Lecturer:

Orit Faina

Affiliation:

Viterbi Faculty of Electrical Engineering, Technion

Can We Trust a TEE-based SIM?

Nowadays a continuously growing number of devices in almost every field in our lives is connected to the internet. Many of these new markets choose to connect their devices via the mobile network because of its many advantages. Mobile standards such as Global System for Mobile communications (GSM) and Long-Term Evolution (LTE) require their consumers to have a Subscriber Identity Module (SIM). The SIM in its current form, a secure element built on smart card technology called Universal Integrated Circuit Card (UICC), provides isolation and a high security level, yet it generates difficulties to the IoT market because of its main characteristics: (1) its slot takes up significant place in the device; (2) it contains only one network profile; (3) it does not support Over the Air (OTA) updates; and (4) it requires human intervention for switching a network profile. In order to fully realize the potential of the new consumer markets, the industry must adopt an alternative SIM solution. Two forms might be adopted: Secure Element (SE), e.g. an integrated SIM (iSIM) or an embedded SIM (eSIM); and Trusted Execution Environment (TEE), e.g. a software SIM running on a TEE. In this research, we examine whether, and in what cases, the TEE-based SIM approach manages to meet the security requirements of a SIM, in its primitive form or with modifications in hardware, firmware and software. We do so by: (1) identifying the TEE-based SIM security gap by comparing representative architectures of TEE and UICC SE; (2) presenting four threat models of IoT use cases key examples; and (3) evaluating TEE-based SIM stability for the various IoT use cases.   * MSc seminar under supervision of Prof. Avi  Mendelson.    

Date: Mon 16 Sep 2019

Start Time: 10:30

End Time: 11:30

861 | Electrical Eng. Building