TECHNICAL LEVEL: 2

Led by Informa Telecoms Academy

The Subscriber Identity Module is central to the security of GSM services, but is also increasingly being used as a platform to enable mobile network operators to deploy handset-independent applications, in order to increase ARPU and drive customer loyalty. With more and more capabilities being packed in to a SIM, and network operators keen to deploy ever-more-innovative applications, the diminutive size of the SIM belays its increasing importance, and the importance of understanding just what it can, and can’t, do.

The SIM is owned by the network operator, and recognized by most users on GSM networks as representing their identity to the network. Operators are finding new ways of utilizing that understanding, and applying that identity to applications as diverse as bill-payment, instant messaging and WiFi access systems; as well as more mundane uses such as ringtone downloads and premium-service subscription management.

This one-day seminar will enable you to understand just what is possible using a SIM, and which technologies make that possible. Equally important is an examination of the limitations of the current generation of SIMs, and how recent developments including the creation of high-speed interfacing have the potential to address those limitations and why that might not happen.

Course Objectives:

• State what a SIM does, and why.
• Describe the development of the SIM, and it’s impact on the success of the GSM standard
• Describe the security capabilities of currently-deployed SIM technology, including limitations and failings
• Outline the opportunities available to third-parties to develop SIM applications
• Outline the opportunities available to mobile network operators developing SIM applications
• Discuss the utility of the popular SIM-application-development technologies
• Predict how widely deployed the next generation of SIM technology will be used, and explain the factors influencing that prediction
• Compare and contrast the strategy of SIM deployment and management amongst different GSM network operators.

Workshop Trainer:
Bill Ray, Telecoms Academy

Section 1: What is a SIM?

• History of Smart Card development
• The reason SIMs were developed
• International standards (ISO7816)
• The SIM business model
• Major players in the SIM business

Section 2: Physical and logical structure

• Dismantling a SIM: take it apart and look inside
• Physical security measures
• Logical structure:
  • External connections mapped
  • APDU communications
  • The SIM file system
  • Popular files and their usage
• Physical security attacks
• Logical security attacks

Section 3: The GSM security model

• Identification, Authentication, Confidentiality and Non- Repudiation
• Certification and encryption basics
• GSM security design goals and limitations:
  • Cryptographic algorithm choices
  • Reduced-path encryption
  • Roaming security issues and models
  • Regional legislative issues
• Next generation GSM security
  • Encryption for 3G networks
  • IMS and VoIP security issues

Section 4: The SIM Toolkit and related technologies

• Introduction to the SIM Toolkit
  • Capabilities
  • Limitations
  • Support
• JavaCard
  • Application development process
  • Capabilities
  • Limitations
  • Support
• SIM card management
  • Global Platform
  • In-field application deployment

Section 5: Deployed examples

• Application revenue streams
  • Mandatory application deployments
• Indirect revenue generation opportunities
  • Operator portals
  • Content distribution
• Deployed application examples and associated architectures
  • Bill Payment
  • Utilities
  • Phone Book management
  • Prepaid top-up
  • Banking

Section 6: Next generation SIMs and associated technologies

• Near Field Communications
  • SIM as secure execution environment
• Content licensing and management
  • Digital rights management
  • Super distribution
• MegaSIMs
• High-speed SIM interfacing
• Internet Protocol-enabled SIMs.