-
Herald: So our next talk is "SIM card
technology from A to Z" and it's an in-
-
depth introduction of SIM card technology
that not a lot of people know much about.
-
And our speaker, Harold, LeForge, as he's
better known, is the founder of the Open
-
Source Mobile Communications Project. He
is also a Linux kernel hacker. He has a
-
very long and impressive bio; and a
Wikipedia page.
-
Harald (speaker): just means I'm old.
Herald: So Harald Welte, please give him a
-
round of applause.
Applause
-
Herald: All yours.
Harald (speaker): Thanks a lot for the
-
introduction. As you can see on the title
slide, I actually had to change the title
-
slightly, because I couldn't find a single
acronym related to SIM cards that starts
-
with z, so now it's from a to x, not from
a to z anymore - the SIM card
-
introduction. So the SIM card technology
from A(PDU) to X(RES) which are two
-
acronyms in the context of SIM cards which
we might get into or not. So, what are we
-
going to talk about in the next 45 or so
minutes? What are the relevant
-
specifications and specification bodies?
What kind of interfaces and protocols
-
relate to SIM cards? We're going to talk
about the filesystem that exists in such
-
SIM cards, as well as the evolution of SIM
cards from 2G to 5G. So that's basically
-
from what, 91 to 19, er 2018. We will talk
about SIM Toolkit, Over The Air, a little
-
about about how to eSIMS as well, the
embedded SIMs. Introduction about myself
-
was already given. So, yeah, people
complained sometimes that my slides are
-
full of text and I need more diagrams. So
I tried to improve.
-
laughter from the audience
Harald laughs
-
Applause
Harald: So this is actually, at one night
-
I thought, OK, let's actually try to
create a DOTTY graph of all the specs and
-
how they cross reference each other. And
this is what I've come up with and this is
-
only the SIM card relevant specs, not out
of context, other specs that they may
-
refer to. So, yes, it's an interesting
graph. The arrangement was done
-
automatically by DOTTY. So don't complain
to me about that. Yeah.
-
Nevertheless, I will switch back to text
and we will look at what kind of
-
specifications there are and spec bodies.
So. Most importantly, probably about any
-
kind of chip card technology. We have the
ISO, the International Standardization
-
Organization, which has a series of
specifications about what they call ICCs,
-
which is integrated circuit cards. We also
have the ITU, the International
-
Telecommunication Union, which has a
series of specs related to telecom charge
-
cards. The title implies, that this is
things that came before SIM cards. So we
-
talk about the cards you put into pay
phones and things like that in the 80s.
-
There is of course, the 3G. Oh, sorry,
there is of course ETSI, the European
-
Telecommunication Standardization
Institute, which is the entity where GSM
-
was originally specified. GSM being the
first digital telephony system that used
-
SIM cards.
The best of my knowledge, at least not a
-
historian though. There's a 3GPP, the
Third Generation Partnership Project,
-
which is where the GSM specs have been
handed over to. In the preparation of the
-
3G specification process, because ETSI is
a European entity and Chinese companies,
-
for example, or Chinese government cannot
participate there, or Americans even, to
-
the extent that European companies can do.
So it was lifted to an international new
-
group called the Third Generation
Partnership Project. And they of course
-
inherited all the SIM card related
specifications. And then we have like non-
-
telecom standardization entities such as
the Global Platform Card Specification.
-
That's Global Platform is a body that
specifies lots of aspects around Java
-
cards, specifically around to applet
management, installation and so on Java
-
cards, which brings us to the next entity,
which is not really a standardization
-
body, but it's a private company that used
to be called Sun and now it's part of
-
Oracle, which defined the Java Card API
runtime and the virtual machine of Java
-
cards.
And last but not least, we have the GSM
-
Association, which is the vendor club of
the operators. That doesn't really have to
-
do that much with SIM cards until the
eSIM, where then suddenly a GSM A plays a
-
big role in the related specs and
technology. So talking about these
-
standardization bodies. What is the SIM,
actually? The SIM is the Subscriber
-
Identity Module. I mean probably anyone in
here has one, likely more or at least has
-
had. It's quite ubiquitous. Every device
with cellular connectivity during the last
-
whatever 20 or so years has a SIM, whether
it's an actual card or whether it's
-
soldered in these days. SIM card hacking
has a tradition in the CCC since at least
-
1998.
I'm not sure how many people remember:
-
there was the Vodafone Germany SIM card
cloning attack back then. It was in
-
German. It was titled "Von d2 privat zu D2
pirat". And that was an attack that used
-
weaknesses and sort of brute forcing
against the authentication mechanism to
-
recover the secret key, which is stored in
the card. And then you could clone SIM
-
cards back then.
That was then fixed in subsequent
-
technology generations. And also around
that time you can find on the FTP server
-
of the CCC a SIM card simulator written in
Turbo C using a season card. I'm not sure
-
how many people remember season cards.
These were cards people used in the
-
context of cracking satellite TV
encryption. Yeah, so. Meanwhile, of
-
course, the SIM technology stack has
increased and the complexity has increased
-
like probably in any kind of technology.
So let's recap, basically from the
-
beginning to today what SIM cards are and
what they do in some degree of detail. If
-
we start historically with SIM cards,
actually the predecessor to the SIM cards
-
that we know, is the chip card used in the
C-Netz, which is an analog telephony
-
system that used to operate in Germany.
There's actually an open source
-
implementation these days as part of
Osmocom-Analog.
-
If you're interested in that, do check out
a jolly at the vintage and retro
-
computing area. And before 1988, they only
had a magnetic stripe cards, but in 1988
-
they introduced integrated circuit cards
in this analog telephony system and in GSM
-
it was a chip card from the beginning. The
concept of the SIM card means you store
-
the identity of the subscriber outside of
the phone, which is very opposite to what
-
happened in the CDMA world in the US
around that time where it was basically
-
inside the phone itself. But having the
identity separate, of course, enables all
-
kinds of use cases that were relevant at
that time.
-
We will get to that to some extent. In
addition to the identity, and the identity
-
in this context means a cryptographic
identity, there are all kinds of network
-
related parameters that are stored in the
SIM card. Some of those are static,
-
meaning that they are provisioned or
written by the operator into the card, or
-
of course by the SIM card manufacturer on
behalf of the operator, but which are not
-
writable by the user that effect
access control classes, which
-
means like, are you a normal user or are
you an emergency service user which needs
-
higher priority to access the network,
things like that. And there are lots of
-
dynamic parameters on the card, and
dynamic means they get rewritten and
-
changed and modified and updated all the
time. That's for example, the TIMSI, the
-
temporary identity that gets allocated by
the network every so often. Also the
-
current actual air interface encryption
key like KC and its successors in modern
-
generation technology. So they get updated
and written all the time by the phone. And
-
some of the files are even updated and
written by users, at least traditionally
-
or historically, like the phone book and
the SMS that are stored on the card. It
-
was originally specified as a full credit
card sized cards and it was intended to be
-
used in radios in rental cars or company
shared cars.
-
So basically when you leave the car, you
would remove your SIM card, the full sized
-
credit card sized card and somebody else
would put their card in. And allegedly
-
there even were, I think, public GSM
phones installed in German trains where
-
you could plug in a SIM card or something
like that. But I personally haven't
-
witnessed that, since I was ignorant at
that time, apparently, of that fact. So,
-
let's get to the mother of all smartcard
specs, which is in German DIN EN ISO/IEC 7816
-
or short just ISO 7816 and maybe an
anecdote how these specs come around. So
-
there's the ISO that specifies a certain
spec, it gets an ISO number and then EN,
-
the European norm, whatever body, comes
around and says, "oh, we will elevate this
-
international spec into a European
standard". And they put an EN in front.
-
And then DIN, the German standard body,
comes around, says, oh, we will elevate
-
this European norm into a German norm and
we will put a DIN in front. So now in
-
Germany, we have DIN EN ISO/IEC 7816.
And if you get the actual copy from DIN
-
it's quite funny. I didn't don't have it
here, but actually you get a one page
-
additional paper on top, which translates
the key technical phrases from English to
-
German. And that's the added value that
you get from it become. Sorry. I mean,
-
it's just hilarious. The entire spec is in
English, but then there's like this key
-
translated terms. So you know, that file
means "Datei", for example, that's
-
extremely beneficial to the reader of such
specifications. Anyway, so the title is
-
"Integrated Circuit Cards with contacts".
chuckles
I wonder, OK, they are contact
-
less now, but at least back then,
cerainly, they didn't exist. And it has 15
-
parts by now.
The most relevant parts are 1 through 4,
-
starting from the physical
characteristics, going through the
-
mechanical dimensions and the location of
the contacts, of course, it's a separate
-
part of the spec. And each of those specs
are sold as a separate document, of
-
course. So the physical size you pay and
if you want to know the location of the
-
contacts you have to pay to get another
spec. And then there's part 3, which
-
covers the electronic signals and the
transmission protocols. We will look at
-
that in some detail. And then there's part
4, which is the inter-industry commands
-
for interchange, which I find very
interesting. And I always thought they
-
should have met the international inter-
industry commands for inter-working
-
information interchange. But apparently
they didn't come up with that. And of
-
course, this all predates the Internet, so
there's no Internet in there. Yeah. The
-
next relevant spec is GSM technical
specification eleven dot eleven. Very easy
-
to memorize that number, which is the
specification of the subscriber identity
-
module dash mobile equipment interface. So
in GSM there is what's called a mobile
-
station, which is your phone, and it is
comprised of two parts, the mobile
-
equipment, which is the hardware and the
SIM, which is the SIM next to the mobile
-
equipment.
And it interestingly, it doesn't just
-
refer to these ISO specs that I mentioned
before, but it actually repeats like more
-
or less carbon copies large portions of
these ISO specs with some amendments or
-
corrections or extensions. And again, it
gives you the location of the contacts and
-
the mechanical size of the card and the
electronic signals and the transmission
-
protocols and so on. But beyond these ISO
standards, it also actually specifies what
-
makes the SIM a SIM and not any other
contact card, which is the information
-
model, the file system on the card and the
commands and protocols that you use on
-
this card. And last, with typo as usual on
my slides, but not least, of course, how
-
to execute the GSM algorithm to to perform
cryptographic authentication.
-
The physical smartcard interface is
interesting. I mean if you've worked with
-
hardware or electronics or serial
interfaces, I think it's rather exotic and
-
exotics always means interesting. So we
have four relevant pins. We have a supply
-
voltage, not surprisingly. It can be 5, 3
or 1.8 volts. Interesting, it's not 3.3
-
volt, it's 3.0 volts nominal.
Not sure why. But anyway, that's how it
-
is. We have a clock line that provides a
clock signal which initially needs to be
-
between 1 and 5 megahertz. So the phone
provides power and clock. We have a reset
-
line which also makes sense; you want to
reset the card and then we have one IO
-
line for bi-directional serial
communication.
-
So you have RX and TX sharing one line and
there is some nice diagrams about how
-
exactly the sequencing happens when you
power it up, nothing really surprising.
-
There's an activation sequence and after
the card is activated, the card will
-
unilaterally send what's called an ATR,
the answer to reset. And that's just a
-
series of bytes which give some
information about the card capabilities.
-
What protocols, what voltages, what clock
rates beyond these initial activation ones
-
are supported. Now, after we've powered up
the card, we have the bit transmission
-
level.
And it's actually very much like a normal
-
UART. If you ever looked at RS232 or
another UART a serial port, rather simple:
-
start byte, stop byte, parity, serial bit
transmission. What's a bit interesting is
-
that we have a clock and the baud rate is
divided from that clock, but it's still an
-
asynchronous transmission. So there is no
phase relationship between the clock
-
signal and the baud rate that the data
uses, which lots of people get wrong,
-
particularly lots of authors of Atmel
microcontroller data sheets which claim
-
that it's a synchronous communication,
which it is not. Yeah.
