0:00:19.280,0:00:26.450
Herald: So our next talk is "SIM card[br]technology from A to Z" and it's an in-

0:00:26.450,0:00:34.810
depth introduction of SIM card technology[br]that not a lot of people know much about.

0:00:34.810,0:00:44.120
And our speaker, Harold, LeForge, as he's[br]better known, is the founder of the Open

0:00:44.120,0:00:49.790
Source Mobile Communications Project. He[br]is also a Linux kernel hacker. He has a

0:00:49.790,0:00:53.850
very long and impressive bio; and a[br]Wikipedia page.

0:00:53.850,0:00:58.990
Harald (speaker): just means I'm old.[br]Herald: So Harald Welte, please give him a

0:00:58.990,0:01:03.600
round of applause.[br]<i>Applause</i>

0:01:03.600,0:01:13.060
Herald: All yours.[br]Harald (speaker): Thanks a lot for the

0:01:13.060,0:01:19.350
introduction. As you can see on the title[br]slide, I actually had to change the title

0:01:19.350,0:01:23.170
slightly, because I couldn't find a single[br]acronym related to SIM cards that starts

0:01:23.170,0:01:27.689
with z, so now it's from a to x, not from[br]a to z anymore - the SIM card

0:01:27.689,0:01:32.280
introduction. So the SIM card technology[br]from A(PDU) to X(RES) which are two

0:01:32.280,0:01:38.659
acronyms in the context of SIM cards which[br]we might get into or not. So, what are we

0:01:38.659,0:01:44.390
going to talk about in the next 45 or so[br]minutes? What are the relevant

0:01:44.390,0:01:49.070
specifications and specification bodies?[br]What kind of interfaces and protocols

0:01:49.070,0:01:53.979
relate to SIM cards? We're going to talk[br]about the filesystem that exists in such

0:01:53.979,0:02:00.810
SIM cards, as well as the evolution of SIM[br]cards from 2G to 5G. So that's basically

0:02:00.810,0:02:10.900
from what, 91 to 19, er 2018. We will talk[br]about SIM Toolkit, Over The Air, a little

0:02:10.900,0:02:16.810
about about how to eSIMS as well, the[br]embedded SIMs. Introduction about myself

0:02:16.810,0:02:23.900
was already given. So, yeah, people[br]complained sometimes that my slides are

0:02:23.900,0:02:27.670
full of text and I need more diagrams. So[br]I tried to improve.

0:02:27.670,0:02:33.450
<i>laughter from the audience</i>[br]<i>Harald laughs</i>

0:02:33.450,0:02:38.810
<i>Applause</i>[br]Harald: So this is actually, at one night

0:02:38.810,0:02:43.010
I thought, OK, let's actually try to[br]create a DOTTY graph of all the specs and

0:02:43.010,0:02:46.950
how they cross reference each other. And[br]this is what I've come up with and this is

0:02:46.950,0:02:51.390
only the SIM card relevant specs, not out[br]of context, other specs that they may

0:02:51.390,0:02:57.730
refer to. So, yes, it's an interesting[br]graph. The arrangement was done

0:02:57.730,0:03:03.240
automatically by DOTTY. So don't complain[br]to me about that. Yeah.

0:03:03.240,0:03:09.060
Nevertheless, I will switch back to text[br]and we will look at what kind of

0:03:09.060,0:03:15.100
specifications there are and spec bodies.[br]So. Most importantly, probably about any

0:03:15.100,0:03:20.010
kind of chip card technology. We have the[br]ISO, the International Standardization

0:03:20.010,0:03:26.310
Organization, which has a series of[br]specifications about what they call ICCs,

0:03:26.310,0:03:31.771
which is integrated circuit cards. We also[br]have the ITU, the International

0:03:31.771,0:03:36.370
Telecommunication Union, which has a[br]series of specs related to telecom charge

0:03:36.370,0:03:42.160
cards. The title implies, that this is[br]things that came before SIM cards. So we

0:03:42.160,0:03:47.500
talk about the cards you put into pay[br]phones and things like that in the 80s.

0:03:47.500,0:03:53.440
There is of course, the 3G. Oh, sorry,[br]there is of course ETSI, the European

0:03:53.440,0:03:58.620
Telecommunication Standardization[br]Institute, which is the entity where GSM

0:03:58.620,0:04:08.310
was originally specified. GSM being the[br]first digital telephony system that used

0:04:08.310,0:04:10.891
SIM cards.[br]The best of my knowledge, at least not a

0:04:10.891,0:04:17.180
historian though. There's a 3GPP, the[br]Third Generation Partnership Project,

0:04:17.180,0:04:22.890
which is where the GSM specs have been[br]handed over to. In the preparation of the

0:04:22.890,0:04:27.389
3G specification process, because ETSI is[br]a European entity and Chinese companies,

0:04:27.389,0:04:31.250
for example, or Chinese government cannot[br]participate there, or Americans even, to

0:04:31.250,0:04:35.169
the extent that European companies can do.[br]So it was lifted to an international new

0:04:35.169,0:04:39.920
group called the Third Generation[br]Partnership Project. And they of course

0:04:39.920,0:04:44.091
inherited all the SIM card related[br]specifications. And then we have like non-

0:04:44.091,0:04:51.370
telecom standardization entities such as[br]the Global Platform Card Specification.

0:04:51.370,0:04:59.680
That's Global Platform is a body that[br]specifies lots of aspects around Java

0:04:59.680,0:05:04.500
cards, specifically around to applet[br]management, installation and so on Java

0:05:04.500,0:05:08.460
cards, which brings us to the next entity,[br]which is not really a standardization

0:05:08.460,0:05:12.380
body, but it's a private company that used[br]to be called Sun and now it's part of

0:05:12.380,0:05:18.040
Oracle, which defined the Java Card API[br]runtime and the virtual machine of Java

0:05:18.040,0:05:20.780
cards.[br]And last but not least, we have the GSM

0:05:20.780,0:05:25.940
Association, which is the vendor club of[br]the operators. That doesn't really have to

0:05:25.940,0:05:33.460
do that much with SIM cards until the[br]eSIM, where then suddenly a GSM A plays a

0:05:33.460,0:05:39.560
big role in the related specs and[br]technology. So talking about these

0:05:39.560,0:05:46.320
standardization bodies. What is the SIM,[br]actually? The SIM is the Subscriber

0:05:46.320,0:05:52.740
Identity Module. I mean probably anyone in[br]here has one, likely more or at least has

0:05:52.740,0:05:58.690
had. It's quite ubiquitous. Every device[br]with cellular connectivity during the last

0:05:58.690,0:06:05.450
whatever 20 or so years has a SIM, whether[br]it's an actual card or whether it's

0:06:05.450,0:06:11.490
soldered in these days. SIM card hacking[br]has a tradition in the CCC since at least

0:06:11.490,0:06:16.270
1998.[br]I'm not sure how many people remember:

0:06:16.270,0:06:23.190
there was the Vodafone Germany SIM card[br]cloning attack back then. It was in

0:06:23.190,0:06:32.800
German. It was titled "Von d2 privat zu D2[br]pirat". And that was an attack that used

0:06:32.800,0:06:38.919
weaknesses and sort of brute forcing[br]against the authentication mechanism to

0:06:38.919,0:06:44.460
recover the secret key, which is stored in[br]the card. And then you could clone SIM

0:06:44.460,0:06:47.650
cards back then.[br]That was then fixed in subsequent

0:06:47.650,0:06:54.090
technology generations. And also around[br]that time you can find on the FTP server

0:06:54.090,0:07:01.990
of the CCC a SIM card simulator written in[br]Turbo C using a season card. I'm not sure

0:07:01.990,0:07:06.270
how many people remember season cards.[br]These were cards people used in the

0:07:06.270,0:07:12.990
context of cracking satellite TV[br]encryption. Yeah, so. Meanwhile, of

0:07:12.990,0:07:17.560
course, the SIM technology stack has[br]increased and the complexity has increased

0:07:17.560,0:07:22.230
like probably in any kind of technology.[br]So let's recap, basically from the

0:07:22.230,0:07:28.551
beginning to today what SIM cards are and[br]what they do in some degree of detail. If

0:07:28.551,0:07:34.400
we start historically with SIM cards,[br]actually the predecessor to the SIM cards

0:07:34.400,0:07:40.139
that we know, is the chip card used in the[br]C-Netz, which is an analog telephony

0:07:40.139,0:07:45.580
system that used to operate in Germany.[br]There's actually an open source

0:07:45.580,0:07:48.199
implementation these days as part of[br]Osmocom-Analog.

0:07:48.199,0:07:54.050
If you're interested in that, do check out[br]a jolly at the vintage and retro

0:07:54.050,0:08:01.570
computing area. And before 1988, they only[br]had a magnetic stripe cards, but in 1988

0:08:01.570,0:08:09.070
they introduced integrated circuit cards[br]in this analog telephony system and in GSM

0:08:09.070,0:08:14.199
it was a chip card from the beginning. The[br]concept of the SIM card means you store

0:08:14.199,0:08:19.199
the identity of the subscriber outside of[br]the phone, which is very opposite to what

0:08:19.199,0:08:23.979
happened in the CDMA world in the US[br]around that time where it was basically

0:08:23.979,0:08:28.151
inside the phone itself. But having the[br]identity separate, of course, enables all

0:08:28.151,0:08:33.560
kinds of use cases that were relevant at[br]that time.

