals of Telecommunications},
|
||
author = {Ahmed, Abu Shohel and Thakur, Mukesh and Paavolainen, Santeri and Aura, Tuomas},
|
||
month = apr,
|
||
year = {2021},
|
||
keywords = {Consumer RSP, eSIM security, SIM profile cloning, Transparency},
|
||
pages = {187--202},
|
||
file = {Full Text PDF:/home/niklas/Zotero/storage/JSB5G2YT/Ahmed et al. - 2021 - Transparency of SIM profiles for the consumer remote SIM provisioning protocol.pdf:application/pdf},
|
||
}
|
||
|
||
@article{ahmed_security_2024,
|
||
title = {Security {Analysis} of the {Consumer} {Remote} {SIM} {Provisioning} {Protocol}},
|
||
volume = {27},
|
||
issn = {2471-2566},
|
||
url = {https://dl.acm.org/doi/10.1145/3663761},
|
||
doi = {10.1145/3663761},
|
||
abstract = {Remote SIM provisioning (RSP) for consumer devices is the protocol specified by the GSM Association for downloading SIM profiles into a secure element in a mobile device. The process is commonly known as eSIM, and it is expected to replace removable SIM cards. The security of the protocol is critical because the profile includes the credentials with which the mobile device will authenticate to the mobile network. In this article, we present a formal security analysis of the consumer RSP protocol. We model the multi-party protocol in applied pi calculus, define formal security goals, and verify them in ProVerif. The analysis shows that the consumer RSP protocol protects against a network adversary when all the intended participants are honest. However, we also model the protocol in realistic partial compromise scenarios where the adversary controls a legitimate participant or communication channel. The security failures in the partial compromise scenarios reveal weaknesses in the protocol design. The most important observation is that the security of RSP depends unnecessarily on it being encapsulated in a TLS tunnel. Also, the lack of pre-established identifiers means that a compromised download server anywhere in the world or a compromised secure element can be used for attacks against RSP between honest participants. Additionally, the lack of reliable methods for verifying user intent can lead to serious security failures. Based on the findings, we recommend practical improvements to RSP implementations, future versions of the specification, and mobile operator processes to increase the robustness of eSIM security.},
|
||
number = {3},
|
||
urldate = {2024-12-16},
|
||
journal = {ACM Trans. Priv. Secur.},
|
||
author = {Ahmed, Abu Shohel and Peltonen, Aleksi and Sethi, Mohit and Aura, Tuomas},
|
||
month = aug,
|
||
year = {2024},
|
||
pages = {23:1--23:36},
|
||
file = {Full Text PDF:/home/niklas/Zotero/storage/JTYF7F4Q/Ahmed et al. - 2024 - Security Analysis of the Consumer Remote SIM Provisioning Protocol.pdf:application/pdf},
|
||
}
|
||
|
||
@inproceedings{lisowski_simurai_2024,
|
||
title = {\{{SIMurai}\}: {Slicing} {Through} the {Complexity} of \{{SIM}\} {Card} {Security} {Research}},
|
||
isbn = {978-1-939133-44-1},
|
||
shorttitle = {\{{SIMurai}\}},
|
||
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/lisowski},
|
||
language = {en},
|
||
urldate = {2024-12-16},
|
||
author = {Lisowski, Tomasz Piotr and Chlosta, Merlin and Wang, Jinjin and Muench, Marius},
|
||
year = {2024},
|
||
pages = {4481--4498},
|
||
file = {Full Text PDF:/home/niklas/Zotero/storage/RB2QNKQP/Lisowski et al. - 2024 - SIMurai Slicing Through the Complexity of SIM Card Security Research.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{welte_euicc_2024,
|
||
title = {{eUICC} and {eSIM} {Developer} {Manual}},
|
||
url = {https://euicc-manual.osmocom.org/},
|
||
abstract = {This is the Osmocom eUICC and eSIM Developer Manual.},
|
||
language = {en-US},
|
||
urldate = {2024-12-16},
|
||
journal = {eUICC and eSIM Developer Manual},
|
||
author = {Welte, Harald},
|
||
year = {2024},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/R4ACBEUQ/euicc-manual.osmocom.org.html:text/html},
|
||
}
|
||
|
||
@misc{welte_sysmoeuicc1_2024,
|
||
title = {{sysmoEUICC1} {User} {Manual}},
|
||
url = {https://www.sysmocom.de/manuals/sysmoeuicc-manual.pdf},
|
||
language = {en},
|
||
publisher = {Sysmocom},
|
||
author = {Welte, Harald},
|
||
year = {2024},
|
||
file = {PDF:/home/niklas/Zotero/storage/LAU8TCF3/Welte - sysmoEUICC1 User Manual.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{welte_pysim_2024,
|
||
title = {pysim},
|
||
copyright = {GPL-2.0},
|
||
url = {https://gitea.osmocom.org/sim-card/pysim},
|
||
abstract = {python libraires and command line tools for SIM/UICC/USIM/ISIM card analysis and programming},
|
||
urldate = {2024-12-16},
|
||
publisher = {Osmocom},
|
||
author = {Welte, Harald and Maier, Philipp and Herle, Supreeth and Yanitskiy, Vadim},
|
||
month = dec,
|
||
year = {2024},
|
||
note = {original-date: 2016-01-18T08:48:09Z},
|
||
keywords = {3gpp, cellular, osmocom, sim, telecommunications, usim-cards},
|
||
}
|
||
|
||
@article{mckeeman_differential_1998,
|
||
title = {Differential {Testing} for {Software}},
|
||
volume = {10},
|
||
url = {https://www.cs.swarthmore.edu/~bylvisa1/cs97/f13/Papers/DifferentialTestingForSoftware.pdf},
|
||
abstract = {Differential testing, a form of random testing,
|
||
is a component of a mature testing technology
|
||
for large software systems. It complements
|
||
regression testing based on commercial test
|
||
suites and tests locally developed during prod-
|
||
uct development and deployment. Differential
|
||
testing requires that two or more comparable
|
||
systems be available to the tester. These sys-
|
||
tems are presented with an exhaustive series
|
||
of mechanically generated test cases. If (we
|
||
might say when) the results differ or one of
|
||
the systems loops indefinitely or crashes, the
|
||
tester has a candidate for a bug-exposing test.
|
||
Implementing differential testing is an interest-
|
||
ing technical problem. Getting it into use is an
|
||
even more interesting social challenge. This
|
||
paper is derived from experience in differential
|
||
testing of compilers and run-time systems at
|
||
DIGITAL over the last few years and recently
|
||
at Compaq. A working prototype for testing
|
||
C compilers is available on the web.},
|
||
language = {en},
|
||
number = {1},
|
||
author = {McKeeman, William M},
|
||
year = {1998},
|
||
pages = {100--107},
|
||
file = {PDF:/home/niklas/Zotero/storage/UJDPELAV/McKeeman - Differential Testing for Software.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_esim_2018,
|
||
title = {{eSIM} {Whitepaper}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf},
|
||
publisher = {GSMA},
|
||
author = {{GSMA}},
|
||
year = {2018},
|
||
file = {esim-whitepaper.pdf:/home/niklas/Zotero/storage/5URD9U72/esim-whitepaper.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp22_2023,
|
||
title = {{SGP}.22 v3.1 {RSP} {Technical} {Specification}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2023/12/SGP.22-v3.1.pdf},
|
||
language = {en},
|
||
publisher = {GSMA},
|
||
author = {{GSMA}},
|
||
month = jan,
|
||
year = {2023},
|
||
note = {SGP.22 v3.1. Published by GSMA for the eSIM ecosystem},
|
||
file = {SGP.22-v3.1.pdf:/home/niklas/Zotero/storage/JFU8XMUB/SGP.22-v3.1.pdf:application/pdf},
|
||
}
|
||
|
||
@inproceedings{zhao_securesim_2021,
|
||
address = {New York, NY, USA},
|
||
series = {{MobiCom} '21},
|
||
title = {{SecureSIM}: rethinking authentication and access control for {SIM}/{eSIM}},
|
||
isbn = {978-1-4503-8342-4},
|
||
shorttitle = {{SecureSIM}},
|
||
url = {https://dl.acm.org/doi/10.1145/3447993.3483254},
|
||
doi = {10.1145/3447993.3483254},
|
||
abstract = {The SIM/eSIM card stores critical information for a mobile user to access the 4G/5G network. In this work, we uncover three vulnerabilities of the current SIM practice. We show that the PIN-based access control may expose the in-SIM data to an adversary through both hardware and software. Once exposed, such in-SIM information can be used to reconstruct various keys used for device authentication, data encryption, etc. They thus enable a number of attacks, including traffic eavesdropping, man-in-the-middle attack, impersonation, etc. The fundamental problem is that, the current SIM design does not offer proper authentication and fine-grained access control to hundreds of in-SIM files for various in-card applets and off-card units. We next propose a new solution that offers both authentication and fine-grained access control. Our implementation and evaluation have confirmed the viability of our proposal.},
|
||
urldate = {2024-12-16},
|
||
booktitle = {Proceedings of the 27th {Annual} {International} {Conference} on {Mobile} {Computing} and {Networking}},
|
||
publisher = {Association for Computing Machinery},
|
||
author = {Zhao, Jinghao and Ding, Boyan and Guo, Yunqi and Tan, Zhaowei and Lu, Songwu},
|
||
month = oct,
|
||
year = {2021},
|
||
pages = {451--464},
|
||
file = {Full Text PDF:/home/niklas/Zotero/storage/Q4DJCTU5/Zhao et al. - 2021 - SecureSIM rethinking authentication and access control for SIMeSIM.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{paljak_globalplatformpro_2024,
|
||
title = {{GlobalPlatformPro}},
|
||
copyright = {LGPL-3.0},
|
||
url = {https://github.com/martinpaljak/GlobalPlatformPro},
|
||
abstract = {<EFBFBD><EFBFBD> <20><> Manage applets and keys on JavaCard-s like a pro},
|
||
urldate = {2025-01-02},
|
||
author = {Paljak, Martin},
|
||
month = dec,
|
||
year = {2024},
|
||
note = {original-date: 2014-01-15T15:34:22Z},
|
||
keywords = {cli, globalplatform, java, javacard, sdk, smartcard},
|
||
}
|
||
|
||
@misc{security_research_labs_github_2019,
|
||
title = {{GitHub} - srlabs/{SIMTester}: {A} tool to test {SIM} card security},
|
||
url = {https://github.com/srlabs/SIMTester/tree/main},
|
||
urldate = {2025-01-02},
|
||
author = {{Security Research Labs}},
|
||
year = {2019},
|
||
