search

Blockchain-Powered-eSIM / eSIM-Wallet

eSIM Wallet Mobile App
MIT License
8 stars 3 forks source link

Carrier Privileges #44

Open ArpitxGit opened 6 months ago

ArpitxGit commented 6 months ago

By following these steps, Android ensures that only authorized carrier apps are allowed to manage eSIM profiles, maintaining security and integrity in the eSIM ecosystem:

  1. eSIM Profile Initialization: The eSIM profile is initialized on the device, containing information about the carrier, network settings, and certificates. ----- we will use downloadable eSIM Test Profiles and build a test suite for LPA functionality testing.
  2. Carrier App Installation: The carrier's app, also known as the Local Profile Assistant (LPA), is installed on the device. This app will manage the eSIM profile on behalf of the carrier. ------ Our LPA App.
  3. Signing the LPA APK: The LPA APK needs to be signed using a valid certificate. This ensures the integrity and authenticity of the app. ------- Certificates has been generated as mentioned in RSP Test Certificates Version 1.5 30 June 2021.
  4. Access Rule File (ARF) Configuration: The ARF file, which is located in the system partition of the Android device, contains access rules for the eSIM profile. This file specifies which apps are granted privileges to access the eUICC (Embedded Universal Integrated Circuit Card) APIs. ------ High Security Concern.
  5. Adding LPA Information to ARF: The signature of the public key of the LPA APK and the name of the LPA are added to the ARF file. This grants special privileges to the carrier's app, allowing it to interact with the eSIM APIs. ------ In future, this can be achieved and automated using modern cryptography data integrity focused protocols.
  6. eSIM Privilege Granting: Upon initialization or when changes are made to the ARF file, the eSIM reads the file and grants privileges to the specified apps, such as the LPA, to access the eUICC APIs. ------- High Security Concern.
  7. Root Access for ARF Modification: Accessing and modifying the ARF file typically requires root access to the device, as it is located in the system partition. This step is necessary for making any changes to the access rules if needed, although it's important to note that rooting a device may void its warranty and can introduce security risks. ------- High Security Concern.
  8. Locating ARF File: The exact location of the ARF file may vary depending on the Android version and device manufacturer. Commonly, it can be found in the /system/etc directory or subdirectories within it. ------- High Security Concern
ArpitxGit commented 6 months ago

NOTICE The SIM card contains an app signature and by this makes that app a carrier app of that SIM card. So the app signature has to be included into the downloadable eSIM.

ArpitxGit commented 6 months ago

The below is a list of Certificates that has been generated as mentioned in RSP Test Certificates Version 1.5 30 June 2021 for testing:

The next step is to submit support of Test CI Certificates Page 62

Screenshot 2024-04-09 at 11 02 12 AM

The MVP environment,

After completing the above the MVP environment will be achieved marking first , second and the third point.

For alpha and beta testing,

We must resolve the rest of the points mentioned above and that will require carrier privileges from Carrier Providers,
An Open Source License Agreement stating and promising that only EID to be used for identifying end users' and no further use And with a detailed agreement that will require adding our app signature in the SIM card for verification and proceed to reach out to Carrier Providers, A few mentioned as eSIM Solution Providers by GSMA.

ArpitxGit commented 6 months ago

Comment from GSMA on test certificates:

SGP.26 test certificate are used to perform:

Either the test defined in [SGP.23](https://www.gsma.com/esim/resources/sgp-23-v1-14/) eSIM Consumer Test Specification that defines the test cases to be compliant with [SGP.22](https://www.gsma.com/esim/resources/sgp-22-v2-5/) eSIM Consumer Technical Specification
Or the test defined in [SGP.33-1](https://www.gsma.com/esim/resources/sgp-33-1-v1-0/) eSIM IoT Test Specification that defines the test cases to be compliant with [SGP.32](https://www.gsma.com/esim/resources/sgp-32-v1-0/)  eSIM IoT Technical Specification

Please note that you can find the latest versions of the eSIM specifications on the following link: https://www.gsma.com/esim/esim-specification/

So, those certificates cannot be used for Process to submit support of Test CI Certificates. The certificates submitted following the Process to submit support of Test CI Certificates(Page 63 of 66 Annex D of SGP.36) are listed on GSMa.com on the link below:

https://www.gsma.com/esim/gsma-root-ci/ à Section - Test certificate: Company lists

Those are self-testing certificates were created by individual companies to allow different entities to test with them, but they are using their own test certificates signed by the companies.
Dantee296 commented 4 months ago

Hi @ArpitxGit

is it possible to get EID of device without carrier privileges ?

either from adb or from apk ?

thanks

ArpitxGit commented 4 months ago

Hi @ArpitxGit

is it possible to get EID of device without carrier privileges ?

either from adb or from apk ?

thanks

Hey @Dantee296

It's not possible to get EID of device without carrier privileges.