0:08:33.560,0:08:39.380
We will get to that to some extent. In[br]addition to the identity, and the identity

0:08:39.380,0:08:43.770
in this context means a cryptographic[br]identity, there are all kinds of network

0:08:43.770,0:08:48.620
related parameters that are stored in the[br]SIM card. Some of those are static,

0:08:48.620,0:08:54.540
meaning that they are provisioned or[br]written by the operator into the card, or

0:08:54.540,0:08:59.019
of course by the SIM card manufacturer on[br]behalf of the operator, but which are not

0:08:59.019,0:09:03.480
writable by the user that effect [br]access control classes, which

0:09:03.480,0:09:07.769
means like, are you a normal user or are[br]you an emergency service user which needs

0:09:07.769,0:09:11.779
higher priority to access the network,[br]things like that. And there are lots of

0:09:11.779,0:09:17.430
dynamic parameters on the card, and[br]dynamic means they get rewritten and

0:09:17.430,0:09:22.499
changed and modified and updated all the[br]time. That's for example, the TIMSI, the

0:09:22.499,0:09:27.369
temporary identity that gets allocated by[br]the network every so often. Also the

0:09:27.369,0:09:35.480
current actual air interface encryption[br]key like KC and its successors in modern

0:09:35.480,0:09:40.970
generation technology. So they get updated[br]and written all the time by the phone. And

0:09:40.970,0:09:45.410
some of the files are even updated and[br]written by users, at least traditionally

0:09:45.410,0:09:50.939
or historically, like the phone book and[br]the SMS that are stored on the card. It

0:09:50.939,0:09:56.730
was originally specified as a full credit[br]card sized cards and it was intended to be

0:09:56.730,0:10:01.029
used in radios in rental cars or company[br]shared cars.

0:10:01.029,0:10:06.339
So basically when you leave the car, you[br]would remove your SIM card, the full sized

0:10:06.339,0:10:12.550
credit card sized card and somebody else[br]would put their card in. And allegedly

0:10:12.550,0:10:17.560
there even were, I think, public GSM[br]phones installed in German trains where

0:10:17.560,0:10:21.179
you could plug in a SIM card or something[br]like that. But I personally haven't

0:10:21.179,0:10:28.259
witnessed that, since I was ignorant at[br]that time, apparently, of that fact. So,

0:10:28.259,0:10:35.660
let's get to the mother of all smartcard[br]specs, which is in German DIN EN ISO/IEC 7816

0:10:35.660,0:10:43.670
or short just ISO 7816 and maybe an[br]anecdote how these specs come around. So

0:10:43.670,0:10:50.319
there's the ISO that specifies a certain[br]spec, it gets an ISO number and then EN,

0:10:50.319,0:10:55.570
the European norm, whatever body, comes[br]around and says, "oh, we will elevate this

0:10:55.570,0:11:00.089
international spec into a European[br]standard". And they put an EN in front.

0:11:00.089,0:11:04.350
And then DIN, the German standard body,[br]comes around, says, oh, we will elevate

0:11:04.350,0:11:10.360
this European norm into a German norm and[br]we will put a DIN in front. So now in

0:11:10.360,0:11:14.639
Germany, we have DIN EN ISO/IEC 7816.[br]And if you get the actual copy from DIN

0:11:14.639,0:11:20.249
it's quite funny. I didn't don't have it[br]here, but actually you get a one page

0:11:20.249,0:11:25.339
additional paper on top, which translates[br]the key technical phrases from English to

0:11:25.339,0:11:30.309
German. And that's the added value that[br]you get from it become. Sorry. I mean,

0:11:30.309,0:11:34.639
it's just hilarious. The entire spec is in[br]English, but then there's like this key

0:11:34.639,0:11:39.129
translated terms. So you know, that file[br]means "Datei", for example, that's

0:11:39.129,0:11:45.990
extremely beneficial to the reader of such[br]specifications. Anyway, so the title is

0:11:45.990,0:11:50.420
"Integrated Circuit Cards with contacts".[br]<i>chuckles</i>[br]I wonder, OK, they are contact

0:11:50.420,0:11:56.709
less now, but at least back then,[br]cerainly, they didn't exist. And it has 15

0:11:56.709,0:12:00.490
parts by now.[br]The most relevant parts are 1 through 4,

0:12:00.490,0:12:03.509
starting from the physical[br]characteristics, going through the

0:12:03.509,0:12:07.360
mechanical dimensions and the location of[br]the contacts, of course, it's a separate

0:12:07.360,0:12:10.989
part of the spec. And each of those specs[br]are sold as a separate document, of

0:12:10.989,0:12:14.749
course. So the physical size you pay and[br]if you want to know the location of the

0:12:14.749,0:12:19.819
contacts you have to pay to get another[br]spec. And then there's part 3, which

0:12:19.819,0:12:23.430
covers the electronic signals and the[br]transmission protocols. We will look at

0:12:23.430,0:12:27.920
that in some detail. And then there's part[br]4, which is the inter-industry commands

0:12:27.920,0:12:32.130
for interchange, which I find very[br]interesting. And I always thought they

0:12:32.130,0:12:35.710
should have met the international inter-[br]industry commands for inter-working

0:12:35.710,0:12:39.349
information interchange. But apparently[br]they didn't come up with that. And of

0:12:39.349,0:12:44.550
course, this all predates the Internet, so[br]there's no Internet in there. Yeah. The

0:12:44.550,0:12:48.999
next relevant spec is GSM technical[br]specification eleven dot eleven. Very easy

0:12:48.999,0:12:54.550
to memorize that number, which is the[br]specification of the subscriber identity

0:12:54.550,0:13:00.159
module dash mobile equipment interface. So[br]in GSM there is what's called a mobile

0:13:00.159,0:13:03.640
station, which is your phone, and it is[br]comprised of two parts, the mobile

0:13:03.640,0:13:08.180
equipment, which is the hardware and the[br]SIM, which is the SIM next to the mobile

0:13:08.180,0:13:12.119
equipment.[br]And it interestingly, it doesn't just

0:13:12.119,0:13:17.339
refer to these ISO specs that I mentioned[br]before, but it actually repeats like more

0:13:17.339,0:13:23.079
or less carbon copies large portions of[br]these ISO specs with some amendments or

0:13:23.079,0:13:28.909
corrections or extensions. And again, it[br]gives you the location of the contacts and

0:13:28.909,0:13:32.629
the mechanical size of the card and the[br]electronic signals and the transmission

0:13:32.629,0:13:38.249
protocols and so on. But beyond these ISO[br]standards, it also actually specifies what

0:13:38.249,0:13:42.109
makes the SIM a SIM and not any other[br]contact card, which is the information

0:13:42.109,0:13:48.379
model, the file system on the card and the[br]commands and protocols that you use on

0:13:48.379,0:13:56.420
this card. And last, with typo as usual on[br]my slides, but not least, of course, how

0:13:56.420,0:14:03.459
to execute the GSM algorithm to to perform[br]cryptographic authentication.

0:14:03.459,0:14:08.449
The physical smartcard interface is[br]interesting. I mean if you've worked with

0:14:08.449,0:14:13.579
hardware or electronics or serial[br]interfaces, I think it's rather exotic and

0:14:13.579,0:14:20.210
exotics always means interesting. So we[br]have four relevant pins. We have a supply

0:14:20.210,0:14:27.259
voltage, not surprisingly. It can be 5, 3[br]or 1.8 volts. Interesting, it's not 3.3

0:14:27.259,0:14:32.019
volt, it's 3.0 volts nominal.[br]Not sure why. But anyway, that's how it

0:14:32.019,0:14:36.790
is. We have a clock line that provides a[br]clock signal which initially needs to be

0:14:36.790,0:14:42.269
between 1 and 5 megahertz. So the phone[br]provides power and clock. We have a reset

0:14:42.269,0:14:46.590
line which also makes sense; you want to[br]reset the card and then we have one IO

0:14:46.590,0:14:49.340
line for bi-directional serial[br]communication.

0:14:49.340,0:14:54.470
So you have RX and TX sharing one line and[br]there is some nice diagrams about how

0:14:54.470,0:15:00.529
exactly the sequencing happens when you[br]power it up, nothing really surprising.

0:15:00.529,0:15:04.339
There's an activation sequence and after[br]the card is activated, the card will

0:15:04.339,0:15:09.249
unilaterally send what's called an ATR,[br]the answer to reset. And that's just a

0:15:09.249,0:15:13.389
series of bytes which give some[br]information about the card capabilities.

0:15:13.389,0:15:18.740
What protocols, what voltages, what clock[br]rates beyond these initial activation ones

0:15:18.740,0:15:25.349
are supported. Now, after we've powered up[br]the card, we have the bit transmission

0:15:25.349,0:15:29.519
level.[br]And it's actually very much like a normal

0:15:29.519,0:15:38.430
UART. If you ever looked at RS232 or[br]another UART a serial port, rather simple:

0:15:38.430,0:15:45.499
start byte, stop byte, parity, serial bit[br]transmission. What's a bit interesting is

0:15:45.499,0:15:51.899
that we have a clock and the baud rate is[br]divided from that clock, but it's still an

0:15:51.899,0:15:55.670
asynchronous transmission. So there is no[br]phase relationship between the clock

0:15:55.670,0:15:59.790
signal and the baud rate that the data[br]uses, which lots of people get wrong,

0:15:59.790,0:16:04.110
particularly lots of authors of Atmel[br]microcontroller data sheets which claim

0:16:04.110,0:16:08.619
that it's a synchronous communication,[br]which it is not. Yeah.

