A brief introduction to the SIM-cards
When somebody asks me a question “what kind of work do you do?" I answer, a "SIM-card software developer”, even well versed in software development people are often surprised. Many people think that the SIM-card is something like a flash drive.
In this article I will briefly tell you about the SIM-card (and smart cards in general), what for it is needed and what it has inside.
In fact, the SIM-card is an instance of a contact smart card with a microprocessor. It represents a fairly secure microcomputer with CPU, ROM (optional), RAM and NVRAM (which stands as a prototype of the hard drive in the PC) with hardware generators of random numbers and hardware implementation of cryptographic algorithms.
The structure of microprocessor smart card can be as:
Here is a little bit about the production
In order to understand the further material, I need briefly to explain the basic processes in the card production.
1. Microchip production
Maker: microchips maker (silicon vendor).
End product: a plate with microchips (wafer).
The microchips are manufactured by several companies, the most common are Samsung, ST Microelectronics, Infinion, SST etc.
Here is the reverse side of the module. The white rectangle in the center is the SIM-card microchip.
2. Assembling of modules
Maker: smart cards maker (card vendor).
End product: a tape with modules (microchip + pad).
The wafer is cut into microchips (often the wafer maker cuts into microchips), the microchips are mounted on the pads, then the contacts are being unsoldered and the microchip is filled with glue (see the previous photo of the reverse side of the module). All of this structure is called a "module".
3. Card production
Maker: card vendor.
End product: SIM-card.
The modules are taken from the tapes and mounted on a plastic bottom of card, then the file system and applications are downloaded, and a card is personalized - data loading, which is unique to each card (different IDs, keys, ICCID and PIN codes).
The SIM-cards are divided into 2 groups by type of memory used: cards that use the ROM and EEPROM, and cards that use the flash memory.
In the first type of cards the OS and soft applications are placed in the ROM by the microchip manufacturer (the first stage of production).Production cycle is very long in this case and the period between the release of the OS and the first shipment of microchips takes 2-3 months. EEPROM is used to load a file system (FS) and the applications by the card manufacturer.
In the case of the Flash cards the operating system, file system and applications are stored in the flash memory. Using flash allows loading of OS during the assembly of modules or the card production (stages 2 and 3). At this point cards that are using the flash memory, practically forced out the ROM from the market of SIM-cards. The flash microchips are cheaper and allow pretty easily making changes to the OS. Also, it is easier for the card manufacturer to plan the microchip orders, because they do not have to order microchips with the specific versions of the OS, and they just order the microchips with different sizes of memory, and the required operating system is loaded already for a specific customer or the provider. Since the purchase forecast for the microchips has usually been done only once a year, it greatly simplifies a planning.
Yes, I am not mistaken. The smart cards are divided into two large groups: native and javacard.
Software for native cards are being written in C language. The applications (if they are required by the manufacturer) are usually tightly integrated with the OS and loaded simultaneously with the OS on the card. To install any applications that are developed by another company to native card is not permissible. Additional functionality that is requested by the provider often has to be added in the OS code. The size of OS is fairly small (the SIM card of 10-20 Kbyte). Therefore, the native cards with a simple menu are currently being used in the low-cost segment.
In Java era, Sun Microsystems company has written javacard specifications. The idea of javacard was to make it possible to install the applications (applets) on the cards from the different manufacturers (and the different microchips). In 1996, the division of Smart Card Corporation Shlumberger (later, it was renamed as Axalto, and currently is Gemalto) introduced the first javacard. The idea is quite simple. In addition to the OS the card contains Java Virtual Machine. Developed application is compiled to byte code and loaded onto the card. In this case, the applications are loaded after OS loading (during the card production process), as if the card contains the Remote Applet Manager, javacard applet can be installed after the card was made through the SMS.
A developing language for javacard is trimmed Java itself. Trimmed java is much better than in J2ME. There are some primitives were left such as boolean, byte, short, and optionally supported int (it is used rarely, because it is not supported by the most manufacturers). There are not usual type classes as String (from java.lang were taken only Object, Throwable and a few Exceptions), there are missing multithreading and garbage collector. In my opinion javacard has some disadvantages, such as slow working speed and large memory requirements (such as RAM and EEPROM/Flash). Javacards are more expensive due to the use of more expensive microchips and the complex software structure.
They were often mentioned in the preceding text, but a person that is not familiar with the smart cards, it is not clear what the applications can be on the card.
First, the basic functionality of the card can be put in a separate application. For example, it can be SIM applet, which is written in java that implements all SIM functionality. Also, it maybe R-UIM application (R-UIM cards are used in CDMA networks). It might be a Visa or MasterCard application, which transforms the smart card into a bank card. In fact, the OS can include the memory control, input-output and JVM if java is being used. Moreover, if the manufacturer needs to make SIM-cards - SIM applet is loaded, if Visa - Visa application is loaded.
Second, there is a class of applications on the cards - microbrowsers. They are byte code interpreters for the construction of the SIM-menu. This is not a java byte code, but it is byte code that is readable for the installed browser. In this case, the menu is often developed in xml-like language, which is converted into byte code and loaded into the browser. At the moment, the most widely used browsers are [email protected] from Simalliance and WIB from Smarttrust. Both companies do not develop browsers, they write the specification and certify browsers that are writing on these specifications.
Third, it may be SIM menus, designed by java (without the use of browsers), or just some background applet. For example, it may be a monitoring applet that tracks what phone is being used. If you insert the card into the new phone, the SIM sends the IMEI of the new phone to a provider, and it sends settings wap/gprs for your model.
The SIM-cards have a file system, as well as on desktop computers. Files are 2 types: DF (Dedicated file - folder analogue) and EF (Elementary file - an analog of a regular file). The root DF file is called MF (Master File).
The SIM-card file system stores secret keys, address book, recent SMS, provider’s name, preferred roaming networks, forbidden network, etc. Naturally, there are levels of access to files. The keys often have NEVER as read access, which eliminates the possibility to be read from the outside.
What for it is all needed
SIM-menu and the other "non-system" applications are just value added services. The main objective of cards is the identification and authentication of the subscriber in the network.
In order do this the card has IMSI (International Mobile Subscriber Identity) that is a unique identifier for SIM-card and 128-bit key Ki.
Below is shown the authentication procedure in the GSM network and generation of a session key Kc.
The authentication is done by the algorithm A3, the generation of Kc - A8.
The Authentication Center (AuC) on the card authentication request generates 128-bit pseudo-random sequence RAND and sends it to SIM-card. Furthermore, knowing the card IMSI, AuC uses the key Ki that is attached to this IMSI, and RAND data as input to the algorithms A3 and A8. At the same time, the card produces the same authentication. The Authentication result of the algorithm A3 Signed Response (SRES) is sent to AuC by the card, where received SRES is compared with one on AuC. If the authentication results matched, then the authentication procedure is successfully completed. The key Kc that was received using the algorithm A8 will be used to encrypt the traffic between the phone and the network.
Clone card programs use vulnerability in an older version of the algorithm A8 (COMP128-1). At this point, the GSM networks are widely using COMP128-2 and COMP128-3. The vulnerability was found in 1999, but some GSM providers have not switched to the 2nd and 3rd algorithms (so far the vulnerabilities have not been found yet in 2nd and 3rd algorithms).
In this article I have tried quite briefly to explain you what the SIM-card is. I hope I did it. Almost all of the above except for the authentication procedure applies to the USIM cards that are being used in 3G networks (UMTS), and the R-UIM cards (CDMA network).
Java Card Technology
|Vote for this post
Bring it to the Main Page