M.Sc Student | Faina Orit |
---|---|
Subject | Can We Trust a TEE-Based Sim? |
Department | Department of Electrical Engineering | Supervisors | Professor Avi Mendelson |
Mr. Hagai Bar-El | |
Full Thesis text | ![]() |
Nowadays, a continuously growing number of devices in almost
every field of our lives is connected to the Internet. Many of these new
markets choose to connect their devices via the mobile network because of its
many advantages. Mobile standards such as the Global System for Mobile
communications (GSM) and the Long-Term Evolution (LTE) require their consumers
to have a Subscriber Identity Module (SIM). The SIM in its current form, a
secure element built on smart card technology called Universal Integrated Circuit
Card (UICC), provides isolation and a high level of security robustness, yet it
generates difficulties for the IoT space, because of its main characteristics:
(1) its slot takes up significant space in the hosting device; (2) it contains only
one network profile;
(3) it traditionally does not support Over the Air (OTA) updates; and (4) it
requires human intervention for switching a network profile. In order to fully
realize the potential of the new consumer markets, the industry must adopt
alternative approaches to SIM. Two forms may be considered: Secure Element (SE),
e.g. an integrated SIM (iSIM) or an embedded SIM (eSIM); and Trusted Execution
Environment (TEE), e.g. a software SIM running on a TEE.
In this research, we examine whether, and in what cases, the TEE-based SIM approach manages to meet the security requirements of a SIM, in its primitive form or with modifications in hardware, firmware and/or software. We do so by: (1) identifying the TEE-based SIM security gap by comparing representative Protection Profiles (PPs) of TEE and SE; (2) presenting four threat models of IoT exemplary use cases; and (3) evaluating the TEE-based SIM suitability for each of the examined IoT use cases.