0:16:08.619,0:16:12.999
So the direction changes every so often to[br]have acknowledgements back and forth and

0:16:12.999,0:16:17.019
to exchange data in both directions. And[br]interestingly, a lot of the timings are

0:16:17.019,0:16:20.981
not specified very well, but I guess[br]nobody cares about that, other than if you

0:16:20.981,0:16:26.979
want to implement a card reader, which I[br]happen to have gone through this year.

0:16:26.979,0:16:32.870
Smart Card Communication: after we are[br]able to transmit bytes between the card

0:16:32.870,0:16:37.640
and the reader, we have something called[br]APDUs. The Application Protocol Data Unit

0:16:37.640,0:16:42.549
specified as per that ISO 7816-4. That's[br]the inter-industry commands for

0:16:42.549,0:16:50.979
interchange. And an APDU consists of a[br]couple of bytes. There's a class byte that

0:16:50.979,0:16:54.720
just specifies the class of command as an[br]instruction byte which specifies the

0:16:54.720,0:16:59.249
specific instruction like read a file,[br]write a file. We have some parameter bytes

0:16:59.249,0:17:04.799
whose meaning is relevant or is specific[br]to the instruction, then we have a length

0:17:04.799,0:17:09.270
of a command and command data. We have an[br]expected response length and response data.

0:17:09.270,0:17:13.770
And last but not least, a so-called status[br]word and the status word basically, the

0:17:13.770,0:17:18.929
card tells whether the execution was[br]successful or whether there was some error

0:17:18.929,0:17:26.020
and what kind of error there was and[br]things like that. The APDUs are then split

0:17:26.020,0:17:31.179
into a lower layer transport protocol,[br]which are called TPDUs.

0:17:31.179,0:17:36.000
There are two different commonly used[br]protocols and two specific ones that are

0:17:36.000,0:17:39.970
used in the context of SIM cards ore are[br]specified in the context of SIM cards, as

0:17:39.970,0:17:45.929
one called T=0. Which is most commonly[br]used for SIM cards. Actually, I've never

0:17:45.929,0:17:53.020
seen anything else but T=0 used, but T=1[br]is another protocol which according to the

0:17:53.020,0:17:59.769
specs, every phone needs to implement. And[br]the card can choose if it does T=0 or T=1.

0:17:59.769,0:18:04.929
As again, I've never seen a card that does[br]T=1, or at least that has only T=1, but

0:18:04.929,0:18:10.410
the specs would allow that. T=1 is more[br]used in banking and crypto smart cards.

0:18:10.410,0:18:16.049
The difference mainly is T=1 is a block[br]oriented transfer and T=0 is more a byte

0:18:16.049,0:18:21.059
oriented transfer. And T=1 has the[br]advantage that it has CRC and checksumming,

0:18:21.059,0:18:24.880
so you get more protection[br]against transmission errors which you

0:18:24.880,0:18:34.210
don't have in T=0. So the APDU gets mapped[br]to TPDUs. Details I'll skip here and this

0:18:34.210,0:18:37.110
is just some examples, so you get an idea[br]how this looks like.

0:18:37.110,0:18:45.920
So we have A0 A4 00 00 02 3F 00. The A0[br]here is the class byte and A0 is SIM card

0:18:45.920,0:18:51.789
class. A4 is select file.[br]So you're selecting a certain file on

0:18:51.789,0:18:56.659
which you want to operate. Two parameter[br]bytes are 0, 02 is the length of the

0:18:56.659,0:19:02.410
command. And then you have two bytes of[br]that length 3F 00, which is basically your

0:19:02.410,0:19:06.550
slash, your root directory. You want to[br]change to the root directory of the file

0:19:06.550,0:19:11.820
system, is basically what that command[br]says. And one hypothetical response is

0:19:11.820,0:19:21.549
just a status word 90 00, which means[br]success. Yeah. Selecting a file. So we

0:19:21.549,0:19:28.179
have a file system on the card. Most smart[br]cards do that. It's not a file system in

0:19:28.179,0:19:33.519
the context like you have a USB drive that[br]you can mount, where you just have a block

0:19:33.519,0:19:37.960
abstraction or something.[br]But the smart card filesystem itself runs

0:19:37.960,0:19:42.640
inside the card and you just talk to the[br]filesystem and give it instructions. So if

0:19:42.640,0:19:47.260
you want to find an abstraction in PC[br]technology, it's more like MTP or PTP over

0:19:47.260,0:19:52.860
USB where you don't have a block device,[br]but you talk to another processor which

0:19:52.860,0:19:57.970
manages a file system and you can instruct[br]it's like a remote file system access.

0:19:57.970,0:20:02.500
You have some similarities to normal file[br]systems. I mean, there's a master file

0:20:02.500,0:20:07.139
which corresponds to a root directory in[br]PC file systems. You have so called

0:20:07.139,0:20:12.100
dedicated files, which are sub directories[br]and you have so called elementary files,

0:20:12.100,0:20:17.610
which are actual data containing files as[br]we know them. Beyond that, there are lots

0:20:17.610,0:20:26.059
of specifics that we don't find PC file[br]systems or operating system file systems.

0:20:26.059,0:20:32.700
We have what's called a transparent EF.[br]That's an opaque stream of data like your

0:20:32.700,0:20:36.460
normal binary file on on any random[br]operating system. But then we have

0:20:36.460,0:20:42.320
concepts like a linear fixed EF which[br]contains fixed size records and you can

0:20:42.320,0:20:46.809
seek against it. Get me the 15th[br]record in that file and the file has a

0:20:46.809,0:20:50.440
record size of whatever 24 bytes for[br]example. And then you have something

0:20:50.440,0:20:56.169
called a cyclic EF where they have a ring[br]buffer of records and you have

0:20:56.169,0:21:00.309
incrementable files which contain[br]monotonically incrementing counters and

0:21:00.309,0:21:05.000
things that are apparently important for[br]charging or things like that.

0:21:05.000,0:21:14.120
Each file has access control conditions[br]that define who can read and or modify and

0:21:14.120,0:21:20.139
or well, there's no delete, but there's[br]something called invalidate the file. And

0:21:20.139,0:21:25.620
who is basically expressed in context of[br]which PIN was used to authenticate that

0:21:25.620,0:21:29.881
entity, which performs the operation.[br]So as a user, you have a PIN1 and some

0:21:29.881,0:21:35.620
people will remember you also have a PIN2,[br]that probably nobody's used since the 90s.

0:21:35.620,0:21:39.880
And the operator has something called an[br]ADM PIN, administrative pin, which gives

0:21:39.880,0:21:46.880
better or higher privileges in terms of[br]filesystem permissions on those files. The

0:21:46.880,0:21:53.980
kind of commands we see, well, select file[br]from the example. We have read record,

0:21:53.980,0:21:57.769
update records. I guess I don't need to[br]say anything about that. Similarly, read

0:21:57.769,0:22:04.779
binary, update binary. And then we have[br]commands like CHV commands, where CHV is

0:22:04.779,0:22:10.640
the cardholder verification which is ETSI[br]language for a pin. Not sure why they

0:22:10.640,0:22:17.340
don't call it PIN. So there's change PIN,[br]disable PIN or enable PIN commands. Which

0:22:17.340,0:22:20.960
is actually what your phone performs, if[br]you, say, you disable the PIN or you

0:22:20.960,0:22:24.909
change the PIN then exactly those commands[br]are issued to the card and last but not

0:22:24.909,0:22:29.539
least, run GSM algorithm. Remember, this[br]is still the 2G only SIM. We haven't yet

0:22:29.539,0:22:34.990
gone beyond 2G, yet at this point in the[br]slides. There is actually not that many

0:22:34.990,0:22:40.960
more. That's that's really it. Now let's[br]look at the file system hierarchy. We have

0:22:40.960,0:22:45.610
the MF, the root file system and then we[br]have something called DF_TELECOM. And the

0:22:45.610,0:22:49.179
hex numbers in parentheses are the[br]identifiers that are actually used on the

0:22:49.179,0:22:53.590
protocol level. We have something called[br]DF_GSM, which is the GSM directory

0:22:53.590,0:23:01.700
containing GSM related parameters. And if[br]EF_ICCID where ICCID is the card unique

0:23:01.700,0:23:06.710
identifier that's stored on the card. And[br]if you expand that into more details, you

0:23:06.710,0:23:10.669
get these kind of graphs. And this is one[br]is actually taken from one of the specs.

0:23:10.669,0:23:18.020
And you see there's also an Iridium[br]directory or a, uh, whatever that one was,

0:23:18.020,0:23:21.440
a Global Star directory.[br]And all kinds of people operating

0:23:21.440,0:23:26.060
different telephony system have basically[br]their own directories in that scheme. But

0:23:26.060,0:23:33.020
on GSM, we find those two mainly, maybe[br]some sub directories. Yeah, so when 3G

0:23:33.020,0:23:41.600
came around something happened, as I said,[br]the specifications were shifted from ETSI

0:23:41.600,0:23:49.380
to a 3GPP. But of course, chip cards in[br]the context of telecom have use cases

0:23:49.380,0:23:55.269
outside of cellular telephony. So,[br]actually, the specs were split in that

0:23:55.269,0:23:59.889
area. So there's something new called the[br]UICC, the Universal Integrated Circuit

0:23:59.889,0:24:05.870
Card, because the previous one was not[br]universal, apparently. And that part of

0:24:05.870,0:24:10.210
the specs remained with ETSI and continues[br]to be developed. And there is the USIM

0:24:10.210,0:24:18.169
application on top of the UICC, which is[br]what specifies the 3GPP relevant part and

0:24:18.169,0:24:24.879
that gets implemented in something called[br]an ADF, an application dedicated file, ADF

0:24:24.879,0:24:29.799
USIM.[br]In ADF you can also select or enter using

0:24:29.799,0:24:35.629
a select command similar to a normal DF.[br]The difference mainly is that the

0:24:35.629,0:24:40.130
identifiers on much longer and thus other[br]details, but from a user point of view

0:24:40.130,0:24:45.500
that's how it looks like. So we have a[br]split of the core Universal ICC and on top

0:24:45.500,0:24:52.299
an USIM application. And if you have a SIM[br]card that can be used with 2G and with 3G,

0:24:52.299,0:24:55.929
then you basically have the classic SIM[br]card and in addition you have a USIM

0:24:55.929,0:24:59.659
application on the card.[br]And actually there are some cards that

0:24:59.659,0:25:04.620
only work with 3G or later technology and[br]don't have 2G mode, because the operator

0:25:04.620,0:25:08.679
doesn't have a 2G network. So you only[br]have a USIM application and you don't have

0:25:08.679,0:25:15.769
the classic SIM anymore on the card. When[br]4G/LTE came around, actually there was no

0:25:15.769,0:25:20.470
strict requirement to change anything in[br]the SIM card and you can just use a normal

0:25:20.470,0:25:27.100
USIM, UMTS SIM, a 3G card on LTE networks.[br]It's the same authentication key agreement

0:25:27.100,0:25:32.631
mechanism. They have added some additional[br]files that are completely optional. Mostly

0:25:32.631,0:25:39.669
like optimizing some bits and there are[br]some optional new IMS application. IMS is

0:25:39.669,0:25:47.179
the IP multimedia system which is 3GPP[br]language for voice over IP or VoLTE,

0:25:47.179,0:25:52.919
right? So IMS is the IP multimedia system,[br]which is what is used to implement VoLTE

0:25:52.919,0:25:58.140
where VoLTE is not a specification term[br]but more a marketing term and that's

0:25:58.140,0:26:01.410
optionally on the SIM card.[br]You can have an ISIM an application which

0:26:01.410,0:26:05.430
stores parameters relevant to the IP[br]multimedia system such as SIP user

0:26:05.430,0:26:09.429
identities and SIP service and things like[br]that. But if that ISIM application doesn't

0:26:09.429,0:26:13.210
exist, there is a fallback mechanism by[br]which the identifiers are computed based

0:26:13.210,0:26:16.770
on the IMSI and and so on and so on. So[br]it's not really necessary to have a

0:26:16.770,0:26:25.679
specific 4G SIM, but it's possible to have[br]that. Once we go to 5G, 5G actually reuses

0:26:25.679,0:26:33.030
the existing 3G and 4G USIM cards. Again,[br]some new optional files have been

0:26:33.030,0:26:38.399
introduced and there is one feature which[br]I guess everyone in here wants to have,

0:26:38.399,0:26:43.820
which would require a new SIM card or[br]change SIM card, which is that the SUCI,

0:26:43.820,0:26:50.330
the Subscriber Concealed Identifier, can[br]be computed inside the SIM card or by the

0:26:50.330,0:26:55.169
phone.[br]And if it is computed inside the SIM card,

0:26:55.169,0:27:00.320
then the SIM of course has to have support[br]for doing that computation and that is

0:27:00.320,0:27:04.540
something that needs explicit SIM card[br]support. In absence of that, everything

0:27:04.540,0:27:09.100
else you can use an existing 4G SIM card[br]even on 5G networks. Nothing really

0:27:09.100,0:27:16.340
changed there, fundamentally.[br]OK, now looking at the cards, more on the

0:27:16.340,0:27:21.000
physical side and from the hardware and we[br]will look at the software, the operating

0:27:21.000,0:27:27.960
systems and so on and the various things[br]you can do with SIM cards later on. We

0:27:27.960,0:27:32.279
have, of course, the processor core that[br]many different vendors and architectures,

0:27:32.279,0:27:38.070
traditionally lots of 8051 derivatives[br]inside smart cards. These days we also

0:27:38.070,0:27:44.590
actually find a lot ??? ARM cores, quite[br]often so-called SC cores. There's an SC000

0:27:44.590,0:27:50.010
and then a SC100 and an SC300 and SC is[br]for Secure Core.

0:27:50.010,0:27:53.590
So it's not a normal Cortex core or[br]something like that, but it's a secure

0:27:53.590,0:27:57.870
core and it's so secure that ARM doesn't[br]even disclose what is secure about it

0:27:57.870,0:28:03.770
other than that it is secure. And so the[br]documentation for sure is securely kept

0:28:03.770,0:28:11.639
away from anyone who would want to read[br]it. So, for these chips, the smartcard

0:28:11.639,0:28:16.440
chips used in SIM cards or generally smart[br]card chips themselves, often you cannot

0:28:16.440,0:28:20.249
even find a similar thing, simple one page[br]data sheet which tells you the main

0:28:20.249,0:28:27.341
features. Even that is already under NDA.[br]You have built-in RAM and built-in ROM, at

0:28:27.341,0:28:31.940
least a bootloader normally, but possibly[br]also the OS or parts of the OS, but that

0:28:31.940,0:28:36.549
is increasingly uncommon. So modern cards,[br]most of them only have flash and the

0:28:36.549,0:28:41.109
entire operating system is in flash, so[br]you can update everything. And then

0:28:41.109,0:28:44.850
applications on top of that and we will[br]look at applications later when we talk

0:28:44.850,0:28:49.640
about the software.[br]And unfortunately, contrary to the crypto

0:28:49.640,0:28:55.320
smartcards where it's possible to have[br]higher prices and therefore have, you

0:28:55.320,0:29:01.080
know, rather expensive products, SIM cards[br]are mostly selected purely by cost these

0:29:01.080,0:29:06.380
days due to the prepaid boom. I mean, it[br]was different when GSM was introduced. If

0:29:06.380,0:29:10.059
you, if every subscriber has to get a[br]subscription and there's going to be

0:29:10.059,0:29:14.490
hundreds of Euros or Marks of whatever in[br]revenue, then you can invest a lot of

0:29:14.490,0:29:19.360
money in a SIM card, but prepaid cards[br]that get thrown away on a daily basis you

0:29:19.360,0:29:23.279
can only pay cents for the card and then[br]you need to pay another a couple of cents

0:29:23.279,0:29:29.309
for the Java card for the Java VM patent[br]royalties and so on and so on. But

0:29:29.309,0:29:35.139
basically you cannot afford to pay money[br]for SIM cards anymore. So that also

0:29:35.139,0:29:38.800
explains why a lot of SIM cards today,[br]even though it's technically available,

0:29:38.800,0:29:42.750
they don't have hardware crypto, but they[br]actually implement it in software, because

0:29:42.750,0:29:48.160
it's cheaper. And then of course, yeah,[br]well, you have time of execution, things

0:29:48.160,0:29:53.010
and whatnot.[br]So in terms of software, you have a Card

0:29:53.010,0:29:58.830
Operating System. Cards that don't have an[br]operating system are memory cards which

0:29:58.830,0:30:07.499
are not sufficient for SIM card use cases.[br]And in the crypto smartcard area, it's the

0:30:07.499,0:30:15.849
operating systems are typically well known[br]and documented to some part, at least. In

0:30:15.849,0:30:19.510
SIM cards it's slightly different. So[br]almost nobody ever mentions what kind of

0:30:19.510,0:30:27.470
operating system is on the SIM card and[br]even the SIM card vendors. It's not very,

0:30:27.470,0:30:31.690
you know, not something they would put on[br]their marketing, or on their homepage or

0:30:31.690,0:30:34.639
something, what exactly kind of operating[br]systems are on there.

0:30:34.639,0:30:38.330
The SIM card offering system also from[br]the central network point of view as an

0:30:38.330,0:30:43.470
implementation detail, because all the[br]relevant parts are specified standardised

0:30:43.470,0:30:48.110
interfaces and what operating system[br]people use on the card, well, it's the

0:30:48.110,0:30:53.490
operator's choice. It doesn't really[br]matter from that point of view. In early

0:30:53.490,0:30:58.070
SIM cards, I presume they were rather[br]monolithic, so you didn't really have a

0:30:58.070,0:31:02.340
separation between an operating system and[br]SIM application. Today the software's

0:31:02.340,0:31:06.549
become more modular. We have this[br]abstraction between the operating system

0:31:06.549,0:31:12.540
and applications. And traditionally, even[br]when that separation already existed, the

0:31:12.540,0:31:15.640
operating system was very hardware[br]dependent, non-portable and the

0:31:15.640,0:31:22.259
applications were very OS-dependent and[br]non-portable. And that has changed a bit

0:31:22.259,0:31:29.830
due to the introduction of Java cards into[br]the SIM card area, which is not required.

0:31:29.830,0:31:35.249
There there's no requirement anywhere that[br]the SIM card must be a Java card, but in

0:31:35.249,0:31:38.950
practice, most SIM cards are Java cards[br]because they have certain, at least

0:31:38.950,0:31:45.190
perceived, advantages and are the norm by[br]now. And the Java cards themselves have

0:31:45.190,0:31:53.019
been independently developed of SIM cards.[br]Of course, Java is a Sun technology, so

0:31:53.019,0:31:58.510
Sun is behind that. And the first actual[br]cards that were produced in 96, so much

0:31:58.510,0:32:05.249
later than SIM cards came out by[br]Schlumberger which is now part of Gemalto.

0:32:05.249,0:32:13.450
And um, yeah, we have redundant lines in[br]this presentation. And so, the Java cards,

0:32:13.450,0:32:17.809
most of them implement a global platform[br]specifications, which then specify vendor

0:32:17.809,0:32:24.970
independent management of the cards and[br]the applications on it. And the Java that

0:32:24.970,0:32:29.429
you use to write such cards, don't ever[br]think it is real Java! I mean, if you show

0:32:29.429,0:32:33.502
that to any Java developer, he will[br]probably disappear very quickly as we have

0:32:33.502,0:32:38.040
a very weird constrained subset of Java[br]with a special on-card virtual machine,

0:32:38.040,0:32:41.999
which is not a normal virtual machine. You[br]have a runtime environment that's not the

0:32:41.999,0:32:46.220
normal runtime environment. You have a[br]special binary format which is not a char

0:32:46.220,0:32:50.299
file.[br]And the idea is that you have portability

0:32:50.299,0:32:56.990
of card applications, which makes sense,[br]of course. But one could have done that

0:32:56.990,0:33:02.240
with, you know, whatever other standards[br]as well. Wouldn't necessarily need a

0:33:02.240,0:33:08.460
virtual machine for that. Yeah, I said[br]there's no functional requirement that a

0:33:08.460,0:33:11.980
SIM card must be a Java card, but in[br]reality that's the case. I think the

0:33:11.980,0:33:15.929
portability is the driver here. So, if an[br]operator develops some application that

0:33:15.929,0:33:21.039
runs on a SIM card, you know, every year[br]or so they do a new tender or they have a

0:33:21.039,0:33:25.240
new SIM card supplier or something like[br]that, they want to run their application

0:33:25.240,0:33:32.259
on the current and the future and the next[br]future future SIM card and not rewrite all

0:33:32.259,0:33:37.450
of that from scratch or have that[br]rewritten from scratch all the time.

0:33:37.450,0:33:44.441
And interestingly, both 3GPP and ETSI[br]specify Java APIs and Java packages, which

0:33:44.441,0:33:48.350
are specifically available on Java cards[br]that also are SIM cards. So basically you

0:33:48.350,0:33:51.970
have SIM card specs and you have Java[br]card specs and if you have both of them

0:33:51.970,0:33:58.559
together, you also have SIM card Java API[br]specs for what kind of additional API's

0:33:58.559,0:34:04.950
applications on the card can use in order[br]to affect SIM relevant aspects of the

0:34:04.950,0:34:12.270
card. Which brings us to one of the[br]strange historic developments called SIM

0:34:12.270,0:34:20.370
Toolkit or later Card Application Toolkit,[br]which is sort of an ability to offer

0:34:20.370,0:34:23.619
applications with UI and menu on the[br]phone, right?

0:34:23.619,0:34:30.460
I mean the card of course doesn't have any[br]user interface, but the card can sort of

0:34:30.460,0:34:35.520
request like show a menu and offer[br]multiple choices and things like that.

0:34:35.520,0:34:39.610
Some people will have seen it on some[br]phones. You have this SIM toolkit menu

0:34:39.610,0:34:46.050
somewhere. And I mean, I think in Germany[br]never really took off much in terms of

0:34:46.050,0:34:50.320
actual applications. I mean, you could[br]probably subscribe to some very expensive

0:34:50.320,0:34:57.730
premium SMS services. If you were really[br]bored, but in other regions, this has been

0:34:57.730,0:35:07.110
very successful and very organized, had a[br]real impact on society. Kenya is always

0:35:07.110,0:35:13.130
the, I think the prime example for that,[br]where MPESA, the mobile payment

0:35:13.130,0:35:16.760
system, implemented at least initially[br]based on card application toolkit

0:35:16.760,0:35:22.090
applications, basically overtook the[br]banking sector. At some point everybody

0:35:22.090,0:35:25.950
did their wire transfers that way, even[br]people who didn't even have a bank account

0:35:25.950,0:35:30.960
and it basically replaced or substituted[br]large amounts of the everyday banking

0:35:30.960,0:35:37.160
needs of people. So there are exceptions.[br]Some additional instructions that we have

0:35:37.160,0:35:43.850
in terms of APDUs, details I will not look[br]into these. The next step after SIM

0:35:43.850,0:35:48.980
toolkit is the so-called proactive SIM. If[br]we look at the SIM card communication as

0:35:48.980,0:35:52.420
it is specified, or smartcard[br]communication in general, it's always the

0:35:52.420,0:35:57.730
reader, in this context the phone, that[br]sort of sends an instruction to the phone,

0:35:57.730,0:36:02.150
to the card and the card responds. So the[br]card is always the slave in the

0:36:02.150,0:36:06.540
communication and it doesn't have any[br]possibility to trigger something by

0:36:06.540,0:36:10.340
itself.[br]And that was sort of worked around by the

0:36:10.340,0:36:16.650
proactive SIM specifications where a[br]command or a request from the card is

0:36:16.650,0:36:22.880
piggy-backed into responses to the[br]commands from their phone to the card, and

0:36:22.880,0:36:28.730
then basically that the SIM card can[br]request the phone to poll the card every

0:36:28.730,0:36:32.920
so often, so the phone can ask for "do you[br]have a new command for me now?" and the

0:36:32.920,0:36:38.330
card can say yes or no. In this way, they[br]work around this restriction.

0:36:38.330,0:36:41.540
And it's not only polling that can be[br]requested, but it can be event

0:36:41.540,0:36:46.450
notifications. And event notifications can[br]be loss of network coverage, registration

0:36:46.450,0:36:53.520
to a new cell, opening of a web browser[br]and like are you making a mobile

0:36:53.520,0:36:55.720
originated call, are you sending an SMS or[br]not?

0:36:55.720,0:37:00.110
So all these kind of events can be sent to[br]the SIM card, so that the SIM card can do

0:37:00.110,0:37:07.260
whatever with it. I think that not many[br]useful applications beyond steering of

0:37:07.260,0:37:11.680
roaming or roaming control, by basically[br]depending on where you register and what

0:37:11.680,0:37:15.940
kind of cells you have, and even the[br]measurement reports on what is the signal

0:37:15.940,0:37:20.530
strength that can be fed into the SIM[br]card, which then can basically decide what

0:37:20.530,0:37:29.720
to do. But yeah, I think it's all rather[br]exotic and very few, like relevant or good

0:37:29.720,0:37:35.790
use cases of this.[br]The next step is Over-The-Air-technology

0:37:35.790,0:37:41.010
(OTA), which is the ability for the[br]operator to transparently communicate with

0:37:41.010,0:37:45.480
the SIM card in the field. With the[br]traditional non-OTA capable SIM card, the

0:37:45.480,0:37:49.420
operator or the SIM card manufacturer[br]writes at manufacturing time (at so-called

0:37:49.420,0:37:53.250
personalization time of the card), and[br]then it's with the subscriber. And if the

0:37:53.250,0:37:57.060
operator ever wants to fix something or[br]change something, they have to send a new

0:37:57.060,0:38:03.450
plastic card. With OTA, they can be[br]updated. It's based on proactive SIM

0:38:03.450,0:38:12.850
technology and by now, there are many[br]different communication channels how some

0:38:12.850,0:38:16.650
back end system at the operator can can[br]interact with a card inside the phone of

0:38:16.650,0:38:22.170
the subscriber. The classic channel is[br]SMS-PP, which is the SMS as you know, it

0:38:22.170,0:38:28.540
just officially called SMS point-to-point.[br]It's also possible over SMS-CB, the cell-

0:38:28.540,0:38:33.210
broadcast-SMS, which I find very[br]interesting, bulk updates to SIM cards via

0:38:33.210,0:38:38.870
cell broadcast, which also would mean that[br]they all have a shared key for

0:38:38.870,0:38:44.970
authenticating these updates. It's also[br]specified for USSD from release 7 on most

0:38:44.970,0:38:48.980
of the specs. And then there's something[br]new, at that point, called BIP, the

0:38:48.980,0:38:53.880
"bearer independent protocol" that works[br]over circuit-switch-data and GPRS. Here

0:38:53.880,0:38:58.060
are some spec numbers if anyone is[br]interested. And now, since release 9, that

0:38:58.060,0:39:03.940
means since LTE is around, also over[br]HTTPS. I'll get to that in a couple of

0:39:03.940,0:39:07.340
separate slides. There's actually a TLS[br]implementation in

0:39:07.340,0:39:13.550
SIM cards these days, believe it or not.[br]So the cryptographic security mechanisms

0:39:13.550,0:39:17.220
set are specified, but of course the[br]detailed use is up to the operator so the

0:39:17.220,0:39:21.150
operator may choose whether or not to use[br]measures of authentication, or whether or

0:39:21.150,0:39:26.110
not to use encryption, or whether or not[br]to use counters for replay protection. And

0:39:26.110,0:39:29.730
this is basically one area where a lot of[br]the security research and the

0:39:29.730,0:39:33.820
vulnerabilities published in the last[br]decade or so have been happening, e.g.

