This is the 8th article/week 8 progress report, the last week of my journey at EthIndia Fellowship 3.0, EIF3.0 building Blockchain Powered eSIM.

Here’s the link of the seventh article of this series in which i explained Everything related to a LPA where all the implementation is happening.

In this article I’m going to present you What “The Blockchain Powered eSIM” is,      A product description,

Are you concerned about trusting your network provider with your personal information and activity log? Do you want to do more than just communicate with your eSIM?If so, this new product may be just what you need!

Introducing a novel way of using eSIM services that enables users to do more than just communicate, without trusting the network provider. This product is designed to be an alternate product to telecom network providers who already carry eSIM infrastructure and provide eSIM to end-users. The goal is to provide users with a new way of using eSIM services that enables them to do more than just communicate, while also giving them the option to use a network without trusting the network provider.

• This product is designed to work with existing telecom operators who carry eSIM infrastructure.

• Users will buy an eSIM from the existing telecom operators by providing their KYC and preferred cryptographic wallet address (if they have one).

• The product will provide a portal to the telecom operator where the user will provide the above two pieces of information.

• With this information, the product will generate a unique ZK Identity which will be used for all communication protocols.

• Once the user authentication is completed, a smart contract will be deployed, which will be the basis for all the transactions and the connectivity to the decentralized ecosystem.

• By creating this layer, the product disconnects user identification from user activity.

The telecom operators will have the user identity, and the product will have the activity log, thus no party has both, resulting in the removal of the need to trust the telecom operator for user personal information and activity.

Establishing secure connection to device through LPA

The Local Profile Assistant (LPA)

• The Local Profile Assistant (LPA) is a software component that runs on the device and interacts with the eSIM chip.

• The LPA will pick the user's ZK identity from the blockchain and store it in a tokenized form on the eUICC module.

• The LPA will be accompanied by a UI, called LUI, which will be the application that the end-users will interact with to manage their:

  • eSIM Profile,

  • Communication plans, and

  • Blockchain services.

• The LPA will be responsible for all communication to the device and the OS. This will be the layer that brings the eSIM ecosystem to life.

• The LPA will probe five OS services:

  • Euicc Service, The Euicc Service manages eSIM profiles through ISD-R (”Issuer Security Domain Root”) and is responsible for managing and controlling access to other security domains within the secure element.

  • Connectivity Manager, The Connectivity Manager will deploy the algorithm that will intercept network traffic, entangle the network traffic with the ZK Identity to establish unique and encrypted connections between users as well as services.

  • Telephony Manager, The Telephony Manager provides access to telephony-related information and services on devices.

  • Account Manager, The Account Manager will make use of the tokenized ZK identity to establish authentication, which will be used to access all blockchain-based features.

  • Security APIs The Security APIs verify that the transactions were initiated or executed by the owner of the smart contract, i . e, the end user.

Establishing secure connection to network

Telecom Network

• The device sends a request to the eSIM provider to register on a specific network.

  • The request is sent in form of device identifying network credentials.

  • The registration is done by authenticating these network credentials.

• The eSIM provider then sends a request to the network to allow the device to register on the network.

  • The network operator performs a verification process to ensure that the device is authorized to access the network.

  • By checking the device's IMEI (International Mobile Equipment Identity) number and other identifying information to make sure the device is not stolen or being used for illegal purposes.

• Once the network has authorized the device, the eSIM provider sends the necessary network credentials to the device, which can then establish a connection to the network.

  • These credentials includes:

    • The network's access code,

    • Encryption keys,

    • And other information needed to establish a connection to the network.

And all these Management of the device's profile and network credentials is done by the LPA,

• LPA sends a request to the eSIM provider to download the network profile onto the eSIM chip.

• The eSIM provider then sends the network profile to the LPA, which securely stores the profile on the eSIM chip.

The protocols that are involved in this process are:

• Remote SIM Provisioning (RSP): This is a standard that enables over-the-air management of eSIMs, allowing them to be programmed remotely by an authorized party, such as the eSIM provider.

• Subscription Manager Data Preparation (SMDP): This is a server-side system used by the eSIM provider to manage the eSIM profiles and credentials. It communicates with the device's LPA to download and install network profiles.

• Profile Manager: This is the software component that runs on the device's LPA and manages the eSIM profile and credentials. It communicates with the SMDP to download network profiles and activate them on the eSIM chip.

• HTTPS (Hypertext Transfer Protocol Secure): This is the protocol used for secure communication between the device, the eSIM provider, and the SMDP. It ensures that all data transmissions are encrypted and secure.

• GSMA Remote SIM Provisioning Architecture (RSP-A): This is a technical architecture developed by the GSMA (GSM Association) that defines the standards and protocols for remote provisioning of eSIMs.

Blockchain Network

Connection to an Ethereum node to communicate with the Ethereum blockchain network.

• Choose an Ethereum client implementation that fits in the tech stack.

• Installing and configuration the Ethereum client

• Choose a library or tool that supports JSON-RPC communication as the Ethereum network uses the JSON-RPC protocol to communicate with clients.

• Connect to the Ethereum node by specifying the IP address or domain name of the node and the port number to use.

• Authentication and authorization the connection before the establishment of communication with the Ethereum network.

I was aiming to build the LPA in this fellowship but failed to do so because i was working on the changes required in the Euicc Manager and Services to couple the users’ EOA wallet with eSIM unique id (EID) and failed to build the target because there were more layers in the LPA including connectivity with users and networks, storing profiles and more.

But because i failed in the implementation, i came to know about different layers and gaining insight simultaneously and final reached at this point where i have all the understanding to make this idea live!

Thanks a lot for following this journey with me,You can find the project details here and This is the project repo where all the research and development will continue from now on.

Challenges

• How to fetch user data from the blockchain without internet connectivity?

• How to make the Security Layer fool proof, the Security APIs?

• How to establishing a secure connection to blockchain network?

• How to serve a cryptographic wallet address that has the allowance of connectivity and execution of transactions on multiple blockchain?

• How to ensure the scalability of the blockchain network while maintaining its security?

• How to maintain the integrity of smart contracts on the blockchain network?

• How to ensure interoperability between different blockchain networks?

• How to handle network congestion on the blockchain network?

• How to maintain data consistency across the blockchain network?

• How to ensure regulatory compliance while using a decentralized platform like blockchain?

• How to prevent fraud and malicious attacks on the blockchain network?

I’m seeking guidance from people of interest to make this project live.

Please reach me out on twitter or linkedIn or email me at arpitxdungeon@gmail.com for discussion or advice related to this topic.

This is the 7th article/week 7 progress report of my journey at EthIndia Fellowship 3.0, EIF3.0 building Blockchain Powered eSIM.

Here’s the link of the sixth article of this series in which I started the Implementation of eSIM including AOSP setup and understanding methods from EuiccManager.java, EuiccSevice.java, EuiccController.java.

In this article I’m explaining everything related to a LPA where all the implementation is happening.

LPA

• The LPA (Local Profile Assistant) is an app that manages the eSIM profiles.

• It connects to a remote service called SM-DP+ and to the eUICC (embedded SIM card) chip to activate and manage the profiles.
  Or The LPA serves as a mediator between the remote service (SM-DP+) that prepares and delivers the profile packages and the eUICC chip.

  • SM-DP+ prepares and delivers the profile packages to the device.

  • The eUICC is the hardware component that stores and manages the embedded SIM profiles.

  So, It facilitates the communication between these two components and manages the installation and activation of the profiles on the eUICC chip.

Also ensures that the profiles are installed and activated correctly and that the user can access and use the services associated with each profile on their device.

• The LPA app may(should) include a user interface (LUI) to allow users to manage their profiles easily. LUI, or Local User Interface, refers to the user interface that is displayed on the device during the eSIM profile installation and management process. LUI activities may include:

  1. Selecting the desired carrier: The user selects the carrier they want to use for their eSIM profile.

  2. Entering the activation code: The user enters the activation code provided by the carrier to activate the eSIM profile.

  3. Reviewing the profile details: The user reviews the eSIM profile details, such as the carrier name, phone number, and other relevant information.

  4. Confirming the profile installation: The user confirms that they want to install the eSIM profile on their device.

  5. Managing the installed profiles: The user can manage the installed eSIM profiles by deleting or modifying them as needed.

  In addition to these traditional LUI activities, there may be other activities that need to be added to the LUI to provide a better user experience or to support additional features.

• The Android system automatically connects to the best available LPA to handle eSIM operations.

The existing structure of the LPA (Local Profile Assistant) is centralized, with a single point of control over the distribution and management of eSIM profiles. In this structure, the LPA provider controls the process of downloading and installing eSIM profiles on mobile devices.

And, There are several LPA providers in the market. Some of the well-known LPA providers include:

1. Gemalto, now Thales DIS

2. Giesecke+Devrient (G+D)

3. IDEMIA

4. STMicroelectronics

5. Truphone

6. Workz Group

7. Oasis Smart SIM

8. Telna

9. Valid

10. eSIM.net

Some mobile network operators have also developed their own LPAs. The LPA provider used by a particular mobile network operator vary depending on their agreement and preference.

Decentralizing the LPA using blockchain can provide several benefits, including increased security, improved resilience, greater transparency, reduced cost and faster updates(maybe but definitely tamper proof). By decentralizing the profile management(profile storage and profile distribution), the eSIM ecosystem can become more secure and efficient. Decentralizing LPA can potentially prevent several security breaches.
A few real-life examples:

1. SIM swapping attacks(not possible in eSIM as of now): In a SIM swapping attack, a hacker gains control of a victim's phone number by convincing the telecom provider to transfer the victim's phone number to a SIM card controlled by the hacker. Once the hacker has control of the victim's phone number, they can use it to gain access to the victim's online accounts that use two-factor authentication via SMS. Decentralizing the eSIM profile management and distribution using blockchain can make it more difficult for a hacker to perform a SIM swapping attack because they would need to compromise multiple nodes on the blockchain network.

2. Unauthorized eSIM profile installations: With a centralized LPA, there is a risk that an attacker could gain access to the LPA and install unauthorized eSIM profiles on devices. Decentralizing the eSIM profile management and distribution using blockchain can make it more difficult for an attacker to perform such an attack because they would need to compromise multiple nodes on the blockchain network to install an unauthorized eSIM profile.

3. Data breaches: With a centralized LPA, there is a risk that a data breach could occur, resulting in the compromise of sensitive user information. Decentralizing the eSIM profile management and distribution using blockchain can help to prevent data breaches because the data is stored on multiple nodes on the blockchain network, making it more difficult for an attacker to gain access to all the data.

eSIM Profiles

An eSIM profile is a set of information that is used to provision a mobile device with connectivity information, such as network credentials, authentication keys, and other relevant details required to connect to a mobile network.

An eSIM profile is typically a software component that is installed on the device and is used to authenticate the device with the network operator. The eSIM profile can be downloaded over the air (OTA) and stored securely on the device's eSIM chip.

The format of an eSIM profile is defined by the GSMA (Global System for Mobile Communications Association) and is based on a specification called Remote SIM Provisioning (RSP). The RSP specification defines the structure and format of the eSIM profile, which includes information such as:

• Profile Metadata:

  • Profile name

  • ICCID (Integrated Circuit Card Identifier)

  • Profile creation date

  • Profile expiry date

  • Operator name

  • Service provider name

  • Profile status (e.g., enabled or disabled)

• Network credentials:

  • Authentication key(s)

  • Encryption key(s)

  • Signing key(s)

  • Access point name (APN)

  • Subscriber identification module (SIM) settings

  • Internet Protocol (IP) settings

• Profile attributes:

  • Network technology (e.g., 4G, 5G)

  • Supported services (e.g., voice, data, SMS)

  • Data rates and usage limits

  • Roaming policies

  • Provisioning policies (e.g., over-the-air, physical SIM swap)

  • User profile settings (e.g., preferred language)

The eSIM profile is typically represented in a machine-readable format, such as XML or JSON, which can be easily processed and installed on the device's eSIM chip. In summary, an eSIM profile is a software component that is used to provision a mobile device with connectivity information, and it is defined by the GSMA's RSP specification.

eSIM Profile Distribution

The traditional way of distributing eSIM profiles is through a centralized system where the mobile network operator (MNO) provides the profiles to the end-user through their online portal or a dedicated app. The MNO is responsible for verifying the user's identity, assigning the eSIM profile to the user's device, and then delivering it to the device. This process is often subject to vulnerabilities, such as hacking and identity theft, which can compromise the security and privacy of the eSIM profile.

Now, Blockchain technology can provide an alternative way to distribute eSIM profiles that is more secure and transparent. In this approach, the eSIM profiles are stored on a blockchain, and the blockchain acts as a distributed ledger that keeps track of all the transactions related to the distribution of eSIM profiles. When a user requests an eSIM profile, the platform verifies the user's identity through identity management and authorizes the download and installation of the profile on the user's device.

Storing eSIM Profile

The usual way of storing eSIM profiles is on a centralized server controlled by the mobile network operator (MNO). The server is responsible for managing the eSIM profiles, encrypting them, and storing them securely. Again this makes it vulnerable to cyber attacks and data breaches, which can compromise the security and privacy of the eSIM profiles.

Blockchain technology can provide a more secure way to store eSIM profiles by storing them on a decentralized, distributed ledger. In this approach, each eSIM profile is stored on the blockchain as a unique transaction, which can be accessed only by authorized parties with the appropriate cryptographic keys. By using blockchain for eSIM profile storage, the eSIM profiles can be encrypted and stored in a tamper-proof manner, ensuring that they are protected from unauthorized access and tampering. Additionally, the decentralized nature of the blockchain ensures that there is no single point of failure, which can make the eSIM profile storage more resilient to cyber attacks.

Question,

1. Including all the transactions related to the eSIM profile management and distribution are recorded in a secure, immutable and in transparent way and mainly focus on transparency of user's details and transaction,                                                             ***doesn't it makes users more vulnerable? The answer is, ***No, recording all the transactions related to eSIM profile management and distribution on a blockchain does not necessarily make users more vulnerable. In fact, it can enhance user privacy and security in several ways.

Firstly, cryptography provides enhanced security measures, such as encryption and hashing, which ensure that user data is stored securely and cannot be accessed or tampered with by unauthorized parties.

Secondly, ethereum blockchain technology allows for the creation of smart contracts, which can automate and enforce the terms of transactions in a secure and transparent manner. This can reduce the risk of fraud and provide greater assurance to users that their transactions are secure.

Finally, transparency on the blockchain can actually enhance user privacy, as users can see exactly how their data is being used and who has access to it. This can increase trust and accountability in the system and give users greater control over their data.

2. Potential security risks involved in decentralizing eSIM profile management on a blockchain network? The answer is, Smart contract vulnerabilities, that can be exploited by attackers to steal user information or manipulate transactions. Private key management, The private keys must be properly managed to prevent unauthorized access or theft. And if we are unable to do that we’ll proceed with smart contract wallet. Regulatory compliance, Decentralized eSIM profile management may face regulatory hurdles, and complying with regulations while maintaining the decentralized nature of the system can be a challenge.

3. Hoping for more questions from viewers…

Building a LPA

Building a local profile assistant (LPA) app by decentralizing eSIM profile storage and distribution allowing the user to manage their profiles on the eSIM, including crypto wallets, blockchain networks, and network carrier providers, And which must be hooked up with Android Euicc APIs.

1. Understand the hardware/modem requirements: To ensure your LPA and eSIM are compatible, we need to check the requirements for GSMA RSP v2.0 or v2.2 support. We also need to use SM-DP+(in our case) and SM-DS servers that have a matching RSP version.

2. Android Euicc APIs: The Android Euicc APIs provide a set of functions that allow developers to manage eSIM profiles on Android devices. These APIs include: The EuiccManager API, which provides methods for downloading, installing, and deleting eSIM profiles, The EuiccCardManager API, which provides methods for managing eSIM cards. About The EuiccService, the euiccService is a key component of the Android Euicc APIs and is responsible for managing eSIM profiles on the device, while the EuiccManager API provides a high-level interface for developers to interact with the euiccService and manage eSIM profiles.

3. Implement Euicc APIs:
   Firstly, we need to extend all Euicc APIs and declare it in the manifest file. We must also ensure that the service requires the android.permission.BIND_EUICC_API-NAME system permission and include an intent filter with the android.service.euicc.EuiccAPI-NAME action.

4. **Creating LUI Activities: **Each activity must require the android.permission.BIND_EUICC_API-NAME system permission. Each should have an intent filter with the appropriate action, the android.API_NAME.euicc.category.EUICC_UI category, and a non-zero priority.

5. Using web3J: Web3J is a Java library that provides a simple and lightweight API for interacting with Ethereum and other blockchain networks. Using Web3J to providing activities for LUI, by adding Web3J library to the project dependencies and initializing a Web3J instance to connect to the desired blockchain network. Also using Web3J's API to interact with smart contract responsible for storing and distributing eSIM profiles.

6. Using Biometric: Adding biometric authentication to the LUI can greatly enhance the security of the user's crypto wallet and blockchain network. To implement this, we can use Android's BiometricPrompt API, which provides a standardized way to authenticate the user using biometric data such as fingerprint, face, or iris scan.

That’s all that I’ve worked on as of now, The LPA app. And in the next and last article of EIF3.0 i’m hoping to present you all a LPA of Blockchain Powered eSIM.

This is the 6th article/week 6 progress report of my journey at EthIndia Fellowship 3.0, EIF3.0 building Blockchain Powered eSIM.

Here’s the link of the fifth article of this series, a thesis on Blockchain Powered eSIM.

And with this article I’m starting with the Implementation of eSIM, mainly AOSP setup and understanding methods from EuiccManager.java, EuiccSevice.java, EuiccController.java.

But before that, There’s one concern in the design that has been troubling me,

So the current structure proposes,

A novel approach to link a crypto wallet(EOA) with mobile number in such a manner that a person gets associated with a crypto wallet(EOA) in a similar way the person gets associated to a mobile number with the help of eSIM/SIM technology. The proposed method employs the concept of account abstraction to establish a virtual account for non crypto users that serves as a purely cryptographic foundation layer. This approach enables secure access to users' crypto wallets without exposing their private keys, which is particularly beneficial for users unfamiliar with crypto wallets and the underlying technology. With the feasibility of the proposed concept and outlining how it can provide carrier app services to network carrier providers and Local Profile Assistant (LPA) services to mobile OEMs and end-users. The activation of the eSIM will take place through the Ethereum blockchain, and all relevant details will be sent to the Ethereum blockchain using a smart contract.

Now this seems to be a critical point to implement these three,

1. Wallet Creation: Create a crypto wallet within the LPA.

2. Key Management: Generate a private key and a corresponding public key for the crypto wallet.

3. Key Storage: Store the private key securely in the LPA.

So thinking about to associate a smart contract rather than a crypto wallet(EOA).

The Smart Contract will be inspired by Account Abstraction and act as a safe that puts a relief on managing and storing private keys of EOA wallets in the LPA and other drawbacks of EOA wallet.

To achieve this, the eSIM will be used to link the mobile number with the Smart Contract address, which will serve as a secure wallet. Users will be able to gain access to decentralized applications by connecting their wallet with a fingerprint scan or default app lock method, which will enable them to execute transactions in a secure and efficient manner.

Pros and cons of EOA and Smart Contract wallet

Pros of EOA wallets:

1. Easy to use and set up.

2. Can be used to store any type of Ethereum-based cryptocurrency.

3. Can be accessed using a private key, which can be backed up and stored securely.

Cons of EOA wallets:

1. The security of the wallet is solely dependent on the user's ability to keep their private key secure. If the private key is lost or stolen, the wallet cannot be recovered.

2. There is no way to limit the amount of funds that can be sent from the wallet, making it less secure in the event of a hack or theft.

Pros of Smart Contract wallets:

1. Can be designed to incorporate additional security features, such as multisig transactions and time locks, which make it more secure than EOA wallets.

2. Can be customized to meet specific requirements, such as automatic recurring payments or conditional transactions.

3. The funds in a Smart Contract wallet are not accessible unless the conditions specified in the Smart Contract are met.

Cons of Smart Contract wallets:

1. Can be more complicated to set up and use than EOA wallets.

2. Can only be used to store specific types of cryptocurrencies that are compatible with the Smart Contract language used to create the wallet.

3. Smart Contract wallets are dependent on the underlying blockchain technology, which can be subject to bugs and security vulnerabilities.

I’ll be implementing the smart contract wallet in the next week.

For now let’s begin with the current implementation as there steps to be climbed before associating a wallet.

Building LPA

As we are woking on building the LPA to let the end user manage eSIM profiles with wallet and networks.

To start implementing an eSIM we first need to build Android Open Source Project (AOSP).

NOTICE: Platform development on MacOS isn't supported as of June 22, 2021.

Proceeded with this guide for Building AOSP on mac OS.

Step 1: Setting up File system

The default file system on macOS 10.13 and later which is called Apple File System (APFS) is case-insensitive. But to build AOSP, we need a case-sensitive file system. Created a case-sensitive file system "aosp" using Disk Utility in mackbook pro 14" 2442, before we can start downloading the code.

Step 2: Downloading the source

Android team has made an utility called repo, which helps in managing multiple repositories. We will be using this utility to download android source.

Installed repo using brew successfully.

Created and base directory inside the new volume, where we want to clone all the repos required for building inside the volume we created in first step.

❯ cd /Volumes/aosp

❯ mkdir source

❯ cd source

Initialised the repo.

This will create a .repo/ directory with Git repositories for the Repo source code and the manifest files which specifies where the various repositories included in the Android source. repo init -u <https://android.googlesource.com/platform/manifest>

Successfully downloaded Repo source from repo.

Now, cloning the source using repo sync -c -j8 and it took more than 8 hours in macbook pro with Apple M1 Pro chip.

Step 3: Environment setup and build configuration

Before, we can start the build, we need to some configuration steps.

• Commands Setup

Android source offers some helper commands for building, we can add them to our path in current session with below command.

❯ source build/envsetup.sh

You can use the hmm command to list all the helper commands that are added.

• Selecting Build target

We can select the build target, i.e for which product and architecture we want to build for using the lunch command. Just run lunch without any arguments, it will show you some of the available configurations.

And our Build Target is aosp_cf_x86_64_phone-userdebug

Now, Building the code:

To build Android, you must select a target device type to build with the lunch command. A target is a device permutation, such as a specific model or form factor.

The device target included below, aosp_cf_x86_64_phone-userdebug, enables you to build the Cuttlefish virtual Android device for testing without a physical device.

Passed build target successfully using lunch aosp_cf_x86_64_phone-userdebug

Then,

Tried many things after this but unable to pass through this successfully, got to know that there maybe chances where this target requires more RAM. So i’m looking into different targets for implementation of eSIM. If I failed to build the Cuttlefish virtual Android device for testing without a physical device. Then i’ll proceed to get a supported device making a Flashing Device and pass the respective target.

As i was stuck here, so proceeded to note down the methods for:

EID Retrieval: Retrieve the EID of the eSIM that will be used for coupling with the crypto wallet(EOA) or Smart Contract Wallet.

Get EID (public)

This API can be found in the EuiccManager EuiccManager.java.

• Gets the EID identifying the eUICC hardware.

• This may be null if the eUICC is not ready.

• The caller must have carrier privilege or the READ_PRIVILEGED_PHONE_STATE permission.

  String eid = mgr.getEid();
  if (eid == null) {
    // Handle null case.
  }
  

• Diving deep in the method by going through EuiccManager.java

  /**
       * Returns the EID identifying the eUICC hardware.
       *
       * <p>Requires that the calling app has carrier privileges on the active subscription on the
       * current eUICC. A calling app with carrier privileges for one eUICC may not necessarily have
       * access to the EID of another eUICC.
       *
       * @return the EID. May be null if the eUICC is not ready.
       */
      @Nullable
      public String getEid() {
          if (!isEnabled()) {
              return null;
          }
          try {
              return getIEuiccController().getEid(mCardId, mContext.getOpPackageName());
          } catch (RemoteException e) {
              throw e.rethrowFromSystemServer();
          }
      }
  

So as we can see,

• The method requires that the calling app has carrier privileges on the active subscription on the current eUICC.

  • If the calling app does not have the required privileges, the method will return null.

• Note that even if an app has carrier privileges for one eUICC, it may not necessarily have access to the EID of another eUICC.

• The getEid() method checks if the eUICC is enabled.

  • If it is not enabled, the method will return null. If the eUICC is enabled, the method will attempt to retrieve the EID by calling the getEid() method on the IEuiccController interface.

  • The mCardId parameter specifies the ID of the eUICC card to retrieve the EID from, and mContext.getOpPackageName() specifies the package name of the calling app.

• If an error occurs during the process of retrieving the EID, the method will throw a RemoteException and rethrow it as a RuntimeException. Otherwise, the EID of the active eUICC will be returned as a String.

From the above it seems like getIEuiccController() is an important method so diving deep into it and noting down all the methods that uses getIEuiccController

getIEuiccController()

/**
     * Whether embedded subscriptions are currently enabled.
     *
     * <p>Even on devices with the {@link PackageManager#FEATURE_TELEPHONY_EUICC} feature, embedded
     * subscriptions may be turned off, e.g. because of a carrier restriction from an inserted
     * physical SIM. Therefore, this runtime check should be used before accessing embedded
     * subscription APIs.
     *
     * @return true if embedded subscriptions are currently enabled.
     */
    public boolean isEnabled() {
        // In the future, this may reach out to IEuiccController (if non-null) to check any dynamic
        // restrictions.
        return getIEuiccController() != null && refreshCardIdIfUninitialized();

1. The isEnabled() method checks whether embedded subscriptions are currently enabled on the device.

   Even on devices with the PackageManager.FEATURE_TELEPHONY_EUICC feature, embedded subscriptions may be turned off due to carrier restrictions or other reasons.

Therefore, this runtime check should be used before accessing embedded subscription APIs.

The isEnabled() method first checks whether the IEuiccController interface is available by calling the getIEuiccController() method. If the interface is not available, the method will return false.

If the IEuiccController interface is available, the method will call the refreshCardIdIfUninitialized() method to initialize the eUICC card ID if it is not already initialized. This method is called to ensure that the eUICC card ID is valid before proceeding with any operations that require it. If the eUICC card ID is not initialized, the method will return false.

If the IEuiccController interface is available and the eUICC card ID is initialized, the method will return true, indicating that embedded subscriptions are currently enabled on the device.

2. Used in getOtaStatus() in this way getIEuiccController().getOtaStatus(mCardId);

   The getOtaStatus() method returns the current status of the eUICC (embedded Universal Integrated Circuit Card) OTA (over-the-air) update process, which is used to update the eUICC software and data.

   The method requires the WRITE_EMBEDDED_SUBSCRIPTIONS permission to be granted to the calling app.

   If the eUICC is not ready, the method returns EUICC_OTA_STATUS_UNAVAILABLE. If the eUICC is ready, the method calls the getIEuiccController().getOtaStatus() method to retrieve the OTA status from the IEuiccController interface.

   If an exception occurs during the method call, it will be caught and rethrown as a RemoteException to the calling app.

3. And it is used in many methods because EuiccController is because it provides an interface for managing eUICCs (embedded Universal Integrated Circuit Cards). It is responsible for handling various eUICC-related tasks such as activating, deactivating, and managing the installation and removal of eUICC profiles.

   The EuiccController service runs in the system process and exposes an interface through which other system components and apps can interact with eUICCs. The service is responsible for communicating with the eUICC hardware and coordinating the installation and removal of eUICC profiles with the relevant carrier servers.

   The EuiccController interface includes methods for various eUICC operations, such as retrieving information about the eUICC hardware, managing profiles and their related operations, and triggering eUICC OTA (over-the-air) updates.

   The EuiccController service is not directly accessible to third-party apps. Instead, it is accessed through the EuiccManager class, which is a high-level API provided by the Android system for managing eUICCs.

So I’ll stop here because if i continue this article will become technical documentation on Euicc Manager,Service and Controller. In the next article i’ll be simplifying the explanation of implementation of eSIM, building a LPA and a carrier app.

So That’ll be all for now. This is me on twitter and linkedIn, I’m more than happy to discuss any aspect of this solution. And any comments, advice and feedbacks are much appreciated.

Blockchain and eSIM are disruptive technologies in the mobile industry facing resistance from established players. Despite this, they are slowly being adopted due to innovation and companies that see the value in change. Both technologies have a secure future and it's only a matter of time before eSIMs become the norm, with blockchain helping to drive their adoption.

This is the 5th article/week 5 progress report of my journey at EthIndia Fellowship 3.0, EIF3.0 building Blockchain Powered eSIM.

Here’s the link of the fourth article of this series discussing how the telecom industry can enhance its protocols, algorithms using Zero Knowledge Proofs and explores how this technology can be incorporated into this project.

And this article is a thesis on Blockchain Powered eSIM.

Prerequisite

1. eSIM

An eSIM(embedded-SIM) is a form of programmable SIM card that is embedded directly into a device.

Instead of an integrated circuit located on a removable universal integrated circuit card (UICC), typically made of PVC, an eSIM consists of software installed onto an eUICC chip permanently attached to a device.

Once an eSIM carrier profile has been installed on an eUICC, it operates the same as a physical SIM, complete with a unique ICCID and network authentication key generated by the carrier.

The eSIM standard was first released in 2016; since that point, eSIM has begun to replace physical SIM in domains including cellular telephony.

Since 2010, the GSMA had been discussing the possibility of a software-based SIM.

To avoid any confusion, suggesting the following way of looking at the definition:

"eSIM is the whole service - SIM + eUICC + platform, eUICC is the software that allows provisioning"

And the difference

So,

• An eSIM, or embedded SIM, is a programmable SIM card that is built into a device and can be remotely activated and provisioned.

• It's not a software in the traditional sense, but it can be thought of as an integrated circuit that contains firmware and data storage.

• The structure of an eSIM is similar to a traditional SIM card, but it's an electronic chip embedded in the device's hardware.

• eSIMs have a unique identifier, which is similar to a traditional SIM card's ICCID, and can store multiple network profiles that can be activated based on the user's preference.

• eSIMs work by using remote provisioning to download and install network profiles over the air (OTA).

• The remote provisioning process involves several steps, including registration, download, activation, and management.

• eSIMs provide enhanced security features, such as encryption and authentication, to protect user credentials and prevent fraud.

• eSIM technology provides a flexible and secure way to activate and manage network services on a device without the need for physical SIM cards.

• eSIMs are an important technology for enabling cellular connectivity on a wide range of devices, including smartphones, tablets, wearables, and IoT devices.

2. Blockchain

• Blockchain is a type of shared database that differs from a typical database in the way that it stores information; blockchains store data in blocks that are then linked together via cryptography.

• As new data comes in, it is entered into a fresh block. Once the block is filled with data, it is chained onto the previous block, which makes the data chained together in chronological order.

• Different types of information can be stored on a blockchain, but the most common use so far has been as a ledger for transactions.

• In Bitcoin’s case, blockchain is used in a decentralized way so that no single person or group has control—rather, all users collectively retain control.

• Decentralized blockchains are immutable, which means that the data entered is irreversible. For Bitcoin, this means that transactions are permanently recorded and viewable to anyone.

• Ethereum is a decentralized, open-source blockchain with smart contract functionality.

• Ethereum enables the smart contracts and applications built on its blockchain to run smoothly without fraud, downtime, control, or any third-party interference.

3. Account Abstraction

• Account abstraction is the idea of decoupling the relationship between the signer and the account by making every account a smart contract that can contain its own logic.

• Account abstraction is a new way of managing accounts in Ethereum beyond the current externally owned account (EOA) system.

• EOAs have limitations in terms of key management, access control, gas payment, efficiency, and privacy.

• Account abstraction allows for more flexible logic that can be controlled by code, opening up new possibilities.

• Use cases for account abstraction include social recovery, dead man switch, and more complex access control policies.

4. Zero Knowledge Proofs

A way to prove bound on the amount of knowledge released in an interaction. A zero-knowledge proof (ZKP) is a method of proving the possession of certain information without revealing that information, or any other information beyond the fact that the information exists and is held by the prover. In other words, a ZKP allows one party (the prover) to prove to another party (the verifier) that a statement is true, without revealing any information beyond the fact that the statement is true.

So combining these two, Blockchain and Telecom tech. I’m presenting you all a thesis on Blockchain Powered eSIM.

5. GSMA

GSMA refers to the Groupe Speciale Mobile Association, a trade body that represents the interests of mobile network operators worldwide. The organization was founded in 1987 and is headquartered in London, UK. The GSMA represents over 750 of the world's mobile operators, as well as more than 300 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers, and internet companies. The organization works to promote the growth of the mobile industry and to ensure that mobile technologies and services are made available to as many people as possible. Some of its key initiatives include the Mobile World Congress, a major industry event held annually, and various programs and initiatives aimed at driving the adoption and development of new mobile technologies and services.

Abstract

The traditional method of associating a mobile number with a physical SIM card has been a bottleneck for the growth of the telecom industry. With the advancement in technology and the rise of cryptocurrencies, This project aims to couple a mobile number with a crypto wallet through an eSIM. This process leads to linking a crypto wallet with an individual in a similar manner as a mobile number is linked to the corresponding person. By implementing the concept of account abstraction, a virtual account can be established, which will serve as a purely cryptographic foundation layer. This approach is particularly beneficial for users who are not familiar with crypto wallets and the tech it revolves around. Enabling secure access to the user's crypto wallets without exposing their private keys. This eSIM will provide cryptographic identity services and be backed by zero-knowledge proofs, ensuring privacy and security of the user's data. This paper explores the feasibility of this concept and discusses how it can provide a carrier app to network carrier providers and a Local Profile Assistant (LPA) to mobile OEM and end-users. The paper also discusses how the activation of the eSIM will be happening through the Ethereum blockchain and how all the details will be sent to the Ethereum blockchain using a smart contract.

Introduction

The telecom industry has grown rapidly over the past few decades, and the demand for mobile phones has increased significantly. However, the traditional method of associating a mobile number with a physical SIM card has been a bottleneck for the growth of the telecom industry. The process of acquiring a SIM card is cumbersome and time-consuming, and it requires the users to provide personal information to the network carrier providers. Moreover, the use of physical SIM cards also poses a security risk as they can be easily lost or stolen. Blockchain technology has the potential to revolutionize the telecom industry by introducing a new concept called Blockchain Powered eSIM.

