Subscriber Identification Module


Subscriber Identification Module (SIM) is an integrated circuit chip that is intended to securely store the International Mobile Subscriber Identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on Mobile Device (such as Mobile phones and computers).

Subscriber Identification Module Universal Subscriber Identification Module (USIM) and Universal Integrated Circuit Card (UICC) for most purposes may be and are often used interchangeably.

Subscriber Identification Module is also possible to store contacts on many Subscriber Identification Module cards.

Subscriber Identification Module cards are always used on GSM phones; for CDMA phones, they are only needed for newer LTE-capable handsets.

Subscriber Identification Module cards can also be used in satellite phones.

The Subscriber Identification Module circuit is part of the function of a Universal Integrated Circuit Card (UICC) physical Smart Card, which is usually made of PVC with embedded contacts and semiconductors. "SIM cards" are designed to be transferable between different Mobile Devices.

The first UICC Smart Cards were the size of credit and bank cards; the development of physically smaller Mobile Devices has prompted the development of smaller SIM cards, where the size of the plastic carrier is reduced while keeping electrical contacts the same.

Structure and File Systems#

Subscriber Identification Module contains a processor and Operating System with persistent, electronic erasable, programmable read-only memory (EEPROM). Subscriber Identification Module also contains RAM and ROM.

RAM controls the program execution flow and the ROM controls the Operating System work flow, user authentication, data encryption algorithm, and other applications.

The hierarchically organized file system of a Subscriber Identification Module resides in persistent memory and stores data as names and phone number entries, text messages, and network service settings.

The hierarchical File System resides in EEPROM. The File System consists of three types of files:

  • master file (MF)
  • dedicated files
  • elementary files.
The master file is the root of the File System. Dedicated files are the subordinate directories of master files. Elementary files contain various types of data, structured as either a sequence of data bytes, a sequence of fixed-size records, or a fixed set of fixed-size records used cyclically.

Subscriber Identification Module Security#

A SIM card contains a unique serial number (ICCID), International Mobile Subscriber Identity (IMSI) number, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to, and two passwords:

SIM cards have built-in security features. The three file types, MF, DF, and EF, contain the security attributes. These security features filter every execution and allow only those with proper authorization to access the requested functionality. There are different levels of access conditions in DF and EF files. They are:

  • Always—This condition allows to access files without any restrictions.
  • Card holder verification 1 (CHV1)—This condition allows access to files after successful verification of the user’s PIN or if PIN verification is disabled.
  • Card holder verification 2 (CHV2)—This condition allows access to files after successful verification of the user’s PIN2 or if the PIN2 verification is disabled.
  • Administrative (ADM)—The card issuer who provides SIM to the subscriber can access only after prescribed requirements for administrative access are fulfilled.
  • Never (NEV)—Access of the file over the SIM/ME interface is forbidden.
The SIM Operating System uses Access Control to an element of the file system based on its access condition and the type of action being attempted. The Operating System allows only limited number of attempts, usually three, to enter the correct CHV before further attempts are blocked. For unblocking, it requires a PUK code, called the PIN unblocking key, which resets the CHV and attempt counter. If the subscriber is known, then the unblock CHV1/CHV2 can be easily provided by the Mobile Network Operator.

Security Considerations#

The SIM and UICC card contains sensitive information about the subscriber. Data such as contact lists and messages can be stored in SIM. SIM cards themselves contain a repository of data and information, some of which is listed below:

There have also been some Vulnerabilities

More Information#

There might be more information for this subject on one of the following: