What is a SIM?

When creating the GSM 11.11 protocol (where the specifics of SIMs are specified), much attention was paid to ISO 7816, the specifications for smart cards already in use worldwide. Smart cards and SIMs have much in common, and it is not wrong to consider that a SIM is simply a smart card cut down to size (indeed, it is not impossible to perform such an action with a sharp pair of cutters!). ISO 7816 identifies the size and shape of smart cards as being the well-known form of current credit cards, and while some SIM implementations keep this relationship (some Ericsson mobile handsets, for example) it is often considered impractical for the size of phones in common use today. Therefore, GSM 11.11 specifies a smaller physical size, without affecting the electrical properties, which remain ISO 7816 compatible.

 

The following diagram is taken from GSM 11.11, and shows the reduced size SIM in common use today:

 

 

In addition to the different physical size, there are a couple of other ways in which SIMs differ from ISO 7816:

 

Ø       More pressure on contacts (up to 0.5 Newton from 0.1 Newton)

Ø       3V

Ø       Variable clock speed (13/4MHz - 13/8MHz)

 

The basic specification from GSM 11.11 is expanded in GSM 11.14, allowing for more functionality from the SIM, which becomes known as a Phase 2+ or "proactive" SIM.

 

SIMs are made by the companies already well known in the smart card arena, such as Schlumberger, Gemplus, and Du Point, and then sold to telecom providers for distribution to their subscribers. While individual systems vary, most include a range of physical protection, including IR and vibration detectors to wipe content in the case of physical attack. If asked, the companies concerned with the making of these safeguards are not keen to publish details of the techniques behind them.

What is a Smart Card?

Having established that a SIM is just a smart card cut down to size (normally), it is useful to take a look at what a smart card is to understand why they are useful and how they can be used.

 

 

At its most basic level, a smart card is just a chip (processor or memory) embedded within a plastic shell, with a few contacts on the outside.

 

While not all smart cards have contacts (some use radio for communication), most of the communication details are the same, and SIM chips without contacts would make no sense at all at the current time.

 

While the card does indeed contain a computer, it is a very basic model by today's standards, as the next diagram illustrates:

 

 

The vital statistics are as follows:

 

Ø       8-bit processor

Ø       2-32kB flash memory

Ø       128-512B RAM (note the lack of 'k')

Ø       Programmed in assembler (but changing)

 

This makes the computer embedded in a smart card (and a SIM) very similar to a computer from 20 years ago. Anyone who remembers coding assembler on a BBC Micro or a Sinclair Spectrum will have no problem understanding how code is created on a SIM. (In fact, the processors from both these machines (6502 and Z80) have derivatives sometimes used in smart cards.)

 

Notice on the block diagram the presence of a dedicated cryptographic processor. This is common, and required on a GSM SIM, although the main processor is unlikely to have enough power to perform cryptographic functions. Also note that both the flash and RAM areas are split but accessible by both the processor and the cryptographic co-processor; this is an important security feature and means that private keys can be stored without being accessible in any way, except for use within the SIM.

Talking to the SIM

Communication between a SIM and a handset (or a computer, or anything else) is performed with basic commands known as ADPU (Application Data Programming Units). All communication is in hexadecimal.

 

The following example shows the construction of a typical smart card command, which has to follow this format:

Ø       Class of command

Ø       Command

Ø       First Parameter

Ø       Second Parameter

Ø       Third Parameter

Ø       Data

 

Listening to the SIM

 

The data is of unknown length, though the command should have a known response. The values of SW1 and SW2 should be 90, 00 respectively, though error conditions and certain commands may give different responses. Phase 2+ SIMs can also output 91, xx, to indicate that the SIM wishes to perform more communication.

Communication Example

 

This example shows a PIN number being presented to a smart card (or SIM) for validation. Note that the PIN is actually 8 bytes long, with the final 4 being padded. The PIN used is "8800", which is shown in ASCII, and the response is 90, 00, showing that the command was successful.