1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
|
\section{SIM Cards}
\subsection{Smart Card Basics}
\begin{frame}{Terminology}
\begin{description}
\item[SIM] Subscriber Identity Module
\item[USIM] Universal Subscriber Identity Mdoule
\item[UICC] Universal Integrated Chip Card
\item[MS] GSM Mobile Station (phone, modem)
\item[UE] UMTS User Equipment
\item[ME] GSM Mobile Equipment (MS + SIM)
\item[OTA] Over The Air
\item[SAT] SIM Application Toolkit
\item[CAT] Card (UICC) Application Toolkit
\item[USAT] USIM Application Toolkit
\item[TAR] Toolkit Application Reference
\end{description}
\end{frame}
\begin{frame}{Relevant Specification Bodies}
\begin{itemize}
\item ISO (ISO 7816) smart cards
\item ETSI (Eurpoean Telecomms Standardisation Institute)
\begin{itemize}
\item Classic GSM SIM
\item UICC card as basis for various telecom ID purposes
\item Card Application Toolkit (CAT)
\end{itemize}
\item 3GPP (3rd Generation Partnership Project)
\begin{itemize}
\item USIM Application
\item USIM Application Toolkit (USAT)
\item API based applet interworking
\end{itemize}
\item Global Platform
\begin{itemize}
\item Overall spec for SIM/USIM with Java
\end{itemize}
\item Sun Microsystems (now Oracle)
\begin{itemize}
\item Java Card Virtual Machine
\item Java Card Runtime Environment
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{The Subscriber Identity Module (SIM)}
\begin{itemize}
\item Basic idea was to store cryptographic identity of subscriber inside smart card
\item User can thus migrate identity from one device to another
\item User can furthermore use different SIM in same device (e.g. local prepaid SIM while travelling)
\item Original SIM card design mostly ISO 7816-4 filesystem and single command to execute A3/A8 algorithm inside card
\begin{itemize}
\item This could even be done in logic, no processor required
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{The modern SIM}
The modern SIM is an entirely different beast
\begin{itemize}
\item Cryptographic processor smart card
\begin{itemize}
\item Symmetric cryptography such as DES, 3DES, AES
\item Public key cryptography such as RSA, ECC
\end{itemize}
\item Java Card including a small Java VM and Java RE
\item Multiple application support
\item Ability to download applications (Applets) into card
\end{itemize}
\end{frame}
\begin{frame}{Smart Card Basics}
\begin{itemize}
\item microprocessor with RAM, Flash and Operating System
\item Interface: Electrical + Logical Protocol (ISO7816-3, ISO7816-4)
\item File System based representation of information
\item Protocol describes remote operations on the file system
\item Few non-filesystem related commands for e.g. authentication
\end{itemize}
\end{frame}
\begin{frame}{Smart Card Filesystem}
\begin{itemize}
\item Hierarchical file system like on PC
\begin{description}[MF]
\item[MF] (master file): root directory
\item[DF] (dedicated file): subdirectory
\item[EF] (entry file): actual file
\begin{itemize}
\item transparent or record oriented
\item record linear fixed/variable or record cyclic
\end{itemize}
\end{description}
\item File names don't exist on card. 16bit FID (File ID) or 8bit SFID used instead
\end{itemize}
\end{frame}
\begin{frame}{Smart Card Filesystem Hierarchy}
\begin{figure}[h]
\centering
\includegraphics[width=110mm]{sim-mf-df_gsm.png}
\end{figure}
\end{frame}
%\begin{frame}{Smart Card Filesystem Permissions}
%\begin{itemize}
% \item similar to 'permission bits' on Linux or other PC OS
% \item each file can define separate read/write permissions
% \item some cards are permanently read-only
% \item other files can be written to after regular PIN verification
% \item yet another set of files e.g. needs one of the ADM PINs
%\end{itemize}
%\end{frame}
%\begin{frame}{Smart Card Logical Channels}
%\begin{itemize}
% \item Initially Smart Cards had only one interface (UART)
% \item This means that only one application on the host side can interact with it, as there's sharde state
% \item logical channels introduce a concept where this connection is virtualized, and multiple separate states (including with different access privileges) can exist in parallel
%\end{itemize}
%\end{frame}
\begin{frame}{SIM Card APDU Commands}
Classic SIM card commands include the following
\begin{itemize}
\item SELECT (change directory / open file)
\item READ BINARY, UPDATE BINARY (read/write transparent EF)
\item READ RECORD, UPDATE RECORD (read/write record EF)
\item ENABLE CHV, DISABLE CHV, CHANGE CHV (enable, disable or change PIN)
\item VERIFY CHV, UNBLOCK CHV (verify or unblock PIN)
\item RUN GSM ALGORITHM (A3/A8 authentication)
\end{itemize}
\end{frame}
\begin{frame}{Smart Card Filesystem}
Typical operations of the phone include
\begin{itemize}
\item navigating inside filesystem by SELECT on DF/EF
\item authenticating the user PIN
\item reading/updating files
\begin{itemize}
\item reading IMSI
\item old-school SMS and contact storage
\item storing session keys (Kc/KcGPRS, ...)
