SIM is a smartcard that is used in mobile phone. It stores a secret key. Customers are authenticated on mobile network based on this secret key. Customer phone bills are generated based on this key. From the point of view of security, SIM has resistant to any type of tamper. Tamper resistant is considered to prevent secret key from being hacked. It is also believed that tamper resistant will keep secret key safe even if hacker has access to SIM. Cryptographic protocols are used for authentication. By the help of cryptographic protocols SIM provide key to service provider and a call or SMS is authorized. To prevent fraud in GSM network a framework is defined that depends on cryptographic protocols.
When a detailed analysis is done on these cryptographic codes it seems that these protocols are not enough strong to prevent any type of fraud on network. On other hand it also becomes clear that these codes cannot prevent attacks on network. To find out these security loop holes SIM card can be queried several times or mathematical formulas can be used to know secret key of SIM. If someone will get success to get key of SIM card then he can make calls and owner of SIM card have to pay bills.
The responsibility to design encryption algorithm for GSM network was given to a group of algorithm experts in 1987. In those days this group designed two algorithms. First one was for SIM card and it was used to authenticate subscriber on network. It was known as COMP128. Second one was used by mobiles to encrypt data on radio link. This encryption algorithm was known as A5. Networks were designed that they do not send keys or algorithms to each other's. Many operators do have algorithms experts to develop their own algorithms so they decided to use COMP128.
Technical Detail of SIM Cloning
It was explored after some years that it is possible to hack COMP128 algorithm. With the help of 50,000 challenges it was possible to find out secret key of 128 bits. Sensitive word can be used for this secret key because once it is explored clone can be easily made of that particular SIM card. It means secret key can be copied to other black SIM card. Mobile network will think this cloned SIM card is an original SIM card but in reality it is clone of original SIM card. This cloning process can only be done if we have physical access to original SIM card.
Attack to clone a SIM card is called challenge attack. Challenge attack is capable to hack COMP128 algorithm. Years ago this algorithm was wieldy used by mobile operators. It means most of SIM cards can be cloned. As first step of attack special challenges are chosen. A query is sent to SIM card for each challenge. COMP128 algorithm is applied on secret key and specially chosen challenges by SIM card and returned to attacker. Response from SIM card are analyzed and secret key is explored.
For successfully perform attack on SIM card we need physical access to SIM card. We need a SIM card reader a computer and software to operate SIM card reader. During attack SIM card is queried more than 150,000 times. Typically SIM card not reply to more than 6 queries per second. It means 150,000 queries need near about 10 hours or more. Time required to analyze response from SIM is not so long. Though it is supposed COMP128 is secure algorithm but detail study of the documentation does not confirm this point. Attack can be performed successfully on different SIM cards.
Steps of cloning
Getting Ki and IMSI: we will connect SIM card reader to computer on com port or on USB port depends on which card reader we have. As mentioned earlier we need software to operate SIM card reader for this experiment we will be using woron scan. This is one of very reliable software for SIM cloning. In woron scan software we need to tell software on which port SIM card reader is connected. It can be done under setting menu. To clone a SIM card we need two values first one is Ki and second one is IMSI. It does not need long time to detect IMSI value. Just we need to select it in task menu of woron scan software. After doing this SIM card reader will communicate to SIM card will detect IMSI value and display. We need to write down IMSI value detected by woron scan. After this we will look forward to detect Ki value from SIM card for this we need to click Ki search on woron scan software. As described in section „Technical Detail of SIM cloning "same stuff will be done by woron scan software to detect secret key from SIM. This process can take up to 8 hours. Here speed of computer does not matter. Time taken by woron software depends on SIM card because a SIM card can send or receive data on the speed of 9600 bits per second. It is reason that secret key scanning takes more than eight hours. After a long waiting of eight hours we will successfully detect secret key. Typically scanning software stores this secret key in a binary file of size 1 kb.
Writing Ki and IMSI: After we have performed first step success fully we can go to second step. Second step is simple and need not so long time as first step. Typically SIM cloning kits are available in market. These SIM cloning kits contains SIM card reader and writer and a blank SIM. Simply we will open software came in CD with SIM cloning kit. We will browse binary file mentioned in first step and manually enter IMSI detected in first step and click write button that it. After few seconds we will get a message from software confirming that writing process was successfully completed. For actual confirmation we can put this SIM card in mobile phone and check it out if really clone was successful.