Blockchain Powered eSIM is a concept that aims to associate a mobile number with a crypto wallet through an eSIM. An eSIM is a digital SIM that can be programmed with multiple mobile network profiles. The eSIM can be embedded in the mobile device during the manufacturing process, eliminating the need for a physical SIM card. The eSIM can be activated remotely, making it more convenient for the users.

Blockchain technology will provide a secure and decentralized platform for the activation and management of the eSIM. The activation of the eSIM will be happening through the Ethereum blockchain, and all the user details will be sent to the Ethereum blockchain using a smart contract. The use of blockchain technology will also eliminate the need for the network carrier providers to store the user's personal information, reducing the risk of data breaches.

Existing eSIM Technologies and Their Limitations

Embedded SIM (eSIM) technology has been around for a few years and has gained popularity in various consumer electronics devices such as smartphones, tablets, and wearables. The eSIM technology eliminates the need for a physical SIM card and provides several benefits such as remote provisioning and improved security.

However, the existing eSIM technologies have some limitations that need to be addressed. One of the major limitations is the lack of interoperability between eSIMs from different vendors, which can lead to vendor lock-in and limit consumer choice. Another limitation is the limited memory capacity of the eSIMs, which can limit the number of profiles that can be stored on the eSIM.

Furthermore, traditional eSIMs rely on centralized entities such as mobile network operators (MNOs) for the provisioning and management of the eSIM profiles. This centralization creates a single point of failure and increases the risk of security breaches, as the centralized entity has access to sensitive user data.

To address these limitations, Proposing Blockchain Powered eSIM as a potential solution. Blockchain-powered eSIMs leverage the decentralized nature of blockchain to provide improved security, privacy, and interoperability. By eliminating the need for a centralized entity for profile management, blockchain-powered eSIMs can also reduce the risk of security breaches and increase user control over their data.

Personas

The following personas are involved in this project:

• End-Users: Users of the eSIM solution who want a secure and seamless way to access decentralised applications and services.

• Mobile Operators: Companies responsible for managing the eSIM profiles and provisioning the eSIMs to subscribers(end-users).

• Device Manufacturers: Companies responsible for integrating the eSIM into their devices.

• Regulatory Bodies: Government agencies and industry organizations responsible for ensuring the eSIM solution complies with relevant regulations and standards.

• Developers: Developers responsible for building and maintaining the blockchain infrastructure that powers this eSIM solution.

Deliverables

This project aims to deliver:

1. Carrier App to mobile network operators Mobile network operators creates carrier-branded apps to manage their profiles directly. This includes downloading and deleting subscription profiles owned by the carrier, as well as switching to a profile owned by a carrier. The carrier app will be used to manage the network profiles and activate the eSIM remotely. The carrier also provides real-time information on the usage of the network and the billing details. The use of blockchain technology can ensure that the information provided by the carrier app is accurate and transparent.

2. LPA to mobile OEM(Original equipment manufacturer) and end users The LPA will be used by end users to manage their profiles including the management of:

   1. Activation of the eSIM remotely

   2. Blockchain network they are connected to

   3. Crypto wallets they are associated with.

   4. The LPA can also provide real-time information on the usage of the networks and apps that will be used from this service(a system level wallet).

Design and Architecture

Embedded SIM (eSIM, or eUICC) technology allows mobile users to download a carrier profile and activate a carrier's service without having a physical SIM card.

It's a global specification driven by the GSMA that enables remote SIM provisioning (RSP) of any mobile device.

Starting with Android 9, the Android framework provides standard APIs for accessing eSIM and managing subscription profiles on the eSIM.

These eUICC APIs enable third parties to develop their own carrier apps and local profile assistants (LPAs) on eSIM-enabled Android devices.

LPA

The LPA is a standalone, system app that should be included in the Android build image. Management of the profiles on the eSIM is generally done by the LPA, as it serves as a bridge between the SM-DP+ (remote service that prepares, stores, and delivers profile packages to devices) and the eUICC chip.

LPA-APK & LPA-UI or LUI

The LPA APK can optionally include a UI component, called the LPA UI or LUI, to provide a central place for the end user to manage all embedded subscription profiles.

The Android framework automatically discovers and connects to the best available LPA, and routes all the eUICC operations through an LPA instance.

Coupling the crypto wallet and the eSIM unique ID(EID) together in the LPA APK

The LPA app will interact with the eUICC chip on the device, which stores the eSIM profile, and with the crypto wallet.

One way to couple the eSIM unique ID with the crypto wallet is to associate the eSIM unique ID with the user's crypto wallet address.

When a user initiates a transaction, the LPA app can retrieve the eSIM unique ID and the associated wallet address, and use them to securely authenticate and authorize the transaction. The LPA app can also use the eSIM unique ID as an identifier for the user, which can be useful for tracking transactions.

To implement this functionality,

We can add an API to the LPA app that allows the user to associate their eSIM unique ID with their crypto wallet address. We will need to securely store this association on the device and make sure that it cannot be accessed by unauthorized parties.

The LPA app can then use this association to authenticate and authorize transactions.

When a transaction is initiated, the LPA app can prompt the user to authenticate themselves using biometric authentication or another secure method. Once the user is authenticated, the LPA app can retrieve the eSIM unique ID and the associated wallet address, and use them to sign and authorize the transaction.

Note: There are lots of additional security considerations and regulation concerns when coupling telecom and blockchain technologies and all of them are only noted for now, so it's important to thoroughly test the implementation and ensure that it is secure.

The process of coupling an EID with a crypto wallet in the LPA (Local Profile Assistant) in Android eSIM development typically involves the following high-level steps:

1. EID Retrieval: Retrieve the EID of the eSIM that will be used for the crypto wallet.

2. User Authentication: Authenticate the user before proceeding with the coupling process.

3. Wallet Creation: Create a crypto wallet within the LPA.

4. Key Management: Generate a private key and a corresponding public key for the crypto wallet.

5. Key Storage: Store the private key securely in the LPA.

6. EID and Key Association: Associate the EID of the eSIM with the private key of the crypto wallet in the LPA.

7. Blockchain Network Selection: Associate this wallet with a blockchain network and allow management of multiple network within the LPA.

8. Wallet Activation: Activate the crypto wallet within the LPA.

9. Testing and Verification: Test and verify the coupling of the EID with the crypto wallet to ensure that it works as intended.

The specific implementation details of these steps will depend on the particular eSIM and LPA being used, as well as the specific requirements of the crypto wallet being integrated.

The "Blockchain Network Selection" layer would allow the user to choose between different blockchain networks. Once a network is selected, the wallet functionality layer would be updated to reflect the selected network. This could include changing the address format, updating the available tokens/coins, and adjusting the network fees.

The user interface layer would provide the user with a way to easily switch between different networks. This could be done through a dropdown menu or a button that allows the user to select the desired network.

Conclusion

Blockchain Powered eSIM is a revolutionary concept that aims to revolutionize the telecom industry. The use of blockchain technology can provide a secure and decentralized platform for the activation and management of the eSIM. The activation of the eSIM will be happening through the blockchain, and all the details will be sent to the blockchain using a smart contract. The use of Blockchain Powered eSIM can provide a carrier app to network carrier providers and a Local Profile Assistant (LPA) to mobile OEM and end-users, where end-users can access decentralized applications with default app lock methods. This concept can provide a convenient and secure way of associating a mobile number with a crypto wallet through an eSIM.

Future Perspective

In the future, it is possible that we may no longer need mobile devices with large storage capacities, Decentralized storage solutions can be utilized to store all types of files that are typically saved on mobile devices. This could alleviate the fear of losing important files if a mobile device is lost or stolen.

Furthermore, this solution may have implications for data privacy and security, as it may reduce the reliance on centralized servers that can be vulnerable to hacking or data breaches. It may also allow for greater control and ownership of personal data by individual users.

Additionally, this solution may make phone mining and cryptocurrency staking more accessible and user-friendly.

And more…

That’ all for now. This is me on twitter and linkedIn, I’m more than happy to discuss any aspect of this solution. And any comments, advice and feedbacks are much appreciated.

And in the upcoming weeks article, I’ll be writing about the implementation part.

Thankyou:)

Blockchain and eSIM are disruptive technologies in the mobile industry facing resistance from established players. Despite this, they are slowly being adopted due to innovation and companies that see the value in change. Both technologies have a secure future and it's only a matter of time before eSIMs become the norm, with blockchain helping to drive their adoption.

This is the 4th article / Week4 progress report of my journey at EthIndia Fellowship 3.0 , building Blockchain Powered eSIM.

Here’s the link of the third article of this series in which I’m aiming to build Blockchain Powered eSIM.

This article discusses how the telecom industry can enhance its protocols, algorithms using Zero Knowledge Proofs and explores how this technology can be incorporated into this project.

Let’s begin with learning a little about Zero Knowledge Proofs:

Zero Knowledge Proofs

A new notion of a Proof !* A new way to prove bound on the amount of knowledge released in an interaction ! If ‘Simulated View’ and ‘Real Interaction’ are computationally indistinguishable *!

- Shafi Goldwasser

A zero-knowledge proof (ZKP) is a method of proving the possession of certain information, such as a private key, without revealing that information, or any other information beyond the fact that the information exists and is held by the prover. In other words, a ZKP allows one party (the prover) to prove to another party (the verifier) that a statement is true, without revealing any information beyond the fact that the statement is true. ZKP protocols are used in various applications, including secure multiparty computations, digital rights management, and blockchain technology.

ELI5

Imagine you have a secret toy and you want to show your friend that you have it, but you don't want to give it away or show them what it looks like. You can show them a proof that you have the toy, without actually showing them the toy itself. This proof is called a "zero-knowledge proof" because your friend doesn't learn any extra information other than the fact that you have the toy.

It's like you have a box with a toy inside, and you want to prove to your friend that there is a toy inside the box without opening it. You can shake the box and let them hear the noise the toy makes. Your friend can tell that there is something inside the box because of the noise, but they don't know what the toy looks like.

It's similar to real-life situations like, when you go to the bank, you prove your identity to the teller by showing them your ID card, but you don't show them all your personal information or how much money you have.

Note: I’ve been learning ZKPs from a past few months and on the basis on my learning i’m writing this article, please correct me if i’m wrong.

Firstly, let’s get into a few protocols that i came across and how they can be improved by ZKP:

There are several protocols in telecom that can be improved with zero-knowledge proofs (ZKPs), here are some examples:

1. Authentication and Authorization:ZKPs can be used to prove identity or access rights to the network without revealing any personal information. For example, in the 5G network, ZKPs can be used to provide secure authentication and authorization of devices without disclosing the device's identity or location. This can protect against unauthorized access to user data and enhance privacy.

2. Billing and Charging: ZKPs can be used to enable secure billing and charging of telecom services without revealing any personal information. For example, in the context of mobile payments, ZKPs can be used to prove the ownership of a mobile wallet without disclosing the owner's identity or transaction details. This can prevent fraud and enhance privacy.

3. Location Tracking: ZKPs can be used to enable secure location tracking of mobile devices without revealing the device's location to third parties. For example, in the context of emergency services, ZKPs can be used to provide secure location tracking of a device without disclosing the device's location to unauthorized parties. This can enhance privacy and security.

4. Network Optimization: ZKPs can be used to enable secure sharing of network data between telecom operators without disclosing any sensitive information. For example, in the context of network optimization, ZKPs can be used to share network statistics between operators without revealing any personal information or specific user behavior. This can enhance network performance while preserving privacy.

Overall, ZKPs offer a promising way to enhance the security and privacy of various protocols in telecom. By leveraging ZKPs, telecom operators can provide more secure and private services while protecting against fraud and unauthorized access to user data.

Secondly, let’s get into a few algorithms that can be improved using Zero Knowledge Proofs.