0:39:33.820,0:39:37.061
cards were not properly configured, or[br]they had implementation weaknesses, or you

0:39:37.061,0:39:42.290
had some sort of oracles that you could[br]query when interacting with those cards as

0:39:42.290,0:39:49.740
an attacker. One of the use cases of Over-[br]The-Air is RFM, not RTFM, it's RFM,

0:39:49.740,0:39:53.980
"Remote-File-Management". It was[br]introduced in release 6 and the number of

0:39:53.980,0:40:01.701
typos is embarrassing. A common use case[br]of Over-The-Air: It allows you to read or

0:40:01.701,0:40:07.000
update files in the file system remotely,[br]and you can use that, for example, for the

0:40:07.000,0:40:11.030
preferred or forbidden roaming operator[br]lists. That's a very legitimate use case

0:40:11.030,0:40:15.070
for that. There's also an ancient example[br]that I always like. I think Vodafone

0:40:15.070,0:40:18.700
Netherlands once advertised that the[br]operator can take a backup of your phone

0:40:18.700,0:40:24.950
book on the SIM card. I think it's an[br]early manifestation of cloud computing

0:40:24.950,0:40:32.560
before it even existed. In any case, it's[br]certainly a feature that everyone in here

0:40:32.560,0:40:38.120
would like to have. Of course it's[br]irrelevant by now because nobody has

0:40:38.120,0:40:43.310
contacts on SIM cards anymore. The next is[br]RAM which is not "Random Access Memory",

0:40:43.310,0:40:48.210
it's "Remote Application Management". It[br]was also introduced in the same release

0:40:48.210,0:40:53.750
with the same typo, and it allows[br]installation and/or removal of

0:40:53.750,0:40:57.530
applications on the card, and applications[br]in terms of Java card then means Java

0:40:57.530,0:41:03.160
cardlets. For example, you could update or[br]install new multi IMSI-applications, which

0:41:03.160,0:41:09.640
is one very creative way of using SIM[br]cards in more recent years, or new Sim-

0:41:09.640,0:41:12.781
Toolkit-Applications.[br]So a multi-IMSI application, in case

0:41:12.781,0:41:17.570
somebody hasn't heard of that yet, is[br]basically a SIM card that changes its

0:41:17.570,0:41:23.800
IMSI depending on where your currently[br]roam, in order to do a sort of least cost

0:41:23.800,0:41:30.670
roaming agreement for the operator because[br]if he uses his is real own IMSI, then

0:41:30.670,0:41:34.250
maybe the roaming costs would be more[br]extensive than if he used some kind of

0:41:34.250,0:41:38.060
borrowed IMSI from another operator that[br]then gets provisioned there, which has a

0:41:38.060,0:41:41.740
better roaming agreement and would work[br]around ridiculous roaming charges - at

0:41:41.740,0:41:46.560
least between the operators, of course,[br]not towards the user. And now we get to

0:41:46.560,0:41:58.410
the sort of premium feature of modern SIM[br]cards where, of course. you can still do

0:41:58.410,0:42:03.780
SMS over LTE, but it's sort of this added-[br]on kludge. USSD I think doesn't exist

0:42:03.780,0:42:07.360
anymore because of the circuit-switch-[br]feature. So you need some kind of new

0:42:07.360,0:42:13.570
transport channel of how to talk to the[br]SIM card. In release 9 they came up with

0:42:13.570,0:42:19.120
something called over the air over HTTPS[br]which is specified in global platform 2.2

0:42:19.120,0:42:24.640
amendment B. You have to get that specific[br]amendment as a separate document, it's at

0:42:24.640,0:42:34.020
least free of charge. Actually it uses[br]HTTP, nice and good, and then it uses

0:42:34.020,0:42:39.550
something called PSK-TLS, that I've never[br]heard of before, "pre-shared-keys with

0:42:39.550,0:42:43.690
TLS". I mean, I'm not a TLS expert, as you[br]can probably guess, but I don't think

0:42:43.690,0:42:50.130
anyone ever with a normal browser would[br]want to use pre-shared-keys. But it exists

0:42:50.130,0:42:53.680
in the specs and there are several[br]different cipher-modes that I've listed

0:42:53.680,0:42:59.200
here which are permitted for Over-The-Air[br]of HTTPS. Which subset to use is of course

0:42:59.200,0:43:03.130
up to the operator because it's his SIM[br]card talking to his server so they can do

0:43:03.130,0:43:08.410
whatever they want there. The interesting[br]part is that the IP in the TCP is

0:43:08.410,0:43:14.070
terminated in the phone, and then whatever[br]is inside the TCP stream gets passed to

0:43:14.070,0:43:18.820
the card which implements the TLS and the[br]HTTP inside. Then, inside HTTP you

0:43:18.820,0:43:23.880
actually have hex string representations[br]of the APDUs that the card normally

0:43:23.880,0:43:28.690
processes. So you have this very[br]interesting stack of different

0:43:28.690,0:43:33.330
technologies and if you look at how[br]exactly they use HTTP, you ask yourself

0:43:33.330,0:43:37.190
why did they bother with HTTP in the first[br]place if they modify it beyond

0:43:37.190,0:43:44.870
recognition? But we'll see. So the way how[br]this is implemented, interestingly, is

0:43:44.870,0:43:56.670
that the card implements and HTTP client[br]that performs HTTP-POST. So your card

0:43:56.670,0:44:01.180
somehow by some external mechanism gets[br]triggered: "Oh, you must connect to your

0:44:01.180,0:44:04.610
management server now because the[br]management server wants something from

0:44:04.610,0:44:10.630
you". And then the card does an HTTP-POST[br]over TLS with pre-shared-keys to the

0:44:10.630,0:44:15.920
management server and then in the post[br]response there is a hex-encoded APDU for

0:44:15.920,0:44:20.190
the card to be executed by the card. Then,[br]you have tons of additional HTTP-headerrs

0:44:20.190,0:44:25.041
I'm not going to explain. The CRLF is just[br]a copy and paste error. But you see there

0:44:25.041,0:44:31.890
is all kinds of X-Admin-headers and it[br]will completely not work with normal HTTP. So why

0:44:31.890,0:44:37.080
use HTTP in that context, I don't really[br]know. Yeah, I thought I had an example

0:44:37.080,0:44:41.820
here, but I didn't put it up, I thought[br]it's too much detail. But in the end, if

0:44:41.820,0:44:50.040
you look at this, you'll need to write[br]your own heavily modified HTTP-server

0:44:50.040,0:44:58.070
anyway. but you have HTTP in there. Okay.[br]Another technology, it's sort of random, I

0:44:58.070,0:45:01.990
didn't really know where to put it in[br]terms of ordering, is this S@T.

0:45:01.990,0:45:07.380
technology, which is something really[br]strange that's specified outside of the

0:45:07.380,0:45:09.520
specification bodies that I mentioned[br]before.

0:45:09.520,0:45:13.300
It's another.., I'm just mentioning it[br]because it's another vector that has more

0:45:13.300,0:45:20.390
recently been exploited. Another[br]vulnerability. Where, actually, let's say

0:45:20.390,0:45:26.600
you don't want to run. You don't want to[br]write a Java application to run on the

0:45:26.600,0:45:32.360
card, but you still want to use SIM[br]Toolkit. So your card, most likely inside

0:45:32.360,0:45:38.540
a Java VM implements a VM for another[br]bytecode, which is this S@T bytecode which

0:45:38.540,0:45:41.730
gets basically pushed from the server into[br]the card.

0:45:41.730,0:45:47.410
So the card can then instruct your phone[br]to display some menu to you. Hmm. Okay.

0:45:47.410,0:45:51.720
Uh. Very exciting technology. I'm sure[br]there was a use case for it at some point.

0:45:51.720,0:45:57.090
I haven't really figured it out. So there[br]is something called an S@T browser which

0:45:57.090,0:46:00.860
runs inside the card. As I said, most[br]likely that browser is implemented in Java

0:46:00.860,0:46:04.590
running inside the Java VM. It's not a web[br]browser, of course. It just called a

0:46:04.590,0:46:11.720
browser and it parses this binary format[br]which then creates SIM Toolkit menus or

0:46:11.720,0:46:16.150
whatever. So yeah, I haven't really looked[br]into detail. It's too strange even to look

0:46:16.150,0:46:25.130
at it. Last but not least, we have[br]something called the eSIM and Which many

0:46:25.130,0:46:31.690
people may know as a particular. How can I[br]say particularly dominant in

0:46:31.690,0:46:38.410
the Apple universe where the SIM card is[br]no longer a replaceable or exchangable

0:46:38.410,0:46:43.910
plastic card with contacts. But it's[br]actually soldered into the device. This

0:46:43.910,0:46:49.300
package, a form factor, is called MFF2,[br]the machine form factor. Not sure why it's

0:46:49.300,0:46:57.030
two, I've never seen a one before and it's[br]a very small like 8 pin package SMD

0:46:57.030,0:47:00.950
package that gets sold on a circuit board.[br]And of course, at that point you have to

0:47:00.950,0:47:05.040
have some mechanism by which the actual[br]profile, meaning the user identity, the

0:47:05.040,0:47:09.230
keys and all the configuration parameters[br]and so on can be updated or replaced

0:47:09.230,0:47:14.280
remotely. And that in a way that will work[br]between different operators which are

0:47:14.280,0:47:18.960
competing in the industry and which don't[br]really want to, you know, replace those

0:47:18.960,0:47:23.561
profiles, at least not inherently. And[br]this is why this is managed by the GSMA as

0:47:23.561,0:47:30.520
an umbrella entity of all the operators.[br]And it specifies an amazing number of

0:47:30.520,0:47:36.120
acronyms. And trust me if I say that it is[br]an amazing number of acronyms on how the

0:47:36.120,0:47:39.710
cryptography and how the different[br]entities and how the different interfaces

0:47:39.710,0:47:44.402
work and all the different roles and the[br]parties and each implementation of each

0:47:44.402,0:47:49.870
party needs to be certified and approved[br]and so on and so on. And in the end, you

0:47:49.870,0:47:53.580
have a system by which after a letter of[br]approval be

0:47:53.580,0:47:59.411
tween operators and a new identity from a[br]new operator can be downloaded in the card

0:47:59.411,0:48:05.220
in a cryptographically secure way. So at[br]least is the intent of the specification.

0:48:05.220,0:48:11.370
I am not the person to judge on that and[br]replace the profile, but it's not that

0:48:11.370,0:48:15.520
like you as the owner of the device can do[br]that. But it's just all the operators that

0:48:15.520,0:48:21.340
are part of the club and are approved and[br]certified by GSMA. Can actually add and or

0:48:21.340,0:48:26.060
remove profiles and thus facilitate the[br]transition from operator A to operator B

0:48:26.060,0:48:30.500
in those cards. They don't only exist in[br]the soldered form factor. You can also

0:48:30.500,0:48:34.850
actually buy plastic cards that allow[br]that. It's mostly used in like IoT

0:48:34.850,0:48:39.500
devices, which I still call machine to[br]machine. The old marketing term for that.

0:48:39.500,0:48:46.140
So some random cellularly interconnected[br]device that you want to remotely update.

0:48:46.140,0:48:54.870
And as a final slide, the CCC event SIM[br]cards that are around here. If you use the

0:48:54.870,0:48:59.440
cellular networks, they are Java SIM and[br]USIM cards. They support Over-The-Air and

0:48:59.440,0:49:04.510
the, not the random update, but the[br]remote application management. The remote

0:49:04.510,0:49:09.340
file management at least via SMS-PP[br]haven't tested anything else. It did for

0:49:09.340,0:49:13.870
sure do not support HTTPS yet. And if[br]you're interested in playing with any of

0:49:13.870,0:49:17.940
that and writing your own Java applet,[br]there's even a Hello World one around for

0:49:17.940,0:49:21.830
several years that you can use as a[br]starting point. You can get the keys for

0:49:21.830,0:49:26.630
your specific card from the GSM team and[br]then you can play with all of this in a

0:49:26.630,0:49:33.390
way that normally only the operator can do[br]with the card. Some hyperlinks which are

0:49:33.390,0:49:37.870
actually hyperlinks on those slides. So[br]you have to look at the PDF to see them.

0:49:37.870,0:49:43.660
Yeah. And that brings me to the last slide[br]and I'm very happy to see questions.

0:49:43.660,0:49:54.450
Thanks.[br]Herald: Thank you. Thank you so much.

0:49:54.450,0:49:59.930
Actually, talks like this one is one of[br]the main reasons I go to Congress, because

0:49:59.930,0:50:06.570
sometimes I just take a dive into a topic[br]I know nothing about and it's presented by

0:50:06.570,0:50:10.880
a person with literally decades of[br]experience in the field.

0:50:10.880,0:50:16.400
So it's amazing. And we have time for[br]questions. So keep them coming. And the

0:50:16.400,0:50:21.390
first one is microphone number 4.[br]Microphone 4: What you say makes me want

0:50:21.390,0:50:29.210
to have a firewall between my phone and my[br]SIM card. Is there a firewall?

0:50:29.210,0:50:34.340
Harald: Not to my knowledge, really. I[br]mean, there are some vendors of

0:50:34.340,0:50:40.550
specifically secure telephones that say,[br]well, we have a firewall sort of built-in.

0:50:40.550,0:50:45.080
Not sure to what extent and what detail,[br]but not as a separate product or a

0:50:45.080,0:50:51.220
separate device. At some time people[br]developed so-called interposer SIM cards,

0:50:51.220,0:50:55.780
which you can slide between the SIM card[br]and the phone, but that doesn't really

0:50:55.780,0:51:00.880
work with you know Nano-SIM cards and so[br]on anymore. And those interposers those

0:51:00.880,0:51:07.850
were mostly used to avoid, you know, SIM[br]locking and so on. But of course with such

0:51:07.850,0:51:12.970
a device you could of course implement a[br]firewall. Keep in mind that almost all of

0:51:12.970,0:51:16.980
the communication. I mean the OTA may be[br]encrypted, but all of the communication

0:51:16.980,0:51:20.250
between the phone and the card is[br]completely unauthenticated and

0:51:20.250,0:51:24.450
unencrypted. So you can actually intercept[br]and modify that as much as you want. And

0:51:24.450,0:51:27.880
there's actually a project I forgot to[br]mention in more detail. That's the

0:51:27.880,0:51:31.850
osmocon project called SIM Trace,[br]which is a device that you can actually

0:51:31.850,0:51:36.150
put as a man in the middle to trace the[br]communication between card and phone.

0:51:36.150,0:51:40.620
Herald: Thank you. Mic one.[br]Microphone 1: Could you please elaborate a

0:51:40.620,0:51:47.740
little bit about the SIM Checker attack[br]because the telephone provider said it's

0:51:47.740,0:51:54.290
only possible if you have S@T browser on[br]the SIM card and most claim they don't

0:51:54.290,0:52:04.000
have. So do you have a feeling how many of[br]SIM cards have a S@T browser and which are

0:52:04.000,0:52:10.220
attackable or which other applications are[br]attackable by the SIM Checker attack?

0:52:10.220,0:52:16.790
Harald: I'm not involved in those attacks,[br]so I cannot really comment on that in

0:52:16.790,0:52:21.701
detail. But I know there is a tool[br]available, an open source tool that is

0:52:21.701,0:52:26.240
made available by SR Labs, which allows[br]you to test cards. So if you want to check

0:52:26.240,0:52:30.190
different cards, you can use that SIM[br]tester. I think it's linked from the slide

0:52:30.190,0:52:36.010
here. Yeah, the SR Labs SIM tester. That's[br]a Java application. I don't have any

0:52:36.010,0:52:41.810
figures or knowledge about this. In terms[br]of the figures you're asking for. Sorry.

0:52:41.810,0:52:48.380
Herald: Thank you. Let's take a question[br]from the Internet next. Hi, Internet

0:52:48.380,0:52:52.590
people.[br]Signal Angel: There was a question, Can

0:52:52.590,0:52:56.380
the eSIM can be seen as back to the roots,[br]especially compared to what the U.S.

0:52:56.380,0:53:03.380
market had in the early time?[br]Harald: Um. Well, that refers to the

0:53:03.380,0:53:08.340
situation that the identity is hardwired[br]into the phone and not replaceable. And I

0:53:08.340,0:53:14.640
think. No, not really, because it can be[br]replaced and it can be replaced by any of

0:53:14.640,0:53:19.040
the operate like the normal commercial[br]operators. Of course, it means you cannot

0:53:19.040,0:53:27.940
use such a device in, let's say, a private[br]GSM network or in a campus network for 5G,

0:53:27.940,0:53:34.270
which apparently everybody needs these[br]days now. So there are limitations for

0:53:34.270,0:53:39.240
such use cases. But in terms of the normal[br]phones switching between operator A and

0:53:39.240,0:53:46.070
operator B. That's exactly what the system[br]is trying to solve. It's just that if

0:53:46.070,0:53:52.560
you're not part of the club, you've lost.[br]Herald: Thank you. The person behind Mic 5

0:53:52.560,0:53:57.600
has a very nice hat and we're all[br]about fashion here. So the next question

0:53:57.600,0:54:00.010
goes to you.[br]Harald: Nobody told me that.

0:54:00.010,0:54:06.100
Microphone 5: <i>not understandable</i>'s[br]mentor said not a Google one? And my

0:54:06.100,0:54:12.750
question was answered, I think because I[br]wanted to know what prevents a POC from

0:54:12.750,0:54:18.950
providing an eSIM.[br]Harald: A profile for an eSIM. Yes, that's

0:54:18.950,0:54:23.010
exactly the problem that it needs in order[br]to install it. It needs to be approved and

0:54:23.010,0:54:26.881
signed and so on and so on. And you need[br]to be part of that GSMA process. So first

0:54:26.881,0:54:30.600
of all, you would have to technically[br]implement all of that, which is doable in

0:54:30.600,0:54:34.090
all specs of public. But then you need to[br]get it certified, which is maybe

0:54:34.090,0:54:38.560
less doable. And then finally since [br]you're not a GSMA member and not an

0:54:38.560,0:54:42.190
operator. You cannot become a GSMA member[br]and you don't have the funds for it

0:54:42.190,0:54:47.320
anyway. So that is certainly not going to[br]work. But the POC could provide an actual

0:54:47.320,0:54:50.140
like a physical eSIM chip. So if somebody[br]wants to

0:54:50.140,0:54:57.270
do a hot air rework. That's easy, and I[br]mean, you can buy them just like

0:54:57.270,0:55:00.820
other SIM cards and then you have your[br]identity inside. But of course, that

0:55:00.820,0:55:02.970
doesn't really solve your problem, I[br]suppose.

