Missing reference to SIM/eSIM

[GSMA-EIG]

Context: SIM/eSIM is missing as Secure Element to store and manage cryptographic keys

Issue: The only universally deployed SE in phone is SIM/eSIM and is not listed. All kind of SEs shall be listed in the text to avoid any market distortion.

Proposal: In Table 7 §6.5.3, our recommendation is to replace “Embedded Secure Element” by “Secure Elements” or to mention eSIM and SIM as a Secure Element in addition.

[cyberphone]

Using the SIM as a general purpose security element has been on the radar for 25Y+. Still, it never happened on a major scale, mainly due to the operators' requirement that you need to "rent" this space. FIDO/WebAuthn created by Google et al, permits anybody to securely enroll keys without any contractual agreements. It would be more interesting knowing how FIDO/WebAuthn fits into EUDIW. Probably it does not.

[craftbyte]

Another issue I see here is that people WILL change their carriers at some point. Swapping out a SIM/provisioning a new eSIM would therefore make the security data inaccessible without also developing methods for easy transfer of the data. While it is true that moving credentials between phones may be easier, that is also much more easily done as a UI flow in the wallet app, since most carriers will just issue you a new eSIM when you change phones instead of having you move your eSIM.

I cannot think of other secure elements than embedded that make sense for this use case.

[linuxgemini]

Using the SIM as a general purpose security element has been on the radar for 25Y+. Still, it never happened on a major scale, mainly due to the operators' requirement that you need to "rent" this space. [...]

I have never seen SIMs from carriers having an open way to provide secure element access. Not even an option to rent.

There's also the requirement for custom eSIM issuance requiring at least a relationship between the implementor and the GSMA one way or another; which would raise the budgetary requirements a lot higher.

[...] since most carriers will just issue you a new eSIM when you change phones instead of having you move your eSIM.

Carriers in Turkey do this all the time. I believe one carrier technically does allow you to, but not really. Not only this creates inconvenience, but it also creates an important time gap where a citizen/user would be without an identity for verification.

[ammar93b]

EUDIW need a functional block called Secure Cryptographic Device (Table 5) and Cryptographic keys management system - (Table 7) of ARFv1.1.0 defines) 'HW-defined secure environment for keys and data: a secure Elements (SE), Trusted Execution Environments (TEEs), Hardware Security Module (HSM) etc. (remote or local)'.

In simple words a SSCD/QSCD is needed in EUDIW. Certification of TEE is limited to EU CSA Substantial (EAL2+ AVAN 2), whereas SIM/eSIM can provide services from EAL3+ to EAL 5, which covers LoA high requirement. If we keep eIDAS remote signing (EN 419241-1, 419241-2, 419221-5) away for a moment, then ONLY other way which has been well tested and used over the years for citizen eID service is removable SIM cards (UICC) or embedded SIM (eUICC).

Currently there are many existing national Mobile ID scheme of many European countries (Finnish Mobiilivarmenne, Swiss Mobile ID, Belgian ItsMe, etc.), Some schemes on substantial LoA also exist, e.g France Mobile Connect etc. Meaning every European citizen/resident using a mobile network have a SSCD enabled in their phone.

We believe this could be leveraged, and @GSMA-EIG has raised an important point. SIM/eSIM should be explicitly defined as HW-defined secure environment for keys and data for EUDI Wallet.

GlobalPlatform which standardizes these HW secure environments across SIM, electronic passports, electronic identity cards also wrote a white paper highlighting how SIM/eSIM can be used for wallets (https://globalplatform.org/wp-content/uploads/2023/03/GP_EUDI_Wallet_White_Paper_v1.0_PublicRelease_signed.pdf).

The SIM/eSIM comprises two interfaces: User interface and Over-the-Air (OTA) interface. User interface on smartphone (CAT/SAT) can be leveraged for user interaction like displaying prompts and enquiring PIN. OTA-interface is used for SIM/eSIM applet communication.

We believe that the eSIM integration is based on model, where your smartphone app connects to a remote server, which sends the signature requests back to your eSIM card via OTA-channel. Nowadays, communication latency is so low (especially in 4-5G) that the round-trip time is less than 300ms and you will see prompt on your phone. Similarly for SIM integration, when end-user changes mobile carrier, they are shared new SIM card, and new keys can be initialised by user safely. Additionally, All the technology and logistics around SIM/eSIM is mature and well tested.

Though ENISA has also published its Digital Standards 2023 report few month ago (https://www.enisa.europa.eu/publications/digital-identity-standards) also highlighted in Annex.A on how SIM cards can be used with Wallets to ensure user's sole control over their private keys.

So yes we definitely think, SIM/eSIM should be mentioned explicitly in ARF Table 5 and 7 to avoid any confusion and market distortion.

[cyberphone]

@ammar93b Due to the operator centric concept, SIM/eSIMs have become obsolete as holders of anything beyond subscription-related data and keys. The competing solutions are available for usage by anybody without any special arrangements. TEEs may not meet the highest possible security standards but the difference is mainly in scenarios where the attacker has access to the physical device. Google's "StrongBox" and Apple's "Secure Enclave" seem to address security in a way that is comparable to smart cards. In fact, it seems reasonable to believe that eSIMs will eventually be a part of these sub-systems as well.

FYI, I have personally suggested that (a dedicated part of) SIM-cards should be opened for anybody to use but neither Thales nor the operators showed any interest in that. The SIM vendors still see operators as the customer, in the same way as EMV cards are for banks. Both cards represent entitlements rather than possessions.

Mentioning SIM/eSIM in the ARF would then be more like a "political" statement than an advice. Thales once ran a standardization effort for making smart cards "Web compatible". It was dismissed by the "Big Three" and was subsequently abandoned.

[GSMA-EIG]

We would like to mention a few points on the previous comments:

1. SIM cards are currently the most widely deployed, standardised SE on Smartphones. Not including them in the document may lead to market distortion.
2. Independently of any applet deployment inside SIM cards, we think that already today SIM cards can be used to help reach high level security for an eIDAS EUDIW. The GSMA document (https://www.gsma.com/gsmaeurope/resources/architecture-considerations-for-eidas-2-0/) describes solution to achieve this level based on the use of SIM cards.
3. The eSIM management infrastructure (RSP) is standard and certified with a clear security and operationnal model, compliant with CRA and NIS2. Therefore it shall not be excluded from potential future deployments.
4. Inter-operator migration is an important topic that we are indeed planning to tackle as mentioned in https://www.gsma.com/gsmaeurope/resources/architecture-considerations-for-eidas-2-0/

[cyberphone]

Since the device vendors bet on TEEs and open SEs, the use of SIMs seems to be a thing for the mobile phone operators. That is, they probably need to build the wallets as well. Banks and governments will most likely stick to current, mostly TEE-based, client applications.

EDIT: Using SIMs probably make mobile phone operators the most logical credential issuers as well.

[pinamiranda]

Thank you for your in depth discussion, which will be taken into account subject to the approval process of the eIDAS WG.

Version 1.4.0 of the ARF includes eSIM/eUICC as possible options for the Wallet Secure Cryptographic Device (WSCD).