Improvements in Global System for Mobile Communication (GSM) using ZKPs

GSM (Global System for Mobile Communications) is a widely used mobile communication standard that provides voice and data services to mobile devices.

Currently, GSM uses a challenge-response auth mechanism, where the network sends a challenge to the mobile device, and the mobile device responds with a value calculated using a secret key. This mechanism is vulnerable to attacks such as eavesdropping and man-in-the-middle attack

One way that ZKP could be used to improve GSM is to enhance the security of the authentication process between the mobile device and the network.

ZKP could be used to create a more secure authentication mechanism by allowing the mobile device to prove to the network that it possesses the secret key without revealing the key itself.

In this scheme, the network would send a random challenge to the mobile device, and the mobile device would use the secret key to generate a response.

Instead of sending the response directly to the network, the mobile device would use a ZKP to prove to the network that it possesses the secret key without revealing the key itself.

Another potential use of ZKP in GSM is to enhance the privacy of user data. With traditional auth mechanisms, the network knows the identity of the user and can link their activity to their identity.

By using ZKP, the user could prove their identity without revealing it to the network, thus providing an extra layer of privacy.

Implementing ZKP in GSM would require significant changes to the existing infrastructure, so it may take some time before we see this technology being used in practice.

Improvements in Advanced Encryption Standard (AES) and Data Encryption Standard (DES) using ZKPs

Zero-knowledge proofs (ZKPs) can potentially help in advancing the Advanced Encryption Standard (AES) and Data Encryption Standard (DES) by improving their security and privacy.

ZKPs allow a prover to convince a verifier of the truth of a statement without revealing any additional information beyond the fact that the statement is true. In the context of cryptography, ZKPs can be used to prove that certain computations were performed correctly or that certain data satisfies certain conditions, without revealing the actual computation or data.

For AES and DES, ZKPs can be used to prove that the encryption or decryption of a message was performed correctly, without revealing the encryption key or the plaintext message. This can be useful in situations where the confidentiality of the encryption key or the plaintext message must be maintained, but it is still necessary to prove that the encryption or decryption was performed correctly.

Additionally, ZKPs can also be used to prove that certain cryptographic primitives, such as hash functions or symmetric encryption algorithms, are secure and resistant to attacks. This can be useful in verifying the security of AES and DES, as well as in developing new cryptographic primitives that are more secure and efficient than existing ones.

In summary, ZKPs can potentially help in advancing AES and DES by improving their security and privacy, as well as in verifying the security of cryptographic primitives used in these algorithms.

Improvements in Authentication and Key Agreement (AKA) protocol using ZKPs

The Authentication and Key Agreement (AKA) protocol is a security protocol used in cellular networks to authenticate users and establish secure communication channels. Zero-knowledge proofs (ZKPs) can be used to improve the security and privacy of the AKA protocol in several ways:

1. Enhancing User Privacy: ZKPs can be used to verify user identities without revealing any additional information about the user, beyond the fact that the user has the necessary credentials to access the network. This can help protect user privacy by preventing the disclosure of unnecessary personal information.

2. Mitigating Replay Attacks: Replay attacks occur when an attacker intercepts and retransmits previously sent messages, in order to gain unauthorized access to the network. ZKPs can be used to prevent replay attacks by including a time stamp in the message, which is then verified using a ZKP to ensure that the message is current and has not been previously transmitted.

3. Improving Key Agreement: ZKPs can be used to establish shared secret keys between users and the network, without revealing the actual keys themselves. This can improve the security of the key agreement process, as it prevents the interception of the keys by attackers.

4. Protecting Against Man-in-the-Middle Attacks: Man-in-the-middle attacks occur when an attacker intercepts and modifies messages between two parties, in order to gain access to the network. ZKPs can be used to protect against man-in-the-middle attacks by providing a secure channel for verifying the identities of the parties involved in the communication.

Overall, the use of ZKPs in the AKA protocol can enhance the security and privacy of cellular networks, by mitigating various types of attacks and improving the key agreement process. However, the implementation of ZKPs can also introduce additional computational overhead and complexity, which must be carefully balanced against the benefits of increased security and privacy.

Finally, I’m explaining how ZKPs can provide a higher level of security for user data and how i can use ZKPs in my project to enhance the security and privacy of traditional SIM cards/ eSIM by enabling users to prove their identity or access rights to the network without revealing any of their private information.

So as this is the overview of my project,The goal of this project is to build a blockchain-powered eSIM solution that seamlessly integrates with the user's existing crypto wallets. Account abstraction will be used to create a virtual account linked to the user's eSIM ID, which will allow secure access to their crypto wallets without exposing private keys. The eSIM solution will provide cryptographic identity services and be backed by zero-knowledge proofs to ensure privacy and security. The blockchain technology will be used to store and manage the eSIM data, providing a secure and decentralized solution that is resistant to data breaches and other security threats.

And this is one of the problem that i want to tackle in this project,

***The traditional SIM card (a physical card) and an eSIM stores information such as user identity, location and phone number, network authorization data, personal security keys, contact lists and stored text messages. ***So let’s get into it and how we can make it more secure.

How zero-knowledge proofs can provide a higher level of security for user data

Zero-knowledge proofs (ZKPs) can be used in various ways to enhance the security and privacy of the proposed blockchain-powered eSIM solution. Here are some possible use cases:

1. Authenticating the eSIM: ZKPs can be used to prove the authenticity of the eSIM without revealing any sensitive information. This can prevent fraudulent use of fake or stolen eSIMs. ZK-SNARK is a suitable algorithm for this use case.

2. Proving ownership of the eSIM: ZKPs can be used to prove ownership of the eSIM without revealing the user's identity or personal information. This can enable seamless and secure access to applications and services. ZK-STARK is a suitable algorithm for this use case.

3. Secure communication: ZKPs can be used to enable secure communication between the user's device and the eSIM without revealing the content of the communication to any third party. This can protect the privacy and security of sensitive data transmitted through the eSIM. ZK-SNARK or ZK-STARK can be used for this use case.

The implementation of ZKPs can be done using programming languages like C++, Rust, or Python, and libraries like libsnark, bellman, or zokrates. Trusted setup ceremonies can be performed using tools like the Powers of Tau or other similar tools.

In conclusion, ZKPs offer a promising way to enhance the security and privacy of the proposed blockchain-powered eSIM solution. By leveraging ZKPs, the solution can offer a more secure and private way to authenticate eSIMs, prove ownership, and enable secure communication, which can improve the trust and confidence of users in the solution.

How Zero knowledge proofs can be useful in enhancing the security and privacy of traditional SIM cards by enabling users to prove their identity or access rights to the network without revealing any of their private information.

Zero knowledge proofs (ZKPs) can be useful in enhancing the security and privacy of traditional SIM cards by enabling users to prove their identity or access rights to the network without revealing any of their private information.

For instance, ZKPs can be used to verify the authenticity of a SIM card without exposing the user's personal information to a third party. This could prevent fraudulent use of stolen SIM cards or the creation of fake SIM cards.

Additionally, ZKPs could be used to securely authenticate users to the network without revealing their personal identification or location data. This could enhance the privacy of the user and protect against unauthorized access to their personal information.

Moreover, ZKPs could be used to enable secure communication between two parties without revealing the content of the communication to any third party. This could be useful for protecting the privacy of text messages, voice calls or other sensitive data transmitted through the SIM card.

Overall, ZKPs offer a promising way to enhance the security and privacy of traditional SIM cards, which could improve the trust and confidence of users in their mobile networks.

However, it is important to note that implementing ZKPs in SIM cards may require significant changes to existing systems and infrastructure, which can be costly and time-consuming. Additionally, ZKPs are not a foolproof solution, and there is always a risk of vulnerabilities or flaws in the underlying cryptographic algorithms or implementations.

Using zk-SNARK

Designing the architecture of a ZK-SNARK implementation for a SIM card to prove all the information it stores without revealing it would involve several components. Here is a high-level overview of the architecture:

1. Circuit design: The first step is to design a circuit that represents all the information that a SIM card stores. This circuit should be designed in a way that allows it to prove the authenticity of the information without revealing it. The circuit can be designed using programming languages like C++, Python or Rust and libraries like libsnark, bellman or zokrates.

2. Prover and verifier modules: The next step is to implement the prover and verifier modules that will generate and verify the proofs respectively. These modules will use the circuit design to generate and verify the proofs. These modules can be implemented in the same programming languages as the circuit design.

3. Key generation: To generate the proving and verification keys, a trusted setup ceremony can be performed. This ceremony involves generating the keys on a trusted system and distributing them to the parties involved in the implementation. The proving key is used by the prover module to generate the proofs, while the verification key is used by the verifier module to verify the proofs.

4. Integration with SIM card: Once the circuit design and the prover and verifier modules are implemented, they need to be integrated with the SIM card. This can be done using standard SIM card programming languages like Java Card or Global Platform.

5. Deployment and testing: After the integration is complete, the implementation needs to be tested thoroughly to ensure that it works as expected. The implementation can be tested using simulation tools or actual SIM card devices.

In terms of the specific tools and languages that can be used, here are some suggestions:

• Circuit design: C++, Python, Rust, libsnark, bellman, zokrates.

• Prover and verifier modules: C++, Python, Rust.

• Key generation: Trusted setup ceremonies can be performed using tools like the Powers of Tau and other similar tools.

• Integration with SIM card: Java Card or Global Platform can be used to integrate the implementation with the SIM card.

• Testing: Tools like SnarkJS or Circom can be used for testing.

It is important to note that implementing ZK-SNARKs for SIM cards is a complex process that requires expertise in cryptography, software development, and SIM card programming. It is recommended to consult with experts in the field to ensure proper implementation and security.

Why zk-SNARK

ZK-SNARKs are considered to be one of the most efficient and secure algorithms for implementing zero-knowledge proofs. They offer several advantages over other algorithms, including:

1. Efficiency: ZK-SNARKs are highly efficient and can be used to prove complex statements using very short proofs. This makes them ideal for use cases where computational efficiency and low communication overhead are critical, such as in the case of SIM cards.

2. Security: ZK-SNARKs are based on advanced cryptographic techniques such as elliptic curve cryptography and pairings, which provide a high level of security against attacks. This makes them suitable for applications where security is a top priority.

3. Flexibility: ZK-SNARKs can be used to implement a wide range of applications, including authentication, identification, and encryption, making them highly versatile.

4. Privacy: ZK-SNARKs allow users to prove the correctness of a statement without revealing any information about the inputs. This provides a high level of privacy, which is critical for applications such as SIM cards, where protecting personal information is paramount.

Overall, ZK-SNARKs offer several advantages that make them an excellent choice for implementing zero-knowledge proofs in applications such as SIM cards. While there may be other algorithms that could be used for this purpose, ZK-SNARKs are widely regarded as the most efficient, secure, and versatile option available.

So this is all my learning on ZKPs and how it can be used in telecom industry, I’m still far away implementing this in my project. Currently i’m working on the module in the middle of the below (not good) flow diagram “Couple eSIM ID with Crypto Wallet“ .

I’ll be working on a LPA for the rest of the week in this fellowship, LPA is a standalone, system app that should be included in the Android build image.

Management of the profiles on the eSIM is generally done by the LPA, As it serves as a bridge between the SM-DP+(remote service that prepares, stores and delivers profile packages to devices) and the eUICC chip.

The LPA APK can optionally include a UI component, called the LPA UI or LUI, to provide a central place for the end user to manage all eSIM profiles.

What i’m trying to achieve with this,

• Provide an profile template to carrier providers and rest of the flow with all the data placing in this eSIM

• Mention features to mobile device manufacturers who’s going to support this eSIM

Thanks a lot and again any advice, comments, feedbacks and questions are much appreciated. Reach me out on twitter or linkedIn.

