49

I have read a few articles about SIM cards, stating that the chip inside them uses some cryptographic magic to prevent people from cloning your number. This to me seems borderline impossible, given that you could manufacture a new chip with exactly the same circuitry hard-wired into it.

So how does this cryptographic stuff prevent the cloning of SIM cards?

D.W.
  • 98,420
  • 30
  • 267
  • 572
LS97
  • 788
  • 1
  • 5
  • 14
  • 5
    What research have you done? There's lots written on this. You might try Wikipedia: [SIM cards](https://en.wikipedia.org/wiki/SIM_card), [tamper resistance](https://en.wikipedia.org/wiki/Tamper_resistance), and [smart cards](https://en.wikipedia.org/wiki/Smartcards); or Chapters 16 & 20 of [Security Engineering](http://www.cl.cam.ac.uk/~rja14/book.html). If your question is answered on Wikipedia (or standard textbooks), you probably haven't done enough research before asking. [We expect you to do a significant amount of research before asking](http://meta.stackoverflow.com/q/261592/781723). – D.W. Jul 30 '14 at 23:44

1 Answers1

55

The SIM card contains a private key or more commonly a symmetric key called the "Ki", and the card is designed to never divulge this key to the outside world. The SIM card itself has physical security measures to make reading the key from the card very difficult without destroying the original card and/or the data stored in the card. For a long time, this makes it difficult or impractical to clone a SIM card.

The secret key isn't stored in SIM card circuitry. SIM card circuitry is basically just a very small integrated computer; it contains a CPU, RAM, ROM, and a writeable storage and have an operating system which can run Java Card application. The encryption key itself is stored in a solid state storage within the card. The card itself is a form of tamper proof housing to protect the small computer from physical access. To read this solid state storage directly, you'll probably need to use an electron microscope and grind the card very precisely without triggering the physical security features of the card.

In recent times, there has been some successful attacks to SIM cards. These attacks are typically in the form of either side-channel attacks or attacks on the vulnerabilities of the operating systems in the card rather than physical attacks.

Further readings:

Basil Bourque
  • 137
  • 6
Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
  • +1, but if the circuitry could be read, then wont it be possible that the key will also be exposed? – beginer Jul 30 '14 at 11:15
  • Thanks for the answer. Do you have any links that detail how public keys are used in SIM cards? – LS97 Jul 30 '14 at 13:04
  • @LS97: I've updated the answer with more details and further links. – Lie Ryan Jul 30 '14 at 13:45
  • Sorry, one more curiosity (it's an interesting subject!) after reading the first linked blog post: would compiling a dictionary of all 2^16 RAND -> OUTPUT to be simulated by a programmable SIM be a feasible brute-force attack, or are there limitations that I currently don't understand? 2^16 seems like quite a small number to rely on for the security of a phone identity. – LS97 Jul 30 '14 at 14:34
  • 8
    @LS97, it's 16 _byte_ random numbers. That's 2^128 combinations (128 bits). [Somewhere around 80 bits is often considered the limit of infeasibility](http://crypto.stackexchange.com/q/13299), so you won't be brute forcing that any time soon, I'm afraid. – Cosmic Ossifrage Jul 30 '14 at 15:09