-
So the direction changes every so often to
have acknowledgements back and forth and
-
to exchange data in both directions. And
interestingly, a lot of the timings are
-
not specified very well, but I guess
nobody cares about that, other than if you
-
want to implement a card reader, which I
happen to have gone through this year.
-
Smart Card Communication: after we are
able to transmit bytes between the card
-
and the reader, we have something called
APDUs. The Application Protocol Data Unit
-
specified as per that ISO 7816-4. That's
the inter-industry commands for
-
interchange. And an APDU consists of a
couple of bytes. There's a class byte that
-
just specifies the class of command as an
instruction byte which specifies the
-
specific instruction like read a file,
write a file. We have some parameter bytes
-
whose meaning is relevant or is specific
to the instruction, then we have a length
-
of a command and command data. We have an
expected response length and response data.
-
And last but not least, a so-called status
word and the status word basically, the
-
card tells whether the execution was
successful or whether there was some error
-
and what kind of error there was and
things like that. The APDUs are then split
-
into a lower layer transport protocol,
which are called TPDUs.
-
There are two different commonly used
protocols and two specific ones that are
-
used in the context of SIM cards ore are
specified in the context of SIM cards, as
-
one called T=0. Which is most commonly
used for SIM cards. Actually, I've never
-
seen anything else but T=0 used, but T=1
is another protocol which according to the
-
specs, every phone needs to implement. And
the card can choose if it does T=0 or T=1.
-
As again, I've never seen a card that does
T=1, or at least that has only T=1, but
-
the specs would allow that. T=1 is more
used in banking and crypto smart cards.
-
The difference mainly is T=1 is a block
oriented transfer and T=0 is more a byte
-
oriented transfer. And T=1 has the
advantage that it has CRC and checksumming,
-
so you get more protection
against transmission errors which you
-
don't have in T=0. So the APDU gets mapped
to TPDUs. Details I'll skip here and this
-
is just some examples, so you get an idea
how this looks like.
-
So we have A0 A4 00 00 02 3F 00. The A0
here is the class byte and A0 is SIM card
-
class. A4 is select file.
So you're selecting a certain file on
-
which you want to operate. Two parameter
bytes are 0, 02 is the length of the
-
command. And then you have two bytes of
that length 3F 00, which is basically your
-
slash, your root directory. You want to
change to the root directory of the file
-
system, is basically what that command
says. And one hypothetical response is
-
just a status word 90 00, which means
success. Yeah. Selecting a file. So we
-
have a file system on the card. Most smart
cards do that. It's not a file system in
-
the context like you have a USB drive that
you can mount, where you just have a block
-
abstraction or something.
But the smart card filesystem itself runs
-
inside the card and you just talk to the
filesystem and give it instructions. So if
-
you want to find an abstraction in PC
technology, it's more like MTP or PTP over
-
USB where you don't have a block device,
but you talk to another processor which
-
manages a file system and you can instruct
it's like a remote file system access.
-
You have some similarities to normal file
systems. I mean, there's a master file
-
which corresponds to a root directory in
PC file systems. You have so called
-
dedicated files, which are sub directories
and you have so called elementary files,
-
which are actual data containing files as
we know them. Beyond that, there are lots
-
of specifics that we don't find PC file
systems or operating system file systems.
-
We have what's called a transparent EF.
That's an opaque stream of data like your
-
normal binary file on on any random
operating system. But then we have
-
concepts like a linear fixed EF which
contains fixed size records and you can
-
seek against it. Get me the 15th
record in that file and the file has a
-
record size of whatever 24 bytes for
example. And then you have something
-
called a cyclic EF where they have a ring
buffer of records and you have
-
incrementable files which contain
monotonically incrementing counters and
-
things that are apparently important for
charging or things like that.
-
Each file has access control conditions
that define who can read and or modify and
-
or well, there's no delete, but there's
something called invalidate the file. And
-
who is basically expressed in context of
which PIN was used to authenticate that
-
entity, which performs the operation.
So as a user, you have a PIN1 and some
-
people will remember you also have a PIN2,
that probably nobody's used since the 90s.
-
And the operator has something called an
ADM PIN, administrative pin, which gives
-
better or higher privileges in terms of
filesystem permissions on those files. The
-
kind of commands we see, well, select file
from the example. We have read record,
-
update records. I guess I don't need to
say anything about that. Similarly, read
-
binary, update binary. And then we have
commands like CHV commands, where CHV is
-
the cardholder verification which is ETSI
language for a pin. Not sure why they
-
don't call it PIN. So there's change PIN,
disable PIN or enable PIN commands. Which
-
is actually what your phone performs, if
you, say, you disable the PIN or you
-
change the PIN then exactly those commands
are issued to the card and last but not
-
least, run GSM algorithm. Remember, this
is still the 2G only SIM. We haven't yet
-
gone beyond 2G, yet at this point in the
slides. There is actually not that many
-
more. That's that's really it. Now let's
look at the file system hierarchy. We have
-
the MF, the root file system and then we
have something called DF_TELECOM. And the
-
hex numbers in parentheses are the
identifiers that are actually used on the
-
protocol level. We have something called
DF_GSM, which is the GSM directory
-
containing GSM related parameters. And if
EF_ICCID where ICCID is the card unique
-
identifier that's stored on the card. And
if you expand that into more details, you
-
get these kind of graphs. And this is one
is actually taken from one of the specs.
-
And you see there's also an Iridium
directory or a, uh, whatever that one was,
-
a Global Star directory.
And all kinds of people operating
-
different telephony system have basically
their own directories in that scheme. But
-
on GSM, we find those two mainly, maybe
some sub directories. Yeah, so when 3G
-
came around something happened, as I said,
the specifications were shifted from ETSI
-
to a 3GPP. But of course, chip cards in
the context of telecom have use cases
-
outside of cellular telephony. So,
actually, the specs were split in that
-
area. So there's something new called the
UICC, the Universal Integrated Circuit
-
Card, because the previous one was not
universal, apparently. And that part of
-
the specs remained with ETSI and continues
to be developed. And there is the USIM
-
application on top of the UICC, which is
what specifies the 3GPP relevant part and
-
that gets implemented in something called
an ADF, an application dedicated file, ADF
-
USIM.
