Thursday, January 09, 2020

eSIM - Observing Possible Outcomes Part 2.0

Welcome to 2020 and before us the start of the new year and, more importantly, the start of a new decade. So lets start out with a strong, confident approach and make sure we all understand this newish technology called eUICC, eSIM, and even iSIM.

This Part 2 of the discussion will refine and define observations that have been generally stated in Part 1 (R6); examine more closely eSIM and eUICC aspects. Due to the huge amount of material that needs to be condensed, as per the last post (Part 1) a heavy use of references will be given for further reading or in support of observations made in Part 2. Moreover, Part 2 will need to be posted in sections (Part 2.1, Part 2.2, etc.) so as not to blur the concepts being discussed and overloading the reader with excessive information in a blog post.

To foster the goal of seamless global connectivity GSMA has developed and published 'AA.35' (R7). In brief, this document defines the GSMA's policy and procedures for global vision for the creation and adoption of Industry specifications. It is an important document, and not just from a management perspective or GSMA's paternal role, but explains the how's and why's of how various aspects of operability, interoperability and interworking essential  in the telecommunications ecosystem requires to have a balanced approach. That means with respect to the GSMA membership (the participants):

"Industry Specifications are defined in AA.35 as "any specification for: (i) common adoption ; and (ii) repeated implementation, application and functioning ; and (iii) general use, operations and support in multiple segments of the telecommunication ecosystem ; or (iv) consistent testing, verification and certification; of technology that would directly and materially affect simultaneously mobile network operators and non-mobile network operator participants within the mobile industry ecosystem. Industry Specifications do not include specifications that: (i) only affect interoperability or interworking between mobile network operators ; or (ii) do not add additional specifications to technical solutions ." AA.35 section 3 .3." (R8)

Observation: In a nutshell interpretation of the above it seems to me might suggest those who voluntarily enter into creating or participating with Industry specification may, as a case in point, be making a form of Hippocratic Oath: "make a habit of two things - to help or at least to do no harm."** (R9). I have suggested 'Oath': as it is already international recognised; Antitrust seeks to prevent harmful restriction; GSMA is seeking international acceptance of AA.35; and participants undertake not to be the cause-bringer of harmful disruption.

A further glimpse into why AA.35 is an important document can be found in the DoJ response Wednesday, November 27, 2019 (R10) to the Business Letter Review. I think once I read the DoJ's release I could envisage eUICC, eSIM, and iSIM having more appeal to handset manufacturers to open up a technology-advantage over older handsets and create a competitive-advantage. Three pertinent paragraphs in the DoJ release that are supportive of that are:

"The GSMA expressed its intent to adopt the new procedures in a request for a business review letter from the Antitrust Division. After completing its investigation, the division is today issuing a business review letter that expresses concern about the past procedures and some of the resulting provisions in the standard. The letter concludes, however, that the proposed changes appear to adequately address those concerns. In light of these planned changes, the Antitrust Division has no present intention to bring an enforcement action against the GSMA or its mobile network operator members." (para 2)

So there is, at present, no barrier enforced/encumbent barrier deterring adoption.

" “I am pleased that the GSMA is ready to use its standard-setting process to create a more consumer-friendly eSIM standard,” said Assistant Attorney General Makan Delrahim. “The GSMA’s old procedures resulted in certain eSIMs rules that benefitted only its incumbent mobile network operators at the risk of innovation and American consumers. The new procedures proposed going forward significantly reduce that risk and should result in new innovative offerings for consumers.” " (para 3)

The principle of a level playing field (commonality) brought about by consumer-friendly eSIM standard will have a huge appeal to suppliers and consumers alike. I suppose (in an imaginative way) this might be thought about in terms similar to that when 'Java' first came out - hiding the complexities of a range of disparate devices/systems in order that they may communicate together.

" "The mobile communications industry has begun to migrate away from traditional SIM cards—a removable plastic card that is preprogrammed to connect to a single mobile network—and toward innovative eSIMs, which perform the same function as a SIM card but are soldered into the device and capable of being remotely programmed and re-programmed to connect to different operators’ mobile networks. The mobile industry refers to this process as Remote SIM Provisioning (RSP)." " (para 4)

And finally, acquisition of an approved profile using GSMA's development called Remote SIM Provisioning (RSP), what I would describe as being similar to a Passport Office. If you don't have a Passport, you can't travel.

In the next article (Part 2.1) I will define and refine further handling GSMA Documents  and Standards (3GPP/ETSI) that is discuss how we use standards and how Documents have influence.

