Identity modules (commonly known as SIM cards) are synonymous with mobile devices that interoperate with GSM cellular networks. Under the GSM framework, a mobile device is referred to as a Mobile Station. It is partitioned into two distinct components: the Universal Integrated Circuit Card (UICC) and the Mobile Equipment (ME). A UICC, commonly referred to as an identity module (e.g., Subscriber Identity Module [SIM], Universal Subscriber Identity Module [USIM], CDMA Subscriber Identity Module [CSIM]), is a removable component that contains essential information about the subscriber. The ME and the radio handset portion cannot fully function without a UICC. The UICC’s main purpose entails authenticating the mobile device user to the network providing access to subscribed services. The UICC also offers storage for personal information, such as phonebook entries, text messages, last numbers dialed (LND), and service-related information.
The UICC partitioning of a mobile device stipulated in the GSM standards has brought portability. Moving a UICC between compatible mobile devices automatically transfers the subscriber’s identity and associated information (e.g., SMS messages and contacts) and capabilities. In contrast, 2G and 3G CDMA mobile devices generally do not contain a UICC card. Analogous UICC functionality is instead directly incorporated within the device. However, newer CDMA (i.e., 4G/LTE) devices may employ a CDMA Subscriber Identity Module (CSIM) application running on a UICC.
A UICC can contain up to three applications: SIM, USIM, and CSIM. UICCs used in GSM and UMTS mobile devices use the SIM and UMTS SIM (USIM) applications, while CDMA devices use the CSIM application. A UICC with all three applications provides users with additional portability by removing the UICC from one mobile device and inserting it into another. Because the SIM application was originally synonymous with the physical card itself, SIM is often used to refer to the physical card in place of UICC. Similarly, USIM and CSIM can refer to both the physical card and the respective applications supported on the UICC.
At its core, a UICC is a special type of smart card that typically contains a processor and between 16 to 128 KB of persistent electronically erasable, programmable read-only memory (EEPROM). It also includes RAM for program execution and ROM for the operating system, user authentication, data encryption algorithms, and other applications. The UICC’s file system resides in persistent memory and stores data such as phonebook entries, text messages, last numbers dialed (LND), and service-related information. Depending on the mobile device used, some information managed by applications on the UICC may coexist in the mobile device’s memory. Information may also reside entirely in the mobile device’s memory instead of available memory reserved for it in the file system of the UICC.
The UICC operating system controls access to elements of the file system. Actions such as reading or updating may be permitted or denied unconditionally or allowed conditionally with certain access rights, depending on the application. Rights are assigned to a subscriber through 4-8 digit Personal Identification Number (PIN) codes. PINs protect core subscriber-related data and certain optional data.
A preset number of attempts (usually three) are allowed for providing the correct PIN code to the UICC before further attempts are blocked completely, rendering communications inoperative. Only by providing a correct PIN Unblocking Key (PUK) may the PIN value and its counter be reset on the UICC. If the number of attempts to enter the correct PUK value exceeds a set limit, normally ten, the card becomes blocked permanently. The PUK for a UICC may be obtained from the service provider or network operator by providing the identifier of the UICC (i.e., Integrated Circuit Chip Identifier or ICCID). The ICCID is normally imprinted on the front of UICC but may also be read from an element of the file system.
UICCs are available in three different size formats. They are Mini-SIM (2FF), Micro SIM (3FF), and Nano-SIM (4FF). The Mini-SIM, with a width of 25 mm, a height of 15 mm, and a thickness of .76 mm, is roughly the footprint of a postage stamp and is currently the most common format used worldwide. Micro (12mm x 15mm x .76mm) and Nano (8.8mm x 12.3mm x .67mm) SIMs are found in newer mobile devices (e.g., iPhone 5 uses the 4FF).
Though similar in dimension to a miniSD removable memory card, UICCs follow different specifications with vastly different characteristics. For example, their pin connectors are not aligned along the bottom edge as with removable media cards. Instead, they form a contact pad integral to the smart card chip embedded in a plastic frame, as shown in Figure 2. UICCs also employ a broad range of tamper resistance techniques to protect the information they contain.
The UICC will be found in the same compartment either above, beside, or beneath the phone’s battery with a removable back and removable battery. The phones without removable backs will have a SIM card tray on the side of the top of the device. All iPhones will have an IMEI number on the SIM tray. When a UICC is inserted into a mobile device handset, and pin contact is made, a serial interface is used for communicating between them.
In most cases, the UICC should be removed from the handset first and read using a Personal Computer/Smart Card (PC/SC) reader. Removal of the UICC allows the examiner to read additional data that may be recovered (e.g., deleted text messages).
Authenticating a device to a network securely is a vital function performed via the UICC. Cryptographic key information and algorithms within the tamper-resistant module provide the means for the device to participate in a challenge-response dialogue with the network and respond correctly, without exposing key material and other information needed to clone the UICC gain access to a subscriber’s services. Cryptographic key information in the UICC also supports stream cipher encryption to protect against eavesdropping on the air interface.
A UICC is similar to a mobile device. It has both volatile and non-volatile memory containing the same general categories of data as found in a mobile device. It can be thought of as a trusted sub-processor that interfaces to a device and draws power. The file system resides in the non-volatile memory of a UICC and is organized as a hierarchical tree structure.
For example, the SIM applications file system is composed of three types of elements: the root of the file system (MF), subordinate directory files (DF), and files containing elementary data
(EF). Figure 3 illustrates the structure of the file system. The EFs under DF contain mainly network-related information for different frequency bands of operation. The EFs under DF contains service-related information.
Various types of digital evidence may exist in elementary data files scattered throughout the file system and be recovered from a UICC. Some of the same information held in the UICC may be maintained in the mobile device’s memory and encountered there as well. Besides the standard files defined in the GSM specifications, a UICC may contain non-standard files established by the network operator. Several general categories of data that may be found in standard elementary data files of a UICC are as follows:
- Service-related Information including unique identifiers for the UICC, the Integrated Circuit Card Identification (ICCID), and the International Mobile Subscriber Identity (IMSI)
- Phonebook and call Information known respectively as the Abbreviated Dialing Numbers (ADN) and Last Numbers Dialed (LND)
- Messaging Information including both Short Message Service (SMS) text messages and Enhanced Messaging Service (EMS) simple multimedia messages
- The USIM application supports the storage of links to incoming (EFICI) and outgoing (EFOCI) calls. The EFICI and EFOCI are each stored using two bytes. The first byte points to a specific phone book, and the second points to an abbreviated dialing number (EFADN) entry3
- Location information, including Location Area Information (LAI) for voice communications and Routing Area Information (RAI) for data communications.