SIM Card

[Subscriber Identity Module]

SEMINAR REPORT 6TH E.C. 2009 S. S.ENGINEERING

COLLEGE
PREPARED BY: N.C. DHANDHUKIA (4040) & N.C.BHUVA
(4044)
GUIDED BY: MR. S.B. PARMAR & MR. M.A. JAJAL

SIM Card

Acknowledgement
2009

We wish to express my profound thanks to the people around me who

helped complete our seminar a good one. We take this opportunity to thank
our respected Mr. S.B. Parmar and Mr. M.A. Jajal, without whose support and
encouragement, this paper could not have been completed. WE also thank
to our other faculty members and friends who have helped me in gathering
and organizing the required information.

N.C. Dhandhukia
N.C. Bhuva

Shantilal Shah Engineering College, Bhavnagar

Page 2

SIM Card

Index

1. Subscriber Identity Module

Page NO.
4

1) Usage in mobile phone standard

2) Operating systems

3) Data

ICCID

IMSI

Authentication key (Ki)

Authentication process

Location area identity

SMS messages and contacts

SIM Serial Number (SSN) Digits

4) Universal Subscriber Identity Module

5) Removable User Identity Module

10

2. UICC

12

3. IMEI

14

4. IMSI

18

5. SIM Lock & SIM Cloning

19

6. Dual SIM

21

7. Bibliography

23

Shantilal Shah Engineering College, Bhavnagar

2009

TOPIC

Page 3

SIM Card

Subscriber Identity Module

2009

A Subscriber Identity Module (SIM) on a

removable SIM Card securely stores the servicesubscriber key (IMSI) used to identify a subscriber
on mobile telephony devices (such as computers
and mobile phones). The SIM card allows users to
change phones by simply removing the SIM card
from one mobile phone and inserting it into another
mobile phone or broadband telephony device.
SIM cards are available in two standard sizes. The first is the size of a credit
card (85.60 mm 53.98 mm x 0.76 mm). The newer, more popular
miniature-version has a width of 25 mm, a height of 15 mm, and a thickness
of 0.76 mm. However, most SIM cards are supplied as a full-sized card with
the smaller card held in place by a few plastic links and can be easily
broken off to be used in a phone that uses the smaller SIM.
The first SIM Card was made in 1991, with Munich smart card maker
Giesecke & Devrient selling the first 300 SIM cards to Finnish wireless
network operator Elisa Oyj (formerly Radiolinja).
Each SIM Card stores a unique International Mobile Subscriber Identity
(IMSI). The format of this number is as follows:

The first 3 digits represent the Mobile Country Code (MCC).

The next 2 digits represent the Mobile Network Code (MNC).

The next 10 digits represent the mobile station identification number.

Since a SIM card is a smart card, it also has an ICC-ID number based on
International Standard ISO/IEC 7812. The maximum length of the visible
card number is 20 characters; 19 digits are preferred, but
telecommunication network operators who are already issuing Phase 1 SIM
cards with an identification number length of 20 digits may retain this
length. The number is composed of the following subparts:
Issuer Identification number (max. 7 digits)
Shantilal Shah Engineering College, Bhavnagar

Page 4

SIM Card
Major Industry Identifier (MII), 2 digits, 89 for telecommunication
purposes.

Country code, 1-3 digits

Issuer identifier, variable.

2009

Individual account identification

Individual account identification number.

Parity check digit.

W-SIM is a SIM card which also integrates core cellular technology into the
card itself.
A Virtual SIM is a mobile phone number provided by a wireless carrier which
does not require a SIM Card to terminate phone calls on a user's mobile
phone.

1. Usage in mobile phone standard

The use of SIM cards is mandatory in GSM devices. The

equivalent of a SIM in UMTS is called the Universal
Integrated Circuit Card (UICC), which runs a USIM
application, whereas the Removable User Identity Module
(R-UIM) is more popular in CDMA-based devices. The UICC
card is still colloquially referred to as a SIM-card. Many
CDMA-based standards do not include any such card, and
the service is bound to a unique identifier contained in the
handset itself.
The Satellite phone networks Iridium, Thuraya and Inmarsat's BGAN also
use SIM cards. Sometimes these SIM cards work in regular GSM phones and
also allow GSM customers to roam in satellite networks by using their own
SIM card in a satellite phone.
The SIM card introduced a new and significant business opportunity of
mobile telecoms operator/carrier business of the MVNO (Mobile Virtual
Network Operator) which does not own or operate a cellular telecoms
Shantilal Shah Engineering College, Bhavnagar

