Pages

WebRTC Training Course

Showing posts with label SIM. Show all posts
Showing posts with label SIM. Show all posts

Monday, 9 June 2014

European Regulations for 'Decoupling of SIM' and 'International Roaming'


The following is an extract from an article from Capana:

From the 1st of July 2014, the new EU Roaming Regulations III will become active.

The new EU Roaming regulations set by the European Commission, will allow retail mobile customers to purchase roaming services (such as voice, SMS and data) from an Alternative Roaming Provider (ARP) separate from their domestic service provider (DSP), without affecting either mobile number or device.
The general idea behind the regulations is to promote the interests of European citizens by increase competition between European operators, provide greater transparency, reduce bill shocks, and ultimately provide a greater roaming experience and higher quality of service for consumers.
European Commission President Jose Manuel Barosso said in a press release:
“Further substantial progress towards a European single market for telecoms is essential for Europe’s strategic interests and economic progress. For the telecoms sector itself and for citizens who are frustrated that they do not have full and fair access to internet and mobile services.”
Vice President Neelie Kroes, the Digital Agenda Commissioner responsible for package then continued in the same press release by saying:
“The legislation proposed today is great news for the future of mobile and internet in Europe. The European Commission says no to roaming premiums, yes to net neutrality, yes to investment, yes to new jobs. Fixing the telecoms sector is no longer about this one sector but about supporting the sustainable development of all sectors.”
Requirements
The process of selecting an ARP and its services while abroad within EU is more commonly known as decoupling or separate sale of roaming services. BEREC (the body of European Regulators for Electronic Communications) have provided the European Commission with their recommendations of two decoupling models that should be supported; Local breakout (LBO, which is the local provisioning of data services by a visited network operator, or Single IMSI solution where the ARP acts as a reseller of the DSPs service offerings.
Decoupling using Single IMSI
With the Single IMSI solution the ARP will engage in agreements with each domestic operator providing domestic services, then the ARP will act as a reseller of these services to the roaming subscriber. This type of solution is applicable for all types of service providers such as mobile network operators, MVNOs or VSPs. From a subscriber standpoint, they will have a roaming agreement with the ARP regardless of the DSP and the DSP is required to activate services within one working day.
Decoupling using Local Breakout
The Local breakout model refers to local provisioning of data services only, where the services is provided directly on the visited network and traditional SMS and voice traffic is supplied by the home operator in traditional roaming manner. By using the 3GPP option for local breakouts, the VPMN will be able to act as ARP for internet access and other data services.
With these new regulatory changes, there is a higher demand on flexibility in billing systems. Support for more complex multi-partner business models for ARP and MVNO is necessary for both billing and financial settlement activities.

Raymond Bouwman from Rabion Consultancy did an excellent presentation last year in the LTE World Summit, here is his presentation explaining more about the EU Roaming Regulations III



Thursday, 30 January 2014

Multi-SIM: The Jargon


I had been having some discussions regarding Multi-SIM phones and there is a bit of misunderstanding so here is my clarification about them. Anyway, a lot of information is just an understanding so feel free to correct any mistakes you think I may have made.

This post is about multiple SIM cards, physical UICC cards rather than single UICC with multiple SIM applications. We will look at Dual IMSI later on in the post. In case you do not know about the multiple SIM applications in a UICC, see this old post here. In this post, I will refer to UICC cards as SIM cards to avoid confusion.

Back in the old days, the Dual-SIM phones allowed only one SIM on standby at any time. The other SIM was switched off. If someone would call the number that was switched off, a message saying that the number is switched off would come or it would go in the voicemail. To make this SIM in standby, you would have to select it from the Menu. The first SIM is now switched off. The way around it was to have one SIM card calls forwarded the other when switched off. This wasn't convenient and efficient, money wise. The reason people use multiple SIM phones is to have cheaper calls using different SIMs. So in this case forwarding calls from one SIM to another wont be cost effective. These type of phones were known as Dual SIM Single Standby or DSSS. These devices had a single transceiver.

So as the technology got cheaper and more power efficient, the new multi-SIM devices could incorporate two receivers but only one transmitter was used. The main reason being that using two transmitters would consume much more power. As a result, these devices can now have both the SIM's on standby at the same time. These kind of devices were known as Dual SIM Dual Standby or DSDS. Wikipedia also calls then Dual SIM Standby or DSS. This concept could be extended further to Triple SIM Triple Standby or TSTS in case of the device with three SIM cards and Quad SIM Quad Standby or QSQS in case of four SIM cards. One thing to remember is that when a call is received and a SIM becomes active, the other SIM cards are in receive only more. So if a call is received on another SIM card, the device will allow you to keep the first call on hold and then take the second call.