In ADF you can also select or enter using
-
a select command similar to a normal DF.
The difference mainly is that the
-
identifiers on much longer and thus other
details, but from a user point of view
-
that's how it looks like. So we have a
split of the core Universal ICC and on top
-
an USIM application. And if you have a SIM
card that can be used with 2G and with 3G,
-
then you basically have the classic SIM
card and in addition you have a USIM
-
application on the card.
And actually there are some cards that
-
only work with 3G or later technology and
don't have 2G mode, because the operator
-
doesn't have a 2G network. So you only
have a USIM application and you don't have
-
the classic SIM anymore on the card. When
4G/LTE came around, actually there was no
-
strict requirement to change anything in
the SIM card and you can just use a normal
-
USIM, UMTS SIM, a 3G card on LTE networks.
It's the same authentication key agreement
-
mechanism. They have added some additional
files that are completely optional. Mostly
-
like optimizing some bits and there are
some optional new IMS application. IMS is
-
the IP multimedia system which is 3GPP
language for voice over IP or VoLTE,
-
right? So IMS is the IP multimedia system,
which is what is used to implement VoLTE
-
where VoLTE is not a specification term
but more a marketing term and that's
-
optionally on the SIM card.
You can have an ISIM an application which
-
stores parameters relevant to the IP
multimedia system such as SIP user
-
identities and SIP service and things like
that. But if that ISIM application doesn't
-
exist, there is a fallback mechanism by
which the identifiers are computed based
-
on the IMSI and and so on and so on. So
it's not really necessary to have a
-
specific 4G SIM, but it's possible to have
that. Once we go to 5G, 5G actually reuses
-
the existing 3G and 4G USIM cards. Again,
some new optional files have been
-
introduced and there is one feature which
I guess everyone in here wants to have,
-
which would require a new SIM card or
change SIM card, which is that the SUCI,
-
the Subscriber Concealed Identifier, can
be computed inside the SIM card or by the
-
phone.
And if it is computed inside the SIM card,
-
then the SIM of course has to have support
for doing that computation and that is
-
something that needs explicit SIM card
support. In absence of that, everything
-
else you can use an existing 4G SIM card
even on 5G networks. Nothing really
-
changed there, fundamentally.
OK, now looking at the cards, more on the
-
physical side and from the hardware and we
will look at the software, the operating
-
systems and so on and the various things
you can do with SIM cards later on. We
-
have, of course, the processor core that
many different vendors and architectures,
-
traditionally lots of 8051 derivatives
inside smart cards. These days we also
-
actually find a lot ??? ARM cores, quite
often so-called SC cores. There's an SC000
-
and then a SC100 and an SC300 and SC is
for Secure Core.
-
So it's not a normal Cortex core or
something like that, but it's a secure
-
core and it's so secure that ARM doesn't
even disclose what is secure about it
-
other than that it is secure. And so the
documentation for sure is securely kept
-
away from anyone who would want to read
it. So, for these chips, the smartcard
-
chips used in SIM cards or generally smart
card chips themselves, often you cannot
-
even find a similar thing, simple one page
data sheet which tells you the main
-
features. Even that is already under NDA.
You have built-in RAM and built-in ROM, at
-
least a bootloader normally, but possibly
also the OS or parts of the OS, but that
-
is increasingly uncommon. So modern cards,
most of them only have flash and the
-
entire operating system is in flash, so
you can update everything. And then
-
applications on top of that and we will
look at applications later when we talk
-
about the software.
And unfortunately, contrary to the crypto
-
smartcards where it's possible to have
higher prices and therefore have, you
-
know, rather expensive products, SIM cards
are mostly selected purely by cost these
-
days due to the prepaid boom. I mean, it
was different when GSM was introduced. If
-
you, if every subscriber has to get a
subscription and there's going to be
-
hundreds of Euros or Marks of whatever in
revenue, then you can invest a lot of
-
money in a SIM card, but prepaid cards
that get thrown away on a daily basis you
-
can only pay cents for the card and then
you need to pay another a couple of cents
-
for the Java card for the Java VM patent
royalties and so on and so on. But
-
basically you cannot afford to pay money
for SIM cards anymore. So that also
-
explains why a lot of SIM cards today,
even though it's technically available,
-
they don't have hardware crypto, but they
actually implement it in software, because
-
it's cheaper. And then of course, yeah,
well, you have time of execution, things
-
and whatnot.
So in terms of software, you have a Card
-
Operating System. Cards that don't have an
operating system are memory cards which
-
are not sufficient for SIM card use cases.
And in the crypto smartcard area, it's the
-
operating systems are typically well known
and documented to some part, at least. In
-
SIM cards it's slightly different. So
almost nobody ever mentions what kind of
-
operating system is on the SIM card and
even the SIM card vendors. It's not very,
-
you know, not something they would put on
their marketing, or on their homepage or
-
something, what exactly kind of operating
systems are on there.
-
The SIM card offering system also from
the central network point of view as an
-
implementation detail, because all the
relevant parts are specified standardised
-
interfaces and what operating system
people use on the card, well, it's the
-
operator's choice. It doesn't really
matter from that point of view. In early
-
SIM cards, I presume they were rather
monolithic, so you didn't really have a
-
separation between an operating system and
SIM application. Today the software's
-
become more modular. We have this
abstraction between the operating system
-
and applications. And traditionally, even
when that separation already existed, the
-
operating system was very hardware
dependent, non-portable and the
-
applications were very OS-dependent and
non-portable. And that has changed a bit
-
due to the introduction of Java cards into
the SIM card area, which is not required.
-
There there's no requirement anywhere that
the SIM card must be a Java card, but in
-
practice, most SIM cards are Java cards
because they have certain, at least
-
perceived, advantages and are the norm by
now. And the Java cards themselves have
-
been independently developed of SIM cards.