(R7) Provisions for the Policy and Procedures for Official Document in relation to Industry Specifications - AA.35 Version 1.0.0 - 1 5th March 2019
(R8)CLIFFORD CHANCE US LLP Confidential Treatment Requested by Clifford Chance US LLP on Behalf of The GSM Association July 25, 2019 addressed to Assistant Attorney General Antitrust Division Department of Justice (document released by DoJ following its Antitrust review in Business Request Letter from the GSMA legal advisors).
(R9) **Epidemics I:XI. The commonly cited Jones translation follows Littre and goes: "make a habit of two things —to help, or at least do no harm" (Hippocrates [1923a]). Jonsen notes that the Greek text does not contain the words "at least." Jonsen AR. "Do No Harm." Ann Int Med 1978;88:827-32. I have used a later translation (Hippocrates [1950]).
(R10) Department of Justice Office of Public Affairs Justice Department Issues Business Review Letter to the GSMA Related to Innovative eSIMs Standard for Mobile Devices Wednesday, November 27, 2019

Friday, December 06, 2019

eSIM - Observing Possible Outcomes Part 1

Back in 2012 I wrote about the introduction of a new form factor for SIM Cards (4FF). The outline and a potted history of SIM Card form factors were illustrated and in a separate post the first ETSI standard defining this new form factor (4FF) - (R1) and (R2).

Seven years down the line in (2019) ARM Limited produced a useful graphics of where eSIM is placed in the evolutionary chain of form factors - (R3).

eSIM has already established a presence in the digital tech marketplace. SIMalliance published SIM Market Insights in June 2019 giving the following stats '2018 Shipment Volumes (SIM Units)'. Here again it is easier to show the graphics than simply record word-for-word the stats - (R4).

Recorded in in Arm's presentation are more stats 4.4 billion cellular devices by 2025 – Source: Machina 2017; $1.8 trillion operator revenue opportunity for LPWAN by 2026 – Source: GSMA 2017 to support the vision of eSIMs integration into future devices and market size - (R3).

There are, of course, numerous market reports predicting how eSIM will fair in the marketplace; this blog post is giving a potted history just to bring the discussion up to speed.

Specifications and standards for eSIM/eUICC are available from 3GPP, GSMA and SIMalliance. These will be discussed in another Part to this blog discussion. For now, what is required to know is how eSIM will actual operate in practice. The SIMalliance produced a helpful graphic (R4) showing eSIM profile (a package), delivered to a physical product (eUICC), when deployed in the field. So let us look at that first.
For the download (update) system architecture to work requires both network and device to operate and function according to the Remote SIM Provisioning Service (RSP) Architecture'. This has been designed into the RSP Architecture. The following graphics helpfully illustrate two important element: the network side and the device side (eUICC) - (R5).

Once the eUICC has been deployed in the field [it], when inserted into a compatible smartphone, will be able to download one or more mobile operator profiles and then subscribed services. An eSIM user can then switch between operator profiles or download profiles and services on the fly - time, place and location, and so on. This enables the eSIM/eUICC to excel in connectivity. This approach to connectivity is exciting and yet remarkable, for logically the SIM Card issued previously was issued and controlled by the subscriber's mobile operator. eSIM/eUICC in essence removes sovereignty which was jealously guarded by each operator prior to the intro of this technology handover. That is even to the extent where virtual mobile operators (VMOs) only functioned based upon piggy-backing off primary operators' core network but issued their own SIM Cards.

It should be understood that the envisaged usage for eSIM focussed on M2M, so candidates would be industry devices, automobiles, metering and so on. But the concept of eSIM has recently engaged operators and handset manufacturers to look at how 5G can help with profiling and service downloads. Recently, GSMA ran seminars with hands-on training for eSIM profiling and services download, which apparently was very successful.

Moreover, Samsung, Google and Apple have devices with eSIM capability.Android framework provides standard APIs for accessing eSIM and managing subscription profiles on the eSIM (Android 9). Importantly, Devices running Android 10 or higher can support devices with multiple eSIMs. So these factors alone are investigative elements for cyber security oversight, pentesters and forensic examiners to be aware.

In Part 2 the discussion will refine and define observations that have been generally stated in this post; examine more closely eSIM and eUICC aspects and then more in Parts 3 and 4 looking at potential implications for cyber security, law enforcement, forensic examiners and ICT specialists.

(R1) SIM Card new 4FF form factor size -
(R2) ETSI release details of new 4FF UICC  -
(R3) The Challenges Deploying IoT eSIM M2M enabling Secure Communications Scaled for 1 trillion devices. Jean-Philippe Betoin Marketing Director, Secure Identity Confidential © 2019 Arm Limited.
(R4) SIMs, eSIMs and Secure Elements: Providing a roadmap to dynamic security and flexible control for connected devices. Remy Cricco Chair of the Board, SIMalliance ETSI Security Week June 2019.
(R5) GSMA SGP.21 - RSP Architecture, V2.2, 1 Sep 2017

Thursday, December 05, 2019

Update3 - HERREVAD Databases Geo Location Artefacts

This is the continuing/on-going research and discovery into HERREVAD Databases Geo Location Artefacts.

Back in 2017 little was known about HERREVAD and I posted at my blog my views that it had potential for cell site analysis and possible mobile user geographical location/s. I have found further materials on it in a useful web-article (Making Sense of OSINT Cell Tower Data for DFIR- where the investigator sets out the uses for the data from the HERREVAD database for the purposes as I have mentioned. So good to see my research continues to benefit criminal, civil and security investigations.

