Friday, December 06, 2019

eSIM - Observing Possible Outcomes Part 1

Back in 2012 I wrote about the introduction of a new form factor for SIM Cards (4FF). The outline and a potted history of SIM Card form factors were illustrated and in a separate post the first ETSI standard defining this new form factor (4FF) - (R1) and (R2).

Seven years down the line in (2019) ARM Limited produced a useful graphics of where eSIM is placed in the evolutionary chain of form factors - (R3).



eSIM has already established a presence in the digital tech marketplace. SIMalliance published SIM Market Insights in June 2019 giving the following stats '2018 Shipment Volumes (SIM Units)'. Here again it is easier to show the graphics than simply record word-for-word the stats - (R4).


Recorded in in Arm's presentation are more stats 4.4 billion cellular devices by 2025 – Source: Machina 2017; $1.8 trillion operator revenue opportunity for LPWAN by 2026 – Source: GSMA 2017 to support the vision of eSIMs integration into future devices and market size - (R3).

There are, of course, numerous market reports predicting how eSIM will fair in the marketplace; this blog post is giving a potted history just to bring the discussion up to speed.

Specifications and standards for eSIM/eUICC are available from 3GPP, GSMA and SIMalliance. These will be discussed in another Part to this blog discussion. For now, what is required to know is how eSIM will actual operate in practice. The SIMalliance produced a helpful graphic (R4) showing eSIM profile (a package), delivered to a physical product (eUICC), when deployed in the field. So let us look at that first.
For the download (update) system architecture to work requires both network and device to operate and function according to the Remote SIM Provisioning Service (RSP) Architecture'. This has been designed into the RSP Architecture. The following graphics helpfully illustrate two important element: the network side and the device side (eUICC) - (R5).


Once the eUICC has been deployed in the field [it], when inserted into a compatible smartphone, will be able to download one or more mobile operator profiles and then subscribed services. An eSIM user can then switch between operator profiles or download profiles and services on the fly - time, place and location, and so on. This enables the eSIM/eUICC to excel in connectivity. This approach to connectivity is exciting and yet remarkable, for logically the SIM Card issued previously was issued and controlled by the subscriber's mobile operator. eSIM/eUICC in essence removes sovereignty which was jealously guarded by each operator prior to the intro of this technology handover. That is even to the extent where virtual mobile operators (VMOs) only functioned based upon piggy-backing off primary operators' core network but issued their own SIM Cards.

It should be understood that the envisaged usage for eSIM focussed on M2M, so candidates would be industry devices, automobiles, metering and so on. But the concept of eSIM has recently engaged operators and handset manufacturers to look at how 5G can help with profiling and service downloads. Recently, GSMA ran seminars with hands-on training for eSIM profiling and services download, which apparently was very successful.

Moreover, Samsung, Google and Apple have devices with eSIM capability.Android framework provides standard APIs for accessing eSIM and managing subscription profiles on the eSIM (Android 9). Importantly, Devices running Android 10 or higher can support devices with multiple eSIMs. So these factors alone are investigative elements for cyber security oversight, pentesters and forensic examiners to be aware.

In Part 2 the discussion will refine and define observations that have been generally stated in this post; examine more closely eSIM and eUICC aspects and then more in Parts 3 and 4 looking at potential implications for cyber security, law enforcement, forensic examiners and ICT specialists.

REFERENCES
(R1) SIM Card new 4FF form factor size - https://trewmte.blogspot.com/2012/06/sim-card-new-4ff-form-factor-size.html
(R2) ETSI release details of new 4FF UICC  - https://trewmte.blogspot.com/2012/06/etsi-release-details-of-new-4ff-uicc.html
(R3) The Challenges Deploying IoT eSIM M2M enabling Secure Communications Scaled for 1 trillion devices. Jean-Philippe Betoin Marketing Director, Secure Identity Confidential © 2019 Arm Limited.
(R4) SIMs, eSIMs and Secure Elements: Providing a roadmap to dynamic security and flexible control for connected devices. Remy Cricco Chair of the Board, SIMalliance ETSI Security Week June 2019.
(R5) GSMA SGP.21 - RSP Architecture, V2.2, 1 Sep 2017

Thursday, December 05, 2019

Update3 - HERREVAD Databases Geo Location Artefacts

This is the continuing/on-going research and discovery into HERREVAD Databases Geo Location Artefacts.

Back in 2017 little was known about HERREVAD and I posted at my blog my views that it had potential for cell site analysis and possible mobile user geographical location/s. I have found further materials on it in a useful web-article (Making Sense of OSINT Cell Tower Data for DFIR- https://osintcurio.us/2019/08/19/making-sense-of-osint-cell-tower-data-for-dfir/) where the investigator sets out the uses for the data from the HERREVAD database for the purposes as I have mentioned. So good to see my research continues to benefit criminal, civil and security investigations.

The last update was
Update2 - HERREVAD Databases Geo Location Artefacts
https://trewmte.blogspot.com/2019/05/update2-herrevad-databases-geo-location.html