\item storing last cell on power-off
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{Smart Card PINs}
The level of access to the filesystem and other card features is
determined by authentication using a shared secret, called 'PIN'.
\begin{itemize}
\item Regular PIN for normal use of the card by the end user
\item PUK for resetting the pin after too many retries
\item ADM1..n PIN for access by the operator only
\end{itemize}
\end{frame}
%\begin{frame}{Multi-Application Smart Cards}
%\begin{itemize}
% \item Classic SIM cards are single application, accessing the
% GSM related files works by entering the known DF.GSM
% directory with its well-known FID
% \item Later the idea of multi-application smart cards entered
% the market
% \item A multi-application smart card contains an EF.DIR in the
% MF
% \item EF.DIR contains records with the AIDs of all applications
% on the card.
% \item AID prefix is well-known to the application, AID suffix is
% manufacturer specific. Applications use prefix-match
% \item application specific directory can be entered by SELECT on
% the AID
%\end{itemize}
%\end{frame}
%\begin{frame}{USIM Application Dedicated File (ADF.USIM)}
%\begin{figure}[h]
% \centering
% \includegraphics[width=110mm]{usim-dir-structure.png}
%\end{figure}
%\end{frame}
%\subsection{From SIM to UICC and USIM}
%\begin{frame}{Evolution of the SIM}
%\begin{itemize}
% \item Classic GSM SIM cards
% \begin{itemize}
% \item initial GSM / ETSI TS 11.11 for classic GSM SIM, based on ISO 7816-2/3/4
% \item small changes for GPRS support by introducing a few new optional files
% \item Class byte 0xA0 used in GSM SIM
% \end{itemize}
% \item USIM cards
% \begin{itemize}
% \item Completely new approach based on ETSI UICC spec, multi-application capable
% \item Selection of ADF.USIM by AID
% \item Many new files
% \item backwards compatibility achieved by placing DF.GSM
% in MF and linking (think of symlink/hardlink) of
% relevant files
% \item Authentication for GSM and UMTS can be completely
% different (algorithm, secret key used, ...)
% \end{itemize}
% \item Additional application profiles exist for GSM-R, TETRA and
% other ETSI related communications systems.
%\end{itemize}
%\end{frame}
%\begin{frame}{Evolution of Specifications}
%\begin{itemize}
% \item Classic SIM: ETSI TS 11.11 / 3GPP TS 51.011
% \item UICC Card: 3GPP TS 31.101, 31.900, ETSI TS 102 221, 102 222
% \item USIM application: 3GPP TS 31.102
% \item ISIM application for IMS (VoIP for LTE): 3GPP TS 31.103
%\end{itemize}
%\end{frame}
%\begin{frame}{ISIM Application Dedicated File (ADF.ISIM)}
%\begin{figure}[h]
% \centering
% \includegraphics[width=110mm]{isim-dir-struct.png}
%\end{figure}
%\end{frame}
\subsection{SIM Application Toolkit (SAT)}
\begin{frame}{SIM Application Toolkit (SAT)}
\begin{itemize}
\item Ability for card to run applications that have UI on the phone
\begin{itemize}
\item Display menu items on-screen
\item Get user input from keypad/touch-screen
\end{itemize}
\item Original Version Described in TS 11.14 and 11.11
\end{itemize}
\end{frame}
\begin{frame}{SAT -- Proactive SIM}
The {\em Proactive SIM} features
\begin{itemize}
\item Sending a short message
\item Setting up a voice call
\item Playback of a tone in earpiece
\item Providing location information from ME to SIM
\item Have ME execute timers on behalf of SIM
\item Sending DTMF to network
\item Running an AT command received from SIM, sending result back to SIM
\item Ask ME to launch browser to SIM-provided URL
\end{itemize}
\end{frame}
\begin{frame}{SAT -- Call and SMS Control}
\begin{itemize}
\item ME passes MO call setup attempts to SIM for approval
\item SIM can then
\begin{itemize}
\item approve or decline the MO call
\item modify the call details such as phone number
\item replace the call with USSD message
\end{itemize}
\item ME passes USSD requests similar to Call Control
\item Similar mechanism exists for all MO SMS
\end{itemize}
\end{frame}
\begin{frame}{SAT -- Provide local information}
The SIM can inquire the ME about
\begin{itemize}
\item MCC / MNC / LAC / Cell ID
\item IMEI of ME
\item Network Measurement Results
\item BCCH channel list
\item Date, Time, Timezone
\item ME language setting
\item Timing Advance
\end{itemize}
\end{frame}
\begin{frame}{SAT -- Event download}
The SIM is notified by ME about certain events such as
\begin{itemize}
\item Call Connected / Disconnected
\item Location Status (Location Area change)
\item User activity (keyboard input)
\item Idle screen available
\item Browser termination
\end{itemize}
\end{frame}
\begin{frame}{SAT - Data download}
\begin{itemize}
\item Enables Operator to exchange arbitrary data with the SIM
\item Could be RFM (Remote File Management)
\begin{itemize}
\item Read or modify phone book entries
\item Even change the IMSI of the SIM (!)