Blockchain and eSIM are disruptive technologies in the mobile industry facing resistance from established players. Despite this, they are slowly being adopted due to innovation and companies that see the value in change. Both technologies have a secure future and it's only a matter of time before eSIMs become the norm, with blockchain helping to drive their adoption.

This is the third article/ Week3 work of my journey at EthIndia Fellowship 3.0 , building Blockchain Powered eSIM.

Here’s the link of the second article of this series in which I’m aiming to build Blockchain Powered eSIM.

In this article i’m going through eSIM Whitepaper by GSMA:

eSIM Whitepaper by GSMA

The eSIM (embedded SIM) is a new type of SIM card that is integrated into devices and cannot be physically removed or swapped like a traditional SIM card. The GSMA (Groupe Speciale Mobile Association) is an industry organization that represents the interests of mobile network operators worldwide. In 2016, the GSMA published a whitepaper titled "eSIM for Consumer Devices," which explains the benefits of eSIM technology and its potential impact on the mobile industry.

This whitepaper explains that eSIMs offer several advantages over traditional SIM cards, such as:

1. Greater flexibility: eSIMs can be programmed over-the-air, meaning that consumers can switch between mobile network operators without needing to physically change their SIM card.

2. Better user experience: eSIMs eliminate the need for consumers to wait for a physical SIM card to be delivered or go to a store to purchase one. This makes it easier for users to get connected to mobile networks.

3. Improved security: eSIMs can be securely provisioned with operator-specific credentials, reducing the risk of SIM card fraud.

4. More efficient device design: eSIMs take up less space in devices than traditional SIM cards, which can allow for more efficient device designs.

This whitepaper also discusses some of the challenges that need to be addressed for eSIM technology to become widely adopted. For example, there is a need for standardized methods of provisioning and managing eSIMs, and there are regulatory considerations that need to be addressed.

Overall, the eSIM whitepaper by GSMA provides a comprehensive overview of the benefits and challenges of eSIM technology and is a valuable resource for anyone interested in learning more about this emerging technology.

Introduction

The ubiquitous SIM card has played a fundamental role in mobile telecommunications for over 25 years. It is recognised by end users and provides a secure means for authenticating devices onto networks, all inside a removable “Secure Element”, which is easily transferrable between mobile devices.

The GSMA has defined a radical new way to load it into devices. Now the SIM may be securely downloaded into a ‘Secure Element’ that can be permanently embedded inside any type of device.

The change from the Removable SIM to an eSIM provides benefits for many players:

• For everyone, eSIM provides an equivalent level of security as the removable SIM card. This is vital as it is the subscription credentials stored on the SIM card that enable secure and private access to mobile networks. It also supports the integrity of the billing process, especially in roaming scenarios.

• For the device end user, eSIM enables simplified management of subscriptions and connections. End users will no longer have to manage several SIM cards.

• For organisations, eSIM enables remote management of subscriptions. This is a significant benefit where devices are not managed by the end user or are not be readily accessible (for example due to operational scale, making individual device management cost prohibitive). This enables pioneering categories of connected devices.

• For distributors, simplified logistics are possible, customisation for specific operators or regions may be reduced.

• Operators will have simpler means to expand their businesses into emerging markets, for example, automotive, wearables and consumer electronics. SIM card distribution costs will be eliminated, and eSIMs will enable new distribution models for devices and for marketing of subscriptions:

• Device Manufacturers, can exploit the reduced space within their products to make smaller devices. Their products could also be made more tolerant to environmental factors such as dampness, temperature and vibration as they can be hermetically (completely airtight) sealed. Manufacturers can also leverage eSIMs to optimise supply chain processes.

How it works:

eSIM is a technology that allows mobile devices to connect to a mobile network without a physical SIM card. The SIM credentials are pre-installed directly into the device during manufacturing and can be remotely provisioned and managed by the network operator over the internet. The device contacts the remote subscription management platform (SM-DP+) server to download and install the operator profile, containing the SIM credentials required for network connection. The SM-DP+ server is managed by the network operator and can remotely provision and de-provision SIM profiles, manage SIM updates and modifications, and monitor SIM usage and performance. eSIM technology simplifies SIM logistics and switching between different operator profiles, is smaller in size, and ideal for small devices.

eSIM is a technology that extends the reach of traditional SIM cards to any location where the device can be reached over the internet. This is done by providing secure facilities for the manufacture, software loading and operator credentials of eSIMs.

eSIM protocols provide security and integrity for data transfer. However, the distribution channels for SIM cards also contain 'business logic' which is required by various service models.

The GSMA has created solutions suited to different types of channels, including the Consumer solution for the 'direct to consumer' channel

and the

M2M solution for the 'business to business to consumer' channels,

specifically in the IoT market.

The Consumer solution requires a high degree of end user interaction, while the M2M solution manages all SIM provisioning operations remotely.

Security and Encryption mechanisms in traditional SIM cards:

Traditional SIM cards use various security and encryption mechanisms to ensure the confidentiality, integrity, and authentication of the SIM card and the mobile network communication.

One of the main security mechanisms used in traditional SIM cards is the use of encryption algorithms such as Advanced Encryption Standard (AES) and Data Encryption Standard (DES) to secure the SIM card's data and communication with the network.

Another important security mechanism is the use of secure authentication protocols such as the Global System for Mobile Communications (GSM) Authentication and Key Agreement (AKA) protocol, which authenticates the SIM card and ensures that only authorized devices can connect to the network.

The SIM card's storage is also protected by various security measures, including PIN and PUK codes, which prevent unauthorized access to the SIM card's data.

Finally, traditional SIM cards are manufactured and managed in secure facilities that follow strict security protocols and procedures to ensure the integrity of the SIM card's data and operation.

Today’s SIM Card

• A SIM card is a small device that stores a user's subscription information for accessing a mobile network.

• Users receive a SIM card from their chosen mobile network operator when they sign up for services.

• The SIM card contains the user's phone number and network access credentials.

• The user inserts the SIM card into their mobile device to connect to the operator's network and use mobile services.

• If the user wants to switch to a different network operator, they must sign up for new services and receive a new SIM card with different subscription information.

• The user must physically swap out the old SIM card with the new one to connect to the new operator's network.

• SIM cards provide a level of security by authenticating the device on the network and protecting the user's personal information.

• Some SIM cards can store multiple profiles, allowing users to switch between different networks or services without physically swapping SIM cards.

• Other advanced SIM cards can also store payment information and act as a mobile wallet for making payments.

Remote SIM Provisioning

• Remote SIM Provisioning eliminates the use of traditional SIM cards in mobile devices.

• Instead, an embedded SIM (eUICC) is used, which can accommodate multiple SIM profiles.

• To set up mobile services, the end user receives instructions on how to connect their device to the operator's Remote SIM Provisioning system, typically via a QR code.

• The device securely downloads a SIM profile from the system, which allows it to connect to the operator's network.

• To switch to a different operator, the end user can receive a QR code from the new operator and scan it to download the new profile.

• With Remote SIM Provisioning, the end user can switch between profiles to connect their device to whichever operator's network they choose.

• Other methods for configuring the eSIM solution within a device include pre-configured devices, use of Subscription Manager-Discovery Server, and companion devices.

Why are there two Solutions for Remote SIM Provisioning?

Remote SIM Provisioning (RSP) is the process of remotely managing and updating a SIM card in a mobile device without requiring physical access to the device. The GSMA has developed two different RSP solutions - one for M2M (machine-to-machine) devices and one for Consumer devices.

The reason for two different solutions is the fundamental difference in the direction of control.

In the M2M solution, the mobile device is managed by the operator backend infrastructure, without any local human control of connectivity. This means that the operator selects the Profiles to be downloaded and enables/disables them depending on factors such as the country the device is operating in. On the other hand, the Consumer solution requires that all subscription Profile operations are under end-user control, or at least subject to end-user permission. This is done through an end-user interface on the device.

Despite the differences in control, both solutions share some common features.

• Both use a network-domain Remote SIM Provisioning system (SM-DP/SM-DP+) and a secure element within the mobile device for the storage, management, and operation of Profiles (eUICC).

• They also use Pre-Shared Key (PSK) and Public Key Infrastructure (PKI) based cryptography, and require a GSMA Certificate Issuer (CI) that issues digital certificates to enable entities to securely communicate with each other.

However, there are also unique features to each solution.

• In the M2M solution, everything is remotely managed, requiring no human interaction. The eUICC connects to the SM-SR using Bearer Independent Protocol (BIP) and the SM-SR acts as a gateway from the operator and SM-DP through to the eUICC. The M2M solution includes the SM-SR that is not required in the Consumer solution.

• In contrast, the Consumer solution has the LPA in the device (or eUICC) that assists with the download of Profiles and secures the end-user interface on the device that is used for local control. All Profile downloads use IP protocols, and where applicable use the greater capacity of the device TCP/IP stack to reduce the communication overhead. As messages cannot be pushed to the device and eUICC, there is a ‘Discovery Service’ that devices can check from anywhere, at any time, to see if there are any Profiles or management operations waiting to be downloaded from an SM-DP+.

Finally, there are differences in compliance between the two solutions.

While the principles of compliance are similar for both,

The compliance process for Consumer solutions places greater emphasis on functional compliance, which has to be demonstrated before the eUICC manufacturer or Subscription Management platform provider can apply for a digital certificate from the GSMA Certificate Issuer. The compliance process is up and running for all Consumer solution product types, with a similar scheme now being considered for M2M to strengthen the entire ecosystem.

The Profile

A Profile in the eSIM solution consists of the operator's subscription data, including their credentials and SIM-based applications. The eUICC is the secure element in the solution that can accommodate multiple Profiles.

Profiles are remotely downloaded over-the-air into the eUICC, and although the eUICC is an integral part of the device, the Profile remains the property of the operator as it contains items owned by them.

Interoperable Profiles stored on eUICCs have a similar content and structure to those installed on traditional SIMs. The SIMAlliance defines the interoperable description of these Profiles.

M2M solution

for the ‘business to business to consumer’ channels, this solution serves the needs of business to business customers, specifically in the Internet of Things (IoT) market.

The GSMA M2M solution was the first Remote SIM Provisioning solution developed. There were two reasons for this:

1. The M2M solution is simpler as end user interaction is not required, or desirable, in the business to business to consumer (B2B2C) segment, and

2. The immediate commercial need was for technical solutions that supported B2B2C deployments alongside regulatory requirements for the launch of services such as eCall.

Main System Elements: Remote SIM Provisioning for M2M utilises a server driven (push model) to provision and remotely manage operator Profiles. The solution is organised around 3 elements: the SM-DP (Subscription Manager - Data Preparation), the SM-SR (Subscription Manager - Secure Routing) and the eUICC.

SM-DP The SM-DP is responsible for preparing, storing and protecting operator Profiles (including the operator credentials). It also downloads and install Profiles onto the eUICC.

SM-SR The SM-SR is responsible for managing the status of Profiles on the eUICC (enable, disable, delete). It also secures the communications link between the eUICC and SM-DP for the delivery of operator Profiles.

eUICC The eUICC is a secure element that contains one or more subscription Profiles. Each Profile enables the eUICC to function in the same way as a removable SIM issued by the operator that created it. An eUICC may be built using any form factor from the traditional removable card to embedded formats soldered into devices.

Compliance

To ensure the security of the eSIM ecosystem, a set of criteria has been developed to demonstrate compliance with the core requirements. Compliance with the GSMA M2M specification requires verification of several factors.