Of course, Java is a Sun technology, so
-
Sun is behind that. And the first actual
cards that were produced in 96, so much
-
later than SIM cards came out by
Schlumberger which is now part of Gemalto.
-
And um, yeah, we have redundant lines in
this presentation. And so, the Java cards,
-
most of them implement a global platform
specifications, which then specify vendor
-
independent management of the cards and
the applications on it. And the Java that
-
you use to write such cards, don't ever
think it is real Java! I mean, if you show
-
that to any Java developer, he will
probably disappear very quickly as we have
-
a very weird constrained subset of Java
with a special on-card virtual machine,
-
which is not a normal virtual machine. You
have a runtime environment that's not the
-
normal runtime environment. You have a
special binary format which is not a char
-
file.
And the idea is that you have portability
-
of card applications, which makes sense,
of course. But one could have done that
-
with, you know, whatever other standards
as well. Wouldn't necessarily need a
-
virtual machine for that. Yeah, I said
there's no functional requirement that a
-
SIM card must be a Java card, but in
reality that's the case. I think the
-
portability is the driver here. So, if an
operator develops some application that
-
runs on a SIM card, you know, every year
or so they do a new tender or they have a
-
new SIM card supplier or something like
that, they want to run their application
-
on the current and the future and the next
future future SIM card and not rewrite all
-
of that from scratch or have that
rewritten from scratch all the time.
-
And interestingly, both 3GPP and ETSI
specify Java APIs and Java packages, which
-
are specifically available on Java cards
that also are SIM cards. So basically you
-
have SIM card specs and you have Java
card specs and if you have both of them
-
together, you also have SIM card Java API
specs for what kind of additional API's
-
applications on the card can use in order
to affect SIM relevant aspects of the
-
card. Which brings us to one of the
strange historic developments called SIM
-
Toolkit or later Card Application Toolkit,
which is sort of an ability to offer
-
applications with UI and menu on the
phone, right?
-
I mean the card of course doesn't have any
user interface, but the card can sort of
-
request like show a menu and offer
multiple choices and things like that.
-
Some people will have seen it on some
phones. You have this SIM toolkit menu
-
somewhere. And I mean, I think in Germany
never really took off much in terms of
-
actual applications. I mean, you could
probably subscribe to some very expensive
-
premium SMS services. If you were really
bored, but in other regions, this has been
-
very successful and very organized, had a
real impact on society. Kenya is always
-
the, I think the prime example for that,
where MPESA, the mobile payment
-
system, implemented at least initially
based on card application toolkit
-
applications, basically overtook the
banking sector. At some point everybody
-
did their wire transfers that way, even
people who didn't even have a bank account
-
and it basically replaced or substituted
large amounts of the everyday banking
-
needs of people. So there are exceptions.
Some additional instructions that we have
-
in terms of APDUs, details I will not look
into these. The next step after SIM
-
toolkit is the so-called proactive SIM. If
we look at the SIM card communication as
-
it is specified, or smartcard
communication in general, it's always the
-
reader, in this context the phone, that
sort of sends an instruction to the phone,
-
to the card and the card responds. So the
card is always the slave in the
-
communication and it doesn't have any
possibility to trigger something by
-
itself.
And that was sort of worked around by the
-
proactive SIM specifications where a
command or a request from the card is
-
piggy-backed into responses to the
commands from their phone to the card, and
-
then basically that the SIM card can
request the phone to poll the card every
-
so often, so the phone can ask for "do you
have a new command for me now?" and the
-
card can say yes or no. In this way, they
work around this restriction.
-
And it's not only polling that can be
requested, but it can be event
-
notifications. And event notifications can
be loss of network coverage, registration
-
to a new cell, opening of a web browser
and like are you making a mobile
-
originated call, are you sending an SMS or
not?
-
So all these kind of events can be sent to
the SIM card, so that the SIM card can do
-
whatever with it. I think that not many
useful applications beyond steering of
-
roaming or roaming control, by basically
depending on where you register and what
-
kind of cells you have, and even the
measurement reports on what is the signal
-
strength that can be fed into the SIM
card, which then can basically decide what
-
to do. But yeah, I think it's all rather
exotic and very few, like relevant or good
-
use cases of this.
The next step is Over-The-Air-technology
-
(OTA), which is the ability for the
operator to transparently communicate with
-
the SIM card in the field. With the
traditional non-OTA capable SIM card, the
-
operator or the SIM card manufacturer
writes at manufacturing time (at so-called
-
personalization time of the card), and
then it's with the subscriber. And if the
-
operator ever wants to fix something or
change something, they have to send a new
-
plastic card. With OTA, they can be
updated. It's based on proactive SIM
-
technology and by now, there are many
different communication channels how some
-
back end system at the operator can can
interact with a card inside the phone of
-
the subscriber. The classic channel is
SMS-PP, which is the SMS as you know, it
-
just officially called SMS point-to-point.
It's also possible over SMS-CB, the cell-
-
broadcast-SMS, which I find very
interesting, bulk updates to SIM cards via
-
cell broadcast, which also would mean that
they all have a shared key for
-
authenticating these updates. It's also
specified for USSD from release 7 on most
-
of the specs. And then there's something
new, at that point, called BIP, the
-
"bearer independent protocol" that works
over circuit-switch-data and GPRS. Here
-
are some spec numbers if anyone is
interested. And now, since release 9, that
-
means since LTE is around, also over
HTTPS. I'll get to that in a couple of
-
separate slides. There's actually a TLS
implementation in
-
SIM cards these days, believe it or not.
So the cryptographic security mechanisms
-
set are specified, but of course the
detailed use is up to the operator so the
-
operator may choose whether or not to use
measures of authentication, or whether or
-
not to use encryption, or whether or not
to use counters for replay protection. And
-
this is basically one area where a lot of
the security research and the
-
vulnerabilities published in the last
decade or so have been happening, e.g.
