Saturday, March 15, 2014

SIM cards tutorial - Part 2: Architecture

        As mentioned in the previous post SIM card is a micro-computer system. It contains a processor, memory and an IO interface. Apart from normal embedded systems, you cannot see GPIOs or traditional IO interfaces. This is because SIM cards belong to security class. There is no way to access SIM card memory directly. General architecture of SIM cards is shown below.

Fig 2.1 : SIM card architecture

In order to deliver SIM cards as a tamper proof high security key, detailed internal architecture of SIM card is kept under NDA (Non-disclosure agreement) among smart card manufactures. Thus there is no authentic information regarding the type of processors, memory, internal data encryption methods etc. But there are international standards which clearly specify, how a device communicates with SIM card and access useful information. It is based on these standards mobile phones and other devices communicate with SIM card.

Usually EEPROM size of SIM cards ranges from 32KB in older SIM cards to 512KB in modern SIM cards. Data is stored in EEPROM. Not all the data stored on SIM card can be accessed. For example SIM card PIN, Ki (Authentication key) and some other secured data cannot be read by any means. Some data is accessible only to administrator by providing SIM card PIN. It is the micro OS running inside the SIM card which performs data access control and file management

IO Interface

Among eight or six contact pins only a single pin is assigned for IO. This is a bidirectional serial IO according to ISO 7816-3 standard. Despite of some slight differences, this IO can be considered as a half-duplex UART. There is no way to access memory directly through this IO. Instead devices communicate with SIM card through this IO via a specific set of commands. SIM card responds to those commands send by device. Interface device act as master and SIM card as a slave. Only master (interface device) can initiate a command. Inside SIM card, this IO is controlled by the embedded OS. Maximum achievable effective data transfer rate is less than 20KB/s.  This is seems like well below the current technology standards. But the fact is, the above speed is more than enough for the performing the tasks defined for SIM cards. Also keeping this IO at low speed makes brute force attacks on Ki unfeasibly time consuming .

Operating voltage

There are 3 operating voltages for SIM cards 5, 3.3 and 1.8 (Class A, B, C). Older SIM cards belong to class A. Modern SIM cards belong to class B and C.

Contact pin functions

VCC (C1) - Supply voltage
RST (C2) - Card reset
CLK (C3) - Card clock (2 to 5MHz)
NC (C4) - No connection
GND (C5) - Ground (power/signal)
VPP (C6) - Programming voltage
IO (C7) - ISO 7816-3 compliant IO interface
NC (C8) - No connection

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | coupon codes