file = {GitHub - srlabs/SIMTester\: A tool to test SIM card security:/home/niklas/Zotero/storage/WQD9GVYP/main.html:text/html},
|
||
}
|
||
|
||
@misc{enea_simjacker_2019,
|
||
title = {Simjacker},
|
||
url = {https://www.enea.com/info/simjacker/},
|
||
language = {en-GB},
|
||
urldate = {2025-01-02},
|
||
journal = {Enea},
|
||
author = {{ENEA}},
|
||
year = {2019},
|
||
file = {PDF:/home/niklas/Zotero/storage/UYMWY5RR/Simjacker.pdf:application/pdf;Snapshot:/home/niklas/Zotero/storage/MAIKW559/simjacker.html:text/html},
|
||
}
|
||
|
||
@misc{gsma_esim_2024,
|
||
title = {{eSIM} {Consumer} and {IoT} {Specifications}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/esim-specification/},
|
||
abstract = {The below content provides the status of the eSIM specifications that have been published by GSMA and a comprehensive way to link the core specifications with the related test and requirement specifications. Architecture Specifications Technical Specifications Test Specifications GSMA EID Definition and Assignment Compliance Specifications To notify Software changes on eUICC certified products there is a GSMA […]},
|
||
language = {en-US},
|
||
urldate = {2025-01-04},
|
||
journal = {eSIM},
|
||
author = {{GSMA}},
|
||
year = {2024},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/84VDANVV/esim-specification.html:text/html},
|
||
}
|
||
|
||
@misc{etsi_ts_2022,
|
||
title = {{TS} 102 226 {Remote} {APDU} structure for {UICC} based applications},
|
||
language = {en},
|
||
author = {{ETSI}},
|
||
month = oct,
|
||
year = {2022},
|
||
file = {PDF:/home/niklas/Zotero/storage/WPCH9N8K/TS 102 226 - V17.0.0 - Smart Cards\; Remote APDU structure for UICC based applications (Release 17).pdf:application/pdf},
|
||
}
|
||
|
||
@misc{frank_ruan_frank_2024,
|
||
title = {Frank {Ruan}'s {Blog} - {Removable} {eUICCs}...},
|
||
url = {https://frank-ruan.com/2024/08/27/removable-euicc/},
|
||
language = {en-us},
|
||
urldate = {2025-02-22},
|
||
author = {{Frank Ruan}},
|
||
month = aug,
|
||
year = {2024},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/25NJYNJL/removable-euicc.html:text/html},
|
||
}
|
||
|
||
@misc{nonpointer_estkme_2025,
|
||
title = {{eSTK}.me: {The} next generation of swappable consumer {eSIM} cards {\textbar} {Echo}},
|
||
shorttitle = {{eSTK}.me},
|
||
url = {https://iecho-cc.translate.goog/2024/03/16/estk-me-next-generation-removable-consumer-esim/?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=zh-CN&_x_tr_pto=wapp},
|
||
abstract = {让国行手机用上 eSIM:支持 iOS 写卡切卡、OTA 远程管理的可插拔 eSIM 卡。},
|
||
language = {en},
|
||
urldate = {2025-02-24},
|
||
author = {nonPointer},
|
||
month = feb,
|
||
year = {2025},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/6IIWBLRP/estk-me-next-generation-removable-consumer-esim.html:text/html},
|
||
}
|
||
|
||
@misc{gsma_sgp22_2025,
|
||
title = {{SGP}.22 v2.6.1 {RSP} {Technical} {Specification}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2025/04/SGP.22-v2.6.1.pdf},
|
||
urldate = {2025-04-29},
|
||
author = {{GSMA}},
|
||
month = apr,
|
||
year = {2025},
|
||
file = {PDF:/home/niklas/Zotero/storage/K6CTMKMX/SGP.22 v2.6.1 RSP Technical Specification.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_ts38_2019,
|
||
title = {{TS}.38 {SIM} {Toolkit} {Device} {Requirements} - {User} {Experience} {Enhancements} v2.0},
|
||
url = {https://www.gsma.com/newsroom/wp-content/uploads//TS.38-v2.0.pdf},
|
||
urldate = {2025-02-17},
|
||
author = {{GSMA}},
|
||
month = mar,
|
||
year = {2019},
|
||
file = {PDF:/home/niklas/Zotero/storage/XXQD9Y5B/TS.38 SIM Toolkit Device Requirements - User Experience Enhancements v2.0.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp02_2020,
|
||
title = {{SGP}.02 v4.1 {Remote} {Provisioning} {Architecture} for {Embedded} {UICC}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2020/06/SGP.02-v4.1.pdf},
|
||
urldate = {2025-02-16},
|
||
author = {{GSMA}},
|
||
month = may,
|
||
year = {2020},
|
||
file = {PDF:/home/niklas/Zotero/storage/Q9BSLLSK/SGP.02 v4.1 Remote Provisioning Architecture for Embedded UICC.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{etsi_ts_2022-1,
