User:Sheng.He

SIM Card Security

SIM Card
A Subscriber Identity Module (SIM) is a removable smart card for mobile phones. SIM cards securely store the service-subscriber key used to identify a mobile phone. The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone.

Overview
Since the GSM communication system has been designed by the Standardization Committee composed of the European leading telecommunication operators and manufacturers, this system concentrates much more on the interests of consumers and operators. Thus, it made great effort to improve its functions including security, convenience etc.

In fact, wireless communication will be tapped more easily than fixed communication. If we do not provide any special countermeasures, it could not be difficult to tap or fake a registered user. In the 1980’s, the system of simulation was suffered from the bug of wireless communication so deeply, that the interests of customers were impaired. Therefore, at first, introduction of SIM card technology into the GSM system raises the security level of GSM greatly. It is able to prevent from unauthorized accessing with authentication for protection of the network operators and the interests of users. Moreover, in order to protect the user's privacy, the transmission can be also encrypted to avoid eavesdropping on the wireless channel. Furthermore, it’s replaced by a temporary user identification code, that third parties can not track the wireless channel on GSM users. In addition, all of these confidential mechanisms are controlled by the operators, so it seems to be much safer without participating of those users.

As the introduction of the SIM card technology into the GSM communication, the wireless communication has been no long restricted by encryption. As long as the customers bring a card, they could travel all around the world.

SIM cards have many characteristics as below:

Feature 1, separation of the client & equipment. In GSM communication, SIM cards and mobile equipment have been installed in an open interface to the public, so that users and their equipment lie on the interdependent relationship. Because SIM cards stored cardholder’s customer data, security data, authentication encryption algorithm, etc. As long as customers holding this card, he or she can borrow and hire different mobile stations from different ISPs and obtain different services in the card. Then, it enhances the flexibility of the GSM mobile communication greatly as well as shares equipments among different manufacturers.

Feature 2, communications are secure. The SIM card has a permanent memory storage and capacity of calculation. Therefore, it belongs to smart cards. When the cell phone is switched on, customer should enter personal identification numbers (PIN), this code is composed by 4 ~ 8 figures and accessed by keyboard typing. If import three incorrect PIN code, PIN codes are locked, communications terminated, this is one way against the misappropriation pseudo-client communication. If customers forget the code or import by mistake three times, the 0 ~ 9-digit personal unlocking key (PUK) stored in the SIM card can be used to unlock PIN codes, recover it back to normal. However, we should also pay special attention to the importation of 10 PUK wrong, the entire SIM cards abandoned. Only Through the purchase of a new SIM cards can we recover our communication. In the process of calling, if we import the correct PIN code, the Internet start a customer identity authentication, using A3, A8 algorithm stored in the SIM card to compare the results of mobile and Internet calculation and same authentication success. This is the second line of defence to prevent misappropriation Communication. After successful Authentication, in order to protect the confidentiality of client information been transmitted to the other the other side of transmission. Another set of encryption methods also been introduced - the use of the A5 algorithm to prevent the illegal customer theft. In addition, in the process of Authentication and decryption, parameters of key (Kc) and authentication key (Ki) on the interface will not be transmitted. Only the International Mobile customer identification code (IMSI) will be transmitted once. After that, the changing temporary code (TMSI) instead, therefore GSM communications are securer than the analog mobile communications.

Feature 3, low cost. Their costs are lower than telephone cards. Furthermore, they are solid and durable and easily to be promoted.

Following defines the security attributes to be supported by the SIM which are: -	authentication algorithm (A3); -	subscriber authentication key (Ki); -	cipher key generation algorithm (A8); -	cipher key (Kc); -	control of access to data stored, and functions performed, in the SIM. An algorithm A38 may perform the combined functions of A3 and A8.

Security features
This clause defines the security attributes to be supported by the SIM which are: - authentication algorithm (A3); - subscriber authentication key (Ki); - cipher key generation algorithm (A8); - cipher key (Kc); - control of access to data stored, and functions performed, in the SIM. An algorithm A38 may perform the combined functions of A3 and A8.