Another category of devices that are now available are the Dual SIM Dual Active or DSDA. In this case there are two transceivers in the device. Both the SIM cards are active at the same time so each SIM card can handle the call independently of each other. It would even be possible to conference both these calls.

With the prices of calls falling, there is no longer a real need for multiple SIM cards. One SIM card is generally sufficient. It may be useful though to have multiple IMSI on the SIM card. The different IMSI would have different country and network code. For example, a person in in UK can have one IMSI with the home network code and one with say a US operator IMSI. This IMSI could only be programmed by the home operator. When the person is in UK he could receive calls on his UK number or on the US number which would be routed to his UK number. For a person in US calling the US number, this is a national call rather than an international one. When the person is roaming in the US, his US IMSI would behave like non-roaming case while the calls to the UK number would be forwarded to the US number.

Saturday, 25 January 2014

Security and other development on the Embedded SIM


Its no surprise that GSMA has started working on Embedded SIM specifications. With M2M getting more popular every day, it would make sense to have the SIM (or UICC) embedded in them during the manufacturing process. The GSMA website states:

The GSMA’s Embedded SIM delivers a technical specification to enable the remote provisioning and management of Embedded SIMs to allow the “over the air” provisioning of an initial operator subscription and the subsequent change of subscription from one operator to another.
The Embedded SIM is a vital enabler for Machine to Machine (M2M) connections including the simple and seamless mobile connection of all types of connected vehicles. In the M2M market the SIM may not easily be changed via physical access to the device or may be used in an environment that requires a soldered connection, thus there is a need for ‘over the air’ provisioning of the SIM with the same level of security as achieved today with traditional “pluggable” SIM. It is not the intention for the Embedded SIM to replace the removable SIM currently used as the removable SIM still offers many benefits to users and operators in a number of different ways – for example, the familiarity of the form factor, easy of portability, an established ecosystem and proven security model.
















The last time I talked about embedded SIM was couple of years back, after the ETSI security workshop here. Well, there was another of these workshops recently and an update to these information.


The ETSI presentation is not embedded here but is available on Slideshare here. As the slide says:

An embedded UICC is a “UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions” (ETSI TS 103 383)


Finally, Embedded SIM should not be confused with Soft-SIM. My last post on Soft-SIM, some couple of years back here, has over 15K views which shows how much interest is there in the soft SIM. As the slide says:

Soft or Virtual SIM is a completely different concept that does not use existing SIM hardware form factors and it raises a number of strong security issues:

  • Soft SIM would store the Operator secret credentials in software within the Mobile device operating system - the same system that is often attacked to modify the handset IMEI, perform SIM-Lock hacking and ‘jail-break’ mobile OS’s
  • Operators are very concerned about the reduction in security of their credentials through the use of Soft SIM. Any SIM approach not based on a certified hardware secure element will be subject to continual attack by the hacking community and if compromised result in a serious loss of customer confidence in the security of Operator systems
  • Multiple Soft SIM platforms carrying credentials in differing physical platforms, all requiring security certification and accreditation would become an unmanageable overhead – both in terms of resource, and proving their security in a non-standardised virtual environment

The complete GSMA presentation is as follows:



You may also like my old paper:

Thursday, 8 August 2013

2 Factor and 3 Factor Authentication (2FA / 3FA)

Found an interesting slide showing 2 Factor Authentication in picture from a presentation in LTE World Summit


You can also read more about this and Multi-factor Authentication (MFA) on Wikipedia here.

Wednesday, 24 July 2013

Connectivity in 'Connected Vehicles'

An interesting presentation from the Future of Wireless International conference about the evolution and options for connected cars and other vehicles



Sunday, 20 May 2012

Fourth proposal for the nano-SIM Card (4FF)

I blogged about the nano-SIM card earlier and the 3 proposals that are causing the deadlock. Here is a new fourth proposal that has been submitted by RIM that is a compromise between the Apple and Nokia designs (see pic here). Proposal as seen below:
According to The Register:


At issue is the shape and size of the standard next-generation SIM: Apple and a band of network operators want a tray-requiring shape and contacts that would permit a convertor for backwards compatibility with chunkier old SIMs. Nokia, Motorola and RIM have pushed for a new contact pattern and a notched SIM for clunk-click, and tray-less, insertion.


