SIM, or Subscriber Identity Module, is a small, removable chip that is inserted into a mobile device to identify the user and grant access to mobile networks. SIM cards are used by all mobile network operators worldwide and are critical components of the mobile ecosystem.
In this technical discussion, we will explore SIM cards in detail, including their physical and logical characteristics, how they work, and the security measures used to protect them.
Physical Characteristics of SIM
SIM cards are small, typically measuring 25mm x 15mm x 0.76mm, and are designed to fit into the SIM card slot of a mobile device. The card has a small chip embedded in it that contains the user’s personal information and network-specific data. The chip is usually made of silicon and contains an integrated circuit that stores data and performs functions such as encryption and decryption.
There are three main types of SIM cards: Full-Size SIM, Mini-SIM, and Micro-SIM. The Full-Size SIM is the original SIM card and is rarely used today. The Mini-SIM, also known as the “regular” SIM, is still widely used but is being phased out in favor of the smaller Micro-SIM and Nano-SIM.
The Micro-SIM is about half the size of the Mini-SIM and is commonly used in older smartphones and tablets. The Nano-SIM is the smallest SIM card available and is used in the latest smartphones and tablets, including the iPhone 12 and newer models. Despite their different sizes, all SIM cards perform the same functions and contain the same data.
Logical Characteristics of SIM
SIM cards have two main components: the SIM Application Toolkit (SAT) and the SIM Operating System (OS). The SAT is a set of commands that allows the mobile device to interact with the SIM card, while the SIM OS manages the data and applications on the card.
The SIM OS is a software program that runs on the SIM card and manages the storage and processing of data. The SIM OS is usually written in a low-level programming language such as Assembly or C and is optimized for the small memory and processing power available on the SIM chip.
The SIM OS is responsible for managing the data stored on the card, including the user’s phone number, network-specific data, and any applications that are installed on the card. The SIM OS also provides basic security features such as encryption and authentication.
The SIM OS communicates with the mobile device using the SAT. The SAT provides a set of commands that allow the mobile device to interact with the SIM card and access the data stored on the card. The SAT is a high-level programming language that is designed to be easy to use and understand.
How SIM Works
When a mobile device is turned on, it sends a request to the network operator to connect to the network. The network operator sends a challenge to the device, which is a random number that is generated by the network. The device then sends the challenge to the SIM card, which uses the SIM OS to generate a response.
The response is sent back to the mobile device, which sends it to the network operator. The network operator checks the response to ensure that it matches the challenge and grants access to the network if the response is correct. This process is known as authentication and is a critical security measure used to protect the network from unauthorized access.
Once the mobile device is authenticated, it can access the network and make calls, send text messages, and use data services. The mobile device communicates with the SIM card using the SAT, which allows the device to access the data stored on the card and perform various functions such as checking the available balance, changing the PIN, and updating the contact list.
SIM cards contain sensitive personal information, including the user’s phone number, name, and address. For this reason, SIM cards are designed with a range of security features to protect this information and prevent unauthorized access to the network.
The first line of defense in SIM security is the PIN, or Personal Identification Number. The PIN is a four- to eight-digit code that is used to authenticate the user and grant access to the SIM card. The PIN is stored on the SIM chip and is verified by the SIM OS when the user enters it on the mobile device. If the user enters an incorrect PIN three times, the SIM card is locked, and the user must enter a PUK, or Personal Unblocking Key, to unlock it.
The PUK is an eight-digit code that is provided by the network operator and is used to reset the PIN. If the user enters an incorrect PUK ten times, the SIM card is permanently locked, and the user must obtain a new SIM card.
In addition to the PIN and PUK, SIM cards also use encryption to protect the data stored on the card. Encryption is the process of encoding data to make it unreadable to anyone who does not have the key to decode it. SIM cards use a variety of encryption algorithms, including DES (Data Encryption Standard) and 3DES (Triple Data Encryption Standard), to protect the data stored on the card.
SIM cards also use a secure boot process to ensure that the SIM OS is not tampered with or replaced by malicious code. The secure boot process checks the integrity of the SIM OS at boot time and verifies that it has not been modified or replaced. If the SIM OS fails the integrity check, the SIM card will not be able to authenticate with the network, and the user will not be able to access the network.
Finally, SIM cards also use a range of other security features to protect against attacks and unauthorized access, including anti-cloning measures, anti-tampering measures, and secure messaging protocols.
In addition to their role as identification and authentication devices, SIM cards can also host a range of applications that provide additional services to the user. These applications are known as SIM applications or SIM applets and are installed on the SIM card by the network operator.
SIM applications can provide a range of services, including mobile banking, mobile payments, mobile ticketing, and mobile identification. SIM applications are designed to be lightweight and efficient, as they must run on the limited processing power and memory available on the SIM chip.
SIM applications are written in a special language called SIM Toolkit (STK), which is based on the Standard Commands for Programmable Instruments (SCPI) language. The STK language provides a set of commands that allow the SIM application to communicate with the mobile device and the network.
In recent years, a new type of SIM card called eSIM (embedded SIM) has emerged. eSIMs are built into the mobile device and do not require a physical SIM card to be inserted into the device.
eSIMs use the same security features as traditional SIM cards but are designed to be more flexible and easier to use. With eSIMs, users can switch between network operators without changing the physical SIM card, making it easier to switch between networks when traveling or when a better deal is available.
eSIMs are also being used in other devices, such as smartwatches and Internet of Things (IoT) devices, to provide connectivity without the need for a physical SIM card.
In conclusion, SIM cards are critical components of the mobile ecosystem, providing identification and authentication for mobile devices and access to mobile networks. SIM cards use a range of physical and logical security measures to protect the user’s personal information and prevent unauthorized access to the network.