Difference between revisions of "SIM Cards"

From Forensics Wiki
Jump to: navigation, search
(Moved some forensics stuff from "uses" to "forensics" section and merged it with what I had, also added "Referen)
(Edited technical details in forensics)
(2 intermediate revisions by one user not shown)
Line 51: Line 51:
 
There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics’ [http://www.paraben-forensics.com/catalog/product_info.php?products_id=289 SIM Card Seizure].<br /><br />
 
There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics’ [http://www.paraben-forensics.com/catalog/product_info.php?products_id=289 SIM Card Seizure].<br /><br />
 
These software titles can extract such technical data from the SIM card as:
 
These software titles can extract such technical data from the SIM card as:
* Integrated Circuit Card ID (ICCID)
+
* '''Integrated Circuit Card ID (ICCID)''': The serial number of the SIM card
* International Mobile Subscriber Identity (IMSI)
+
* '''International Mobile Subscriber Identity (IMSI)''': A unique identifying number that identifies the phone/subscription to the GSM network
* Mobile Country Code (MCC)
+
* '''Mobile Country Code (MCC)''': A three-digit code that represents the SIM card's country of origin
* Mobile Network Code (MNC)
+
* '''Mobile Network Code (MNC)''': A two-digit code that represents the SIM card's home network
* Mobile Subscriber Identification Number (MSIN)
+
* '''Mobile Subscriber Identification Number (MSIN)''': A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
* Mobile Subscriber International ISDN Number (MSISDN)
+
* '''Mobile Subscriber International ISDN Number (MSISDN)''': A number that identifies the phone number used by the headset
 +
 
 
This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.
 
This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.
 +
 +
==References==
 +
[http://www.sectorforensics.co.uk/sim-examination.shtml Sector Forensics]

Revision as of 16:25, 7 March 2006

Contents


A Typical SIM Card

SIM-Subscriber Identity Module

The terms SIM, smart card, and UICC have an unfortunate tendency to be used interchangeably. The UICC is hardware. A SIM is a software application. Generally speaking a smart card is a UICC running a SIM as well as possibly other applications.

SIM is actually just an application running on a smartcard. A given card could contain multiple SIM’s, allowing, for instance, a given phone to be used on multiple networks.

A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network. This allows the network to identify what sources the subscriber is entitled to, billing information, etc. A second category relates to the actual operation of the device. Information such as the last number called, or the length of the phone call can be stored. A third category of information is personalized information. Phonebooks or calendars fall into this category.

A SIM has three major purposes

  • Uniquely identify the subscriber
  • Determines phone number
  • Contains algorithms for network authentification

A Sim contains

  • 16 to 64 KB of memory
  • Processor
  • Operating System


Uses of SIMs

SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when there is a need or desire to provide different types or levels of service to many users who have different configurations.

The primary use of SIM cards in the United States is in cell phones. There are other uses as well. The US military issues smart cards as identification to its personnel. These cards are used to allow users to log into computers.

Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.

The SIM uses a hierarchically organized file system that stores names, phone numbers, received and sent text messages. It also contains the network configuration information. The SIM also allows for easy transporting of all information from one phone to another.

One downside to the use of SIM cards is the amount of thefts that occur. A person could steal a SIM card and use it for their own personal calls, which would be still on the original owners information log. This is becoming a problem in European countries with the theft of SIM cards.

SIM Security

There are two things that help secure the information located on your SIM. The PIN (Personal Identification Number) and the PUK (Personal Unlocking Code).

When PIN protection is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered. The PIN by default is at a standard default number and can be changed on the handset. If the PIN is entered incorrectly 3 times in a row the phone is locked and another code called the PUK is needed from the network provider.

If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or SMS messages. The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone. If the pin is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.

SIM Forensics

The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.
In general, some of this data can help an investigator determine:

  • Phone numbers of calls made/received
  • Contacts
  • SMS Details (time/date, recipient, etc.)
  • SMS Text (the message itself)

There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics’ SIM Card Seizure.

These software titles can extract such technical data from the SIM card as:

  • Integrated Circuit Card ID (ICCID): The serial number of the SIM card
  • International Mobile Subscriber Identity (IMSI): A unique identifying number that identifies the phone/subscription to the GSM network
  • Mobile Country Code (MCC): A three-digit code that represents the SIM card's country of origin
  • Mobile Network Code (MNC): A two-digit code that represents the SIM card's home network
  • Mobile Subscriber Identification Number (MSIN): A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
  • Mobile Subscriber International ISDN Number (MSISDN): A number that identifies the phone number used by the headset

This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.

References

Sector Forensics