The new proposal, apparently put forward by RIM and Motorola, is a compromise but it hasn't secured backing from either of the most-belligerent parties - yet. Copies of the design, as well as Moto's presentation in March that compared the competing interfaces, have been seen by the chaps at The Verge.


What all parties agree on is that a smaller SIM is needed: the first SIMs were the same size as credit cards (conforming to ISO7816), while the second form factor (2FF) is the SIM with which most of us are familiar (conforming to GSM 11.11). Next was the microSIM (3FF), popularised by Apple's adoption in the iPhone; the 3FF just trims off the excess plastic while maintaining the contact pattern.


The undecided 4FF standard (dubbed the nanoSIM) will be thinner as well as smaller, and almost certainly feature a different contact pattern to make that practical, although how different is part of the ongoing debate.


The Apple-backed 4FF proposal was for a contact-compatible SIM with smooth sides necessitating an insertion tray, while Nokia wanted the contacts shifted to the far end and a notch along the side for easy push-to-lock fitting. The new RIM-Moto proposal, if genuine, places the contacts in compatible locations while maintaining the Nokia notch, appeasing both parties or perhaps annoying them both equally.


There have been claims that Nokia is just trying to protect its patent income, fanned by Apple's offer to waive its own IP fees if its proposal were adopted. That's something of a red herring as Apple's hasn't much IP in this area and Nokia's patents cover much more than the physical shape of the SIM so its revenue is pretty much assured.


Not that Nokia has helped itself by threatening to deny patent licences if its own proposal isn't adopted, claiming that Apple's divergence from rules laid down by telecoms standards body ETSI relives Nokia of its FRAND commitment to licence its technology on a fair and reasonable basis.

A slidepack by RIM on the 4FF UICC is embedded below and available to download from slideshare:


Monday, 2 April 2012

What is nano-SIM card

BBC reported that there is some dispute between Apple and Nokia/Rim for the next generation of SIM cards, 'nano-SIM'. You can read more about that here.

While looking for how the nano-SIM is different from other SIM cards I came across an interesting presentation from G&D. The above picture summarises the different types of SIM cards in use. The following is an extract from their whitepaper:


When the GSM network first appeared, mobile devices resembled bricks or even briefcases, and SIM cards were the size of credit cards. The subsequent miniaturization of the phones led to the standardization of smaller SIMs, the Plug-in SIM, and later the Mini-UICC also known as 3rd form factor (3FF). With the introduction of Apple’s iPad, the 3FF, or the Micro-SIM as it was then called, established itself widely in the market.

Nevertheless, the trend towards miniaturization of the SIM card is still not over. The latest form factor which is currently in discussion at ETSI (European Telecommunications Standards Institute) is the 4th form factor (4FF) or Nano-SIM. Measuring 12.3 x 8.8 mm, the Nano-SIM is about 30 percent smaller than the Micro-SIM. Even the thickness (0.7 mm) of the card has been reduced by about 15 percent – a tremendous technical challenge.

The Nano-SIM offers device manufacturers the crucial advantage of freeing up extra space for other mobile phone Nano-SIM The smallest SIM form factor on the market components such as additional memory or larger batteries. Popular smart phones in particular have to strike a balance between the need for components that are more powerful but bulkier and a slim design. The reduced volume of the 4FF gives manufacturers the opportunity to produce devices that are thinner and more appealing.


In case you were wandering the differences that are causing the disagreements, here are the differences between the formats:



Thursday, 22 March 2012

UICC and ISIM (IMS SIM)



I have mentioned before that UICC is the physical card and 2G SIM/USIM/ISIM are applications on the UICC card. The IMS SIM holds data provided by the IMS Operator, generally the same operator that would provide USIM services that would allow to camp on the 3G or LTE network.

Private User Identity: This identifies the user uniquely with the IMS operator and is used when the user registers with the IMS network. This is used by the operator to check the subscription and which services the user can avail of.

Public User Identity: A user can have multiple public identities that can be used for different services. To avail a particular service, user has to register with the particular public identity that has been allowed for that service.

Security Keys: Security keys are used for authentication to the IMS Network.

Home Network Domain Name: This is the name of the entry point that the user uses to register. This makes sure that a users request is sent to the Home Network.

Access Rule Reference: This is used to store information about which personal identification number needs verification for accessing a particular application

Address of P-CSCF: If it is not possible do dynamically find the Proxy-Call Session Control Function then this address is helpful

Administrative Data: Some of this could be operator specific proprietary information

Wednesday, 16 February 2011

Facebook onto a SIM using Class 2 SMS

I am sure you have already heard of Gemalto's (worlds largest SIM manufacturer and supplier) Facebook on the SIM announcement. The advantage of this approach is that 100% of the existing phones will be able to support facebook (if the operator supports the application on the SIM). This is a big step0 forward. The press release says:

Gemalto’s software development team has embedded the software application into the SIM. This ensures the Facebook application is compatible with 100% of SIM-compliant mobile phones.

The innovative solution provides mobile subscribers with simple and convenient access to core Facebook features such as friend requests, status updates, wall posts or messages. It also offers unique functions: people can sign up for this service and log in directly from the SIM application. Interactive Facebook messages pop-up on the phone’s screen so people can always share up-to-the-minute posts and events. One can also automatically search their SIM phonebook for other friends and send them requests.

Facebook for SIM is extremely easy to use and is available to everyone. No data contract or application download is needed, because the software is embedded in the SIM and it uses SMS technology. As a result, it works for prepaid as well as for pay-monthly customers. Following an initial limited free trial period, Facebook for SIM then operates on a subscription model via an unlimited pass for a given period of time.

“Facebook for SIM enables operators to leverage two of their main assets: the SMS to communicate with the web application and the SIM for application distribution to the masses,” added Philippe Vallée, Executive Vice President, Gemalto. “Over 200 million people already use Facebook on handsets and those are twice as active as non-mobile users . By providing anytime, anywhere availability to the social network, Gemalto delivers on the growing demand for mobile connectivity all over the world.”

An article on the Register had more details:

The SIM-based client isn't as pretty as its smartphone contemporaries – don't expect picture streams or sliding interfaces – but it was developed with the help of Facebook, and provides text-menu-based interaction with Facebook – including status updates, pokes and friend requests – to any GSM-compatible handset through the magic of the GSM SIM Toolkit and Class 2 SMS messages.

The SIM Toolkit is part of the GSM standard and thus supported on just about every GSM handset, from the dumbest PAYG talker to the latest iGear. It allows the SIM to present menu options to the user, collect responses, and pop up alerts when new data arrives, which is all that's necessary for a basic Facebook client.


Modern handsets also allow the SIM to make TCP/IP data connections, but Gemalto is eschewing that for Class 2 SMS to ensure compatibility with the most basic handsets, and networks.

Class 2 SMS messages are delivered direct to the SIM without the user being involved, so can update friends' status messages and deliver a poke or two. The application running on the SIM then prods the handset into alerting the user.

That user's own updates are sent over SMS too, following a status change or wall posting client pastes that into an SMS, which is sent silently on its way.

How, or if, the network operator charges for all those messages flying about isn't clear. Gemalto won't name operators yet but claims to be talking to one operator who reckons that Facebook is eating half its bandwidth, and another who's already working on SIM distribution strategies.

Not that a new SIM is necessarily required – SIMs are field upgradable, though few operators deploy them with sufficient empty space for an application like this and issuing replacement SIMs is probably easier from a marketing point of view.

You can also find some of these details here.

As I have been working on SMS for the last few weeks, I decided to dig a bit deep into what these Class 2 SMS are.

Classes identify the message's importance as well as the location where it should be stored. There are 4 message classes.

Class 0: Indicates that this message is to be displayed on the MS immediately and a message delivery report is to be sent back to the SC. The message does not have to be saved in the MS or on the SIM card (unless selected to do so by the mobile user).

Class 1: Indicates that this message is to be stored in the MS memory or the SIM card (depending on memory availability).

Class 2: This message class is Phase 2 specific and carries SIM card data. The SIM card data must be successfully transferred prior to sending acknowledgement to the SC. An error message will be sent to the SC if this transmission is not possible.

Class 3: Indicates that this message will be forwarded from the receiving entity to an external device. The delivery acknowledgement will be sent to the SC regardless of whether or not the message was forwarded to the external device.

You can also read this for more details on SMS message contents

Tuesday, 1 February 2011

6th ETSI Security Workshop

6th ETSI Security workshop was held last month. There were some very interesting areas of discussion including Wireless/Mobile Security, Smart Grids Security, etc.
All presentations are available to download from here.

Wednesday, 29 September 2010

Micro-SIM supporting 3FF format for LTE testing

Continuing yesterdays theme of Smart Cards.


I read Comprion's recent press release with regards to Micro-SIM.


As mobile devices get more and more complex, the components used become smaller and smaller. With the launch of the new LTE Test (U)SIM supporting the 3FF format, also known as Micro-SIM or Mini-UICC, COMPRION is responding to this trend. The LTE Test (U)SIM in the Mini-UICC format is only half the size of a regular Plug-In card and can be used in very small mobile devices.

Just like COMPRION's first released LTE Test (U)SIM, this new 128K/J LTE Test (U)SIM includes all new LTE data fields up to Release 9. The card has three applications implemented: a Test SIM; a Test USIM; and a Test ISIM. The Test (U)SIM also supports the three voltage classes 1.8V, 3V and 5V. Standardised commands such as "Resize" (for extending the size of a data field) and "Create" (for creating new data fields) are supported. The Test Card's flexibility and feature range enable the user to comprehensively examine the functionality of an LTE mobile device without having access to a live LTE network.

To ensure backwards compatibility to the Plug-In format, COMPRION also offers a Mini-UICC Adapter to turn the Mini-UICC into the Plug-In format. Hence, the Mini-UICC can also be used in today's mobile phones.

Its interesting to see that the new SIM is around half the size of the original and provides the same functionality. Sign of devices and components evolving.

The embedded presentation though old may be of intereste as it shows the difference between SIM, UICC and the 3FF

Tuesday, 28 September 2010

SIMFi = SIM with WiFi

Since the beginning of this year, Sagem Orga and Telefonica have been working on next generation SIM card called SIMFi.

With SIMFi, you can convert a phone into a WiFi hotspot. The phone would use HSPA/LTE for data connectivity and at the same time it would broadcast WiFi signals for any equipment to connect to these signals and browse the web. Power consumption information have not been mentioned which I am sure would be a problem for the phone.

SIMFi Removes the need for additional accessories to facilitate transmission services (e.g. MiFi, USB modem, PCMCIA…) and can make connectivity a lot simpler, straigtforward and cheaper.




SIMFi specifications
  • SIM card compatible with the latest telecom specifications.
  • SIM card: ISO 2FF plug-in
  • The mobile phone does not need any special features.
  • Modem WiFi integrated in the SIM card, works with 802.11b.
  • The modem is guided by the SIM card's tools.
  • Energy-saving features (works with 2G and 3G).
  • The aerial is adaptable, allowing short- and long-range operations (from 2 cm to 30 m) managed by the SIM card's tools.

Thursday, 3 June 2010

Quick preview of 3GPP Release-11 Features and Study items


Release 11 Features

Advanced IP Interconnection of Services

The objective is to specify the technical requirements for carrier grade inter-operator IP Interconnection of Services for the support of Multimedia services provided by IMS and for legacy voice PTSN/PLMN services transported over IP infrastructure (e.g. VoIP). These technical requirements should cover the new interconnect models developed by GSMA (i.e. the IPX interconnect model) and take into account interconnect models between national operators (including transit functionality) and peering based business trunking. Any new requirements identified should not overlap with requirements already defined by other bodies (e.g. GSMA, ETSI TISPAN). Specifically the work will cover:

• Service level aspects for direct IP inter-connection between Operators, service level aspects for national transit IP interconnect and service level aspects for next generation corporate network IP interconnect (peer-to-peer business trunking).
• Service layer aspects for interconnection of voice services (e.g. toll-free, premium rate and emergency calls).
• Service level aspects for IP Interconnection (service control and user plane aspects) between Operators and 3rd party Application Providers.

To ensure that requirements are identified for the Stage 2 & 3 work to identify relevant existing specifications, initiate enhancements and the development of the new specifications as necessary.


Release 11 Studies

Study on IMS based Peer-to-Peer Content Distribution Services

The objectives are to study IMS based content distribution services with the following aspects:

- Identifying the user cases to describe how users, operators and service providers will benefit by using/deploying IMS based content distribution services. such as with the improvement of Peer-to-Peer technology. The following shall be considered:
- Mobile access only (e.g. UTRAN, E-UTRAN, I-WLAN);
- Fixed access only (e.g. xDSL, LAN);- Fixed and mobile convergence scenarios;
- Identifying service aspects where IMS network improvements are needed to cater for content distributed services for above accesses;
- Evaluating possible impacts and improvements on network when IMS based content distribution services are deployed;
- Identifying QoS, mobility, charging and security related requirements in the case of content distribution services on IMS;
- Identifying potential copyright issues;


Study on Non Voice Emergency Services

The Non Voice Emergency Services could support the following examples of non-verbal communications to an emergency services network:

1. Text messages from citizen to emergency services
2. Session based and session-less instant messaging type sessions with emergency services
3. Multi-media (e.g., pictures, video clips) transfer to emergency services either during or after other communications with emergency services.
4. Real-time video session with emergency services

In addition to support the general public, this capability would facilitate emergency communications to emergency services by individuals with special needs (e.g., hearing impaired citizens).

