0.7.0

This is the 7th article/week 7 progress report of my journey at EthIndia Fellowship 3.0, EIF3.0 building Blockchain Powered eSIM.

Here’s the link of the sixth article of this series in which I started the Implementation of eSIM including AOSP setup and understanding methods from EuiccManager.java, EuiccSevice.java, EuiccController.java.

In this article I’m explaining everything related to a LPA where all the implementation is happening.

LPA

• The LPA (Local Profile Assistant) is an app that manages the eSIM profiles.

• It connects to a remote service called SM-DP+ and to the eUICC (embedded SIM card) chip to activate and manage the profiles.
  Or
  The LPA serves as a mediator between the remote service (SM-DP+) that prepares and delivers the profile packages and the eUICC chip.

  • SM-DP+ prepares and delivers the profile packages to the device.

  • The eUICC is the hardware component that stores and manages the embedded SIM profiles.

  So, It facilitates the communication between these two components and manages the installation and activation of the profiles on the eUICC chip.
  Also ensures that the profiles are installed and activated correctly and that the user can access and use the services associated with each profile on their device.

• The LPA app may(should) include a user interface (LUI) to allow users to manage their profiles easily.
  LUI, or Local User Interface, refers to the user interface that is displayed on the device during the eSIM profile installation and management process. LUI activities may include:

  1. Selecting the desired carrier: The user selects the carrier they want to use for their eSIM profile.

  2. Entering the activation code: The user enters the activation code provided by the carrier to activate the eSIM profile.

  3. Reviewing the profile details: The user reviews the eSIM profile details, such as the carrier name, phone number, and other relevant information.

  4. Confirming the profile installation: The user confirms that they want to install the eSIM profile on their device.

  5. Managing the installed profiles: The user can manage the installed eSIM profiles by deleting or modifying them as needed.

  In addition to these traditional LUI activities, there may be other activities that need to be added to the LUI to provide a better user experience or to support additional features.

• The Android system automatically connects to the best available LPA to handle eSIM operations.

The existing structure of the LPA (Local Profile Assistant) is centralized, with a single point of control over the distribution and management of eSIM profiles. In this structure, the LPA provider controls the process of downloading and installing eSIM profiles on mobile devices.

And, There are several LPA providers in the market. Some of the well-known LPA providers include:

1. Gemalto, now Thales DIS

2. Giesecke+Devrient (G+D)

3. IDEMIA

4. STMicroelectronics

5. Truphone

6. Workz Group

7. Oasis Smart SIM

8. Telna

9. Valid

10. eSIM.net

Some mobile network operators have also developed their own LPAs. The LPA provider used by a particular mobile network operator vary depending on their agreement and preference.

Decentralizing the LPA using blockchain can provide several benefits, including increased security, improved resilience, greater transparency, reduced cost and faster updates(maybe but definitely tamper proof). By decentralizing the profile management(profile storage and profile distribution), the eSIM ecosystem can become more secure and efficient.
Decentralizing LPA can potentially prevent several security breaches.
A few real-life examples:

1. SIM swapping attacks(not possible in eSIM as of now):
   In a SIM swapping attack, a hacker gains control of a victim's phone number by convincing the telecom provider to transfer the victim's phone number to a SIM card controlled by the hacker. Once the hacker has control of the victim's phone number, they can use it to gain access to the victim's online accounts that use two-factor authentication via SMS. Decentralizing the eSIM profile management and distribution using blockchain can make it more difficult for a hacker to perform a SIM swapping attack because they would need to compromise multiple nodes on the blockchain network.

2. Unauthorized eSIM profile installations: With a centralized LPA, there is a risk that an attacker could gain access to the LPA and install unauthorized eSIM profiles on devices. Decentralizing the eSIM profile management and distribution using blockchain can make it more difficult for an attacker to perform such an attack because they would need to compromise multiple nodes on the blockchain network to install an unauthorized eSIM profile.

3. Data breaches: With a centralized LPA, there is a risk that a data breach could occur, resulting in the compromise of sensitive user information. Decentralizing the eSIM profile management and distribution using blockchain can help to prevent data breaches because the data is stored on multiple nodes on the blockchain network, making it more difficult for an attacker to gain access to all the data.

eSIM Profiles

An eSIM profile is a set of information that is used to provision a mobile device with connectivity information, such as network credentials, authentication keys, and other relevant details required to connect to a mobile network.

An eSIM profile is typically a software component that is installed on the device and is used to authenticate the device with the network operator. The eSIM profile can be downloaded over the air (OTA) and stored securely on the device's eSIM chip.

The format of an eSIM profile is defined by the GSMA (Global System for Mobile Communications Association) and is based on a specification called Remote SIM Provisioning (RSP). The RSP specification defines the structure and format of the eSIM profile, which includes information such as:

• Profile Metadata:

  • Profile name

  • ICCID (Integrated Circuit Card Identifier)

  • Profile creation date

  • Profile expiry date

  • Operator name

  • Service provider name

  • Profile status (e.g., enabled or disabled)

• Network credentials:

  • Authentication key(s)

  • Encryption key(s)

  • Signing key(s)

  • Access point name (APN)

  • Subscriber identification module (SIM) settings

  • Internet Protocol (IP) settings

• Profile attributes:

  • Network technology (e.g., 4G, 5G)

  • Supported services (e.g., voice, data, SMS)

  • Data rates and usage limits

  • Roaming policies

  • Provisioning policies (e.g., over-the-air, physical SIM swap)

  • User profile settings (e.g., preferred language)

The eSIM profile is typically represented in a machine-readable format, such as XML or JSON, which can be easily processed and installed on the device's eSIM chip. In summary, an eSIM profile is a software component that is used to provision a mobile device with connectivity information, and it is defined by the GSMA's RSP specification.

eSIM Profile Distribution

The traditional way of distributing eSIM profiles is through a centralized system where the mobile network operator (MNO) provides the profiles to the end-user through their online portal or a dedicated app.
The MNO is responsible for verifying the user's identity, assigning the eSIM profile to the user's device, and then delivering it to the device.
This process is often subject to vulnerabilities, such as hacking and identity theft, which can compromise the security and privacy of the eSIM profile.

