Embedded Forensics: An Ongoing Research on SIM/USIM Cards, Antonio Savoldi

Embedded Forensics: An Ongoing Researchabout SIM/USIM Cards

Antonio Savoldi1 and Paolo Gubian2

1 University of BresciaDepartment of Electronics for AutomationVia Branze 38, I25121 Brescia, [email protected]

2 University of BresciaDepartment of Electronics for AutomationVia Branze 38, I25121 Brescia, [email protected]

Objectives

• Physical and logical level description of a smart card.• Security issues about SIM/USIM cards.• Extraction of the standard part of the filesystem.• Observable memory and full filesystem extraction.• Analysis of a complete filesystem of a SIM/USIM card.• Data hiding and recovery in SIM/USIM cards.

Introduction

This chapter is aimed at introducing the fascinating field of embedded foren-sics, which can also be referred to as Small Scale Digital Device Forensics(SSDDF) [11]. Embedded forensics encompasses methodologies, algorithms,and best practices which can be used for dealing with a digital forensics inves-tigation on this kind of platforms. Particularly, we would like to pinpoint whatfollows. Firstly, we will introduce the smart card world, giving a sufficientlydetailed description regarding the main physical and logical main buildingblocks which are essential to understand the complexity of such embeddedsystems. Therefore, we will underline some weaknesses and issues on the se-curity of a smart card, by portraying the state-of-the-art attacks normallyused to steal sensitive information from the SIM/USIM filesystem. Secondly,we will give a general overview on the extraction of the standard part of thefilesystem, giving at the same time a general purpose algorithm to deal withthis problem. Moreover, we will present an effective methodology to acquire

2 Antonio Savoldi and Paolo Gubian

all the observable memory content, that is, the whole set of files, both stan-dard and non-standard, which represent the full filesystem of such devices.Finally, after having presented the main issues related to the presence of suchslack space within the filesystem of SIM and USIM cards, we will discuss somepotential cases of data hiding at the filesystem level, presenting at the sametime a detailed and useful procedure used by forensics practitioners to dealwith such a problem.

1 Physical and Logical Description of a SIM/USIM Card

The purpose of this section is to give an overview on smart cards used in thetelecommunications field by detailing the main building blocks, their functionsand how they are related to each other. Generally speaking, smart cards belongto the group of identification cards using a ID–1 format formally definedin ISO Standard 7810, Identification Cards – Physical Characteristics. Thisstandard specifies the physical properties, such as mechanical flexibility andtemperature resistance, of four types of cards, namely ID–1, used for bankingcards such as ATM (Automatic Teller Machine) cards, credit cards, and debitcards; ID–2, prevalently used for identity documents; ID–3, used worldwidefor passports and visas; and finally, ID–000 used for SIM/USIM cards. InTable 1, some technical details regarding these cards are shown.

Type of Card Size [mm] Application field

ID–1 85.60 × 53.98 banking field

ID–2 105 × 74 identity documents

ID–3 125 × 88 passports and visas

ID–000 25 × 15 SIMs/USIMs

Table 1. ISO 7810 Specification

As stated in the standard reference, a smart card is the youngest and cleverestmember of the family of identification cards in the ID–1 format. Among itsfeatures there is an embedded integrated circuit within the card, which isaimed at transmitting, storing and processing data for a specific purpose. Thecentral component for such a pervasive embedded system is undoubtedly themicrocontroller, whose main purpose is to control and monitor all the card’sactivities. Usually, for functional security and reliability reasons, a smart cardprocessor is based on a well known platform, which can be optimized in orderto provide the right performance and the appropriate level of system security.

As it can be seen in Figure 1, there are several elements to consider inorder to describe a smart card at the functional level. Current state-of-the-artmicroprocessors usually have a RISC (Reduced Instruction Set Computer) 32bits architecture with emphasis on the security of the system. For instance,the Atmel AT91SC512384RCT microcontroller [7] is based on the well known

Embedded Forensics: An Ongoing Research about SIM/USIM Cards 3

ARM SC 100 secure core [16], with a 32-bit instruction set, a Von NeumannLoad/Store architecture, a 3-stage pipeline architecture and data types withinthe range 8–32 bits. From the memory point of view, it has a 512 Kbytes ofROM program memory, 384 Kbytes of EEPROM, including 256 bytes of OneTime Programming (OTP) memory, and 24 Kbytes of RAM. Another com-mon platform frequently used in the realm of smart cards is the SmartMIPSarchitecture [17]. It aims at improving the protection of the system by usingcryptographic algorithms such as RSA, DES, AES, and Elliptic Curve.