The objectives of this study include the following questions for Non Voice Emergency Services with media other than or in addition to voice:

1. What are the requirements for Non Voice Emergency Services?
2. What are the security, reliability, and priority handling requirements for Non Voice Emergency Services?
3. How is the appropriate recipient emergency services system (e.g., PSAP) determined?
4. Are there any implications due to roaming?
5. Are there any implications to hand-over between access networks
6. Are there any implications due to the subscriber crossing a PSAP boundary during Non Voice Emergency Services communications (e.g., subsequent text messages should go to the same PSAP)?
7. Do multiple communication streams (e.g., voice, text, video emergency services) need to be associated together?
8. What types of “call-back” capabilities are required?9. Investigate the load impact of Non Voice Emergency Services in the case of a large scale emergency event or malicious use.

Non Voice Emergency Services will be applicable to GPRS (GERAN, UTRAN) and to EPS (GERAN, UTRAN, E-UTRAN and non-3GPP).


Study on UICC/USIM enhancements

The intent of this study item is to identify use cases and requirements enabling Mobile Network Operators to distribute new services based on the USIM, to improve the customer experience and ease the portability and customisation of operator-owned and customer-owned settings from one device to another (such as APN and other 3G Notebook settings, graphical user interface, MNO brand, Connection Manager settings,…), and help in reducing operation costs and radio resources usage.


Objectives of this study item are:

-To identify use cases and requirements for new USIM
-based services taking into account the GSMA Smart SIM deliverables;
- To identify use cases and requirements for the USIM used inside terminals with specialised functionalities (e.g. radio modems, 3G Notebook terminals) taking into account the GSMA 3GNBK deliverables;
- To identify use cases and requirements to drive the evolution from the traditional USAT to a multimedia USIM toolkit support, with a particular aim to the Smart Card Web Server;


Study on Alternatives to E.164 for Machine-Type Communications

M2M demand is forecast to grow from 50M connections to over 200M by 2013. A large number of these services are today deployed over circuit-switched GSM architectures and require E.164 MSISDNs although such services do not require "dialable" numbers, and generally do not communicate with each other by human interaction.


Without technical alternative to using public numbering resources as addresses, and considering the current forecasts and pending applications for numbers made to numbering plan administration agencies, there is a significant risk that some national numbering/dialling plans will run out of numbers in the near future, which would impact not only these M2M services but also the GSM/UMTS service providers in general.


The Objective is to determine an alternative to identify individual devices and route messages between those devices. Requirements for this alternative include:

- Effectively identify addressing method to be used for end point devices
- Effectively route messaging between those devices
- Support multiple methods for delivering messages, as defined by 22.368
- Support land-based and wireless connectivity
- Make use of IP-based network architectures
- Addressing/identifiers must support mobility and roaming- support on high speed packet
-switched networks when available and on circuit-switched networks
- Consider if there are security issues associated with any alternatives

Thursday, 11 February 2010

UICC and USIM in 3GPP Release 8 and Release 9


In good old days of GSM, SIM was physical card with GSM "application" (GSM 11.11)

In the brave new world of 3G+, UICC is the physical card with basic logical functionality (based on 3GPP TS 31.101) and USIM is 3G application on a UICC (3GPP TS 31.102). The UICC can contain multiple applications like the SIM (for GSM), USIM and ISIM (for IMS). There is an interesting Telenor presentation on current and future of UICC which may be worth the read. See references below.

UICC was originally known as "UMTS IC card". The incorporation of the ETSI UMTS activities into the more global perspective of 3GPP required a change of this name. As a result this was changed to "Universal Integrated Circuit Card". Similarly USIM (UMTS Subscriber Identity Module) changed to Universal Subscriber Identity Module.

The following is from the 3G Americas Whitepaper on Mobile Broadband:

UICC (3GPP TS 31.101) remains the trusted operator anchor in the user domain for LTE/SAE, leading to evolved applications and security on the UICC. With the completion of Rel-8 features, the UICC now plays significant roles within the network.

Some of the Rel-8 achievements from standards (ETSI, 3GPP) are in the following areas:

USIM (TS 31.102)
With Rel-8, all USIM features have been updated to support LTE and new features to better support non-3GPP access systems, mobility management, and emergency situations have been adopted.

The USIM is mandatory for the authentication and secure access to EPC even for non-3GPP access systems. 3GPP has approved some important features in the USIM to enable efficient network selection mechanisms. With the addition of CDMA2000 and HRPD access technologies into the PLMN, the USIM PLMN lists now enable roaming selection among CDMA, UMTS, and LTE access systems.