The last update was
Update2 - HERREVAD Databases Geo Location Artefacts

Tuesday, September 17, 2019

Policing today

As the murder investigation into the appalling and tragic death of PC Andrew Harper is on going I am sure I am sharing thoughts others have already stated long before me; not preaching, just asking:

                                  What exactly do people want from the Police?

We pay for these men and women to work on the "front line" for us dealing with enquiries, handling difficult and serious situations.  There is no small section of society or victim group deserving only of the police attention to deal with their concerns and everyone else can go to hell. The police represent all of us (good, bad and indifferent) and we represent all of the "front line". And if you are not supporting the safety of the police on the streets then what happens if officers do not want to do the job anymore, what then?

It is worth taking 5-mins to look at the list here:

Saturday, August 17, 2019

Observations from the digital backyard-2

Good to have a catch-up chat with my old friend Vinny Parmar. Vinny holds the position Higher Digital Forensics personnel responsible as the Quality Representative (QR) for the Computer Forensics Department at West Midlands Police (WMP); the team responsible for having achieved UKAS Accreditation (iso17025) and ensuring its continued compliance and maintaining the standards. It is during my conversation with Vinny that I reminded, as from previous conversations with him, that Vinny's broad range of experience (worked in the private/public sectors, digital forensics, setting up a laboratory, and now UKAS Accreditation) should he decide to hang up his work boots (some way off yet) I think Vinny would be a great lecturer bringing cutting-edge, real-world working experience to University students.

I see Heather Mahalik has a new role as Senior Director of Digital Intelligence at Cellebrite and has just written a blog post about the reasons for joining the company ( Blog Post - Heather Mahalik ). For those that are not aware, Heather's background includes being a SANS Senior Instructor and co-authored the books Practical Mobile Forensics editions 1 and 2  and was the Technical Editor for the book Learning Android Forensics; all three published by Packt Publishing. Congratulations Heather and good luck in the new role.

There are quite a few founding fathers that have contributed to the evolution of digital forensics and cell site analysis. Previously I have mentioned back in 2014 the contribution Albert Einstein made to cell site analysis ( ) due to the mobile telecommunications industry adopting Einstein's 1926 “The Random Walk Mobility Model”. It seems only fair to mention another well-know character and celebrity forensicator no less, who celebrated his birthday back in June, and that is Batman (copyright DC Comics). Batman's role in using investigative forensics to solve crimes is very well known and some of his cases can be found here - The Forensic Files of Batman published by iBooks ISBN1596871156 (ISBN13: 9781596871151  see and

It is the use of Batman's punch index cards inserted into the Bat Computer which then computed the input, analysed the results and produced an output answer that some have observed this might be the originator for the concept of Computer Forensic Suites. So well done and our respects to Einstein and Batman for their contributions to our industry.

Monday, June 03, 2019

75 Years Remembrance D-DAY

Reposting my blog-post back of 06/06/2011 to support remembrance of 75-years of D-Day

D-Day 6th June

I mentioned today's important date to a number of people. Quite a few had forgotten the date and mainly the younger generation didn't know about events that took place on this date back in 1944.

For anyone who may have missed it or might want to know more, here are some links providing the historical background.

British Legion Remembrance d-day-65
Wikipedia Normandy Landings
Britannica DDay
Remembrance D-Day.html
Lifeformation D-Day


Tuesday, May 21, 2019

Update2 - HERREVAD Databases Geo Location Artefacts

This second update concerns HERREVAD Databases Geo Location Artefacts referred to by me in my previous posts:

Update - HERREVAD Databases Geo Location Artefacts (2018)


HERREVAD Databases Geo Location Artefacts (2017)

Due to lack of reporting and information about HERREVAD Databases I have kept monitoring the information superhighway to see if any additional information comes up about HERREVAD.

In March 2019 the GmsCore.apk (Android Marshmallow) had an Incident Response Report at Hybrid Analysis concerning MITRE ATT&CK Techniques Detection identifying malicious indicator. The lengthy report suggests Fingerprintng location information that HERRAVAD is associated: // //


There is a good article about Drone Forensics in eForensics Magazine. The synopsis for the article states:
"The project begins to look into the broad range of UAVs that are likely to be encountered by police forces in the UK, specifically targeting the more budget end of the spectrum whilst still having all the functionality required to commit a range of crimes. The project focuses on post criminal activity analysis of the UAV and controller and while there is some discussion of commercial counter UAV tools it is not the focus of this project. One example of this analysis comes from media files stored on the drone and the kind of information that can be gathered from them through metadata. Using a purely practical, experimentation and analysis based approach, a thorough examination was made of both the UAV and its controlling Android and iOS devices. The project concludes that metadata is the best way to obtain information regarding flights, particularly where the Bebop’s “Drone Academy” feature is disabled as it specifically states that this will track your drone’s flights, though there is an analysis of the files created by the “Drone Academy” feature."

However, there a huge range of technology to consider with evidential value and later on I will present additional supporting info to the community. In the meantime here is a great Infographics by (c) Jethro Hazelhurst of the Pixhawk PX4 autopilot.