World wide

Find your closest SmartTrust representative here

What's new?

The latest word on events, news and developments read more

Cloning your SIM

Tags: algorithm, Authentication, cloning, Cryptography, SIM

In a comment to my first entry in this blog, senthadev asked if I could write "more about the SIM cloning and SIM related security measure or any possible attacks". I certainly can't do all of that but I can do a little. I have heard many times that there are attacks that can be used to clone a SIM card. If that is possible it is a bad thing in itself for many and possibly for the SIM in itself.

As touched upon previously one of the core values of the SIM is that of providing the identity of the subscription in the network. Since the SIM was introduced it has proven its value as identity token over other solutions that have been around. However, it does not have a perfect track record and mostly this is not an inherent fault of the SIM itself.

One core principle of the way the SIM provides its application of network authentication is that it is done cryptographically inside the SIM without exposing its cryptographic secret - the key. In the basic form, the network sends a challenge to the phone that passes it to the SIM. On the SIM a cryptographic algorithm uses a secret key located on the SIM to transform the challenge and return the transformed challenge. The idea is that the secret key is not exposed outside the SIM.

This is not strange. It is normal cryptographic protocol one can say.

If it was somehow possible to extract the secret key, the card could be cloned. The whole idea is that the SIM does not allow this. So we are safe - right? The answer is that we have the fundamentals for being safe but they must be used correctly.

Within cryptography there is a very strong urge to frown at any cryptographic algorithm that is secret. The cryptographic community advocates the principles that the algorithm shall not be secret and especially that the security shall never depend on the fact that the algorithm itself is secret.

Sooner or later any algorithm that is secret can be expected to be public. The world is more or less full of such examples. Instead, security in a system shall depend on that the keys that need to be secret are kept secret. If a key is exposed, it can normally be replaced. If security depended on a secret algorithm and the algorithm was exposed, well that would be game over then.

However, there are many cases when the intention is really not to create the security by having the algorithm secret but it is kept secret for other reasons. Sometimes this is done by inventors of algorithms. It is generally a bad idea since it does not expose the algorithm to public review and shortcomings in the algorithm will not be corrected. Basically, there is a risk that something is unintentionally wrong with the algorithm.

So why this long text on cryptography, keys and algorithms when the question was about SIM cloning? The reason is that there is a strong connection here. What might happen if the cryptographic algorithm used by the SIM for network authentication was not as good as it should be? How would the situation be affected if the algorithm was kept secret?

The thing is that the algorithm was kept secret. It was distributed only on a need-to-know basis. At the same time it was not mandatory to have this algorithm. The whole framework around the just defined that there shall be an algorithm but not that it was the one that had to be used. However, it turned out that many operators did use that secret algorithm. It also turned out that after some years the algorithm was not so secret anymore.

When this happened, the algorithm was tested and it turned out that it was not so good as it should have been. The algorithm had the unfortunate behavior that when given very controlled input, it produced very specific output in a way that made it possible run a sequence of controlled challenges to the SIM and based on the output calculate the key, outside the card.

That does sound terrible does it not? However, the good part of the bad news back then was that a very large number of defined challenges was need as well as physical control of the SIM. The way to clone someone else's SIM would thus be by asking to borrow it for a day or two, get the PIN to the card, put it into a card reader and run one's cracking sequence on it. If you had a weekend it could be done.

So in reality, the risk to subscribers was more or less minimal. However, business concepts based on renting out SIMs to travelers would not work that well anymore.

So was this the end of the SIM? No it was not. When this became known, operators started moving to other algorithms that performed better. Since moving to new algorithm is a process that can take a while, other measure could also be applied. The SIM could be programmed not to accept thousands and thousands of requests to generate the cryptographic challenge.

So, that was a bit of history on how SIMs could be cloned and how it was fixed again. A nice thing about the fix to the problem is that it can be done by replacing the SIM. Consider what the situation would be if instead this had been done by the phones and the work then required to remove the problem. The fact that the SIM can just be removed from the phone and a new one inserted does have its advantages.

Bookmark and Share Subscribe to this blog

SIM - inserting value

Future or past, or the future of the past — SIM - inserting value . September 06, 2010.

Mobile services instead of mobile internet — SIM - inserting value . June 03, 2010.

Frames should be connected — SIM - inserting value . May 03, 2010.

Latest blog posts

Future or past, or the future of the past — SIM - inserting value . September 06, 2010.

Seamless connectivity is what I want — Living a life in motion. July 05, 2010.

Huawei implements support for OMA CP and OMA DM on Android — Device Knowledge. July 01, 2010.

© SmartTrust 2010
All Rights Reserved
Part of the Giesecke & Devrient Group
Legal Disclaimer