SIM cloning is really easy to do with help of SIM cloning kits. Only need to scan secret key and IMSI from original SIM with help of SIM card reader and software comes with it. Then write secret key and IMSI to blank SIM and job is done.
Weakness of COMP128
Security loop holes are a serious problem in GSM security. With the time experts have also learnt that there are very serious problem with COMP128. They made efforts to find solutions of these security loop holes. One very interesting solution they found was public review. It means they will encourage public to find out problems of encryption algorithm and experts will work to fix problems.
Openness is a good design in communication security. It is really hard to write code perfect in first attempt. It has many advantages if code double checked by others. But problem is GSM operator society keep security specification secret. This approach does not allow other to find out security problems. But they do not make it so secure that it cannot be hacked. There are many users of GSM worldwide. It will cost a lot to remove security loop holes. For example there is a big security problem in COMP128 algorithm and if an operator decide to change SIM cards of all its customers having COMP128 V2 it will cost operator so much.
It's quite easy to clone a SIM card if it is using COMP128 V1 algorithm. But most of operators are using this algorithm. All have their different reasons to use this unsecure algorithm. One important reason is it is really difficult to update authentication system.
To overcome this problem a new algorithm must be selected. New SIM card should be manufactured with new algorithms. A software upgrade is necessary at all authentication points.
Two algorithm experts had brought flaws of COMP128 in front of public. As a result of which old COMP128 became COMP128-1,and a new version was distributed as COMP128-2 which have overcame the old known weaknesses. GSM Association Security group then issued warning to operators that they should really consider developing their own algorithm as the specification intended. There is one more version ,COMP128-3 that produces 64-bit key for A5 as compared to COMP128-2 which produces only 54-bit key for A5. Under Development is even new version COMP128-4 which is based on the 3GPP3 Algorithm MIlENAGE4 that uses AES5.
Now Mobile operators has made much progress against SIM Card Attacks for example they have limit the number of challenges, so that card would lock up before the unique key was discovered. Monitoring the voltages of the smart card and with selected plain text (pre-computing the challenges) time to find out the key Ki has been significantly reduced.
Cryptography
There is a narrow pipe in COMP128 algorithm. Bytes j , j+8 , j+16 , j+24 of input to COMP128 determines the bytes j , j+8 ,j+16 ,j+24 at the output of the 2nd round .( Here round means one layer of S-boxes and " butterflies "; on whole there are 40 rounds in COMP128. They are performed as 5*8. Bytes j, j+8 of the key are bytes j , j+8 of the COMP128 input and bytes i ,i+8 of the challenge input are bytes j+16, j+24 of the COMP128 input.
Now we test the narrow pipe by changing bytes i+16,i+24 of the COMP128 input (that is same as bytes i , i+8 of the challenge) and we let rest of the COMP128 input constant. While the rounds are random we will make a guess that there is collision in bytes j, j+8,j+16,j+24 after two rounds . Since the pipe is only 4 bytes wide it guarantees that collisions will occur occasionally. Collisions in the narrow pipe can be easily detected easily because it result collusion in the output of COMP128.From this we can clearly see response of two authentication will same and every collision is used to determine the two key bytes j ,j+8 by the analysis of the first two rounds.
To learn two key bytes there will be 2^{4*7/2 + 0.5} = 2^{14.5} chosen-input queries to COMP128. Therefore to recover whole 128-bit key Ki there will be 8 * 2^{14.5} = 2^{17.5}
Queries.
How to switch to new algorithm
The GSM standards have been carefully designed to allow you choose any authentication
algorithm you wish, providing it meets the requirements.
So, an operator can change the A3/8 algorithm by changing the algorithm in the Authentication Centre (AuC) and the SIM card. Most Authentication Centers will support multiple algorithms in used a network at the same time, and in the AuC the algorithm that the card uses is identified by the IMSI of the card. In this way an operator may gradually introduce a new algorithm to new users (or reissued cards).