-
cards were not properly configured, or
they had implementation weaknesses, or you
-
had some sort of oracles that you could
query when interacting with those cards as
-
an attacker. One of the use cases of Over-
The-Air is RFM, not RTFM, it's RFM,
-
"Remote-File-Management". It was
introduced in release 6 and the number of
-
typos is embarrassing. A common use case
of Over-The-Air: It allows you to read or
-
update files in the file system remotely,
and you can use that, for example, for the
-
preferred or forbidden roaming operator
lists. That's a very legitimate use case
-
for that. There's also an ancient example
that I always like. I think Vodafone
-
Netherlands once advertised that the
operator can take a backup of your phone
-
book on the SIM card. I think it's an
early manifestation of cloud computing
-
before it even existed. In any case, it's
certainly a feature that everyone in here
-
would like to have. Of course it's
irrelevant by now because nobody has
-
contacts on SIM cards anymore. The next is
RAM which is not "Random Access Memory",
-
it's "Remote Application Management". It
was also introduced in the same release
-
with the same typo, and it allows
installation and/or removal of
-
applications on the card, and applications
in terms of Java card then means Java
-
cardlets. For example, you could update or
install new multi IMSI-applications, which
-
is one very creative way of using SIM
cards in more recent years, or new Sim-
-
Toolkit-Applications.
So a multi-IMSI application, in case
-
somebody hasn't heard of that yet, is
basically a SIM card that changes its
-
IMSI depending on where your currently
roam, in order to do a sort of least cost
-
roaming agreement for the operator because
if he uses his is real own IMSI, then
-
maybe the roaming costs would be more
extensive than if he used some kind of
-
borrowed IMSI from another operator that
then gets provisioned there, which has a
-
better roaming agreement and would work
around ridiculous roaming charges - at
-
least between the operators, of course,
not towards the user. And now we get to
-
the sort of premium feature of modern SIM
cards where, of course. you can still do
-
SMS over LTE, but it's sort of this added-
on kludge. USSD I think doesn't exist
-
anymore because of the circuit-switch-
feature. So you need some kind of new
-
transport channel of how to talk to the
SIM card. In release 9 they came up with
-
something called over the air over HTTPS
which is specified in global platform 2.2
-
amendment B. You have to get that specific
amendment as a separate document, it's at
-
least free of charge. Actually it uses
HTTP, nice and good, and then it uses
-
something called PSK-TLS, that I've never
heard of before, "pre-shared-keys with
-
TLS". I mean, I'm not a TLS expert, as you
can probably guess, but I don't think
-
anyone ever with a normal browser would
want to use pre-shared-keys. But it exists
-
in the specs and there are several
different cipher-modes that I've listed
-
here which are permitted for Over-The-Air
of HTTPS. Which subset to use is of course
-
up to the operator because it's his SIM
card talking to his server so they can do
-
whatever they want there. The interesting
part is that the IP in the TCP is
-
terminated in the phone, and then whatever
is inside the TCP stream gets passed to
-
the card which implements the TLS and the
HTTP inside. Then, inside HTTP you
-
actually have hex string representations
of the APDUs that the card normally
-
processes. So you have this very
interesting stack of different
-
technologies and if you look at how
exactly they use HTTP, you ask yourself
-
why did they bother with HTTP in the first
place if they modify it beyond
-
recognition? But we'll see. So the way how
this is implemented, interestingly, is
-
that the card implements and HTTP client
that performs HTTP-POST. So your card
-
somehow by some external mechanism gets
triggered: "Oh, you must connect to your
-
management server now because the
management server wants something from
-
you". And then the card does an HTTP-POST
over TLS with pre-shared-keys to the
-
management server and then in the post
response there is a hex-encoded APDU for
-
the card to be executed by the card. Then,
you have tons of additional HTTP-headerrs
-
I'm not going to explain. The CRLF is just
a copy and paste error. But you see there
-
is all kinds of X-Admin-headers and it
will completely not work with normal HTTP. So why
-
use HTTP in that context, I don't really
know. Yeah, I thought I had an example
-
here, but I didn't put it up, I thought
it's too much detail. But in the end, if
-
you look at this, you'll need to write
your own heavily modified HTTP-server
-
anyway. but you have HTTP in there. Okay.
Another technology, it's sort of random, I
-
didn't really know where to put it in
terms of ordering, is this S@T.
-
technology, which is something really
strange that's specified outside of the
-
specification bodies that I mentioned
before.
-
It's another.., I'm just mentioning it
because it's another vector that has more
-
recently been exploited. Another
vulnerability. Where, actually, let's say
-
you don't want to run. You don't want to
write a Java application to run on the
-
card, but you still want to use SIM
Toolkit. So your card, most likely inside
-
a Java VM implements a VM for another
bytecode, which is this S@T bytecode which
-
gets basically pushed from the server into
the card.
-
So the card can then instruct your phone
to display some menu to you. Hmm. Okay.
-
Uh. Very exciting technology. I'm sure
there was a use case for it at some point.
-
I haven't really figured it out. So there
is something called an S@T browser which
-
runs inside the card. As I said, most
likely that browser is implemented in Java
-
running inside the Java VM. It's not a web
browser, of course. It just called a
-
browser and it parses this binary format
which then creates SIM Toolkit menus or
-
whatever. So yeah, I haven't really looked
into detail. It's too strange even to look
-
at it. Last but not least, we have
something called the eSIM and Which many
-
people may know as a particular. How can I
say particularly dominant in
-
the Apple universe where the SIM card is
no longer a replaceable or exchangable
-
plastic card with contacts. But it's
actually soldered into the device. This
-
package, a form factor, is called MFF2,
the machine form factor. Not sure why it's
-
two, I've never seen a one before and it's
a very small like 8 pin package SMD
-
package that gets sold on a circuit board.
And of course, at that point you have to
-
have some mechanism by which the actual
profile, meaning the user identity, the
-
keys and all the configuration parameters
and so on can be updated or replaced
-
remotely. And that in a way that will work
between different operators which are
-
competing in the industry and which don't
really want to, you know, replace those
-
profiles, at least not inherently. And
this is why this is managed by the GSMA as
-
an umbrella entity of all the operators.
