Search

EP-4736488-A1 - REMOVABLE SECURE ELEMENT HAVING IMPERSONATION PROTECTION

EP4736488A1EP 4736488 A1EP4736488 A1EP 4736488A1EP-4736488-A1

Abstract

The present invention relates to a removable secure element having a memory to store at least a universal user identifier, a security context, a list of mobile equipment identifiers in which the removable secure element was previously inserted, said removable secure element being dedicated to be inserted in a mobile equipment compliant with plastic roaming connecting and authenticating automatically the mobile equipment to a serving network using the security context stored in the removable secure element as soon as the universal user identifier stored in the removable secure element is the same as the one associated to the security context on the serving network side, said removable secure element further having an application to monitor an identifier of a mobile equipment in which the removable secure element is inserted, said application implementing a retrieval of the identifier of the mobile equipment in which the removable secure element is inserted, a check of the presence of the retrieved identifier in the stored list of mobile equipment identifiers as stored, and, if the retrieved identifier is present in the list, a deletion of the security context as stored.

Inventors

  • Raguenet, Alain
  • PHAN, LY THANH
  • PAULIAC, MIREILLE
  • Collet, Hervé
  • Dany, Vincent
  • Galimard, Alexandra

Assignees

  • THALES DIS FRANCE SAS

Dates

Publication Date
20260506
Application Date
20240611

Claims (8)

  1. 1 . Removable secure element having a memory to store at least a universal user identifier, a security context, a list of mobile equipment identifiers in which the removable secure element was previously inserted, said removable secure element being dedicated to be inserted in a mobile equipment compliant with plastic roaming connecting and authenticating automatically the mobile equipment to a serving network using the security context stored in the removable secure element as soon as the universal user identifier stored in the removable secure element is the same as the one associated to the security context on the serving network side, said removable secure element further having an application to monitor an identifier of a mobile equipment in which the removable secure element is inserted, said application implementing: - a retrieval of the identifier of the mobile equipment in which the removable secure element is inserted, - a check of the presence of the retrieved identifier in the stored list of mobile equipment identifiers as stored, - if the retrieved identifier is present in the list, a deletion of the security context as stored.
  2. 2. Removable secure element according to claim 1 , wherein said application further implements a monitoring of a mobile equipment change timing, the deletion being triggered when the retrieved identifier is present in the list and when the change timing is below a preconfigured threshold.
  3. 3. Method to protect a removable secure element against impersonation of a universal identifier of a user of the removable secure element, the removable secure element having a memory to store at least a universal user identifier, a security context, a list of mobile equipment identifiers in which the removable secure element was previously inserted, said method comprising the steps of, while the removable secure element is inserted in a mobile equipment: retrieving an identifier of the mobile equipment in which the removable secure element is inserted; checking the presence of the identifier in the list of mobile equipment identifiers as stored; if the identifier is present in the list, deleting the security context as stored.
  4. 4. Method according to claim 3, further comprising the step of monitoring a mobile equipment change timing, the deletion being triggered when the retrieved identifier is present in the list and when the change timing is below a preconfigured threshold.
  5. 5. Method according to at least one of claims 3 and 4, further comprising the step of sending a request to authenticate with the serving network to the mobile equipment.
  6. 6. Application dedicated to be installed and run in a removable secure element to monitor an identifier of a mobile equipment in which the removable secure element is inserted, the removable secure element having further a memory to store at least a universal user identifier, a security context, a list of mobile equipment identifiers in which the removable secure element was previously inserted, said application having instructions for the secure element to: - retrieve an identifier of the mobile equipment in which the removable secure element is inserted; check the presence of the identifier in the list of mobile equipment identifiers as stored; if the identifier is present in the list, delete the security context as stored.
  7. 7. Application according to claim 6, further having instructions to monitor a mobile equipment change timing, the deletion being triggered when the retrieved identifier is present in the list and when the change timing is below a preconfigured threshold.
  8. 8. Application according to at least one of claims 6 and 7, further having instructions to send a request to authenticate with the serving network to the mobile equipment.