Taking advantage of its high security, USIM now stores mobility management parameters for SAE/LTE. Critical information like location information or EPS security context is to be stored in USIM rather than the device.

USIM in LTE networks is not just a matter of digital security but also physical safety. The USIM now stores the ICE (In Case of Emergency) user information, which is now standardized. This feature allows first responders (police, firefighters, and emergency medical staff) to retrieve medical information such as blood type, allergies, and emergency contacts, even if the subscriber lies unconscious.

3GPP has also approved the storage of the eCall parameters in USIM. When activated, the eCall system establishes a voice connection with the emergency services and sends critical data including time, location, and vehicle identification, to speed up response times by emergency services. ECalls can be generated manually by vehicle occupants or automatically by in-vehicle sensors.

TOOLKIT FEATURES IMPROVEMENT (TS 31.111)
New toolkit features have been added in Rel-8 for the support of NFC, M2M, OMA-DS, DM and to enhance coverage information.

The contactless interface has now been completely integrated with the UICC to enable NFC use cases where UICC applications proactively trigger contactless interfaces.

Toolkit features have been updated for terminals with limited capabilities (e.g. datacard or M2M wireless modules). These features will be notably beneficial in the M2M market where terminals often lack a screen or a keyboard.

UICC applications will now be able to trigger OMA-DM and DS sessions to enable easier device support and data synchronization operations, as well as interact in DVB networks.

Toolkit features have been enriched to help operators in their network deployments, particularly with LTE. A toolkit event has been added to inform a UICC application of a network rejection, such as a registration attempt failure. This feature will provide important information to operators about network coverage. Additionally, a UICC proactive command now allows the reporting of the signal strength measurement from an LTE base station.

CONTACT MANAGER
Rel-8 defined a multimedia phone book (3GPP TS 31.220) for the USIM based on OMA-DS and its corresponding JavaCard API (3GPP TS 31.221).

REMOTE MANAGEMENT EVOLUTION (TS 31.115 AND TS 31.116)
With IP sessions becoming prominent, an additional capability to multiplex the remote application and file management over a single CAT_TP link in a BIP session has been completed. Remote sessions to update the UICC now benefit from additional flexibility and security with the latest addition of the AES algorithm rather than a simple DES algorithm.

CONFIDENTIAL APPLICATION MANAGEMENT IN UICC FOR THIRD PARTIES
The security model in the UICC has been improved to allow the hosting of confidential (e.g. third party) applications. This enhancement was necessary to support new business models arising in the marketplace, with third party MVNOs, M-Payment and Mobile TV applications. These new features notably enable UICC memory rental, remote secure management of this memory and its content by the third party vendor, and support new business models supported by the Trusted Service Manager concept.

SECURE CHANNEL BETWEEN THE UICC AND TERMINAL
A secure channel solution has been specified that enables a trusted and secure communication between the UICC and the terminal. The secure channel is also available between two applications residing respectively on the UICC and on the terminal. The secure channel is applicable to both ISO and USB interfaces.

RELEASE 9 ENHANCEMENTS: UICC: ENABLING M2M AND FEMTOCELLS
The role of femtocell USIM is increasing in provisioning information for Home eNodeB, the 3GPP name for femtocell. USIMs inside handsets provide a simple and automatic access to femtocells based on operator and user-controlled Closed Subscriber Group list.

Work is ongoing in 3GPP for the discovery of surrounding femtocells using toolkit commands. Contrarily to macro base stations deployed by network operators, a femtocell location is out of the control of the operator since a subscriber can purchase a Home eNodeB and plug it anywhere at any time. A solution based on USIM toolkit feature will allow the operator to identify the femtocells serving a given subscriber. Operators will be able to adapt their services based on the femtocells available.

The upcoming releases will develop and capitalize on the IP layer for UICC remote application management (RAM) over HTTP or HTTPS. The network can also send a push message to UICC to initiate a communication using TCP protocol.

Additional guidance is also expected from the future releases with regards to the M2M dedicated form factor for the UICC that is currently under discussion to accommodate environments with temperature or mechanical constraints surpassing those currently specified by the 3GPP standard.

Some work is also expected to complete the picture of a full IP UICC integrated in IP-enabled terminal with the migration of services over EEM/USB and the capability for the UICC to register on multicast based services (such as mobile TV).

