Since the time GSM (Global System for Mobile communications) communication system has been designed and deployed, great efforts have been made to improve its functions including security. Nowadays, the security of mobile networks at the user level is mainly established through the SIM (Subscriber Identity Module) card. Therefore, at first, introduction of SIM card technology into the GSM system raises the security level of GSM greatly. Basically, the security in the SIM card is implemented to prevent unauthorized accessing. This is achieved by using authentication for protection of the network operators and the interests of users.

Security in SIM Cards

From the security perspective, a SIM card contains security authentication and ciphering information, in addition to two passwords (regular PIN and unblocking PUK). We will deal with the PIN lock and PUK in the later section of this article.

In this article, we will deal with the functional security system built into the SIM card and the security features in a SIM card which are provided by the mobile operators. Broadly, the security in SIM cards can be divided into two parts. One, that is built into the SIM card i.e. security features found in the firmware (authentication, encryption etc.) and the other is the security features offered by the mobile operators which is PIN, PUK, etc., in which the user has the option to enable/disable the security features from the mobile network perspective.

PIN Lock

Network based security or at the user level security, the SIM card offers users to lock their SIM card using PIN (Personal Identity Number) and PIN2 features. PIN is a 4 digit access code which can be used for user privacy and to secure your mobile phone from misuse in case of theft. The PIN2 is a 4 digit access code used to access the priority number memory and cost of calls.

For securing your SIM card and mobile phone, ensure that you always enable the PIN lock feature on your SIM card and mobile phone. These features require that you enter a PIN code before you can begin using your phone or your SIM card. See your phone's user manual to find out more about these features. Mobile phone users should note that not all models of phone may provide a PIN feature for locking access to the handset, however all SIM cards support a SIM lock PIN feature that can be accessed via the handset.

Personal Unblocking Code

A Personal Unblocking Code (PUC) or Personal Unblocking Key (PUK) is used in GSM mobile phones to unblock a blocked SIM card. After switching on the phone, if the PIN security function is not switched off, the user is requested to enter a 4 digit PIN enabling the phone's non-emergency calling functions. If the wrong PIN is typed in more than three times, either the SIM card, the device or both become locked. They can be reverted to their original unlocked state by entering a PUC, provided by the service operator through verification. If the wrong PUC is entered ten times in a row, the device will become permanently blocked and unrecoverable, requiring a new SIM card for the user. Mobile phone users are therefore advised by most service providers to keep their PUC written down in a safe place separate from the device.

SIM Lock

A SIM lock, simlock, network lock or subsidy lock is a capability built into GSM phones by mobile phone manufacturers. Network providers use this capability to restrict the use of these phones to specific countries and network providers. Currently, phones can be locked to accept only SIM cards from one or more of the following:

• Countries (the phone will work in one country, but not in another country.)

• Network/Service providers (e.g. AT&T Mobility, Vodafone, etc.)

• SIM types (i.e. only specific SIM cards can be used with the mobile phone handset).

In most countries, most mobile phones are shipped with country and/or network provider locks. In addition, these locked phones tend to have firmware installed on them which is specific to the network provider. For example, if you have a Vodafone or Telstra branded phone in Australia, it displays the relevant logo and may only support features provided by that network (e.g. Vodafone Live!). This firmware is installed by the service provider and is separate from the locking mechanism.

Most mobile phones can be unlocked to work with any GSM, such as O2 or Orange (in the UK), but the phone may still display the original branding and may not support features of your new carrier.

SIM Unlocking technology

A handset can be unlocked by entering a special code, or in some cases, over-the-air by the carrier. Typically, a locked phone will display a message if a restricted SIM is used, requesting the unlock code. For example, on the Sony Ericsson T610 mobile phone, "Insert correct SIM card" will appear on the phone's display if the wrong SIM is used. Once a valid unlocking code is entered, the phone will display "Network unlocked". In some cases, the phone will simply display a message explaining that it is locked. This is especially the case with handsets provided by AT&T Mobility in the U.S.

The code required to remove all SIM locks from a phone is called the master code or network code key. The unlock code is verified by the phone itself, and is either stored in a database or calculated using an obscure mathematical formula by the provider. To unlock a SIM locked phone you need to contact the mobile operator who provided the phone.

Enhancing SIM Unblock Technology

The algorithms used in earlier Nokia brand phones based on IMEI (International Mobile Equipment Identity) and MCC (Mobile Country Codes) code have been reverse engineered, stolen or leaked, resulting in many people offering Nokia unlock codes for free or for a fee. Newer Nokia phones have more robust encoding algorithms and permit fewer attempts at unlocking and are not unlockable by the free unlocking programs which are available from the net.

Many other manufacturers have taken a more cautious approach, and embed a random number in the handset's firmware that is only retained by the network on whose behalf the lock was applied. Such phones can often still be unlocked, but need to be connected to special test equipment that will rewrite that part of its firmware where the lock status is kept.

Most phones have security measures built in their software that prevent users from entering the unlock code too many times, usually four. After that the phone becomes "hard-locked" and special unlocking equipment has to be used in order to unlock it.

Alternative Unlocking Technologies

Apart from the usual method of contacting mobile operators to unlock a SIM card, several companies and begun to offer an e-mail unlocking service. This service requires that the individual who wishes to unlock their phone email their IMEI number, which is usually displayed by any terminal upon entering *#06#, to the company. The company will then process this IMEI number and email back an unlock code and instructions. Input the unlock code and the phone is unlocked. These email services are usually the most efficient as it is the same method most retail stores will offer. However there are several fake random number generators available, so you must be careful, there are only a few older Nokia handsets that can be done using this method. Newer handsets have random unlock codes which are generated at random with no order, the code is then stored in a database by the network or the manufacturer, thus these handsets can only be unlocked via code provided by the network or professional unlocking equipment physically connected to the handset.

Unlocking a phone without the permission or unlocking code from the provider is usually in breach of the agreement with the provider, though most countries do not make specific laws prohibiting the removal of SIM locks. In the United States the DMCA (Digital Millennium Copyright Act) formerly was claimed to criminalize unlocking. However, an exemption that took effect 27 November 2006 specifically permits it, and will expire in three years but it can be renewed after that. The exemption only applies to the actual unlocking, not to providing an unlocking device or service.

Cryptographic Algorithms

Coming to the technical aspects of security, in this session we will get familiar with the various cryptographic algorithms and secret keys present in SIM card. The most sensitive information of SIM card is the cryptographic algorithms A3, A8, secret Ki (authentication key), Kc (cipher Key), PIN and PUK.

The A3, A8 algorithms are written into the SIM card by the continuous process and due to this most people cannot read the A3, A8 algorithm. The PUK code is held by the mobile operator and Kc is derived in the process of encryption from Ki.

This clause defines the security attributes to be supported by the SIM, which are:
- authentication algorithm (A3);
- subscriber authentication key (Ki);
- cipher key generation algorithm (A8);
- cipher key (Kc);
- control of access to data stored, and functions performed, in the SIM.

An algorithm A38 may perform the combined functions of A3 and A8. For security purpose, all reasonable steps have been taken to ensure that the algorithms (A3 and A8) and subscriber authentication key (Ki) cannot be read, altered, manipulated or bypassed in such a way as to reveal secret information.

Authentication key (Ki)

The Ki is a 128-bit value used in authenticating the SIMs on the mobile network. Each SIM holds a unique Ki assigned to it by the operator during the personalization process. The Ki is also stored on a database (known as Authentication Center or AuC) on the carrier’s network.

The SIM card is designed not to allow the Ki to be obtained using the smart-card interface. Instead, the SIM card provides a function, "RUN GSM ALGORITHM", that allows the phone to pass data to the SIM card to be signed with the Ki. This, by design, makes usage of the SIM card mandatory unless the Ki can be extracted from the SIM card, or the carrier is willing to reveal the Ki. In practice, the GSM "crypto" algorithm for computing SRES_2 (see step 4, below in the Authentication process) from the Ki has certain vulnerabilities which can allow the extraction of the Ki from a SIM card and the making of a duplicate SIM card.

Authentication process

1. When the Mobile Equipment starts up, it obtains the IMSI (International Mobile Subscriber Identity) from the SIM card, and passes this to the mobile operator requesting access and authentication. The Mobile Equipment may have to pass a PIN to the SIM card before the SIM card will reveal this information.

2. The operator network searches its database for the incoming IMSI and its associated Ki.

3. The operator network then generates a Random Number (RAND) and signs it with the Ki associated with the IMSI (and stored on the SIM card), computing another number known as Signed Response (SRES_1).