• Firstly, the eUICC security, which references a Common Criteria Protection Profile, must be at the assurance level of EAL4+.

• Secondly, production environment and process security must be in place, which can be achieved via the GSMA's Security Accreditation Scheme: SAS-UP for eUICC personalisation or SAS-SM for Subscription Management platforms.

• Finally, functional compliance is required, which is based on the GSMA's test specification. GlobalPlatform has created and implemented a functional test and qualification programme for eUICCs based on the GSMA defined test cases.

Only eUICC manufacturers, and SM-SR and SM-DP hosting organisations that have successfully been accredited by the GSMA SAS can apply for the necessary certificates from the GSMA Certificate Issuer to participate in the GSMA approved ecosystem. Compliance with these standards helps to reassure all participants that the eSIM ecosystem is secure.

Consumer Solution

Consumer solution for the ‘direct to consumer’ channel, this solution is required where the end user (or consumer) has direct choice of the operator supplying connectivity. Consumer solutions require a high degree of end user interaction, with the principle that the end user is familiar with operating the end user interface and actively choosing their network connectivity provider. The Consumer solution also targets enterprises who use devices targeted to the consumer market.

The GSMA Consumer solution has been developed from the base provided by the M2M solution, plus consideration of requirements for end user-managed devices. This solution is required to manage use cases are more complex than the M2M solution. Consequentially, more features are required in the specification. In particular the Consumer solution manages end user interaction via the mobile device end user interface, and also supports standalone and companion device types.

Main System Elements:

The GSMA Remote SIM Provisioning Consumer solution follows a client driven (pull model) and enables control over remote provisioning and local management of operator Profiles by the end user of the device. The solution is organised around 4 elements: the SM-DP+ (Subscription Manager - Data Preparation +), the SM-DS (Subscription Manager - Discovery Server), the LPA (Local Profile Assistant) and the eUICC.

SM-DP+ The SM-DP+ is responsible for the creation, download, remote management16 (enable, disable, update, delete) and the protection of operator credentials (the Profile). It is given the + designation as it encapsulates the functions of both the SM-DP and the SM-SR of the M2M solution. LPA The LPA (Local Profile Assistant) is a set of functions in the device responsible for providing the capability to download encrypted Profiles to the eUICC. It also presents the local management end user interface to the end user so they canmanage the status of Profiles on the eUICC17. The principal functions of the LPA may also be in built into the eUICC. eUICC

The eUICC in the Consumer solution serves the same high-level purpose as the eUICC in the M2M solution. Implementation is different to support the end user interaction within the Consumer solution. SM-DS The SM-DS provides a means for an SM-DP+ to reach the eUICC without having to know which network the device is connected to. This feature is important as devices can be connected using different access networks with different addresses. The SM-DS overcomes this by allowing SMDP+ to post alerts to a secure noticeboard and for devices to extract those alerts. It is used to notify the LPA when Profile data is available for download to the eUICC. Notifications are sent from the SM-DP+ to the SM-DS. The device LPA polls the SM-DS for notifications when required (supporting the “pull” model). Polling frequency is determined by the eUICC state and by end user actions.

Compliance

Compliance with the GSMA Consumer solution specification is crucial for entities that wish to participate in the GSMA-approved Consumer solution ecosystem. To be compliant, entities must verify three things: eUICC Security, Production Environment and Process Security, and Functional Compliance.

• The eUICC Security requirement uses the same mechanisms as the M2M specification, focusing initially only on a silicon-level Protection Profile (PP0084). A GSMA-specified Protection Profile to the level of EAL4+ is currently under development.

• The Production Environment and Process Security requirement uses the same security accreditation schemes as the M2M specification, namely the GSMA's Security Accreditation Scheme: SAS-UP or SAS-SM, depending on the Consumer solution entity type.

• For Functional Compliance, all Consumer solution entities must undergo functional test and certification programs based on GSMA test specification SGP.23. These programs have been established in partnership with GSMA by GlobalPlatform (for eUICC), Global Certification Forum, and PTCRB (for Consumer solution devices).

Once eUICC manufacturers, SM-DP+ and SM-DS hosting organizations successfully prove their compliance with both the security and functional requirements, they can apply for the necessary certificates from the GSMA Certificate Issuer to participate in the GSMA approved Consumer solution ecosystem.

Compliant Devices and Platforms are Essential

During their normal deployment processes, vendors and operators would expect to perform extensive interoperability and compatibility testing. In this case between, for example:

• eUICC and the Subscription Management platforms (for example installed certificates, functional behaviour),

• eUICC and the device (for example the UICC Refresh command support is mandatory for both solutions),

• Device and the Subscription Management platforms (for Consumer solution only, with the LPA),

• Operator Profile and the targeted eUICC.

Therefore, to minimise the need for repetitive interoperability testing, the various stakeholders looking to deploy Remote SIM Provisioning must check that all their suppliers have products satisfying the relevant GSMA product compliance process covering:

• Product certification

• eUICC product security assurance

• Product site and data-centre accreditation according to the GSMA Security Accreditation Scheme (SAS)

And subsequently perform:

• Issuance of certificates by a GSMA Certificate Issuer for compliant products.

NOTE: EAL4+ is a security evaluation assurance level (EAL) within the Common Criteria (CC) certification scheme. EAL4+ is a combination of EAL4 (which is the fourth-highest assurance level) and additional requirements that are specified by a specific scheme or organization.

The Common Criteria is an international standard (ISO 15408) that provides a framework for evaluating the security features and capabilities of information technology products. The EAL ratings within the Common Criteria range from EAL1 (the lowest) to EAL7 (the highest).

EAL4+ is a relatively high assurance level and requires a significant level of testing, analysis, and review. It provides a reasonable level of confidence that the evaluated product has been designed, implemented, and tested in a way that meets specific security requirements. The additional "+" designation indicates that the product has also undergone additional testing or has met additional requirements beyond the standard EAL4 level.

After reading this whitepaper, I gained a comprehensive understanding of the eSIM architecture and identified several small but significant concepts that are crucial to my development of a blockchain-based eSIM solution.

Blockchain and eSIM are disruptive technologies in the mobile industry facing resistance from established players. Despite this, they are slowly being adopted due to innovation and companies that see the value in change. Both technologies have a secure future and it's only a matter of time before eSIMs become the norm, with blockchain helping to drive their adoption.

In this second article at EthIndia Fellowship 3.0 Week2, I am revising the core concepts of my project after gaining an understanding of Account Abstraction.

Here’s the link of the first article of this series in which I’m aiming to build Blockchain Powered eSIM.

I am attempting to improve the design of the eSIM based on my current knowledge and understanding.

*     However, I am aware that receiving feedback and comments from others can greatly enhance the quality of my design.*

Account Abstraction

**"Account abstraction is a revolutionary concept in blockchain technology that allows for the creation of virtual accounts that can securely and seamlessly access multiple existing crypto wallets. This opens up new possibilities for decentralized applications and enables a wide range of users to participate in the web3 ecosystem.”**

The adoption of cryptocurrencies has been hindered by the lack of user-friendly interfaces and security issues. The current approach of having one-account-fits-all is limiting the growth and adoption of cryptocurrencies. However, the introduction of account abstraction is a game-changer that offers a more tailored approach to account management.

Account abstraction offers a solution to the limitations of the current approach of having one-account-fits-all. With account abstraction, accounts can be customized to the user's needs(and that’s what i’m aiming to achieve), allowing for multiple signers, social recovery, enhanced security, and more. This offers a much slicker user experience while making self-custody a viable option for a mainstream audience.

The current Ethereum accounts are made up of three components:

A state containing a balance and nonce,

Hardcoded logic in the EVM to validate and execute a transaction from the account,

And an address.

The coupling of accounts and signers has its problems, and losing a private key means losing the account, which could lead to the loss of millions of dollars. Account abstraction moves crypto from the current approach of one-account-fits-all to a future where an account can be tailored to someone's needs.

Implementing account abstraction on Ethereum Layer 1 is difficult, and it has not been widely adopted. However, Argent has pioneered smart contract wallets that provide many of the benefits of account abstraction without requiring protocol changes. With these wallets, every user can deploy and use an account with custom authorization logic tailored to their needs, allowing for multiple signers, social recovery, and enhanced security. This offers a much slicker user experience while making self-custody a viable option for a mainstream audience.

Account abstraction also introduces features such as multicall, session keys, social recovery, and enhanced security. Multicall allows bundling of multiple transactions into one, making it a faster and more secure process. Session keys protect assets while maximizing ease of use. Social recovery replaces the need for seed phrases, allowing the owner of the account to authorize a new key as the legitimate wallet owner. The multi-factor authentication and enhanced security feature of account abstraction allows users to have customized security levels that meet their needs while using a variety of devices to approve transactions.

The innovation of account abstraction is crucial in unlocking the potential for mass adoption of cryptocurrency. It solves the limitations of the current approach of one-account-fits-all while offering a much slicker user experience and making self-custody a viable option for a mainstream audience. With account abstraction, the future of cryptocurrency looks brighter than ever before.

NOTICE: I’m trying to use account abstraction as a concept in this project. So please let me know if i’m doing it correctly.

Why I’m going into account abstraction?

Because, I aim to establish one layer in the project where users' principles are purely cryptographic, and all subsequent methods are aligned with this principle.

Using Account Abstraction in Blockchain powered eSIM

Including Account abstraction as a core concept in creating the eSIM design because it allows for the creation of a new type of account that will be coupled with user's unique eSIM ID and after coupling,

*     The primary virtual account can be linked to multiple existing crypto wallets.*

The virtual account created using account abstraction is a core component of the eSIM design because it enables the eSIM to securely and seamlessly access the user's existing crypto wallets without exposing their private keys. By linking the primary virtual account to the user's eSIM ID, the eSIM is able to uniquely identify the user and associate their existing crypto wallets with the eSIM.

The firmware design of the eSIM will be based on the following principles:

1. Security: The eSIM firmware will be designed to ensure the highest level of security for the user's data. This includes using advanced encryption methods and zero-knowledge proofs to protect the user's data from theft and unauthorized access.

2. Scalability: The eSIM firmware will be designed to scale with the increasing demand for blockchain-based solutions. This includes using lightweight and efficient coding techniques that can run on a wide range of devices.

3. Compatibility: The eSIM firmware will be designed to be compatible with a wide range of devices and platforms. This includes using open-source coding techniques that can be easily integrated with other blockchain-based solutions.

4. User-Friendly: The eSIM firmware will be designed to be user-friendly and easy to use. This includes providing a simple onboarding process for non-crypto users and a seamless process for existing crypto users to access their wallets.

So the use of account abstraction is a core concept in creating this eSIM design because it enables the creation of a virtual account that is linked to the user's unique eSIM ID and their existing crypto wallets. The firmware design of the eSIM will focus on security, scalability, compatibility, and user-friendliness, ensuring the highest level of protection for the user's data and a seamless user experience.

Architecture of eSIM

• Layer 1 Architecture:

  1. The eSIM unique ID will be mapped to a new account on the blockchain network.

  2. The new account will be created using account abstraction, which will link to the existing crypto wallets of the user.

  3. The account abstraction will allow the user to access their existing crypto wallets without exposing their private keys to the eSIM.

  4. The eSIM will use zero-knowledge proofs to ensure the privacy and security of the user's data.

  5. The blockchain network will store and manage the eSIM data and will ensure the security and decentralization of the solution.

• Creating Crypto Wallets for Crypto Users:

  1. The account abstraction will allow the eSIM to access the user's existing crypto wallets without exposing their private keys.

  2. The eSIM will provide a single-step process for the user to access their existing crypto wallets using their fingerprint.

  3. The eSIM will enable the user to make transactions and access applications without the need to enter their private keys every time.