Further Reading:

Wednesday, 8 July 2009

Wireless Cellular Security

Arvind, an old colleague recently spoke in ACM, Bangalore on the topic of Security. Here is his presentation:







There are lots of interesting Questions and Answers. One interesting one is:

Does number portability mean that data within an AuC is compromised?

Not really. Number portability does not mean sensitive data from old AuC are transferred to the new AuC. The new operator will issue a new USIM which will have a new IMSI. Number portability only means that MSISDN is kept the same for others to call the mobile. The translation between MSISDN and IMSI is done at a national level register. Such a translation will identify the Home PLMN and the HLR that’s needs to be contacted for an incoming call.
That’s the theory and that’s how it should be done. It will be interesting to know how operators in India do this.

You can read all Q&A's here.

I wrote a tutorial on UMTS security many years back. Its available here.

Sunday, 23 November 2008

Phones can be unlocked by GeoSim


We all have used different phones over the period of time while on contract with a certain operator. The tricky situation comes when we move onto different operator and would sometime like to use the old phone. The way to crack this is quitely simpy unlock the phone and off it goes on any network.

GeoSIM, an international SIM card supplier, now says that it has introduced the “SIM PIG”, a SIM-like chip that bypasses the network lock on mobile phones, thus enabling any SIM card from any network to be used in a locked handset.

I honestly do not know whether this is good or bad, but simply for my own personal reason it’s good. Recently I moved from one operator to another and decided to go pay as you go. Hence I wanted to use my old phone on the new service provider but couldn’t do so until I got my phone unlocked.

SIM PIG claims to be able to unlock iPhone, Windows Mobile, HTC, Nokia, Sony Ericsson, Blackberry and many more 3G handsets. It is inserted with the SIM card into the handsets SIM card slot. The PIG then dynamically bypasses the network lock on the mobile phone. The company says it does not affect any of the handset functionality and all features are maintained, nor it does not invalidate any warranty on the handset. Once SIM PIG is removed, the handset reverts back to its locked condition.

Using the SIM PIG does not require any technical knowledge and is quick and simple to insert. As the name suggests, SIM PIG SIMply PIGgy backs on to the SIM card when it is inserted to the handset.
So how does GeoSim is able to do this business of unlocking the phone or by passing the lock?
GeoSIM routes your dialling instruction away from the local operator and sends your call to the GeoSIM “Hub”. A few seconds after you make your call, your mobile phone will ring. You answer the “callback” and you will be connected to the person you wish to talk to.
In summary:
  • Dial the number you want to call.

  • A few seconds after you dial, your handset will ring. Answer the “callback” from the GeoSIM Hub.

  • You will then get connected to the number you are calling.

Hmmm very strange… I am really dying to know whether some body uses this method.
Do GeoSIM and SIM PIG work in the United States?
Are they fully “legal” here in UK or Europe? I don’t know…

Monday, 29 September 2008

SIM-free option for LTE

Dean Bubley, in a post in Seeking Alpha has proposed a SIM-free option for LTE. I have heard this being discussed before in some forums but have not seen yet any concrete steps by 3G to address this issue.

Let me be clear that I fully support the SIM based option which gives you convinience to change handsets while keeping the same number and also easily move between different operators by getting Porting codes (PAC codes in UK) but sometimes when you are travelling or in between places the SIM free option allows you to use Pay as you Go services from the device of your choice. So rather than being tied down to the SIM you will be tied down to the device (Laptop or Handset).

If this option is not available it would still be possible by a service provider to provide you a service based on the device IMEI but the extra 'Access technology based' security would not be there. This means that you would be relying completely on the IP security which should generally not be an issue since this is not very different than what you would use in case of accessing web through your workplace or from a cafe. Also since this option requires extra customisation of LTE based technology which is not standardised by standards, service providers may be a bit reluctant to use this approach.

Alternatively, service providers may go for alternative technologies like WiMAX and WiFi. All laptops have WiFi inbuilt and it wont be long before WiMAX option is available. WiMAX dongles may come in handly for times like these. These technologies dont require any SIM cards so it may be simpler for people to use this.

By not providing the SIM-free option for LTE, there may not be much impact from Laptop users who dont care which technology they use as their hardware is generally capable of supporting quite a few options but it may impact the smartphone user market. These smartphone users who have time to kill on the airports or hotels may make use of their time by registering their phone to a local service provider and then making cheap international calls and browsing via their handset. They may not have to worry about hunting for cyber cafes and even if they find one worrying about the spyware, etc trying to grab passwords/pins on the PCs being used.

Over the next year we will have to wait and see if operators or device manufacturers or service providers are going to propose this option and once it is proposed it would be interesting to see how many people oppose it :)