Page 5

SIM Card

2009

network, but which leases capacity from one of the network operators, and
only provides a SIM card to its customers. MVNOs first appeared in
Denmark, Hong Kong, Finland and the UK and today exist in over 50
countries including most of Europe, USA and Canada, and Australia and
parts of Asia and account for approximately 10% of all mobile phone
subscribers around the world.

On some networks the mobile phone is locked to its SIM card such as on the
GSM networks in the USA and the UK. This tends to happen only in countries
where mobile phones are heavily subsidized, but even then not all countries
and not all operators; such as in the UK, typically, most phones with
subsidies are SIM-locked.
Phones sold with a contract are often locked (SIM-locked) to the network
that provided the phone, as the phones are often subsidized and the
network operator wants to claw back the subsidy over the following 18 or
24 months of the contract. The customer effectively agrees to the "lock-in"
in order to get a phone that would ordinarily cost them a lot more on the
open market. For example in the UK, a phone that cost 250 as a "SIM-free"
or unlocked device on the open market might be offered free-of-charge with
an 18 month contract commitment of 30 per month. A plethora of online
and high-street businesses now offer the ability to remove the SIM-lock from
a phone, effectively making it possible to then use the phone on any
network by inserting a different SIM-card. This is a useful benefit for
travellers that might want to put a local SIM-card into their phone when
they arrive in a country, in order to minimize roaming charges. In many
countries now it is possible to buy a pre-pay SIM card just by walking into a
store, and these "SIM-only" deals are a cost effective way to stay in contact
when travelling.
Phones sold as pre-pay often also have an operator subsidy, especially in
competitive mobile markets like the UK. These phones are sold not just
through mobile phone stores, but also supermarkets, catalogues, stationery
outlets and online, and so the mobile companies are constantly in a race to
the lowest price. These prepay phones come with a bundled SIM, so the
intention is that you should buy the phone, and then activate it using the
SIM provided. Once again the handsets are often SIM-locked to make sure
that you do not use another operator, so that the original operator will then
eventually recoup their subsidy. However, because the units can be
Shantilal Shah Engineering College, Bhavnagar

Page 6

SIM Card

2009

unlocked for a small fee (and even the operators themselves offer this
service), units can be bought cheaply, separated from the original SIM-card
and sold on for a profit, perhaps in other markets, perhaps as contract
phone. This is known in the industry as 'box breaking', and often harms the
profits of the operator while allowing complicit sales staff and box breakers
to reap the rewards.

Mostly, GSM and 3G mobile handsets can easily be SIM-unlocked and used
on any suitable network with any SIM card. A notable exception is the Apple
iPhone, where in most markets Apple have gone to extreme lengths to lockdown their phones so that they can only be used with the partner's network.
This has led to a popular hack called the "jail-break", which frees the iPhone
from the partner network, so that any SIM-card can be inserted. Apple and
the hackers are locked in a war of escalation, with Apple constantly trying to
close loopholes in their operating system, and the hackers finding new ways
to jailbreak each version as it becomes available.
In countries where the phones are not subsidised, such as Italy and
Belgium, all phones are unlocked. Where the phone is not locked to its SIM
card, the users can easily switch networks by simply replacing the SIM card
of one network with that of another while using only one phone. This is
typical for example among users who may want to optimise their telecoms
traffic by different tariffs to different friends on different networks. It is
called the "SIM card switch"
Dual SIM phones are now made by Samsung. Which save the user from
having to carry 2 phones. The user can have separate numbers for
family/friends and business/work.

2. Operating systems
SIM operating systems come in two main types: Native and Java Card.
Native SIMs are based on proprietary, vendor specific software whereas the
Java Card SIMs are based on standards, particularly Java Card which is a
subset of the Java programming language specifically targeted at
embedded devices. Java Card allows the SIM to contain programs that are
hardware independent and interoperable.

3. Data

Shantilal Shah Engineering College, Bhavnagar

Page 7

SIM Card

2009

SIM cards store network specific information used to authenticate and

identify subscribers on the Network, the most important of these are the
ICCID, IMSI, Authentication Key (Ki), Local Area Identity (LAI) and OperatorSpecific Emergency Number. The SIM also stores other carrier specific data
such as the SMSC (Short Message Service Center) number, Service Provider
Name (SPN), Service Dialing Numbers (SDN), Advice-Of-Charge parameters
and Value Added Service (VAS) applications.

ICCID
Each SIM is internationally identified by its ICC-ID (Integrated Circuit Card
ID). ICCIDs are stored in the SIM cards and are also engraved or printed on
the SIM card body during a process called personalization. The ICCID is
defined by the ITU-T recommendation E.118. The number is up to 18 or 19
digits long and in addition is often associated with a single check digit
calculated using the Luhn algorithm.

IMSI
SIM cards are identified on their individual operator networks by holding a
unique International Mobile Subscriber Identity. Mobile operators connect
mobile phone calls and communicate with their market SIM cards using
their IMSI.

Authentication key (Ki)

The Ki is a 128-bit value used in authenticating the SIMs on the mobile
network. Each SIM holds a unique Ki assigned to it by the operator during
the personalization process. The Ki is also stored on a database (known as
Authentication Center or AuC) on the carriers network.
The SIM card is designed not to allow the Ki to be obtained using the smartcard interface. Instead, the SIM card provides a function, "RUN GSM
ALGORITHM", that allows the phone to pass data to the SIM card to be
signed with the Ki. This, by design, makes usage of the SIM card mandatory
unless the Ki can be extracted from the SIM card, or the carrier is willing to
reveal the Ki. In practice, the GSM "crypto" algorithm for computing SRES_2
(see step 4, below) from the Ki has certain vulnerabilities which can allow
the extraction of the Ki from a SIM card and the making of a duplicate SIM
card.

Shantilal Shah Engineering College, Bhavnagar

Page 8

SIM Card

Authentication process

2009

1. When the Mobile Equipment starts up, it obtains the IMSI

(International Mobile Subscriber Identity) from the SIM card, and
passes this to the mobile operator requesting access and
authentication. The Mobile Equipment may have to pass a PIN to the
SIM card before the SIM card will reveal this information.
2. The operator network searches its database for the incoming IMSI and
its associated Ki.
3. The operator network then generates a Random Number (RAND) and
signs it with the Ki associated with the IMSI (and stored on the SIM
card), computing another number known as Signed Response
(SRES_1).
4. The operator network then sends the RAND to the Mobile Equipment,
which passes it to the SIM card. The SIM card signs it with its Ki,
producing SRES_2 which it gives to the Mobile Equipment along with
encryption key Kc. The Mobile Equipment passes SRES_2 on to the
operator network.

5. The operator network then compares its computed SRES_1 with the
computed SRES_2 that the Mobile Equipment returned. If the two
numbers match the SIM is authenticated and the Mobile Equipment is
granted access to the operator's network. Kc is used to encrypt all
further communications between the Mobile Equipment and the
network.

Location area identity

The SIM stores network state information, which is received from the
Location Area Identity (LAI). Operator networks are divided into Location
Areas, each having a unique LAI number. When the device changes
locations, it stores the new LAI to the SIM and sends it back to the operator
network with its new location. If the device is power cycled, it will take data
off the SIM, and search for the previous LAI. This saves time by avoiding
Shantilal Shah Engineering College, Bhavnagar

Page 9

SIM Card
having to search the whole list of frequencies that the telephone normally
would.
2009

SMS messages and contacts

Most SIM cards will orthogonally store a number of SMS messages and
phone book contacts. The contacts are stored in simple 'Name and number'
pairs - entries containing multiple phone numbers and additional phone
numbers will usually not be stored on the SIM card. When a user tries to
copy such entries to SIM the handset's software will break them up into
multiple entries, discarding any information that isn't a phone number. The
number of contacts and messages stored depends on the SIM; early models
would store as little as 5 messages and 20 contacts while modern SIM cards
can usually store over 250 contacts.
SIM Serial Number (SSN) Digits
A typical SSN (19 digits) example 89 91 10 1200 00 320451 0, provides
several details as follows:

The first two digits (89 in the example) refers to the Telecom Id.