4. The operator network then sends the RAND to the Mobile Equipment, which passes it to the SIM card. The SIM card signs it with its Ki, producing SRES_2 which it gives to the Mobile Equipment along with encryption key Kc. The Mobile Equipment passes SRES_2 on to the operator network.

5. The operator network then compares its computed SRES_1 with the computed SRES_2 that the Mobile Equipment returned. If the two numbers match the SIM is authenticated and the Mobile Equipment is granted access to the operator's network. Kc is used to encrypt all further communications between the Mobile Equipment and the network.

Functional Process of Authentication

Authentication involves two functional entities:

• The SIM Card in mobile device

• The Authentication Center (AC)

Each subscriber has a secret key, one copy of which is stored in the SIM card and the other is stored in the AC. During authentication, AC generates a random number that sends to the mobile. Both mobile and AC use the random number, in conjunction with subscriber's secret key and a ciphering algorithm called A3, to generate a number that is sent back to the AC. If number sent by mobile matches number calculated by AC, then subscriber is authenticated. A list of IMEIs in the network is stored in the Equipment Identity Register (EIR).

The status returned in response to an IMEI query to the EIR is one of the following:

• White-listed: Terminal is allowed to connect to the network.

• Grey-listed: Under observation from the network, possible problems.

• Black-listed: Terminal has either been reported as stolen, or it is not type approved (the correct type of terminal for a GSM network). The terminal is not allowed to connect to the network.

Encryption

Encryption is done using a stream cipher known as A5 algorithm. It has multiple versions with various levels of encryption.

• A5/0: no encryption.

• A5/1: original A5 algorithm used in Europe.

• A5/2: weaker encryption algorithm created for export, in removal.

• A5/3: strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP).

Stream cipher is initialized with the Session Key (Kc) and the number of each frame. The same Kc is used throughout the call, but the 22-bit frame number changes during the call, thus generating a unique key stream for every frame. The same Session Key (Kc) is used as long as the Mobile services Switching Center (MSC) does not authenticate the Mobile Station again. The same Session Key (Kc) may be in use for days. Authentication is an optional procedure in the beginning of a call, but it is usually not performed. The A5 algorithm is implemented in the Mobile Station (MS).

SIM Cloning

Having discussed the technical aspects of security in a SIM card, let’s understand the security challenges from the new age cellular hackers in SIM card. One such challenge is the SIM card cloning.

SIM cloning consists of duplicating the SIM card, which allows calls or other services to use the identification of the cloned SIM and to be charged to that account. In the early 1990s, due to poor security, cloning was more common than it is today. Cloning has now been rendered more challenging technically, since physical access to the SIM card is now required, contrary to simply being within radio reach. The SIM cards now perform security operations themselves on data buried within them. SIM cloning is a great concern to security and police officials since it renders GSM location-based service (LBS) unreliable when more than one handset uses the same SIM.

A realistic time for extracting the Ki from a SIM card is approximately 4 to 8 hours. There is 40% probability of damaging the card in the process. Additionally, the attacker must have pre-knowledge of the SIM card's PIN. A user of Woron Scan v1.05 has claimed scans in under 5 minutes. Since that time, Woron Scan 1.09 has been released. An implementation in an FPGA (Field Programmable Gate Array) would allow IMSI (International Mobile Subscriber Identity) and Authentication key (Ki) extraction in seconds if the algorithm scales similarly to DES (Data Encryption Standard).

Cracking Ki by overhearing radio GSM traffic is difficult but not impossible (although illegal in the United States). In many countries GSM traffic is not encrypted, thus it is possible by using proper equipments (a computer-based radio scanner (e.g. Universal Software Radio Peripheral - USRP and proper software).

The security has been improved with the newer generation of SIM cards to be used with 3GSM networks, known as USIMs (Universal SIMs). The new specification implements a new publicly announced algorithm (the KASUMI algorithm).

A Brief Conclusion

Security issues are important from both the end-user as well as from the service provider perspective. The security aspects of SIM card have successfully stood the test of time and the SIM card security is susceptible to certain attacks. However, with high costs involved to patch SIM cards globally, service providers ignore the threats.

The next new mobile system should be much faster and safer than the present GSM system. It is speculated that UMTS (Universal Mobile Telecommunications System) will be used commonly instead of GSM in the very near future.

—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore. He is also an Independent Researcher, specializing in Software Security. He has an active interest in designing security algorithms for securing softwares. He can reached at infosecurity@fanaticmedia.com