|
||
title = {{TS} 102 221 {Terminal} {Interface}},
|
||
url = {https://www.etsi.org/deliver/etsi_ts/102200_102299/102221/17.01.00_60/ts_102221v170100p.pdf},
|
||
urldate = {2025-02-16},
|
||
author = {{ETSI}},
|
||
month = jan,
|
||
year = {2022},
|
||
file = {PDF:/home/niklas/Zotero/storage/L9JNWCIF/ETSI TS 102 221 V17.1.0.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{trusted_connectivity_alliance_euicc_2021,
|
||
title = {{eUICC} {Profile} {Package}: {Interoperable} {Format} {Technical} {Specification} v3.0},
|
||
url = {https://trustedconnectivityalliance.org/wp-content/uploads/2021/05/Profile-interoperability-technical-specification_V3.0-Final.pdf},
|
||
urldate = {2025-02-14},
|
||
author = {{Trusted Connectivity Alliance}},
|
||
month = may,
|
||
year = {2021},
|
||
file = {PDF:/home/niklas/Zotero/storage/PMG9FK4I/eUICC Profile Package Interoperable Format Technical Specification v3.0.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{etsi_ts_2003,
|
||
title = {{TS} 102 22 {UICC}-{Terminal} interface},
|
||
url = {https://www.etsi.org/deliver/etsi_ts/102200_102299/102221/04.10.00_60/ts_102221v041000p.pdf},
|
||
urldate = {2025-02-03},
|
||
author = {{ETSI}},
|
||
month = jun,
|
||
year = {2003},
|
||
file = {PDF:/home/niklas/Zotero/storage/DAXFX2XH/ETSI TS 102 221 V4.10.0.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{trusted_connectivity_alliance_st_2009,
|
||
title = {S@{T} 01.50 v4.0.0 {S}@{T} {Browser} {Behavior} {Guidlines}},
|
||
url = {https://trustedconnectivityalliance.org/wp-content/uploads/2020/01/S@T-01.50-v4.0.0-Release-2009.pdf},
|
||
urldate = {2025-01-02},
|
||
author = {{Trusted Connectivity Alliance}},
|
||
year = {2009},
|
||
file = {PDF:/home/niklas/Zotero/storage/XWXLNA5W/S@T 01.50 v4.0.0 S@T Browser Behavior Guidlines.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{etsi_gsm_1997,
|
||
title = {{GSM} 11.14 {SIM} {Application} {Toolkit}},
|
||
url = {https://www.etsi.org/deliver/etsi_gts/11/1114/05.04.00_60/gsmts_1114v050400p.pdf},
|
||
urldate = {2025-03-03},
|
||
author = {{ETSI}},
|
||
month = jul,
|
||
year = {1997},
|
||
file = {PDF:/home/niklas/Zotero/storage/6TLW4EZW/ETSI GSM 11.14 SIM Application Toolkit.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{etsi_ts_2020,
|
||
title = {{TS} 131 111 {USIM} {Application} {Toolkit}},
|
||
url = {https://www.etsi.org/deliver/etsi_ts/131100_131199/131111/16.01.00_60/ts_131111v160100p.pdf},
|
||
urldate = {2025-03-03},
|
||
author = {{ETSI}},
|
||
month = jul,
|
||
year = {2020},
|
||
file = {PDF:/home/niklas/Zotero/storage/HQ5NC5HT/ETSI TS 131 111 USIM Application Toolkit.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp22_2024,
|
||
title = {{SGP}.22 v2.6 {RSP} {Technical} {Specification}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2024/09/SGP.22-v2.6.pdf},
|
||
urldate = {2025-02-24},
|
||
author = {{GSMA}},
|
||
month = sep,
|
||
year = {2024},
|
||
file = {PDF:/home/niklas/Zotero/storage/5BBQVAT6/SGP.22 v2.6 RSP Technical Specification.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp21_2021,
|
||
title = {{SGP}.21 v2.3 {RSP} {Architecture}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2021/07/SGP.21-2.3.pdf},
|
||
urldate = {2025-02-24},
|
||
author = {{GSMA}},
|
||
month = jun,
|
||
year = {2021},
|
||
file = {PDF:/home/niklas/Zotero/storage/9RWMQ5EI/SGP.21 v2.3 RSP Architecture.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{osmocom_open_nodate,
|
||
title = {Open {Source} {Mobile} {Communications}},
|
||
url = {https://osmocom.org/},
|
||
urldate = {2025-05-11},
|
||
author = {{Osmocom}},
|
||
file = {Open Source Mobile Communications:/home/niklas/Zotero/storage/GBAJJJN5/osmocom.org.html:text/html},
|
||
}
|
||
|
||
@misc{icedtangerine_easylpac_2025,
|
||
title = {{EasyLPAC}},
|
||
copyright = {MIT},
|
||
url = {https://github.com/creamlike1024/EasyLPAC},
|
||
abstract = {lpac GUI Frontend},
|
||
urldate = {2025-05-11},
|
||
author = {{IcedTangerine}},
|
||
month = may,
|
||
year = {2025},
|
||
note = {original-date: 2024-01-09T04:56:09Z},
