Introduction
SIM (Subscriber Identification Module) is an IC that can securely store mobile communication configuration.
However, “SIM card” is a term from the 2G era, because SIM consisted of both hardware and software. In the 3G era, SIM became a pure application. Like CSIM and USIM, it can run inside a UICC. UICC (Universal Integrated Circuit Card) is what we physically insert into phones—the so-called “SIM card” (SIM card). It is a type of IC smart card; the figure below includes multiple kinds of smart cards.
The term “SIM card” has been used ever since, but it’s not accurate; it should be called UICC. For user experience reasons, vendors still call it a SIM card, so in the rest of this note, “SIM card” refers to a UICC smart card.
Storage
A SIM card provides data storage, holding configuration information used to identify and authenticate the subscriber.
- ICCID (Integrated Circuit Card Identifier)
- IMSI (International Mobile Subscriber Identity)
- [Authentication Key]: a 128-bit authentication key used in GSM networks. Because GSM algorithms have weaknesses, the key can be leaked, which allows SIM cloning.
The idea behind recovering a lost phone number today is: use the ICCID associated with an IMEI to lock down the phone number. This ICCID is the identifier of the newly inserted SIM card.
The IC on a SIM card includes CPU, ROM, RAM, EEPROM, and I/O. The form factor has kept shrinking, until the e-SIM appeared in 2016.
Embedded-SIM / embedded universal integrated circuit card Embedded SIM (Embedded-SIM, also called eSIM, e-SIM), also called eUICC, is a chip-form-factor SIM. Most use SON-8 packaging.
eSIM is the next-generation SIM technology and follows GSMA (GSM Association) specifications. The core idea is to separate the manufacturing of SIM hardware (eUICC) from the production of carrier data (Profile). Carriers download the Profile via over-the-air provisioning, which is very secure and not susceptible to man-in-the-middle attacks.
Advantages:
- No longer constrained by physical SIM cards, making number portability easier.
- Can contain other security information and be used for private network authentication.
- Removes the card tray and physical IC card, reducing cost and saving space.
- Enables activation from the operator platform, compressing the card-issuance process.
Limitations:
- Does not support dual-SIM dual-standby.
- In China, devices with integrated eSIM are generally driven by carriers or designated service providers, so switching carriers is not possible.
So at present, only IoT devices use eSIM.
Pin definitions of eSIM vs SIM card:
Based on the pin definitions, you can wire an eSIM to a SIM tray. The VPP pin can be left unconnected.
From a security perspective, SIM cards use one-way authentication: when accessing the network, only the SIM is authenticated. Hackers have claimed they could remotely control any SIM number in a short time, and even clone it. USIM cards use mutual authentication: via AUTN (authentication token), both the user and the network are authenticated. When accessing the network, not only is the USIM authenticated, but the USIM also authenticates the network. This greatly increases cracking difficulty and can effectively identify or block fake base stations, improving communication security.
CC BY-NC-SA 4.0