Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SIM Cards
20 September 2007
Contents
Part 1 : SIM Concepts
1. Overview of GSM Networks
2. SIM in GSM Networks
3. Introduction to GSM 11.11
20 September 2007
20 September 2007
What is GSM?
Original name:
Groupe
Spciale
Mobile
Global
System for
Mobile communication
20 September 2007
20 September 2007
Open standard
Provision of roaming
SIM
Digital (ISDN compatible)
TDMA (Time Division Multiple Access)
Network Elements
MS
MS
Network
MS
Network Elements
Network
BSS
BSS
BSS
BSS
Core
Network Elements
Base Station System
BTS
BTS
BTS
BSC
BTS
Core
Network Elements
Abbreviations:
HLR: Home Location Register
VLR: Visiting Location Register
AUC: Authentication Center
EIR: Equipment Identity Register
MSC: Mobile Switching Center
GMSC: Gateway MSC
OMC: Operational and Maintenance Center
SMSC: Short Message Service Center
20 September 2007
Network Elements
The core network
BSC
BSC
BSC
AUC
HLR
VLR
EIR
SMSC
GMSC
OMC
Gateway to
PLMN roaming
PSTN
others
BSC
BSC
20 September 2007
MSC
VLR
10
20 September 2007
11
What is a SIM?
SIM stands for:
Subscriber
Identity
Module
20 September 2007
12
What is a SIM?
The purpose of a SIM:
l Identify a user
l Authenticate a user
l Data storage
l Marketing tool
l Portable
20 September 2007
13
What is in a SIM?
Hardware:
CPU
I/O devices
ROM
RAM
EEPROM
ROM :
EEPROM:
Basic OS functionality
GSM functionality
SIM vendor functionality
Network operator functionality (optional)
Fixed data (optional)
Setup for OS
Patches to the OS
Extensions to the OS
Data
20 September 2007
14
APDU Dispatch
ISO 7816-4 APDUs
GSM 11.11
Subscriber Identity Module Mobile Equipment
(SIM-ME) Interface
20 September 2007
15
Input file
Output file
Transport Key (Optional)
SIM Card (with network profile)
Algorithm Type
20 September 2007
16
(Stores
ICCID, IMSI,
PINs)
HLR
2. Output File
Card Vendor
3. Perso data
Data Gen
20 September 2007
17
20 September 2007
Quantity
Transport Key Index
Start IMSI
Start ICCID
18
Subscriber data
12345678901234567890123456789012
20 September 2007
19
Card Vendor
Network Side
Transport
keys
5. Encypted Ki in
output file
Transport
keys
AUC
20 September 2007
20
Network
MS
RAND
SRES
21
IMSI
Ki
RAND
Ki
RAND
A3
A8
A3
SRES
SRES
Kc
20 September 2007
Comparison
22
Confidentiality in GSM
20 September 2007
A5Kc[Data]
23
ME Process
A5
20 September 2007
24
Security in GSM
Ki is never revealed in the network
Ki is never passed from SIM card to Mobile Phone
All Authentication Calculations including Kc are
done in the SIM card
20 September 2007
25
20 September 2007
26
GSM Specifications
Defined by ETSI
AKA European Telecommunications
Standards Institute
All the specs can be downloaded at
http://www.3gpp.org/ftp/Specs/
20 September 2007
27
GSM Specifications
Functions of a SIM card
Phase 1
Phase 2
Subscriber
Authentication to the
network
Fixed Dialing
Numbers (FDNs)
PIN protection to
Subscriber Data
Phase 2+
Service Dialing
Numbers (SDNs)
Barred Dialing
Numbers (BDNs)
Phonebook Storage
SMS Storage
20 September 2007
28
Command Set
APDU Coding of
commands
Coding of
responses
Communication
Protocol
Power Up
Procedure
20 September 2007
29
Types of Files
1. Transparent File
Consists of sequence
of bytes
Total length of file is
defined in the header
Relative address is
used for reading or
updating data in file
Consists of sequence
of records all having
same fixed length
First record has index
number 1
Number of record and
length is defined in the
header
Record Number is used
for reading or updating
data in file
20 September 2007
3. Cyclic File
Consists of sequence
of records all having
same fixed length
Number of record and
length is defined in the
header
Stores data in
chronological order
When record pointer is
at last record, record 1
will be used next
30
Master File
(Base Directory)
EF_ICCID
Integrated Circuit
Chip ID
Each card is unique
Assigned by operator
19 Digit printed on
exterior of SIM
Follows international
format
DF Telecom
DF GSM
EF_ADN
Phonebook
EF_SMS
EF_IMSI
International Mobile
Subscriber ID
Each card is unique
Assigned by operator
Network to identify
SIM
20 September 2007
31
EF_ICCID
2FE2
EF_MANU
0002
ICCID
EF_KEY_EXT
0011
EF_CHV1
0000
PIN1
EF_CHV2
0100
PIN2
DF_GSM
7F20
EF_KEY_INT
0001
EF_PLMNSEL
6F30
DF_TELECOM
7F10
EF_ADN
6F3A
Addr Book
20 September 2007
EF_SMS
6F3C
EF_MSISDN
6F40
Short Message
32
SIM Data
Format of ICCID
Primary account number
19 visible characters (maximum)
Issuer identification number (digits variable, maximum 7)
Luhn
check
digit
Individual account identification number
(variable, but fixed number of digits for
each particular issuer identifier number)
Issuer identifier number
(variable, but fixed number of digits within
a country or world zone where appropriate)
T0102740-92/d01
.