• Creating Crypto Wallets for Non-Crypto Users:

  1. Non-crypto users can onboard to the web3 ecosystem by creating a new account on the blockchain network using account abstraction.

  2. The eSIM will link this new account to the user's eSIM unique ID, creating a new cryptographic wallet for the user.

  3. The user's new cryptographic wallet will be protected by the eSIM and zero-knowledge proofs to ensure the privacy and security of their data.

  4. The eSIM will provide a simple onboarding process for the non-crypto users to create their cryptographic wallets and join the web3 ecosystem.

In summary, the eSIM solution using account abstraction provides a seamless and secure way for crypto users to access their existing crypto wallets and for non-crypto users to onboard to the web3 ecosystem. The account abstraction ensures the privacy and security of the user's data, while the eSIM provides a convenient and user-friendly way to access applications and make transactions on the blockchain network.

Modified draft of the project,

Abstract

This project aims to create a secure and seamless eSIM solution powered by blockchain technology. Using account abstraction, a virtual account will be created and to link the user's unique eSIM ID to multiple existing crypto wallets. Enabling secure access to the user's crypto wallets without exposing their private keys. The eSIM will provide cryptographic identity services and be backed by zero-knowledge proofs, ensuring privacy and security of the user's data.

Overview

The goal of this project is to build a blockchain-powered eSIM solution that seamlessly integrates with the user's existing crypto wallets. Account abstraction will be used to create a virtual account linked to the user's eSIM ID, which will allow secure access to their crypto wallets without exposing private keys. The eSIM solution will provide cryptographic identity services and be backed by zero-knowledge proofs to ensure privacy and security. The blockchain technology will be used to store and manage the eSIM data, providing a secure and decentralized solution that is resistant to data breaches and other security threats.

Metrics

The success of this project will be measured by a number of key metrics, including:

• User adoption: the number of users who have adopted the blockchain-powered eSIM solution

• User satisfaction: the level of satisfaction reported by users of the eSIM solution

• Security: the number of successful and attempted security breaches, and the success rate of security measures in preventing these breaches

• Interoperability: the number of different applications and services that the eSIM solution is compatible with

Acceptance Criteria

The following are the acceptance criteria for this project:

• The blockchain-powered eSIM solution must be secure and resistant to data breaches and other security threats

• The eSIM must provide a seamless user experience, allowing users to access applications and services with just a single step process using their fingerprints

• The eSIM must provide cryptographic identity services and be backed by zero-knowledge proofs

• The eSIM must be compatible with a range of different applications and services

• The blockchain-powered eSIM solution must be adopted by a significant number of users

Assumptions

The following are the assumptions made for this project:

• There is a sufficient demand for a blockchain-powered eSIM solution that integrates with the user's crypto wallets

• The technology to support the integration of the eSIM with crypto wallets and fingerprint authentication is available and feasible

• The blockchain technology used for the eSIM solution will be secure, scalable, and flexible

Personas

The following personas are involved in this project:

• End-Users: users of the eSIM solution who want a secure and seamless way to access applications and services

• Mobile Operators: companies responsible for managing the eSIM profiles and provisioning the eSIMs to subscribers

• Device Manufacturers: companies responsible for integrating the eSIM into their devices

• Regulatory Bodies: government agencies and industry organizations responsible for ensuring the eSIM solution complies with relevant regulations and standards

• Blockchain Developers: developers responsible for building and maintaining the blockchain infrastructure that powers the eSIM solution

Flow with respect to personas

1. End-Users:

   • End-users receive their eSIM-enabled device

   • End-users activate their eSIM by scanning their fingerprints and linking it to their crypto wallet

   • End-users access applications and services by simply scanning their fingerprints

   • End-users can manage their eSIM profile through their crypto wallet

2. Mobile Operators:

   • Mobile operators receive the eSIM profiles from the device manufacturers

   • Mobile operators provision the eSIM profiles to the end-users' devices

   • Mobile operators can manage the eSIM profiles and update them as needed

   • Mobile operators can monitor the usage of the eSIMs by end-users and ensure compliance with regulations

3. Device Manufacturers:

   • Device manufacturers integrate the eSIM into their devices

   • Device manufacturers provide the eSIM profiles to the mobile operators

   • Device manufacturers can monitor the usage of the eSIMs by end-users and ensure compatibility with the device

4. Regulatory Bodies:

   • Regulatory bodies monitor the usage of the eSIMs by end-users and ensure compliance with regulations and standards

   • Regulatory bodies can enforce penalties and sanctions for non-compliance

5. Blockchain Developers:

   • Blockchain developers build and maintain the blockchain infrastructure that powers the eSIM solution

   • Blockchain developers can update the blockchain infrastructure to fix bugs and improve performance

   • Blockchain developers can monitor the usage of the blockchain infrastructure and ensure it is secure and scalable.

This flow is a general representation of the different personas involved in the project, and the specific flow for each persona may vary depending on the requirements and implementation of the solution.

***Hey,      thankyou so much for going through this, if you have anything in your mind then please dm, twitter . ***In the next article, I’ll be summarizing the eSIM whitepaper by GSMA .

Blockchain and eSIM are disruptive technologies in the mobile industry facing resistance from established players. Despite this, they are slowly being adopted due to innovation and companies that see the value in change. Both technologies have a secure future and it's only a matter of time before eSIMs become the norm, with blockchain helping to drive their adoption.

How i started,

In the summer of 21, I began studying blockchain development. Combining it with my electronics and communication engineering background, I created a project titled "Blockchain-based Dynamic Spectrum Sharing" in my 7th semester (July22 - Nov22). This platform enabled more efficient spectrum auctions and later i found out there’s a whole new space combining these two stacks and an entirely new field of study. Here’s the repo of that project.

EthIndia Fellowship 3.0

In this fellowship i’m aiming to build a working prototype, if not

At least i’ll end this fellowship with a feasible sustainable design of an eSIM which is backed by blockchain and cryptography resulting in multiple solution such as:

• Fraud Management

• Identity as a Service

• 5G enablement

• IOT connectivity

• Security

NAME: ARPIT KUMAR

PROOF OF FELLOWSHIP: SBT

https://opensea.io/assets/0xfE8321Df99317C365797c4f95C2dbd9BeEC8C694/30

In this article I’ve done the,

Planning and Designing the flow according to different Personas,

which is my first week milestone.

Introduction

The development of a blockchain-powered eSIM (embedded SIM) on the Ethereum network is a critical step towards the creation of a decentralized phone system that provides users with greater security, privacy, and efficiency in their communication options. The use of smart contracts on the Ethereum network will ensure that the eSIM is decentralized and not controlled by a single entity, providing users with greater control over their communication options.

NOTICE: Building a blockchain powered eSIM will require discussions followed by adjustments with carrier providers and device companies.

eSIM

An eSIM(embedded-SIM) is a form of programmable SIM card that is embedded directly into a device.

Instead of an integrated circuit located on a removable universal integrated circuit card (UICC), typically made of PVC, an eSIM consists of software installed onto an eUICC chip permanently attached to a device.

Once an eSIM carrier profile has been installed on an eUICC, it operates the same as a physical SIM, complete with a unique ICCID and network authentication key generated by the carrier.

The eSIM standard was first released in 2016; since that point, eSIM has begun to replace physical SIM in domains including cellular telephony.

Since 2010, the GSMA had been discussing the possibility of a software-based SIM.

To avoid any confusion, suggesting the following way of looking at the definition:

"eSIM is the whole service - SIM + eUICC + platform eUICC is the software that allows provisioning."

Abstract

This project aims to build a blockchain-powered eSIM solution that integrates with the user's crypto wallets. The unique ID of the eSIM will be mapped with the user's crypto wallets, allowing them to access applications, make transactions, and more, with just a single step process using their fingerprint. The eSIM will provide cryptographic identity services and will be backed by zero-knowledge proofs to ensure the privacy and security of the user's data.

Overview

The goal of this project is to create a seamless and secure eSIM solution that integrates with the user's crypto wallets. The unique ID of the eSIM will be linked to the user's crypto wallets, enabling them to access applications and services using their fingerprints. The eSIM will provide cryptographic identity services and will be backed by zero-knowledge proofs to ensure the privacy and security of the user's data. The blockchain technology will be used to store and manage the eSIM data, providing a secure and decentralized solution that is resistant to data breaches and other security threats.

Metrics

The success of this project will be measured by a number of key metrics, including:

• User adoption: the number of users who have adopted the blockchain-powered eSIM solution

• User satisfaction: the level of satisfaction reported by users of the eSIM solution

• Security: the number of successful and attempted security breaches, and the success rate of security measures in preventing these breaches

• Interoperability: the number of different applications and services that the eSIM solution is compatible with

Acceptance Criteria

The following are the acceptance criteria for this project:

• The blockchain-powered eSIM solution must be secure and resistant to data breaches and other security threats

• The eSIM must provide a seamless user experience, allowing users to access applications and services with just a single step process using their fingerprints

• The eSIM must provide cryptographic identity services and be backed by zero-knowledge proofs

• The eSIM must be compatible with a range of different applications and services

• The blockchain-powered eSIM solution must be adopted by a significant number of users

Assumptions

The following are the assumptions made for this project:

• There is a sufficient demand for a blockchain-powered eSIM solution that integrates with the user's crypto wallets

• The technology to support the integration of the eSIM with crypto wallets and fingerprint authentication is available and feasible

• The blockchain technology used for the eSIM solution will be secure, scalable, and flexible

Personas

The following personas are involved in this project:

• End-Users: users of the eSIM solution who want a secure and seamless way to access applications and services

• Mobile Operators: companies responsible for managing the eSIM profiles and provisioning the eSIMs to subscribers

• Device Manufacturers: companies responsible for integrating the eSIM into their devices

• Regulatory Bodies: government agencies and industry organizations responsible for ensuring the eSIM solution complies with relevant regulations and standards

• Blockchain Developers: developers responsible for building and maintaining the blockchain infrastructure that powers the eSIM solution

Flow with respect to personas

1. End-Users:

   • End-users receive their eSIM-enabled device

   • End-users activate their eSIM by scanning their fingerprints and linking it to their crypto wallet

   • End-users access applications and services by simply scanning their fingerprints

   • End-users can manage their eSIM profile through their crypto wallet

2. Mobile Operators:

   • Mobile operators receive the eSIM profiles from the device manufacturers

   • Mobile operators provision the eSIM profiles to the end-users' devices

   • Mobile operators can manage the eSIM profiles and update them as needed

   • Mobile operators can monitor the usage of the eSIMs by end-users and ensure compliance with regulations

3. Device Manufacturers:

   • Device manufacturers integrate the eSIM into their devices

   • Device manufacturers provide the eSIM profiles to the mobile operators

   • Device manufacturers can monitor the usage of the eSIMs by end-users and ensure compatibility with the device

4. Regulatory Bodies:

   • Regulatory bodies monitor the usage of the eSIMs by end-users and ensure compliance with regulations and standards

   • Regulatory bodies can enforce penalties and sanctions for non-compliance

5. Blockchain Developers:

   • Blockchain developers build and maintain the blockchain infrastructure that powers the eSIM solution

   • Blockchain developers can update the blockchain infrastructure to fix bugs and improve performance

   • Blockchain developers can monitor the usage of the blockchain infrastructure and ensure it is secure and scalable.

This flow is a general representation of the different personas involved in the project, and the specific flow for each persona may vary depending on the requirements and implementation of the solution.

This Blockchain Powered eSIM is the start and one of the sub product of Decentralised Phone System that i want to build in 2023.

Any guidance/suggestions/advice/comments is much appreciated, please reach out to me on twitter.