|
||
keywords = {esim, lpa, sgp22},
|
||
}
|
||
|
||
@misc{esimmoe_minilpa_nodate,
|
||
title = {{MiniLPA}},
|
||
url = {https://github.com/EsimMoe/MiniLPA},
|
||
urldate = {2025-05-11},
|
||
author = {{EsimMoe}},
|
||
file = {GitHub - EsimMoe/MiniLPA\: Professional LPA UI:/home/niklas/Zotero/storage/CMWHRGQM/MiniLPA.html:text/html},
|
||
}
|
||
|
||
@misc{petercxy_openeuicc_nodate,
|
||
title = {{OpenEUICC}},
|
||
url = {https://gitea.angry.im/PeterCxy/OpenEUICC},
|
||
abstract = {eSIM LPA (Local Profile Assistant) implementation for Android. System privilege or ARA-M allowlisting required.},
|
||
urldate = {2025-05-11},
|
||
author = {{PeterCxy}},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/45U7S476/OpenEUICC.html:text/html},
|
||
}
|
||
|
||
@misc{welte_wireshark_nodate,
|
||
title = {Wireshark {GSM} {SIM} dissector},
|
||
url = {https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-gsm_sim.c},
|
||
abstract = {Read-only mirror of Wireshark\&\#39;s Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won\&\#39;t let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab...},
|
||
urldate = {2025-05-11},
|
||
publisher = {Wireshark},
|
||
author = {Welte, Harald},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/LCYMD2GY/packet-gsm_sim.html:text/html},
|
||
}
|
||
|
||
@misc{osmocom_simtrace_nodate,
|
||
title = {{SIMtrace} 2 - {Open} {Source} {Mobile} {Communications}},
|
||
url = {https://osmocom.org/projects/simtrace2/wiki},
|
||
urldate = {2025-05-11},
|
||
author = {{Osmocom}},
|
||
file = {Wiki - SIMtrace 2 - Open Source Mobile Communications:/home/niklas/Zotero/storage/YGSSZYR3/wiki.html:text/html},
|
||
}
|
||
|
||
@misc{security_research_labs_simtester_2025,
|
||
title = {{SIMTester}},
|
||
url = {https://github.com/srlabs/SIMTester},
|
||
abstract = {A tool to test SIM card security},
|
||
urldate = {2025-05-11},
|
||
publisher = {Security Research Labs},
|
||
author = {{Security Research Labs}},
|
||
month = may,
|
||
year = {2025},
|
||
note = {original-date: 2022-10-25T09:34:57Z},
|
||
}
|
||
|
||
@misc{estkme_lpac_2025,
|
||
title = {lpac},
|
||
copyright = {AGPL-3.0},
|
||
url = {https://github.com/estkme-group/lpac},
|
||
abstract = {C-based eUICC LPA},
|
||
urldate = {2025-05-11},
|
||
publisher = {eSTK.me Group},
|
||
author = {{estk.me}},
|
||
month = may,
|
||
year = {2025},
|
||
note = {original-date: 2023-09-21T04:12:56Z},
|
||
keywords = {sgp22, euicc},
|
||
}
|
||
|
||
@misc{globalplatform_secure_2024,
|
||
title = {Secure {Element} {Access} {Control} v1.2},
|
||
language = {en},
|
||
author = {{GlobalPlatform}},
|
||
month = dec,
|
||
year = {2024},
|
||
file = {PDF:/home/niklas/Zotero/storage/A2LX9CP2/Secure Element Access Control v1.2.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{globalplatform_secure_2014,
|
||
title = {Secure {Element} {Access} {Control} v1.1},
|
||
language = {en},
|
||
author = {{GlobalPlatform}},
|
||
month = sep,
|
||
year = {2014},
|
||
file = {PDF:/home/niklas/Zotero/storage/S6DJUWNA/Secure Element Access Control v1.1.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{oss_nokalva_asn1_nodate,
|
||
title = {{ASN}.1 {Introduction}},
|
||
url = {https://www.oss.com/asn1/resources/asn1-made-simple/introduction.html},
|
||
urldate = {2025-05-13},
|
||
journal = {ASN.1 Made Simple - Introduction},
|
||
author = {{OSS Nokalva}},
|
||
file = {ASN.1 Made Simple - Introduction:/home/niklas/Zotero/storage/SYR7T4NW/introduction.html:text/html},
|
||
}
|
||
|
||
@misc{eftlab_list_nodate,
|
||
title = {List of {APDU} responses},
|
||
url = {https://www.eftlab.com/knowledge-base/complete-list-of-apdu-responses},
|
||
urldate = {2025-05-13},
|
||
journal = {EFTlab - Breakthrough Payment Technologies},
|
||
author = {{EFTlab}},
|
||
file = {EFTlab - Breakthrough Payment Technologies:/home/niklas/Zotero/storage/XD6VW8D6/complete-list-of-apdu-responses.html:text/html},
|
||
}
|
||
|
||
@misc{etsi_etsi_2020,
|
||
title = {{ETSI} {TS} 131 101 {3GPP} integration},
|
||
url = {https://www.etsi.org/deliver/etsi_ts/131100_131199/131101/16.00.00_60/ts_131101v160000p.pdf},