0:55:02.970,0:55:07.020
Microphone 5: Okay.[br]Herald: Thank you. No more people in cool

0:55:07.020,0:55:10.830
hats. So you'll keep picking at random.[br]Mic 7, please.

0:55:10.830,0:55:18.500
Microphone 7: Thanks for the amazing talk.[br]Um, I have a question about the flash

0:55:18.500,0:55:25.480
file system on the cards. I've already[br]worked with the cards on the file system

0:55:25.480,0:55:31.700
level due for some files, you need to[br]specify this. You would need to load. Do

0:55:31.700,0:55:39.830
you need to do like a authentication tango[br]provides a CH view like the PIN one and

0:55:39.830,0:55:45.570
then you only have access to some of the[br]files. And since cheap flash is built into

0:55:45.570,0:55:51.670
those devices, my question is whether they[br]are cheap hardware or software tricks to

0:55:51.670,0:55:59.370
access the files or modify the files which[br]are usually locked behind the PIN.

0:55:59.370,0:56:04.710
Harald: Not that I'm aware of. And if I[br]would say they are rather specific to the

0:56:04.710,0:56:10.570
given OS or whatever on the cards and as[br]so many out there. So I think it's

0:56:10.570,0:56:15.510
unlikely in terms of write cycles, you can[br]typically buy between one hundred thousand

0:56:15.510,0:56:19.800
five hundred thousand write cycle flash in[br]SIM card chips. That's sort of what the

0:56:19.800,0:56:25.080
industry sells. But then of course you[br]have all kinds of weird leveling and then

0:56:25.080,0:56:29.600
there are algorithms and SIM card[br]operating systems even go as far as to

0:56:29.600,0:56:35.490
like you can specify which files are more[br]like the update frequencies. So it will

0:56:35.490,0:56:39.340
use different algorithms for managing the[br]flash there. But an interesting anecdote

0:56:39.340,0:56:45.690
for that if we have the minute. And I was[br]involved openmoko. Some people may

0:56:45.690,0:56:52.870
remember that was an open source[br]smartphone in 2007. And, um, there

0:56:52.870,0:56:58.040
actually we had a bug in the baseband[br]which would constantly keep rewriting some

0:56:58.040,0:57:04.570
files on the flash of the SIM card. And[br]actually we had some early adopters use us

0:57:04.570,0:57:08.560
where the SIM cards got broken basically[br]by constantly hammering them with write

0:57:08.560,0:57:17.870
access. So, um. Yeah. But nothing that[br]I know about any kind of, um. Access

0:57:17.870,0:57:22.690
class bypass or something like that.[br]Microphone 7: Thank you.

0:57:22.690,0:57:27.640
Herald: Microphone 6, which I often[br]neglect because the lights are blinding me

0:57:27.640,0:57:30.910
when I look that way.[br]Microphone 6: Um, thanks for the helpful

0:57:30.910,0:57:38.070
talk. I have a twofold question. Um, so if[br]I understand correctly your talk, it is

0:57:38.070,0:57:42.950
impossible to know the code that's[br]running on the same, right? So I have this

0:57:42.950,0:57:49.810
twofold question is about going further,[br]is there something buried in the specs to

0:57:49.810,0:57:52.990
understand more concretely, this[br]protocols?

0:57:52.990,0:57:58.320
And is there any way to dump the code[br]that's running on the SIMs?

0:57:58.320,0:58:05.600
Harald: In terms of documentation, beyond[br]the specs, there is one document that I

0:58:05.600,0:58:09.440
always like very much to recommend, which[br]is also linked here. Yes, the so-called

0:58:09.440,0:58:13.340
SIM Alliance Stepping Stones. No idea why[br]it's called that way, but that's how it's

0:58:13.340,0:58:17.100
called, there's a hyperlink. So if you [br]work on the slides, you can download it.

0:58:17.100,0:58:20.125
That's a rather nice overview document

0:58:20.125,0:58:22.810
about all the different specs[br]and how it ties together.

0:58:22.810,0:58:30.320
So I can recommend that. And in[br]terms of towards to dump the code on the

0:58:30.320,0:58:36.421
SIM card. I mean, yes, of course. Tools[br]exist, but those tools are highly specific

0:58:36.421,0:58:41.940
to the given smartcard operating system[br]and or chip. And I'm not aware of any such

0:58:41.940,0:58:47.320
tools ever having leaked. I mean, I get[br]such tools for the cards that I in the

0:58:47.320,0:58:55.651
company that I work, I work with. But[br]yeah, of course, the SIM cards out in the

0:58:55.651,0:59:00.210
field should be locked down from such[br]tools and they are highly specific to the

0:59:00.210,0:59:03.460
given OS and SIM.[br]Microphone 6: OK.

0:59:03.460,0:59:07.190
Herald: Thank you.[br]Harald: So maybe one addition to that,

0:59:07.190,0:59:16.340
it's normally made in a way that basically[br]if you want to sort of reset the card or

0:59:16.340,0:59:20.290
something. So there's always sort of once[br]the card is in the operational lifecycle

0:59:20.290,0:59:24.850
state, which is when you use it normally[br]if you ever want to bypass some

0:59:24.850,0:59:30.046
restriction or you want to sort of do[br]something that is not permitted by the

0:59:30.046,0:59:33.970
spec, by the by the permissions anymore,[br]you have to sort of recycle the card and

0:59:33.970,0:59:37.990
get it back into the so-called[br]personalization lifecycle state. And most

0:59:37.990,0:59:41.820
often that is done with a complete wipe,[br]at least off the file system or with a

0:59:41.820,0:59:45.760
complete wipe of the operating system. So[br]you're back to the bootloader of the card

0:59:45.760,0:59:48.330
and then you can basically start to[br]recreate the card.

0:59:48.330,0:59:52.590
But it's typically implemented in a way[br]that it always is together with an erase.

0:59:52.590,0:59:59.530
So they tried at least to make it safe.[br]There's a question there, but not at the

0:59:59.530,1:00:03.020
microphone. Oh there is a microphone. Oh,[br]sorry. But yeah, your job. Sorry

1:00:03.020,1:00:08.230
Herald: Yeah, I think the person behind[br]Mic 4 has been standing there for ages.

1:00:08.230,1:00:14.650
Microphone 4: You mentioned that the[br]card can instruct the phone to open the

1:00:14.650,1:00:22.790
website, but I have never seen this and[br]I've seen use cases where I think it would

1:00:22.790,1:00:28.930
be useful to do this. So is this[br]not supported in most OSes or why?

1:00:28.930,1:00:36.000
Harald: It's a good question, actually. If[br]you read all those specs, like especially

1:00:36.000,1:00:40.960
these proactive SIM specs and so on. I[br]always have the original: OK it's all very

1:00:40.960,1:00:46.210
interesting, but I've never seen anything[br]like that anywhere." So I completely agree

1:00:46.210,1:00:52.200
with you. Whether or not it's supported by[br]the phones is a good question. And I think

1:00:52.200,1:00:55.970
without trying, there's no way to know. So[br]you would actually have to write on a

1:00:55.970,1:01:01.420
small extend a Hello World app and to to[br]do that and see and do a testing with

1:01:01.420,1:01:09.270
various phones. I would fear that since[br]it's a feature that's specified but rarely

1:01:09.270,1:01:13.130
used, a lot of devices will not support it[br]or not support it properly because it's

1:01:13.130,1:01:16.790
never tested, because nobody's ever asked[br]about testing it. But that's just my

1:01:16.790,1:01:22.710
guess.[br]Herald: Thank you, Mic 1.

1:01:22.710,1:01:29.130
Microphone 1: OK. Hello. Um, my question[br]is, when you have an eSIM and you want

1:01:29.130,1:01:35.580
to provisioning it. Could it be done with[br]TR-069 or something similar?

1:01:35.580,1:01:42.520
Harald: No. That's a completely different[br]set of protocols that are used for that.

1:01:42.520,1:01:48.740
And that's that relates to this,[br]global platform, 2.2 and XP, I think

1:01:48.740,1:01:52.660
it was. Yeah, I don't find it right now.[br]But there's this spec that specifies all

1:01:52.660,1:01:56.290
the different interfaces and protocols[br]that are used between the elements and

1:01:56.290,1:02:00.580
it's completely different. I think[br]also the requirements are very different

1:02:00.580,1:02:03.870
because you have these multiple[br]stakeholders. So you have the original

1:02:03.870,1:02:09.010
card issuer, the original operator, then[br]you have other operators. And it's not

1:02:09.010,1:02:14.250
like a single entity that just wants to[br]provision its devices, but it's sort of a

1:02:14.250,1:02:18.930
multi stakeholder approach where you want[br]to make sure that even in like a

1:02:18.930,1:02:22.900
competition between operators still this[br]is possible and that people for trust in

1:02:22.900,1:02:27.290
the system, that even if the original[br]issuing operator doesn't like the other

1:02:27.290,1:02:30.770
operator, it still will work and it will[br]even work in 10 years from now or

1:02:30.770,1:02:35.000
something in where it's in the field. So I[br]think the requirements are different.

1:02:35.000,1:02:42.670
Herald: Thank you. That was the last[br]question of the last talk of the day.

1:02:42.670,1:02:47.010
Harald: Luckily, not the last day.[br]Herald: Not the last day, the first day.

1:02:47.010,1:02:50.150
So there's three more days ahead of us.[br]Thank you.

1:02:50.150,1:02:56.125
<i>Applause</i>

1:02:56.125,1:03:17.838
<i>Music</i>