The next two digits (91 in the example) refer to the country code (91India).

The next two digits (10 in the example) refers to the network code.

The next four digits (1200 in the example) refers to the month and
year of manufacturing; December, 2000 in this case.

The next two digits (00 in the example) refers to the switch
configuration code.

The next six digits (320451 in the example) refers to the SIM number.

The last digit which is separated from the rest is called the check
digit.

4. Universal Subscriber Identity Module

A Universal Subscriber Identity Module is an application for UMTS
mobile

Shantilal Shah Engineering College, Bhavnagar

Page 10

SIM Card
Figure shows a card that has not been
removed from its larger Card.
2009

Telephony running on a UICC smart card which is

inserted in a 3G mobile phone. There is a common
misconception to call the UICC card itself a USIM, but the USIM is merely a
logical entity on the physical card.
It stores user subscriber information, authentication information and
provides storage space for text messages and phone book contacts. The
phone book on a UICC has been greatly enhanced.
For authentication purposes, the USIM stores a long-term preshared secret
key K, which is shared with the Authentication Center (AuC) in the network.
The USIM also verifies a sequence number that must be within a range
using a window mechanism to avoid replay attacks, and is in charge of
generating the session keys CK and IK to be used in the confidentiality and
integrity algorithms of the KASUMI block cipher in UMTS.

Equivalents on 2G

The equivalent of USIM on GSM networks is SIM.

The equivalent of USIM on CDMA networks is RUIM.

5. Removable User Identity Module

Removable User Identity Module (R-UIM) is a card developed for CDMA
handsets that extends the GSM SIM card to CDMA phones and networks. To
work in CDMA networks, the R-UIM contains an early version of the CSIM
application. The card also contains SIM (GSM) application, so it can work on
both networks. It is physically compatible with GSM SIMs and can fit into
existing GSM phones as it is an extension of the GSM 11.11 standard.
The card brings one of the main advantages of GSM to CDMA network
phones. By having a removable identity card, CDMA users can change
phones while keeping their phone numbers by simply swapping the cards.
This simplifies many situations such as phone upgrades, phone
replacements due to damage, or using the same phone on a different
provider's CDMA network.
Shantilal Shah Engineering College, Bhavnagar

Page 11

SIM Card

2009

The R-UIM card has been superseded by CSIM on UICC. This technique
allows all three applications (SIM, CSIM, and USIM) to coexist on a single
smartcard, allowing the card to be used in virtually any phone worldwide
that supports smart cards.

The CSIM application, a port of R-UIM functionality to the UICC, is defined in

standard. This form of card is widely used in China under the CDMA service
of China Unicom (The CDMA service of China Unicom was acquired by China
Telecom in 2008) . However, it is also used elsewhere such as India,
Thailand, and Japan

Shantilal Shah Engineering College, Bhavnagar

Page 12

SIM Card

UICC
2009

The UICC (Universal Integrated Circuit Card) is the smart card used in
mobile terminals in GSM and UMTS networks. The UICC ensures the
integrity and security of all kinds of personal data, and it typically holds a
few hundred kilobytes. With the advent of more services, the storage space
will need to be larger.
In a GSM network, the UICC contains a SIM application and in a UMTS
network it is the USIM application. A UICC may contain several applications,
making it possible for the same smart card to give access to both GSM and
UMTS networks, and also provide storage of a phone book and other
applications. It is also possible to access a GSM network using an USIM
application and it is possible to access UMTS networks using a SIM
application with mobile terminals prepared for this. With the UMTS release 5
a new application, the IP multimedia Services Identity Module (ISIM) is
required for services in the IMS. The telephone book is a separate
application and not part of either subscription information module.
In a CDMA network, the UICC contains a CSIM application, in addition to
3GPP USIM and SIM applications. A card with all 3 features is called a
removable user identity card, or R-UIM. Thus, the R-UIM card can be
inserted into CDMA, GSM, or UMTS handsets, and will work in all three
cases.
In 2G networks, the SIM card and SIM application were bound together, so
that "SIM Card" could mean the physical card, or any physical card with the
SIM application. In 3G networks, it is a mistake to speak of a USIM, CSIM, or
SIM card, as all three are applications running on a UICC card.

Shantilal Shah Engineering College, Bhavnagar

Page 13

SIM Card

2009

The UICC smart card consists of a CPU, ROM, RAM, EEPROM and I/O circuits.
Early versions consisted of the whole fullsize (85 54 mm) smart card.
Soon the race for smaller telephones called for a smaller version of the
card. The card was cropped down to 25 15 mm (as illustrated).
Since the card slot is standardized, a subscriber can easily move their
wireless account and phone number from one handset to another. This will
also transfer their phone book and text messages. Similarly, in theory, a
subscriber can change carriers by inserting a new carrier's UICC card into
their existing handset. However, this is not always possible, because many
carriers SIM-lock the phones that they sell, preventing rival carriers' cards
being used.
The use and content of the card can be protected by use of PIN codes. One
code, PIN1, can be defined to control normal use of the phone. Another
code, PIN2, can be set, to allow the use of special functions (like limiting
outbound telephone calls to a list of numbers). PUK1 and PUK2 are used to
reset PIN1 and PIN2 respectively.
The integration of the ETSI framework and the Application management
framework of GlobalPlatform is standardized in the UICC configuration.

Shantilal Shah Engineering College, Bhavnagar

Page 14

SIM Card

Mobile

Equipment
2009

International
Identity

The International Mobile Equipment Identity or IMEI is a number

unique to every GSM and WCDMA and iDEN mobile phone as well as some
satellite phones. It is usually found printed on the phone underneath the
battery. It can be found by typing *#06# on a handset.
The IMEI number is used by the GSM network to identify valid devices and
therefore can be used to stop a stolen phone from accessing the network.
For example, if a mobile phone is stolen, the owner can call his or her
network provider and instruct them to "ban" the phone using its IMEI
number. This renders the phone useless, whether or not the phone's SIM is
changed.
Unlike the Electronic Serial Number or MEID of CDMA and other wireless
networks, the IMEI is only used to identify the device, and has no
permanent or semi-permanent relation to the subscriber. Instead, the
subscriber is identified by transmission of an IMSI number, which is stored
on a SIM card that can (in theory) be transferred to any handset. However,
many network and security features are enabled by knowing the current
device being used by a subscriber.

Structure of the IMEI and IMEISV

The IMEI (14 decimal digits plus a check digit) or IMEISV (16 digits) includes
information on the origin, model, and serial number of the device. All IMEI's
are registered on mobile handsets and registered on the Moon Corporation
database. The structure of the IMEI/SV is specified in 3GPP TS 23.003. The
model and origin comprise the initial 8-digit portion of the IMEI/SV, known
as the Type Allocation Code (TAC). The remainder of the IMEI is
manufacturer-defined, with a Luhn check digit at the end (which is never
transmitted).
As of 2004, the format of the IMEI is AA-BBBBBB-CCCCCC-D, although it may
not always be displayed this way. The IMEISV drops the Luhn check digit in
favour of an additional two digits for the Software Version Number (SVN),
making the format AA-BBBBBB-CCCCCC-EE
Shantilal Shah Engineering College, Bhavnagar

Page 15

SIM Card
Prior to 2002, the TAC was six digits long and was followed by a two-digit
Final Assembly Code (FAC), which was a manufacturer-specific code
indicating the location of the device's construction.
2009

AA

BBBBBB

Reporting Body The remainder

Identifier,
of the TAC
indicating the
GSMAapproved
group that
allocated the
model TAC

CCCCCC
Serial
sequence of
the model

EE

Luhn check
Software
digit of the
Version
entire number Number (SVN).
(or zero)

For example, the IMEI code 35-209900-176148-1 or IMEISV code 35209900-176148-23 tells us the following:
TAC: 352099 so it was issued by the BABT and has the allocation number
2099
FAC: 00 so it was numbered during the transition phase from the old format
to the new format
SNR: 176148 - uniquely identifying a unit of this model
CD: 1 so it is a GSM Phase 2 or higher
SVN: 23 - The "software version number" identifying the revision of the
software installed on the phone. 99 is reserved.
The format changed as of April 1, 2004, when the Final Assembly Code
ceased to exist and the Type Approval Code increased to eight digits in
length and became known as the Type Allocation Code. From January 1,
2003 until that time the FAC for all phones was 00.
The Reporting Body Identifier is allocated by the Global Decimal
Administrator; the first two digits must be decimal (i.e., less than 0xA0) for
it to be an IMEI and not an MEID.
The new CDMA Mobile Equipment Identifier (MEID) uses the same basic
format as the IMEI.