And it specifies an amazing number of
-
acronyms. And trust me if I say that it is
an amazing number of acronyms on how the
-
cryptography and how the different
entities and how the different interfaces
-
work and all the different roles and the
parties and each implementation of each
-
party needs to be certified and approved
and so on and so on. And in the end, you
-
have a system by which after a letter of
approval be
-
tween operators and a new identity from a
new operator can be downloaded in the card
-
in a cryptographically secure way. So at
least is the intent of the specification.
-
I am not the person to judge on that and
replace the profile, but it's not that
-
like you as the owner of the device can do
that. But it's just all the operators that
-
are part of the club and are approved and
certified by GSMA. Can actually add and or
-
remove profiles and thus facilitate the
transition from operator A to operator B
-
in those cards. They don't only exist in
the soldered form factor. You can also
-
actually buy plastic cards that allow
that. It's mostly used in like IoT
-
devices, which I still call machine to
machine. The old marketing term for that.
-
So some random cellularly interconnected
device that you want to remotely update.
-
And as a final slide, the CCC event SIM
cards that are around here. If you use the
-
cellular networks, they are Java SIM and
USIM cards. They support Over-The-Air and
-
the, not the random update, but the
remote application management. The remote
-
file management at least via SMS-PP
haven't tested anything else. It did for
-
sure do not support HTTPS yet. And if
you're interested in playing with any of
-
that and writing your own Java applet,
there's even a Hello World one around for
-
several years that you can use as a
starting point. You can get the keys for
-
your specific card from the GSM team and
then you can play with all of this in a
-
way that normally only the operator can do
with the card. Some hyperlinks which are
-
actually hyperlinks on those slides. So
you have to look at the PDF to see them.
-
Yeah. And that brings me to the last slide
and I'm very happy to see questions.
-
Thanks.
Herald: Thank you. Thank you so much.
-
Actually, talks like this one is one of
the main reasons I go to Congress, because
-
sometimes I just take a dive into a topic
I know nothing about and it's presented by
-
a person with literally decades of
experience in the field.
-
So it's amazing. And we have time for
questions. So keep them coming. And the
-
first one is microphone number 4.
Microphone 4: What you say makes me want
-
to have a firewall between my phone and my
SIM card. Is there a firewall?
-
Harald: Not to my knowledge, really. I
mean, there are some vendors of
-
specifically secure telephones that say,
well, we have a firewall sort of built-in.
-
Not sure to what extent and what detail,
but not as a separate product or a
-
separate device. At some time people
developed so-called interposer SIM cards,
-
which you can slide between the SIM card
and the phone, but that doesn't really
-
work with you know Nano-SIM cards and so
on anymore. And those interposers those
-
were mostly used to avoid, you know, SIM
locking and so on. But of course with such
-
a device you could of course implement a
firewall. Keep in mind that almost all of
-
the communication. I mean the OTA may be
encrypted, but all of the communication
-
between the phone and the card is
completely unauthenticated and
-
unencrypted. So you can actually intercept
and modify that as much as you want. And
-
there's actually a project I forgot to
mention in more detail. That's the
-
osmocon project called SIM Trace,
which is a device that you can actually
-
put as a man in the middle to trace the
communication between card and phone.
-
Herald: Thank you. Mic one.
Microphone 1: Could you please elaborate a
-
little bit about the SIM Checker attack
because the telephone provider said it's
-
only possible if you have S@T browser on
the SIM card and most claim they don't
-
have. So do you have a feeling how many of
SIM cards have a S@T browser and which are
-
attackable or which other applications are
attackable by the SIM Checker attack?
-
Harald: I'm not involved in those attacks,
so I cannot really comment on that in
-
detail. But I know there is a tool
available, an open source tool that is
-
made available by SR Labs, which allows
you to test cards. So if you want to check
-
different cards, you can use that SIM
tester. I think it's linked from the slide
-
here. Yeah, the SR Labs SIM tester. That's
a Java application. I don't have any
-
figures or knowledge about this. In terms
of the figures you're asking for. Sorry.
-
Herald: Thank you. Let's take a question
from the Internet next. Hi, Internet
-
people.
Signal Angel: There was a question, Can
-
the eSIM can be seen as back to the roots,
especially compared to what the U.S.
-
market had in the early time?
Harald: Um. Well, that refers to the
-
situation that the identity is hardwired
into the phone and not replaceable. And I
-
think. No, not really, because it can be
replaced and it can be replaced by any of
-
the operate like the normal commercial
operators. Of course, it means you cannot
-
use such a device in, let's say, a private
GSM network or in a campus network for 5G,
-
which apparently everybody needs these
days now. So there are limitations for
-
such use cases. But in terms of the normal
phones switching between operator A and
-
operator B. That's exactly what the system
is trying to solve. It's just that if
-
you're not part of the club, you've lost.
Herald: Thank you. The person behind Mic 5
-
has a very nice hat and we're all
about fashion here. So the next question
-
goes to you.
Harald: Nobody told me that.
-
Microphone 5: not understandable's
mentor said not a Google one? And my
-
question was answered, I think because I
wanted to know what prevents a POC from
-
providing an eSIM.
Harald: A profile for an eSIM. Yes, that's
-
exactly the problem that it needs in order
to install it. It needs to be approved and
-
signed and so on and so on. And you need
to be part of that GSMA process. So first
-
of all, you would have to technically
implement all of that, which is doable in
-
all specs of public. But then you need to
get it certified, which is maybe
-
less doable. And then finally since
you're not a GSMA member and not an
-
operator. You cannot become a GSMA member
and you don't have the funds for it
-
anyway. So that is certainly not going to
work. But the POC could provide an actual
-
like a physical eSIM chip. So if somebody
wants to
-
do a hot air rework. That's easy, and I
mean, you can buy them just like
-
other SIM cards and then you have your
identity inside. But of course, that
-
doesn't really solve your problem, I
suppose.
