
E-SIM for consumers: a game changer in mobile telecommunications? - prostoalex
http://www.mckinsey.com/insights/telecommunications/E_SIM_for_consumers_a_game_changer_in_mobile_telecommunications?cid=other-eml-alt-mip-mck-oth-1601
======
csense
According to this comment [1] and other things I've read about how SIM's work,
one of the primary functions of SIM's is to be a tamper-proof chip that you
can't physically get into and read out the credentials (because that would
allow you to clone the credentials and effectively access the cell network
from multiple devices while only paying for a single device).

If you move that provisioning to something that happens over the network, how
do you keep someone from passively sniffing or MITM'ing the network connection
and cloning the downloaded credentials?

~~~
yaantc
A soldered SIM, or eUICC (embedded Universal Integrated Circuit Card, it's
official 3GPP name) is managed by a 3rd party, with a permanent secret inside
it. It also has a resident provisioning profile, typically associated to a
small cellular operator with roaming agreements the world over (small, not to
be perceived as a threat by other operators).

The eUICC can connect to the 3rd party using the default profile, typically
using roaming. This is using the standard SIM toolkit functions, and the
connection is secured using the secret. This is used to download a new
operator profile, based various parameters (country of connection, user
choice, device vendor contracts, ...). Then the device can reconnect using the
new downloaded profile.

The 3rd party manager can reach the SIM at any time, and add / delete / modify
profiles as needed.

So it adds a lower layer. A bit like one can add an hypervisor under an OS,
here you add this new profile management layer under an operator profile
inside the SIM. But it still use secure exchanged mechanism, based on a secret
burned in the SIM and known only to the manager.

------
x5n1
more like market capture, or attempts at it. sims are a great technology.
attempting to make them embedded is a way to take away choice from consumers
so you can offer locked in solutions with less competition. the fcc should do
something about this.

~~~
woah
It sounds like the plan here is to let people download sims instead of having
to physically pop a chip into the device. How is this anticompetitive?

~~~
fulafel
The basis of SIM security is traditionally that nobody can read out its secret
keys, you can only ask the SIM to sign something with its secret keys and tell
you the result. So sounds like this might be not about "writable" e-SIM tech,
but convincing operators to give up the previously closely-guarded keys or
support some new kind of keying system?