|
||
urldate = {2025-05-13},
|
||
author = {{ETSI}},
|
||
month = jul,
|
||
year = {2020},
|
||
file = {PDF:/home/niklas/Zotero/storage/UMVTLP9K/ts_131101v160000p.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{etsi_etsi_2021,
|
||
title = {{ETSI} {TS} 102 221 {Terminal} {Interface}},
|
||
url = {https://www.etsi.org/deliver/etsi_ts/102200_102299/102221/16.06.00_60/ts_102221v160600p.pdf},
|
||
urldate = {2025-05-13},
|
||
author = {{ETSI}},
|
||
month = oct,
|
||
year = {2021},
|
||
file = {PDF:/home/niklas/Zotero/storage/HCNXBALK/ts_102221v160600p.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{isoiec_isoiec_2006,
|
||
title = {{ISO}/{IEC} 7816-3},
|
||
url = {https://www.freecalypso.org/pub/GSM/ISO7816/ISO_7816-3_2006.pdf},
|
||
urldate = {2025-05-13},
|
||
author = {{ISO/IEC}},
|
||
month = nov,
|
||
year = {2006},
|
||
file = {PDF:/home/niklas/Zotero/storage/58QIFPW4/ISOIEC - 2006 - ISOIEC 7816-3.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{ort_writing_2001,
|
||
title = {Writing a {Java} {Card} {Applet}},
|
||
url = {https://www.oracle.com/java/technologies/java-card/javacard-applet.html#whatjavac},
|
||
urldate = {2025-05-13},
|
||
author = {Ort, Ed},
|
||
month = jan,
|
||
year = {2001},
|
||
file = {Writing a Java Card Applet:/home/niklas/Zotero/storage/P7WHIQEX/javacard-applet.html:text/html},
|
||
}
|
||
|
||
@misc{etsi_ts_2014,
|
||
title = {{TS} 102 223 {Card} {Application} {Toolkit}},
|
||
url = {https://www.etsi.org/deliver/etsi_ts/102200_102299/102223/12.01.00_60/ts_102223v120100p.pdf},
|
||
urldate = {2025-05-18},
|
||
author = {{ETSI}},
|
||
month = sep,
|
||
year = {2014},
|
||
file = {PDF:/home/niklas/Zotero/storage/2AETCTSV/ts_102223v120100p.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{estkme_rlpa-server_2025,
|
||
title = {rlpa-server},
|
||
copyright = {AGPL-3.0},
|
||
url = {https://github.com/estkme-group/rlpa-server},
|
||
abstract = {Remote LPA Server},
|
||
urldate = {2025-05-18},
|
||
publisher = {eSTK.me Group},
|
||
author = {{estk.me}},
|
||
month = apr,
|
||
year = {2025},
|
||
note = {original-date: 2024-06-15T14:06:07Z},
|
||
}
|
||
|
||
@misc{rousseau_pyscard_2025,
|
||
title = {pyscard},
|
||
copyright = {LGPL-2.1},
|
||
url = {https://github.com/LudovicRousseau/pyscard},
|
||
abstract = {pyscard smartcard library for python},
|
||
urldate = {2025-05-20},
|
||
author = {Rousseau, Ludovic},
|
||
month = may,
|
||
year = {2025},
|
||
note = {original-date: 2015-06-16T18:25:06Z},
|
||
keywords = {smartcard, apdu, pcsc, pyscard, python, python3, smartcard-library, travis-ci},
|
||
}
|
||
|
||
@misc{maciver_hypothesis_2019,
|
||
title = {Hypothesis: {A} new approach to property-based testing},
|
||
shorttitle = {Hypothesis},
|
||
url = {https://github.com/HypothesisWorks/hypothesis},
|
||
abstract = {The property-based testing library for Python},
|
||
urldate = {2025-05-20},
|
||
author = {MacIver, David R. and Hatfield-Dodds, Zac and {many other contributors}},
|
||
month = nov,
|
||
year = {2019},
|
||
doi = {10.21105/joss.01891},
|
||
note = {original-date: 2013-03-10T13:51:19Z},
|
||
file = {Full Text:/home/niklas/Zotero/storage/M3TAPWCL/MacIver et al. - 2019 - Hypothesis A new approach to property-based testing.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{etsi_ts_2023,
|
||
title = {{TS} 102 241 {UICC} {API}},
|
||
language = {en},
|
||
author = {{ETSI}},
|
||
month = aug,
|
||
year = {2023},
|
||
file = {PDF:/home/niklas/Zotero/storage/3CTHDWNK/TS 102 241 - V17.5.0 - Smart Cards\; UICC Application Programming Interface (UICC API) for Java Card™.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{etsi_ts_2005,
|
||
title = {{TS} 151 011 {SIM}-{ME} interface},
|
||
url = {https://www.etsi.org/deliver/etsi_ts/151000_151099/151011/04.15.00_60/ts_151011v041500p.pdf},
|
||
urldate = {2025-05-20},
|
||
author = {{ETSI}},
|
||
month = jun,
|
||
year = {2005},
|
||
file = {PDF:/home/niklas/Zotero/storage/BY2ZCG4E/ts_151011v041500p.pdf:application/pdf},
|
||
}
|
||
|
||
@inproceedings{fioraldi_afl_2020,
|
||
