Ichwan Blog

SIM  cloning  which is a serious security threat for SIM security is the process in which a legitimate  SIM card  is duplicated. When the cloning is completed, the cloned SIM card's identity information is for gaining access to Mobile Network Operator (MNO) network and services transferred onto a cloned SIM card. The cloned SIM card can then be used in a different phone while having all calls and associated charges attributed to the original SIM card. The phrase SIM clone is often used to refer to the SIM card that has been successfully duplicated. A successful cloning depends on the a user's ability to extract the SIM card's information such as IMSI (International Mobile Subscriber Identifier) and Authentication key (Ki). IMSI is like a subscriber identity to the network. MNO identify their customers and related services with IMSI. While a IMSI is relatively easy to identify, finding the Ki can be more difficult for the native user. Ki is encrypted with strong enc...

  2023.06.03   How secure is your SIM   SIM card enables you to use services from a Mobile Network Operator (MNO). From MNO perspective it will enable MNO to identify you as subscriber/ customer. With that in mind, SIM card in thief or hacker hand can cause financial and personal problem. SIM card is the key to the social media and bank accounts. With the advent of end-to-end encryption technology, two-way authentication is the new norm. When you log in to your account, an OTP (One-Time Password) is sent to your SIM card number. When you enter the OTP, you can log into your account, using social media, banks, payment portals, streaming services, and so forth. Now just imagine your SIM card in the wrong hands even for a few minutes. SIM card security has become default capability since it’s produced. SIM card is physically protected and when using services on MNO network. The PIN and PUK code. PIN code consisting of 4 digits, is the access code to your SIM ca...

  A mobile phone need tobe authenticated first to the network so it can use the services from Mobile Network Operator (MNO) like voice, SMS, and data. When the mobile phone first switched on with SIM card inside, then the authentication process in GSM network starts when the base station (BS) sending out random challenge (RAND) to the mobile phone. Authentication and service request from the MNO following the process below : ·          When a mobile phone first switched on it will send a unique subscriber authentication key (IMSI) to the network. IMSI is programmed on every SIM card. ·          The authentication center (AuC) has a list which maps Ki number with the IMSI. It is a secure database. ·          When a SIM card requests for a service, a 128 bit random number (RAND) is instantaneously generated by the AuC and transmitted to the SIM card. · ...

  SIM card has the ability to interact with outside entities like device or network. With regards of SIM capability to initiate command to the device, it is conducted with proactive command. When the SIM initiate proactive command it means the SIM is in proactive mode. Some example of this proactive commands are DISPLAY TEXT, SETUP MENU, POWER ON CARD, POWER OFF CARD, etc. Some files will be required for SIM / UICC to handle the proactive command. •        EF SUME (Setup Menu Element). This file contains values related to menu title tobe used by SIM / UICC when execute Setup Menu command. •        EF RMA (Remote Management Action). This file contains record with values of proactive command used in remote management.

  There are some components involved   in Remote SIM Provisioning (RSP) in order to provide eSIM services. These components must be integrated with Mobile Network Operator (MNO) system and eUICC Manufacturer (EUM). Inside the eSIM, the eUICC holds some components contain values, keyset, and profile of eSIM. This is for both M2M and Consumer architecture. According to Global Platform Certifitation (GPC), card architecture contain Security Domain (SD) and Application. Each can come from controlling authorities, application provider, and card issuer.   In eSIM / eUICC Security Domain plays significant roles. It contains connectivity and security variables of eSIM to run the services.  During the integration between the RSP and MNO system these components must be clearly defined. They are ISD-R, ISD-P, and ECASD. 1.        ISD-R (Issuer Security Domain- Root), representation of off-card entity SM-SR. •     ...

  Moving to eSIM become a strategic step forward to provide digital experience for Mobile Network Operartor (MNO) or eSIM Service Provider. There are lots of jobs tobe done to deploy eSIM services like integration, orchestration, business process adjustment, development, device manufacturer onboarding, and many more.   Like any other IT solution, eSIM   can be deployed   as on-premise and cloud based model. Now many of eSIM Service Provider companies offers cloud based eSIM as the deployment model. In some use cases, this model gives the flexibility and faster deployment time. The deployment itself will face some challenges like complex technical and architectural issues, rapidly changing legal and regulatory requirement, and integration with multiple Mobile Network Operators. But even if MNO already have own datacentre in place, chances are to start migration to the cloud. Why? Because cloud service has the following benefits. ·     ...