Retrieving IMEI information from a GSM device

Shantilal Shah Engineering College, Bhavnagar

Page 16

SIM Card

Usage on satellite phone networks

2009

On many devices, the IMEI number can be retrieved by entering *#06#. The
IMEI number of a GSM device can be retrieved by sending the command
AT+CGSN.Retrieving IMEI Information from an older Sony or Sony Ericsson
handset can be done by entering these keys: Right * Left Left * Left

The BGAN, Iridium and Thuraya satellite phone networks all use IMEI
numbers on their transceiver units as well as SIM cards in much the same
way as GSM phones do. The Iridium 9601 modem relies solely on its IMEI
number for identification and uses no SIM card; however, Iridium is a
proprietary network and the device is incompatible with regular GSM
networks.

IMEI and the law

Many countries have acknowledged the use of the IMEI in reducing the
effect of mobile phone theft. For example, in the United Kingdom, under the
Mobile Telephones (Re-programming) Act, changing the IMEI of a phone, or
possessing equipment that can change it, is considered an offence under
some circumstances. As in Latvia, such an action is considered a criminal
offence.
There is a misunderstanding amongst some regulators that the existence of
a formally-allocated IMEI number range for a GSM terminal implies that the
terminal is approved or complies with regulatory requirements. This is not
the case. The linkage between regulatory approval and IMEI allocation was
removed in April, 2000, with the introduction of the European R&TTE
Directive. Since that date, IMEIs have been allocated by BABT (acting on
behalf of the GSM Association) to legitimate GSM terminal manufacturers
without the need to provide evidence of approval.
Other countries use different approaches when dealing with phone theft.
For example, mobile operators in Singapore are not required by the
regulator to implement phone blocking or tracing systems, IMEI-based or
other. The regulator has expressed its doubts on the real effectiveness of
this kind of system in the context of the mobile market in Singapore.
Instead, mobile operators are encouraged to take measures such as the
immediate suspension of service and the replacement of SIM cards in case
of loss or theft.
Shantilal Shah Engineering College, Bhavnagar

Page 17

SIM Card

Blacklist of stolen devices

2009

When mobile equipment is stolen or lost, the operator or owner will typically
contact the Central Equipment Identity Register (CEIR), which blacklists the
device in all operator switches so that it will, in effect, become unusable,
making theft of mobile equipment a useless business.
The IMEI number is not supposed to be easy to change, making the CEIR
blacklisting effective. However, this is not always the case: a phone's IMEI
may be easy to change with special tools and some operators may even
flatly ignore the CEIR blacklist.

Difficulties

"New IMEIs can be programmed into stolen handsets and 10% of

IMEIs are not unique." According to a BT-Cellnet spokesman quoted by
the BBC.

Facilities do not exist to unblock numbers listed in error on all

networks. This is possible in the UK, however, where the user who
initially blocked the IMEI must quote a password chosen at the time
the block was applied.

Computation of the Check Digit

The last number of the IMEI is a check digit calculated using the Luhn
algorithm.
According to the IMEI Allocation and Approval Guidelines,
The Check Digit is calculated according to Luhn formula (ISO/IEC 7812). The
Check Digit shall not be transmitted to the network. The Check Digit is a
function of all other digits in the IMEI. The Software Version Number (SVN)
of a mobile is not included in the calculation. The purpose of the Check Digit
is to help guard against the possibility of incorrect entries to the CEIR and
EIR equipment [registries]. The presentation of the Check Digit (CD), both
electronically and in printed form on the label and packaging, is very
important. Logistics (using bar-code reader) and EIR/CEIR administration
cannot use the CD unless it is printed outside of the packaging, and on the

Shantilal Shah Engineering College, Bhavnagar

Page 18

SIM Card
ME IMEI/Type Accreditation label. The check digit shall always be
transmitted to the network as "0".

1. Starting from the right, double a digit every two digits (e.g., 7 14).

2009

The check digit is validated in three steps:

2. Sum the digits (e.g., 14 1 + 4).

3. Check if the sum is divisible by 10.
Conversely, one can calculate the IMEI by choosing the check digit that
would give a sum divisible by 10. For the example IMEI 49015420323751?
To make the sum divisible by 10, we set ? = 8, so the IMEI is
490154203237518.
IMEI
Double
other

every

Sum digits

18

14

4 + (1 + 8) + 0 + 2 + 5 + 8 + 2 + 0 + 3 + 4 + 3 + (1 +
4) + 5 + 2 + ? = 52 + ?

Shantilal Shah Engineering College, Bhavnagar

Page 19

SIM Card

Mobile

Subscriber
2009

International
Identity

An International Mobile Subscriber Identity or IMSI is a unique number

associated with all GSM and UMTS network mobile phone users. It is stored
in the SIM inside the phone and is sent by the phone to the network. It is
also used to acquire other details of the mobile in the Home Location
Register (HLR) or as locally copied in the Visitor Location Register. In order
to avoid the subscriber being identified and tracked by eavesdroppers on
the radio interface, the IMSI is sent as rarely as possible and a randomlygenerated TMSI is sent instead.

The IMSI is used in any mobile network that interconnects with other
networks, in particular CDMA networks as well as GSM networks. This
number is provisioned in the phone directly or in the R-UIM card (a CDMA
analogue equivalent to a SIM card in GSM).
An IMSI is usually 15 digits long, but can be shorter (for example MTN South
Africa's old IMSIs that are still being used in the market are 14 digits). The
first 3 digits are the Mobile Country Code (MCC), and are followed by the
Mobile Network Code (MNC), either 2 digits (European standard) or 3 digits
(North American standard). The remaining digits are the mobile station
identification number (MSIN) within the network's customer base.

Shantilal Shah Engineering College, Bhavnagar

Page 20

SIM Card

SIM Lock & SIM Cloning

2009

A SIM lock, simlock, network lock or subsidy lock is a capability built

into GSM phones by mobile phone manufacturers. Network providers use
this capability to restrict the use of these phones to specific countries and
network providers. Currently, phones can be locked to accept only SIM
cards from one or more of the following:

Countries (the phone will work in one country, but not another)

Network/Service providers (e.g. AirTel, Vodafone, etc.)

SIM types (i.e. only specific SIM cards can be used with the phone).

In most countries, most mobile phones are shipped with country and/or
network provider locks. In addition, these locked phones tend to have
firmware installed on them which is specific to the network provider. For
example, if you have a Vodafone or Telstra branded phone in Australia, it
displays the relevant logo and may only support features provided by that
network (e.g. Vodafone Live!). This firmware is installed by the service
provider and is separate from the locking mechanism.
Most mobile phones can be unlocked to work with any GSM, such as O2 or
Orange (in the UK), but the phone may still display the original branding
and may not support features of your new carrier. Most phones can be
unbranded by uploading a different firmware version, a procedure
recommended for advanced users only.

SIM cloning
SIM cloning consists of duplicating the SIM card, which allows calls or
other services to use the identification of the cloned SIM and to be charged
to that account.
In the early 1990s, due to poor security, cloning was more common than it
is today. Cloning has now been rendered more challenging technically
(since physical access to the SIM card is now required, contrary to simply
being within radio reach). The cards now perform security operations
themselves on data buried within them.

Shantilal Shah Engineering College, Bhavnagar

Page 21

SIM Card
SIM cloning is a great concern to security/police services since it renders
GSM location-based service (LBS) unreliable when more than one handset
uses the same SIM.
2009

In the movie The Bourne Supremacy, the main character, Jason Bourne,
clones a SIM card to enable him to listen in to calls to a U.S. official from the
CIA. A realistic time for extracting the Ki from a SIM card is approximately 48 hours. There is 40% probability of damaging the card in the process.
Additionally, the attacker must have pre-knowledge of the SIM card's PIN
(CHV1).
A user of Woron Scan v1.05 has claimed scans in less than 5 minutes. Since
that time, Woron Scan 1.09 has been released. An implementation in an
FPGA would allow IMSI and Ki extraction in seconds if the algorithm scales
similarly to DES.
Cracking Ki by overhearing radio GSM traffic is difficult but not impossible
(although illegal in the United States). In many countries GSM traffic is not
encrypted, thus it is possible with proper equipment (a computer-based
radio scanner (e.g. USRP) and proper software).
The security has been improved with the newer generation of SIM cards to
be used with 3GSM networks, known as USIMs. The new specification
implements a new publicly announced algorithm (the KASUMI algorithm).
SIM cloning is also sometimes used to unlock phones from foreign providers
for use on your home network; by using your Ki and switching between your
IMSI and the IMSI that the phone expects the phone can be fooled into
thinking that it has the SIM from its native provider (this is commonly done
for Japanese phones as well as the iPhone before its software unlock was
released).