title = {{AFL}++: {Combining} {Incremental} {Steps} of {Fuzzing} {Research}},
|
||
volume = {14},
|
||
url = {https://www.usenix.org/conference/woot20/presentation/fioraldi},
|
||
abstract = {In this paper, we present AFL++, a community-driven opensource tool that incorporates state-of-the-art fuzzing research, to make the research comparable, reproducible, combinable and — most importantly – useable. It offers a variety of novel features, for example its Custom Mutator API, able to extend the fuzzing process at many stages. With it, mutators for specific targets can also be written by experienced security testers. We hope for AFL++ to become a new baseline tool not only for current, but also for future research, as it allows to test new techniques quickly, and evaluate not only the effectiveness of the single technique versus the state-of-theart, but also in combination with other techniques. The paper gives an evaluation of hand-picked fuzzing technologies —shining light on the fact that while each novel fuzzing method can increase performance in some targets — it decreases performance for other targets. This is an insight future fuzzing research should consider in their evaluations.},
|
||
language = {en},
|
||
publisher = {USENIX Association},
|
||
author = {Fioraldi, Andrea and Maier, Dominik and Eißfeldt, Heiko and Heuse, Marc},
|
||
month = aug,
|
||
year = {2020},
|
||
file = {PDF:/home/niklas/Zotero/storage/QNMM4NBX/Fioraldi et al. - AFL++ Combining Incremental Steps of Fuzzing Research.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{corcoran_pcsc-lite_2025,
|
||
title = {pcsc-lite: {MUSCLE} {PC}/{SC}-{Lite} {API} {Documentation}},
|
||
url = {https://pcsclite.apdu.fr/api/index.html},
|
||
urldate = {2025-06-24},
|
||
journal = {MUSCLE PC/SC-Lite API Documentation},
|
||
author = {Corcoran, David and Rousseau, Ludovic},
|
||
year = {2025},
|
||
file = {pcsc-lite\: MUSCLE PC/SC-Lite API Documentation:/home/niklas/Zotero/storage/MIGD3JM4/index.html:text/html},
|
||
}
|
||
|
||
@misc{nist_nvd_2025,
|
||
title = {{NVD} - {CVE}-2025-0343},
|
||
url = {https://nvd.nist.gov/vuln/detail/CVE-2025-0343},
|
||
urldate = {2025-06-30},
|
||
author = {{NIST}},
|
||
year = {2025},
|
||
file = {NVD - CVE-2025-0343:/home/niklas/Zotero/storage/D6K8HLIX/CVE-2025-0343.html:text/html},
|
||
}
|
||
|
||
@misc{mitre_cve_2003,
|
||
title = {{CVE} - {CVE}-2003-0818},
|
||
url = {https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0818},
|
||
urldate = {2025-06-30},
|
||
author = {{MITRE}},
|
||
year = {2003},
|
||
file = {CVE - CVE-2003-0818:/home/niklas/Zotero/storage/8NTHT84Y/cvename.html:text/html},
|
||
}
|
||
|
||
@misc{nist_nvd_2024,
|
||
title = {{NVD} - {CVE}-2024-6197},
|
||
url = {https://nvd.nist.gov/vuln/detail/CVE-2024-6197},
|
||
urldate = {2025-06-30},
|
||
author = {{NIST}},
|
||
year = {2024},
|
||
file = {NVD - CVE-2024-6197:/home/niklas/Zotero/storage/PMM5K88C/CVE-2024-6197.html:text/html},
|
||
}
|
||
|
||
@misc{gsma_sgp41_2025,
|
||
title = {{SGP}.41 v1.0 {eSIM} {IFPP} {Architecture} and {Requirements}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2025/02/SGP.41-eSIM-IFPP-Architecture-and-Requirements-v1.0.pdf},
|
||
urldate = {2025-07-01},
|
||
publisher = {GSMA},
|
||
author = {{GSMA}},
|
||
month = feb,
|
||
year = {2025},
|
||
file = {PDF:/home/niklas/Zotero/storage/2CCS6TUE/SGP.41-eSIM-IFPP-Architecture-and-Requirements-v1.0.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp31_2024,
|
||
title = {{SGP}.31 v1.2 {eSIM} {IoT} {Architecture} and {Requirements}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2024/04/SGP.31-v1.2.pdf},
|
||
urldate = {2025-07-01},
|
||
publisher = {GSMA},
|
||
author = {{GSMA}},
|
||
year = {2024},
|
||
file = {PDF:/home/niklas/Zotero/storage/H4ERY4E3/SGP.31-v1.2.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gd_rsp_nodate,
|
||
title = {{RSP} solutions driving excellence in {eSIM} management},
|
||
shorttitle = {Solution {Brief}},
|
||
url = {https://www.gi-de.com/corporate/Digital_Security/Connectivity_IoT/IoT/AirOn360-iot/Solution_Brief_GD_RSP.pdf},
|
||