-
Microphone 5: Okay.
Herald: Thank you. No more people in cool
-
hats. So you'll keep picking at random.
Mic 7, please.
-
Microphone 7: Thanks for the amazing talk.
Um, I have a question about the flash
-
file system on the cards. I've already
worked with the cards on the file system
-
level due for some files, you need to
specify this. You would need to load. Do
-
you need to do like a authentication tango
provides a CH view like the PIN one and
-
then you only have access to some of the
files. And since cheap flash is built into
-
those devices, my question is whether they
are cheap hardware or software tricks to
-
access the files or modify the files which
are usually locked behind the PIN.
-
Harald: Not that I'm aware of. And if I
would say they are rather specific to the
-
given OS or whatever on the cards and as
so many out there. So I think it's
-
unlikely in terms of write cycles, you can
typically buy between one hundred thousand
-
five hundred thousand write cycle flash in
SIM card chips. That's sort of what the
-
industry sells. But then of course you
have all kinds of weird leveling and then
-
there are algorithms and SIM card
operating systems even go as far as to
-
like you can specify which files are more
like the update frequencies. So it will
-
use different algorithms for managing the
flash there. But an interesting anecdote
-
for that if we have the minute. And I was
involved openmoko. Some people may
-
remember that was an open source
smartphone in 2007. And, um, there
-
actually we had a bug in the baseband
which would constantly keep rewriting some
-
files on the flash of the SIM card. And
actually we had some early adopters use us
-
where the SIM cards got broken basically
by constantly hammering them with write
-
access. So, um. Yeah. But nothing that
I know about any kind of, um. Access
-
class bypass or something like that.
Microphone 7: Thank you.
-
Herald: Microphone 6, which I often
neglect because the lights are blinding me
-
when I look that way.
Microphone 6: Um, thanks for the helpful
-
talk. I have a twofold question. Um, so if
I understand correctly your talk, it is
-
impossible to know the code that's
running on the same, right? So I have this
-
twofold question is about going further,
is there something buried in the specs to
-
understand more concretely, this
protocols?
-
And is there any way to dump the code
that's running on the SIMs?
-
Harald: In terms of documentation, beyond
the specs, there is one document that I
-
always like very much to recommend, which
is also linked here. Yes, the so-called
-
SIM Alliance Stepping Stones. No idea why
it's called that way, but that's how it's
-
called, there's a hyperlink. So if you
work on the slides, you can download it.
-
That's a rather nice overview document
-
about all the different specs
and how it ties together.
-
So I can recommend that. And in
terms of towards to dump the code on the
-
SIM card. I mean, yes, of course. Tools
exist, but those tools are highly specific
-
to the given smartcard operating system
and or chip. And I'm not aware of any such
-
tools ever having leaked. I mean, I get
such tools for the cards that I in the
-
company that I work, I work with. But
yeah, of course, the SIM cards out in the
-
field should be locked down from such
tools and they are highly specific to the
-
given OS and SIM.
Microphone 6: OK.
-
Herald: Thank you.
Harald: So maybe one addition to that,
-
it's normally made in a way that basically
if you want to sort of reset the card or
-
something. So there's always sort of once
the card is in the operational lifecycle
-
state, which is when you use it normally
if you ever want to bypass some
-
restriction or you want to sort of do
something that is not permitted by the
-
spec, by the by the permissions anymore,
you have to sort of recycle the card and
-
get it back into the so-called
personalization lifecycle state. And most
-
often that is done with a complete wipe,
at least off the file system or with a
-
complete wipe of the operating system. So
you're back to the bootloader of the card
-
and then you can basically start to
recreate the card.
-
But it's typically implemented in a way
that it always is together with an erase.
-
So they tried at least to make it safe.
There's a question there, but not at the
-
microphone. Oh there is a microphone. Oh,
sorry. But yeah, your job. Sorry
-
Herald: Yeah, I think the person behind
Mic 4 has been standing there for ages.
-
Microphone 4: You mentioned that the
card can instruct the phone to open the
-
website, but I have never seen this and
I've seen use cases where I think it would
-
be useful to do this. So is this
not supported in most OSes or why?
-
Harald: It's a good question, actually. If
you read all those specs, like especially
-
these proactive SIM specs and so on. I
always have the original: OK it's all very
-
interesting, but I've never seen anything
like that anywhere." So I completely agree
-
with you. Whether or not it's supported by
the phones is a good question. And I think
-
without trying, there's no way to know. So
you would actually have to write on a
-
small extend a Hello World app and to to
do that and see and do a testing with
-
various phones. I would fear that since
it's a feature that's specified but rarely
-
used, a lot of devices will not support it
or not support it properly because it's
-
never tested, because nobody's ever asked
about testing it. But that's just my
-
guess.
Herald: Thank you, Mic 1.
-
Microphone 1: OK. Hello. Um, my question
is, when you have an eSIM and you want
-
to provisioning it. Could it be done with
TR-069 or something similar?
-
Harald: No. That's a completely different
set of protocols that are used for that.
-
And that's that relates to this,
global platform, 2.2 and XP, I think
-
it was. Yeah, I don't find it right now.
But there's this spec that specifies all
-
the different interfaces and protocols
that are used between the elements and
-
it's completely different. I think
also the requirements are very different
-
because you have these multiple
stakeholders. So you have the original
-
card issuer, the original operator, then
you have other operators. And it's not
-
like a single entity that just wants to
provision its devices, but it's sort of a
-
multi stakeholder approach where you want
to make sure that even in like a
-
competition between operators still this
is possible and that people for trust in
-
the system, that even if the original
issuing operator doesn't like the other
-
operator, it still will work and it will
even work in 10 years from now or
-
something in where it's in the field. So I
think the requirements are different.
-
Herald: Thank you. That was the last
question of the last talk of the day.
-
Harald: Luckily, not the last day.
Herald: Not the last day, the first day.
-
So there's three more days ahead of us.
Thank you.
-
Applause
-
Music