Charge card numbering system
20 September 2007
33
ICCID -format
ICCID is the SIM cards unique identification number and is coded in accordance to
ITU-T recommendation E.118 (18).
Format
: 89 66 15 XTH YYYYYYYYY C
89
66
18
: HLR ID (HLR1=0,HLR2=1,HLR3=2)
20 September 2007
34
ICCID
8966
1811
0000
0000
01 7
Barcode
20 September 2007
35
SIM Data
Format of IMSI
IMSI
MCC
20 September 2007
MNC
MSIN
10 11 1 2 13 14 15
36
IMSI - format
IMSI Format IMSI is the International Mobile subscriber Identity. Length
of IMSI coding must be according to GSM 04.48 [15]. IMSI is coded on
15 digits, according to the following structure:
MCC
NC
XX..X
Note : The running number taken from the input file and automatically
incremented from the initial value.
20 September 2007
37
Important Algo
A3/A8 (COMP128)
Authentication algorithm
Version 1, 2 and 3
20 September 2007
38
Transpatent
File
20 September 2007
39
20 September 2007
40
20 September 2007
41
Hacking of Ki
20 September 2007
42
20 September 2007
43
Authentication Counter
1. SIM Solution
How
Advantages
Disadvantages
20 September 2007
44
Strong Ki
2. Non SIM Solution
How
Advantages
Disadvantages
20 September 2007
45
Pattern Recognition
3. SIM Solution
How
20 September 2007
46
Pattern Recognition
3. SIM Solution
Advantages
20 September 2007
47
Comparison of Methods
20 September 2007
48
Comparison table
Authentication
Counter
Strong Ki
Pattern
Recognition
SIM Solution
Easy to
Implement
Maintain SIM
Life Span
Protection
against New
Cloning Kits
20 September 2007
49
User Applications
20 September 2007
50
Value-Added Applications
Applications Portfolio
Eastcompeace Applications
Info on demand
Data back up
m-Banking
Local
Point to Point
Internet/E-mail
Prepaid
Loyalty
20 September 2007
51
Value-Added Applications
Local Applications
20 September 2007
52
Value-Added Applications
Dual IMSI
Applications:
Private/Business
Roaming
Operator Benefits:
20 September 2007
53
Value-Added Applications
Phonebook Plus
Operator Benefits:
20 September 2007
54
Value-Added Applications
Enhanced Phonebook
USIM:
SIM:
Operator Benefits:
20 September 2007
Mr. White
principal number
second number
email address
second name
group
55
Value-Added Applications
Multi-Inbox
The standard Inbox is duplicated, the user can access by menu two
Inbox, Inbox1 and Inbox2.
Operator Benefits:
20 September 2007
56
Value-Added Applications
Password Manager
Operator Benefits:
20 September 2007
57
Value-Added Applications
Welcome Note
Welcome
20 September 2007
58
Value-Added Applications
Point-to-Point Applications
20 September 2007
59
Value-Added Applications
Smart Lock
of your mobile phone. If the user forgot to carry his/her mobile phone or
lose it, the user can send a special SMS to his/her phone to lock the SIM
card with PIN1.
The STK-SMS must follow a special format and include a password
The password can be set through your SIM card
s STK menu
The SIM card can be unlocked by presenting the password again
through the STK menu
20 September 2007
60
Value-Added Applications
Group SMS
Operator Benefits:
20 September 2007
61
Value-Added Applications
My Secret SMS
Operator Benefits:
20 September 2007
62
Value-Added Applications
Flash SMS
20 September 2007
63
Thank you J
20 September 2007
64