urldate = {2025-07-01},
|
||
journal = {G+D’s RSP solutions driving excellence in eSIM management},
|
||
author = {{G+D}},
|
||
file = {PDF:/home/niklas/Zotero/storage/VUSEQNYY/Solution_Brief_GD_RSP.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp32_2024,
|
||
title = {{SGP}.32 v1.1 {eSIM} {IoT} {Technical} {Specification}},
|
||
language = {en},
|
||
publisher = {GSMA},
|
||
author = {{GSMA}},
|
||
year = {2024},
|
||
file = {PDF:/home/niklas/Zotero/storage/BN4I9UQ8/Sanz - SGP.32 eSIM IoT Technical Specification v1.1.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{esimme_esimme_2025,
|
||
title = {{eSIM}.me: {UPGRADE} to {eSIM} - {Apps} on {Google} {Play}},
|
||
shorttitle = {{eSIM}.me},
|
||
url = {https://play.google.com/store/apps/details?id=esim.me&hl=en_CA},
|
||
abstract = {ADD eSIM Functionality to your "Existing" Smartphone},
|
||
language = {en-CA},
|
||
urldate = {2025-07-01},
|
||
author = {{esim.me}},
|
||
year = {2025},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/BI639BHE/details.html:text/html},
|
||
}
|
||
|
||
@misc{apple_apple_2018,
|
||
title = {Apple introduces {iPhone} {XR}},
|
||
url = {https://www.apple.com/newsroom/2018/09/apple-introduces-iphone-xr/},
|
||
abstract = {Apple today announced iPhone XR, integrating breakthrough technologies from iPhone XS in an all-screen glass and aluminum design.},
|
||
language = {en-US},
|
||
urldate = {2025-07-01},
|
||
journal = {Apple Newsroom},
|
||
author = {{Apple}},
|
||
year = {2018},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/NVCL4WBU/apple-introduces-iphone-xr.html:text/html},
|
||
}
|
||
|
||
@misc{vincent_samsungs_2016,
|
||
title = {Samsung’s {Gear} {S2} has the first certified {eSIM} that lets you choose carriers},
|
||
url = {https://www.theverge.com/2016/2/18/11044624/esim-wearable-smartwatch-samsung-gear-s2},
|
||
abstract = {The Gear S2 Classic 3G will use a new industry-approved eSIM},
|
||
language = {en-US},
|
||
urldate = {2025-07-01},
|
||
journal = {The Verge},
|
||
author = {Vincent, James},
|
||
month = feb,
|
||
year = {2016},
|
||
file = {Snapshot:/home/niklas/Zotero/storage/F4N2FLKA/esim-wearable-smartwatch-samsung-gear-s2.html:text/html},
|
||
}
|
||
|
||
@misc{gsma_sgp01_2014,
|
||
title = {{SGP}.01 v1.12 {eSIM} {RSP} {Architecture}},
|
||
url = {https://www.gsma.com/newsroom/wp-content/uploads//SGP.01-v1.12.pdf},
|
||
urldate = {2025-07-01},
|
||
author = {{GSMA}},
|
||
year = {2014},
|
||
file = {PDF:/home/niklas/Zotero/storage/RWPD9BJM/SGP.01-v1.12.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp21_2015,
|
||
title = {{SGP}.21 v1.01 {RSP} {Architecture}},
|
||
url = {https://www.gsma.com/newsroom/wp-content/uploads/SGP.21-v1.01.pdf},
|
||
urldate = {2025-07-01},
|
||
author = {{GSMA}},
|
||
year = {2015},
|
||
file = {PDF:/home/niklas/Zotero/storage/ZNI6GMH2/SGP.21-v1.01.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{gsma_sgp21_2023,
|
||
title = {{SGP}.21 v3.1 {RSP} {Architecture}},
|
||
url = {https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2023/12/SGP.21-V3.1.pdf},
|
||
urldate = {2025-06-22},
|
||
author = {{GSMA}},
|
||
year = {2023},
|
||
file = {PDF:/home/niklas/Zotero/storage/KSQP8T2D/SGP.21-V3.1.pdf:application/pdf},
|
||
}
|
||
|
||
@misc{iebb_nekokolpa_nodate,
|
||
title = {{NekokoLPA}},
|
||
url = {https://github.com/iebb/NekokoLPA},
|
||
urldate = {2025-07-02},
|
||
author = {{iebb}},
|
||
file = {iebb/NekokoLPA\: NekokoLPA:/home/niklas/Zotero/storage/S8SXVMEV/NekokoLPA.html:text/html},
|
||
}
|
||
|
||
@misc{colvin_pydantic_2025,
|
||
title = {Pydantic},
|
||
copyright = {MIT},
|
||
url = {https://github.com/pydantic/pydantic},
|
||
abstract = {Data validation using Python type hints},
|
||
urldate = {2025-07-03},
|
||
author = {Colvin, Samuel and Jolibois, Eric and Ramezani, Hasan and Garcia Badaracco, Adrian and Dorsey, Terrence and Montague, David and Matveenko, Serge and Trylesinski, Marcelo and Runkle, Sydney and Hewitt, David and Hall, Alex and Plot, Victorien},
|
||
month = jun,
|
||
year = {2025},
|
||
note = {original-date: 2017-05-03T21:23:58Z},
|
||
}
|