The Smart Card SIM

The smart card SIM is our next component of interest. As part of the GSM standard in
the 1980s, it was decided to incorporate a smart card that would act as a Subscriber
Identity Module (SIM)—a mechanism for storing a subscriber’s phone number and
security information.
The smart card was a French invention and for this reason has seen faster adoption
in Europe than the United States . The idea was to take a piece of plastic and put a piece
of silicon on it (26 sq mm), on which could be added some memory—an 8-bit microprocessor
and a connector. The plastic could either be full IS0 credit-card size (which
tended to flex in the early days and later seemed rather large in comparison with handset
form factors), a half-size ISO card (which never caught on either), or a plug-in
(installed semipermanently), which has become the usual configuration. The market
benefit of the SIM was that a subscriber could pick up any handset, add his or her SIM,
and be connected to a network.
Smart card SIMs were not initially incorporated into U.S. handsets, although SIMs
are now specified by 3GPP2 for use in CDMA2000 (and are known as R-UIM, for
Reusable User Identity Modules).

The SIM is now morphing into a new device called a USIM. Depending on whom
you talk to and what you read, this stands for a UMTS SIM (Universal Mobile Telephone
Standard), a plain and simple Universal SIM, or less often but more appropriately,
a User Service Identity Module.
The SIM contains a user-specific encryption key and encryption algorithm, known
as the A3/A5/A8 algorithm, which is used to authenticate a user and then to provide
encryption using a 58-bit code length across the air interface—that is, over the air. The
authentication and encryption algorithms are covered in more detail in Chapter 9, but
essentially the A3/A5/A8 algorithm uses a secret key for authentication (ki) and a
secret key for ciphering (kc). From Chapter 1 you will remember that GSM is based on
a frame structure (8 time slots per frame), with the air interface running at 217 frames
per second. Above the frame structure sits a multiframe structure, above the multiframe
structure sits a superframe structure, and above the superframe structure is a
hyperframe that is approximately 31⁄2 hours long. kc is derived as a product of ki and
the frame number within the 31⁄2 hour cycle that the air interface happens to be at the
time the key is established. For all practical purposes this is adequately robust overthe-
air encryption.
However, we are now requiring a handset to perform far more functions than just
carrying voice. As a result, we need to provide a mechanism for managing access and
policy rights, quality of service parameters, service-level entitlements, the particular
security context needed for a rich media exchange, and any associated content ownership
rights that need to be preserved. If, in addition, the handset is being used to authorize
commercial transactions, we need to provide robust, end-to-end authentication
and encryption support. Over the air means just that—the traffic is secure as far as the
network and can then be intercepted by legitimate authorities. End-to-end encryption
means the traffic remains nontransparent as it moves through the network.
SIM standards have evolved from Phase 1 to Phase 2 to Phase 2+. Table 4.4 shows
how the memory requirement has expanded as the standard has evolved.
Typically, available hardware has evolved rather faster than the standard. A typical
smart card SIM today has 196 kbytes of ROM, 6 kbytes of RAM, and 68 kbytes of EEPROM,
and is now not an 8-bit microcontroller but a 16-bit or even 32-bit controller.
No hardware is totally secure—in the same way that no software is totally secure.
Various methods exist to recover RSA keys, including fault injection (subjecting the
smart card to ionizing radiation, injecting a single bit error into one of the registers, and
comparing the errored and nonerrored outputs) and smart card power analysis (the
power drawn by storing a word in a register differs depending on the ratio of 1s and 0s).

In the United States, more mechanically secure hardware packages have been proposed,
including i-buttons, which are 16-mm computer chips in a steel can. This is an
8-bit microprocessor with 6 kbytes of nonvolatile RAM and a (10 year life) lithium
battery. If you try to open the can, all registers are set to zero. The i-button has a
1024-bit key (RSA), which takes just under a second to run, which is fine for non-delaysensitive
applications. (Additional information is available on Dallas Semiconductor’s
Web site, www.dalsemi.com.)
Other alternatives include fingerprint authentication. A person’s fingerprint effectively
becomes one of the plates of a capacitor; the other plate is a silicon chip with a
sensor grid array. An example product from Veridicom (www.veridicom.com) uses a
300 × 300 sensor grid array to create a 500 dot per inch image of the ridges and valleys
of the fingerprint, which are then processed by an 8-bit ADC to produce a unique
digital value. The technology has also been applied in some handsets; for example,
a current Sagem dual-band GSM product can recognize up to five fingerprints
(www.sagem.com).

Opinions differ as to the long-term security/robustness of fingerprinting as a recognition
technique. It is becoming feasible to use modeling techniques to produce artificial
fingerprints. Other options exist, such as iris scanning, but most are not particularly
practical for present implementation into a digital cellular handset. We are more likely
to see a further evolution of the smart card with more memory available. (We cover
memory footprints in Part II of this book, which deals with handset software.) 120