SIM Cards

From ForensicsWiki
Revision as of 09:30, 2 May 2006 by Thuser (Talk | contribs)

Jump to: navigation, search
A typical SIM card.

SIM-Subscriber Identity Module

The terms SIM, smart card, and UICC have an unfortunate tendency to be used interchangeably. The UICC is hardware. A SIM is a software application. Generally speaking, a smart card is a UICC running a SIM as well as possibly other applications.

SIM is actually just an application running on a smartcard. A given card could contain multiple SIMs, allowing, for instance, a given phone to be used on multiple networks.

A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network. This allows the network to identify what sources the subscriber is entitled to, billing information, etc. A second category relates to the actual operation of the device. Information such as the last number called, or the length of the phone call can be stored. A third category of information is personalized information. Phonebooks or calendars fall into this category.

A SIM has three major purposes:

  • Uniquely identify the subscriber
  • Determines phone number
  • Contains algorithms for network authentication

A SIM contains:

It should be noted that the 16 to 64KB memory limit can be thought of a rule of thumb. The recent trend has been to produce SIM cards with larger storage capacities, ranging from 512MB up to M-Systems' 1GB SIM Card slated for release in late 2006.

Uses of SIMs

SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when there is a need or desire to provide different types or levels of service to many users who have different configurations.

The primary use of SIM cards in the United States is in cell phones. There are other uses as well. The US military issues smart cards as identification to its personnel. These cards are used to allow users to log into computers.

Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.

The SIM uses a hierarchically organized file system that stores names, phone numbers, received and sent text messages. It also contains the network configuration information. The SIM also allows for easy transporting of all information from one phone to another.

One downside to the use of SIM cards is the amount of thefts that occur. A person could steal a SIM card and use it for their own personal calls, which would be still on the original owner's information log. This is becoming a problem in European countries with the theft of SIM cards.

SIM Security

There are two things that help secure the information located on your SIM. The PIN (Personal Identification Number) and the PUK (Personal Unlocking Code).

When PIN protection is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered. The PIN by default is at a standard default number and can be changed on the handset.

If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or SMS messages. The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone. If the PIN is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.

SIM Forensics

The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.

In general, some of this data can help an investigator determine:

  • Phone numbers of calls made/received
  • Contacts
  • SMS details (time/date, recipient, etc.)
  • SMS text (the message itself)

There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics' SIM Card Seizure. Another example is SIMCon, or SIM Content Controller. Although it is sold commercialy, the software is offered free of charge to law enforcement agencies.

These software titles can extract such technical data from the SIM card as:

  • International Mobile Subscriber Identity (IMSI): A unique identifying number that identifies the phone/subscription to the GSM network
  • Mobile Country Code (MCC): A three-digit code that represents the SIM card's country of origin
  • Mobile Network Code (MNC): A two-digit code that represents the SIM card's home network
  • Mobile Subscriber Identification Number (MSIN): A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
  • Mobile Subscriber International ISDN Number (MSISDN): A number that identifies the phone number used by the headset
  • Abbreviated Dialing Numbers (ADN):basic Phonebook entries
  • Last Dialed Numbers (LDN)
  • Short Message Service (SMS):Text Messages
  • Public Land Mobile Network (PLMN) selector
  • Forbidden PLMNs, Location Information (LOCI)
  • General Packet Radio Service (GPRS) location
  • Integrated Circuit Card Identifier (ICCID)
  • Service Provider Name (SPN)
  • Phase Identification
  • SIM Service Table (SST)
  • Language Preference (LP)
  • Card Holder Verification (CHV1) and (CHV2)
  • Broadcast Control Channels (BCCH)
  • Ciphering Key (Kc)
  • Ciphering Key Sequence Number
  • Emergency Call Code
  • Fixed Dialing Numbers (FDN)
  • Forbidden PLMNs
  • Local Area Identitity (LAI)
  • Own Dialing Number
  • Temporary Mobile Subscriber Identity (TMSI)
  • Routing Area Identifier (RIA) netowrk code
  • Service Dialing Numbers (SDNs)
  • Service Provider Name
  • Depersonalizatoin Keys

This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.

Service Provider Data

Some additional information the service provider might store:

Sim Card Text Encoding

Originally the middle-European GSM network used only a 7-bit code derived from the basic ASCII code. However as GSM spread worldwide it was concluded that more characters, such as the major characters of all living languages, should be able to be represented on GSM phones. Thus, there was a movement towards a 16-bit code known as UCS-2 which is now the standard in GSM text encoding. This change in encoding can make it more iddficult to accurately abtain data form SIMs of the older generation which use the 7-bit encoding. This encoding is used to compress the hexadecimal size of certain elements of the SIMs data, particularly in SMS and Abbreviated Dialing Numbers.

References