jspωiki
Subscriber Identification Module

Overview[1]#

Subscriber Identification Module (SIM) is an Smart Card that is intended to securely store the International Mobile Subscriber Identity (IMSI) number and its related key, which are used for Identification and authenticate subscribers on Mobile Device (such as Mobile phones and computers).

Subscriber Identification Module Universal Subscriber Identification Module (USIM) and Universal Integrated Circuit Card (UICC) has replaced the SIM for most purposes may be and are often used interchangeably.

Subscriber Identification Module is also possible to store contacts on many Subscriber Identification Module cards.

Subscriber Identification Module cards are always used on GSM phones; for CDMA phones, they are only needed for newer LTE-capable handsets. Subscriber Identification Module cards can also be used in satellite phones.

Subscriber Identification Modules are designed to be transferable between different Mobile Devices.

Structure and File Systems#

Subscriber Identification Module contains a processor and Operating System with persistent, electronic erasable, programmable read-only memory (EEPROM). Subscriber Identification Module also contains RAM and ROM.

RAM controls the program execution flow and the ROM controls the Operating System workflow, user authentication, data encryption algorithm, and other applications.

The Hierarchical organized File System of a Subscriber Identification Module resides in persistent memory and stores data as names and phone number entries, text messages, and network service settings. The File System consists of three types of files:

  • master file (MF)
  • dedicated files
    • DF (DCS1800)
    • DF (GSM)
    • DF (Telecom)
  • elementary files - EF (ICCID)
The master file is the root of the File System. Dedicated files are the subordinate directories of master files. Elementary files contain various types of data, structured as either a sequence of data bytes, a sequence of fixed-size records, or a fixed set of fixed-size records used cyclically.

Subscriber Identification Module Security#

A SIM card contains a unique serial number (ICCID), International Mobile Subscriber Identity (IMSI) number, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to, and two passwords:

SIM cards have built-in security features. The three file types, MF, DF, and EF, contain the security attributes. These security features filter every execution and allow only those with proper authorization to access the requested functionality. There are different levels of access conditions in DF and EF files. They are:

  • Always—This condition allows to access files without any restrictions.
  • Card holder verification 1 (CHV1)—This condition allows access to files after successful verification of the user’s PIN or if PIN verification is disabled.
  • Card holder verification 2 (CHV2)—This condition allows access to files after successful verification of the user’s PIN2 or if the PIN2 verification is disabled.
  • Administrative (ADM)—The card issuer who provides SIM to the subscriber can access only after prescribed requirements for administrative access are fulfilled.
  • Never (NEV)—Access of the file over the SIM/ME interface is forbidden.
The SIM Operating System uses Access Control to an element of the file system based on its access condition and the type of action being attempted. The Operating System allows only limited number of attempts, usually three, to enter the correct CHV before further attempts are blocked. For unblocking, it requires a PUK code, called the PIN unblocking key, which resets the CHV and attempt counter. If the subscriber is known, then the unblock CHV1/CHV2 can be easily provided by the Mobile Network Operator.

Security Considerations#

The SIM and UICC card contains sensitive information about the subscriber. Data such as contact lists and messages can be stored in Subscriber Identification Module. SIM cards themselves contain a repository of data and information, some of which is listed below:

There have also been some Vulnerabilities

More Information#

There might be more information for this subject on one of the following: