Security Analysis of the Consumer Remote SIM Provisioning Protocol

### Discussed in https://github.com/orgs/Blockchain-Powered-eSIM/discussions/1

<div type='discussions-op-text'>

<sup>Originally posted by **ArpitxGit** October  9, 2024</sup>
**Observation from this great [paper](https://arxiv.org/abs/2211.15323)**    

> RSP security is critical because, The Profile includes the credentials with which the mobile device will authenticate to the mobile network

a) Define eSIM as "_process_"? , downloading SIM Profiles into a secure element in a mobile device,  

### Security of the process,
i) Depends unnecessarily on it being encapsulated in a TLS tunnel,
ii) Lack of pre-established identifiers means that a compromised download server anywhere in the world or a compromised secure element can be used for attacks against RSP between honest participants.
iii) Lack of reliable methods for verifying user intent can lead to serious security failures.
</div>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Analysis of the Consumer Remote SIM Provisioning Protocol #2

Discussed in https://github.com/orgs/Blockchain-Powered-eSIM/discussions/1

Security of the process,

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Analysis of the Consumer Remote SIM Provisioning Protocol #2

Description

Discussed in https://github.com/orgs/Blockchain-Powered-eSIM/discussions/1

Security of the process,

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions