2

In his excellent answer to "How does a SIM card prevent cloning?", user Lie Ryan explains that SIM cards have their critical data stored in "tamper proof housing", protected by "physical security measures [designed] to make reading the key from the card very difficult".

What are these "physical security measures", and how do they work?

Has anyone ever successfully read the security key directly from the physical memory of a modern SIM card?

Jamie Vicary
  • 121
  • 3

1 Answers1

1

SIM cards are just smart cards, so apart from pointing to the generic definition of Tamper Resistant, I'm not sure much can be said in general.

Looking up the manufacturer specs may provide additional info. For example, Gemalto (a specialist in hardware crypto chips) manufacturers a large number of the world's SIM cards. Their marketing page says this:

With a microprocessor base, SIM cards are similar to a mini-computer with its own operating system, storage and built-in security features. When configured with up-to-date cryptography, as recommended by NIST, BSI, ANSSI, etc., SIM cards provide a level of security that is state-of-the-art.

That's all kinda vacuous and fluffy, bet it's reasonable to assume that SIM chips will contain similar security technologies to Gemalto's FIPS 140-2 certified products.

This excellent answer by @ThomasPornin is also relevant:

https://security.stackexchange.com/a/31051/61443

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • Hi @Mike Ounsworth, thanks for your answer. You provide a link to material that describes some of the tamper resistance mechanisms, but It would be great if you could describe some of them directly. – Jamie Vicary Jul 11 '17 at 19:13
  • @JamieVicary I work a lot with FIPS 140-2 on the software side, which is why I know that it's a relevant reference, but unfortunately I don't enough about hardware to describe the security features other than copying wikipedia (which makes this a fairly weak answer, I know). – Mike Ounsworth Jul 11 '17 at 19:24