SIM-Subscriber Identity Module
The terms SIM, smart card, and UICC have an unfortunate tendency to be used interchangeably. The UICC is hardware. A SIM is a software application. Generally speaking a smart card is a UICC running a SIM as well as possibly other applications.
SIM is actually just an application running on a smartcard. A given card could contain multiple SIM’s, allowing, for instance, a given phone to be used on multiple networks.
A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network. This allows the network to identify what sources the subscriber is entitled to, billing information, etc. A second category relates to the actual operation of the device. Information such as the last number called, or the length of the phone call can be stored. A third category of information is personalized information. Phonebooks or calendars fall into this category.
A SIM has three major purposes
- Uniquely identify the subscriber
- Determines phone number
- Contains algorithms for network authentification
A Sim contains
- 16 to 64 KB of memory
- Operating System
Uses of SIMs
SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when there is a need or desire to provide different types or levels of service to many users who have different configurations.
The primary use of SIM cards in the United States is in cell phones. There are other uses as well. The US military issues smart cards as identification to its personnel. These cards are used to allow users to log into computers.
Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.
The SIM uses a hierarchically organized file system that stores names, phone numbers, received and sent text messages. It also contains the network configuration information. The SIM also allows for easy transporting of all information from one phone to another. Forensically speaking, a SIM could be an incredible source of evidence. It allows for all information that the suspect has dealt with over the phone to be investigated. All phone numbers dialed, and receieved would be available for investigation. Also, if no identifying information is on the phone the network provider could be contacted and could possibly provide more information that is even on the SIM.
One downside to the use of SIM cards is the amount of thefts that occur. A person could steal a SIM card and use it for their own personal calls, which would be still on the original owners information log. This is becoming a problem in European countries with the theft of SIM cards.
There are two things that help secure the information located on your SIM. The PIN (Personal Identification Number) and the PUK (Personal Unlocking Code).
When PIN protection is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered. The PIN by default is at a standard default number and can be changed on the handset. If the PIN is entered incorrectly 3 times in a row the phone is locked and another code called the PUK is needed from the network provider.
If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or SMS messages. The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone. If the pin is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.
The data that a SIM card can provide the forensics examiner can be invaluable to an investigation.
In general, some of this data can help an investigator determine:
- Phone numbers of calls made/received
- SMS Details (time/date, recipient, etc.)
- SMS Text (the message itself)
There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics’ SIM Card Seizure.
These software titles can extract such technical data from the SIM card as:
- Integrated Circuit Card ID (ICCID)
- International Mobile Subscriber Identity (IMSI)
- Mobile Country Code (MCC)
- Mobile Network Code (MNC)
- Mobile Subscriber Identification Number (MSIN)
- Mobile Subscriber International ISDN Number (MSISDN)