\end{itemize}
\item In case of Java Card, can be download of card applets
\begin{itemize}
\item Applets are stored permanently on SIM
\item Can later use SAT procedures to interact with ME
\item TS 03.19 specifies Java API to access SAT from Java RE
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{SAT - Data download}
SAT Data Download can happen via
\begin{itemize}
\item via SMS or Cell Broadcast
\begin{itemize}
\item Uses TS 03.40 TP-PID {\em SIM DATA Download}
\item ME forwards such SMS to the SIM in {\tt ENVELOPE} APDU
\item Response from SIM is sent back as MO-SMS or DELIVERY REPORT
\end{itemize}
\item via BIP (Bearer Independent Protocol)
\begin{itemize}
\item Dedicated CSD call between network and SIM
\item GPRS session between network and SIM
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{SAT - Data download}{Data download security}
\begin{itemize}
\item GSM TS 03.48 specifies secure messaging for data download
\item Includes replay protection
\item Supports DES and 3DES
\item SMS chaining for long commands / large data
\end{itemize}
\end{frame}
\subsection{SIM threat model}
\begin{frame}{SIM card abuse by hostile operator}
\begin{itemize}
\item Even if the phone might be considered trusted, the SIM card is owned and controlled by the operator
\item Using SAT features, the operator can control many aspects of the phone
\item Examples
\begin{itemize}
\item Remotely reading address book / stored SMS
\item Monitor user behavior (browser termination, idle screen, ...)
\item Ask phone to establish packet data session
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{SIM card re-programming by attacker}
\begin{itemize}
\item If the SIM is not properly secured (auth + encryption keys, ...) a third party attacker can send SAT envelope SMS to the card and install resident Java applets
\item The attacker can then
\begin{itemize}
\item Obtain detailed location information and send it via SMS
\item Intercept/log outgoing calls
\item Sending copies of incoming + outgoing SMS elsewhere
\end{itemize}
\item Even using SIM card channel to exploit baseband stack is feasible
\end{itemize}
\end{frame}
\begin{frame}{SIM card proxy / MITM by attacker}
As soon as an attacker has temporary physical access to a phone, he can
\begin{itemize}
\item Insert a proxy-SIM between real SIM and phone
\item Do everything a Java applet could do, but even with a securely configured SIM as he does not modify the existing SIM
\item Sniff current Kc and send it out e.g. via SMS or even UDP/TCP packets over GPRS
\item ... by only using standard interfaces that are common among all phones (as opposed to baseband software hacking which is very model-specific)
\end{itemize}
Most users would never notice this as they rarely check their SIM slot
\end{frame}
%%%%%%
\subsection{SIM attacks countermeasures}
\begin{frame}{Defending against SIM based attacks}
\begin{itemize}
\item SIM cards are Operator issued, Ki is on the SIM
\begin{itemize}
\item SIM card can thus not be replaced, but original SIM must be used
\end{itemize}
\item Configure telephone to not store contacts or SMS on SIM
\item Communication between SIM and ME is not encrypted/authenticated
\item Solution: Proxy SIM between SIM and ME to break STK / OTA
\begin{itemize}
\item Filter all STK/OTA/Proactive commands like ENVELOPE
\item Indicate lack of STK support to ME (EF.Phase)
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{Proxy SIM with firewall}
\begin{itemize}
\item There are no known commercial products that implement STK/OTA filtering
\item But there are a number of shim SIM cards that are plugged between SIM and SIM slot
\item Most of them are used for SIM unlocking modern phones
\item Some vendors produce freely (re)programmable proxy SIMs:
\end{itemize}
\begin{figure}[h]
\subfigure{\includegraphics[width=40mm]{bladox-turbosim.jpg}}
\subfigure{\includegraphics[width=25mm]{rebelsim2.jpg}}
\caption{Bladox TurboSIM (AVR) and RebelSIM II (8051)}
%\caption{Bladox Turbo SIM (AVR)}}
\end{figure}
\end{frame}
|