Shantilal Shah Engineering College, Bhavnagar

Page 22

SIM Card

Dual SIM
2009

A dual SIM mobile phone is one which has two Subscriber Identity Modules
(SIMs). Dual-SIM adapters are available to allow cellphones to contain two
SIMs, and to switch from one to the other as required. Some phones are
designed to work with two SIMs, both of which may be active at the same
time.
Dual-SIM operation allows the use of two services without the need to carry
two phones at the same time. For example, the same handset can be used
for business and private use with separate numbers and bills; or for travel,
with an additional SIM for the country visited.

Add-on dual-SIM adapters

Several types of adapters are available. All of them allow one SIM to be
active, and to receive calls, at any given time; they provide various ways of
switching from one SIM to the other. Earlier versions required the phone to
be switched off and on again to change from one to another. Later models
allow the user to switch SIM cards via a menu or by keying in a numeric
code, without switching the phone off.
The following adapters allow two SIMs to be installed in the phone. They are
often described as being of a certain generation, with later generations
having improved software and functionality. Some adapters require the two
SIM cards to be cut to size, fitted onto a special holder and are inserted into
the phone's SIM socket; this can be quite risky, since the user might end up
damaging the SIM card in the process. Other adapters don't require cutting
or modifying the SIM card. The adapter has two slots for the SIM cards, and
a small ribbon cable, which is hooked to a PCB that mimics another SIM
card. Because of the added circuitry, adapters for some phones, such as
those used for older models, like the Nokiar 3210 and Nokia 3310, often
include thicker battery covers. Recent variations of this setup do away with
the added bulk and have more miniaturized components, allowing owners
of newer handsets to go to a dual SIM setup.

Dual SIM phones

Shantilal Shah Engineering College, Bhavnagar

Page 23

SIM Card

2009

Mobile phones with simultaneous dual SIM capability built in have the
advantage that there are no possible legal issues, breach of contract, or
voiding of warranty. They allow both SIMs to be active simultaneously and
allow calls to be received on either number, unlike adapters that make one
or other number active as required.
Normal GSM phones contain a single transceiver; dual-SIM phones must
have dual transceivers, and need to display signal strength for both
networks. A phone with a single transceiver cannot be converted to
simultaneous dual-SIM operation; at most it can be made switchable with
the use of an adapter.
Although battery life (talk time and standby time) of dual-SIM phones is
reduced, typically by about a third, when both SIMs are active, to
compensate this they often came with better capacity batteries, or in the
case of Chinese-made phones, bundle their units with two batteries,
compared to single-SIM phones.
As of autumn 2007 some little-known Chinese companies supply
inexpensive dual-SIM mobiles, mainly in Asian countries. The latest model
include I-phone look alike which is the smallest dual-SIM phone ever built.
Philips has made models Xenium 9@9w and 699 with this capability
belonging to the restart to change active-line generation. Samsung also
released the D880 DuoS in November 2007, a slider which can hold two SIM
cards with simultaneous standby, and there is a Windows Mobile based
dual-sim phone too, called E-TEN glofiish DX900 (released in November
2008, been renamed to Acer Tempo DX900 in January 2009, after Acer
bought E-TEN). The WIKI dual SIM phone with integrated TV is also
increasingly popular in the African region.
An Electronics Engineer in India has a patent and he claims he invented
dual-SIM phones, he has taken Samsung to court, and the court has
temporarily banned Samsung, among others, from selling dual-SIM phones
in India.

################################################################

Shantilal Shah Engineering College, Bhavnagar

Page 24

SIM Card

Bibliography
www.wikipedia.com

2009

www.google.com

www.howstuffworks.com

Shantilal Shah Engineering College, Bhavnagar

Page 25