Description

REMOVABLE SECURE ELEMENT HAVING IMPERSONATION PROTECTION FIELD OF THE INVENTION The present invention relates to a removable secure element having protection against impersonation. The invention also pertains to method to protect a removable secure element against impersonation of a universal identifier of a user of the removable secure element. It relates at last to an application dedicated to be installed and run in a removable secure element to implement the method of the invention. BACKGROUND OF THE INVENTION Researchers revealed a potential vulnerability to impersonate someone else identity on the 3GPP network. Such attacks already appeared on the field and Mobile Network Operators are concerned. In 5G, each subscriber receives a Subscription Permanent Identifier SUPI. It is a globally unique identifier that is assigned to each subscriber in the 5G system and that is provisioned in an Unified Data Repository UDR. In legacy technologies 3G/4G, similar identifiers exist and are known under the term IMSI. Figure 1 illustrates the identified vulnerability. It occurs when, in a step S1 , an attacker temporarily takes a victim’s secure element VSE from a victim’s Mobile Equipment VME, previously connected and authenticated and inserts it, in a step S2, into an attacker's Mobile Equipment AME. This situation corresponds to a “plastic roaming” situation which enables a subscriber to use a same removable secure element in a new ME. Such a plastic roaming uses a “security context” SC which is a state that is established locally at the ME and a serving network domain. It is represented by the "security context data" stored at the ME and a serving network. For example, security context in 5G is explained in TS33.501 - Paragraph 3.1 Definitions. Similar definitions are given in legacy 3G/4G standards. Thanks to the rules as determined in the standards to enable the plastic roaming, the attacker indeed uses the security context SC stored in the victim's VSE and avoid re-authentication to the network. Thus, at step S2, the attacker’s ME is connected and authenticated. This corresponds to a plastic roaming situation. The attack then consists in powering off the attacker's ME in a step S3. During the attacker's ME power-off procedure, an attacker's security context SC’ is stored in the US IM and in the attacker's AME. The serving network domain also has knowledge of this new security context SC’. Besides this process, the attacker retrieves the SUPI of the victim from the USIM in a step S4. The attacker then uses a programmable secure element USIM PSE and copies the victim's SUPI into the attacker's programmable USIM PSE, typically using a computer PC, in a step S5. Here it is noted that no removable property is necessary for the programmable secure element to implement the attack. Steps S4 and S5 define the fraudulent manipulation addressed by the invention. This may occur while victim’s secure element is stolen (e.g. from a locker or at work). The attacker can then temporarily substitute the victim's phone, recover the SIM and copies the victim's SUPI into the attacker's programmable USIM PSE before reinserting the USIM in the victim's mobile VME in a step S6, the mobile being then returned. If USIM is not back to the victim, the victim will alert the MNO and thus the usage of the USIM will be blocked. This is the reason why USIM must be given back. The VME is thus again authenticated and connected as for a classical plastic roaming. The attacker then inserts, in a step S7, the attacker's programmable USIM PSE including the SUPI of the victim’s secure element into the attacker’s AME.lt is here noted that the programmable USIM PSE may also be a secure element already integrated/em bedded in an attacker’s AME. However it is necessary for this AME to have a slot where to introduce the removable victim secure element VSE in order to perform the attack. As the SUPI stored in the attacker's USIM PSE is the same as the one stored in the attacker's AME, the security context SC’ as locally stored in the AME is automatically used to reconnect the attacker’s AME to the network without re-authentication. The reason for such a situation is that mobile equipments do not reset security contexts SC until the SUPI is changed according to 23.501 . With such a process, an attacker could pretend to be someone else. As a consequence, the attacker’s mobile equipment AME uses the Security Context SC’, locally stored in the AME memory, as long as the SUPI associated to that security context SC’ and the SUPI of the USIM PSE are the same. Some approaches can solve this issue like increasing the frequency and the number of Authentication and Key Agreement mechanism. However this increases the network load and the energy consumption. The use of the USIM PIN can also be made mandatory. In addition not to be practical for the user, this solution will not provide more security as fewer and fewer people use or overwrite the default MNO's PIN