Now, Blockchain technology can provide an alternative way to distribute eSIM profiles that is more secure and transparent.
In this approach, the eSIM profiles are stored on a blockchain, and the blockchain acts as a distributed ledger that keeps track of all the transactions related to the distribution of eSIM profiles.
When a user requests an eSIM profile, the platform verifies the user's identity through identity management and authorizes the download and installation of the profile on the user's device.

Storing eSIM Profile

The usual way of storing eSIM profiles is on a centralized server controlled by the mobile network operator (MNO).
The server is responsible for managing the eSIM profiles, encrypting them, and storing them securely. Again this makes it vulnerable to cyber attacks and data breaches, which can compromise the security and privacy of the eSIM profiles.

Blockchain technology can provide a more secure way to store eSIM profiles by storing them on a decentralized, distributed ledger.
In this approach, each eSIM profile is stored on the blockchain as a unique transaction, which can be accessed only by authorized parties with the appropriate cryptographic keys. By using blockchain for eSIM profile storage, the eSIM profiles can be encrypted and stored in a tamper-proof manner, ensuring that they are protected from unauthorized access and tampering.
Additionally, the decentralized nature of the blockchain ensures that there is no single point of failure, which can make the eSIM profile storage more resilient to cyber attacks.

Question,

1. Including all the transactions related to the eSIM profile management and distribution are recorded in a secure, immutable and in transparent way and mainly focus on transparency of user's details and transaction,
   ***doesn't it makes users more vulnerable?
   The answer is,
   ***No, recording all the transactions related to eSIM profile management and distribution on a blockchain does not necessarily make users more vulnerable. In fact, it can enhance user privacy and security in several ways.

Firstly, cryptography provides enhanced security measures, such as encryption and hashing, which ensure that user data is stored securely and cannot be accessed or tampered with by unauthorized parties.

Secondly, ethereum blockchain technology allows for the creation of smart contracts, which can automate and enforce the terms of transactions in a secure and transparent manner. This can reduce the risk of fraud and provide greater assurance to users that their transactions are secure.

Finally, transparency on the blockchain can actually enhance user privacy, as users can see exactly how their data is being used and who has access to it. This can increase trust and accountability in the system and give users greater control over their data.

2. Potential security risks involved in decentralizing eSIM profile management on a blockchain network?
   The answer is,
   Smart contract vulnerabilities, that can be exploited by attackers to steal user information or manipulate transactions.
   Private key management, The private keys must be properly managed to prevent unauthorized access or theft. And if we are unable to do that we’ll proceed with smart contract wallet.
   Regulatory compliance, Decentralized eSIM profile management may face regulatory hurdles, and complying with regulations while maintaining the decentralized nature of the system can be a challenge.

3. Hoping for more questions from viewers…

Building a LPA

Building a local profile assistant (LPA) app by decentralizing eSIM profile storage and distribution allowing the user to manage their profiles on the eSIM, including crypto wallets, blockchain networks, and network carrier providers, And which must be hooked up with Android Euicc APIs.

1. Understand the hardware/modem requirements:
   To ensure your LPA and eSIM are compatible, we need to check the requirements for GSMA RSP v2.0 or v2.2 support. We also need to use SM-DP+(in our case) and SM-DS servers that have a matching RSP version.

2. Android Euicc APIs:
   The Android Euicc APIs provide a set of functions that allow developers to manage eSIM profiles on Android devices. These APIs include:
   The EuiccManager API, which provides methods for downloading, installing, and deleting eSIM profiles,
   The EuiccCardManager API, which provides methods for managing eSIM cards.
   About The EuiccService, the euiccService is a key component of the Android Euicc APIs and is responsible for managing eSIM profiles on the device, while the EuiccManager API provides a high-level interface for developers to interact with the euiccService and manage eSIM profiles.

3. Implement Euicc APIs:
   Firstly, we need to extend all Euicc APIs and declare it in the manifest file.
   We must also ensure that the service requires the android.permission.BIND_EUICC_API-NAME system permission and include an intent filter with the android.service.euicc.EuiccAPI-NAME action.

4. **Creating LUI Activities:
   **Each activity must require the android.permission.BIND_EUICC_API-NAME system permission.
   Each should have an intent filter with the appropriate action, the android.API_NAME.euicc.category.EUICC_UI category, and a non-zero priority.

5. Using web3J:
   Web3J is a Java library that provides a simple and lightweight API for interacting with Ethereum and other blockchain networks.
   Using Web3J to providing activities for LUI, by adding Web3J library to the project dependencies and initializing a Web3J instance to connect to the desired blockchain network.
   Also using Web3J's API to interact with smart contract responsible for storing and distributing eSIM profiles.

6. Using Biometric:
   Adding biometric authentication to the LUI can greatly enhance the security of the user's crypto wallet and blockchain network. To implement this, we can use Android's BiometricPrompt API, which provides a standardized way to authenticate the user using biometric data such as fingerprint, face, or iris scan.

That’s all that I’ve worked on as of now, The LPA app.
And in the next and last article of EIF3.0 i’m hoping to present you all a LPA of Blockchain Powered eSIM.