All modern architectures have common modules. Usually, a OTP area ispresent in the EEPROM memory and it provides hardware-secured, tamper-proof storage for program memory and security information. Three types ofmemory are usually present: EEPROM, used for storing the filesystem anduser data, ROM, used for the operating system, and RAM, used for dealingwith temporary data. A Firewall is an important module whose role is, withthe Memory Management Unit (MMU), to encapsulate an application in amanner that it cannot access memory areas forbidden to it. To perform calcu-lations in the realm of symmetric and asymmetric cryptographic algorithms,such as RSA, elliptic-curve and DES/3DES, there is a special arithmetic unitcapable of performing all the basic operations that are necessary for thesetypes of algorithms, such as exponentiation and modulo calculation whichmakes use of large numbers, usually up to 2048 bits for the RSA case. AJava accelerator module is an hardware component which implements a JavaVirtual Machine. This is useful to directly process Java bytecode, thus fas-tening the execution of Java applications which are becoming more and moreused. Cyclic Redundancy Check (CRC) is a hardware module specifically usedto secure data or programs by means of an error detection code. A RandomNumber Generator (RNG) module provides a safe way to produce truly ran-dom numbers used, for instance, for generating keys and authenticating smartcards and terminals. Another important module integrates the hardware fordata transmission, which takes place via a bi-directional serial interface or byan Universal Serial Bus (USB) interface. The former case implies the usageof the so-called Universal Asynchronous Receiver-Transmitter (UART) usedfor transmitting and receiving data independent of the processor. In the lat-ter case there is an additional interface which uses the USB protocol withhardware support. Timers in smart card microcontrollers are connected tothe internal processor clock via a configurable divider, and they usually havea counting range of 32 bits. The usage of a timer is useful to measure, for in-stance, the execution of a routine without involving the processor. A modulecalled Single Wire Interface (SWI) provides a digital interface to the RadioFrequency (RF) front end chip, generally adopted for contact-less smart cards.Recently, it has been introduced an interface between the microcontroller andan external NAND memory module to provide additional storage capabilitiesup to hundreds of Mbytes. Finally, in modern state-of-the-art smart card pro-cessors there is a special module capable of dealing with Simple Power Anal-ysis (SPA) and Differential Power Analysis (DPA) attacks, which are used to


obtain the entire instruction set of the processor. A representative functionalscheme of a modern state-of-the-art smart card microcontroller can be seenin Figure 1. The mentioned attacks will be illustrated in the next section. Tosummarize, in a modern smart card chip we have the following modules:

• CPU block (based on SC–100 ARM Core)• System memory: OTP, EEPROM (User memory), ROM (Program mem-

ory) and RAM• Firewall between CPU, memory blocks and all the remaining modules• Java accelerator• Crypto-accelerator (co-processor)• Random Number Generator• Cyclical Redundancy Checksum• On-chip security (DPA/SPA prevention)• UART and/or USB interfaces• Single Wire Interface (digital interface to RF front end chip)• Timers• Interface for external NAND memory

RAM EEPROM ROM OTPJAVA

ACCELERATORMMU CRC

CO-

PROCESSORRNG

ON CHIP

SECURITY

(SPA/DPA)

UART /

USBSWI TIMER

NAND

INTERFACE

CP

U FIREWALL

Fig. 1. Functional logic blocks of a smart card microcontroller

2 Security Issues about SIMs/USIMs

This section is devoted to the analysis of state-of-the-art smart card attacks,which forces security engineers to apply hardware and software countermea-sures to deal with them.

2.1 Physical attacks

The very first commercial smart cards had to resist against Probing and Forc-ing [15]. The former case implies that the conductive lines of the chip aredirectly put in contact with a very thin needle, the so-called probe. The sig-nals are then measured and analyzed. For instance, if the connection betweenthe central processing unit and the memory of an unprotected chip card is


probed, stored secret data can be easily read out. Conversely, the latter case,Forcing, implies that signals can be directly transmitted through the probe tothe chip in order to alter the functioning of a device. Nowadays, recent micro-manipulation techniques open new possibilities based on these old methods.The Focused Ion Beam (FIB) machines allow an attacker to cut or contactchip wires most conveniently. State-of-the-art security controllers are equippedwith an intelligent protective active shield, which consists of a thin parallelgrid of signal lines, through which random data are constantly transmittedand evaluated at the output. The device issues an alarm when the injecteddata at one end of the grid do not match the collected values at the otherend. The shield is built on the upper metal layer of the microcontroller andcovers its entire surface. If any single line of the shield is damaged, the devicedetects it and performs the necessary countermeasures, thus giving protectionagainst many physical attack methods.

2.2 Semi-invasive attacks

The aim of semi-invasive attacks is to alter the functioning of the micro-controller. This approach can be used, for instance, when the microcontroller isforced to change state of functioning by using external unconventional sourcesof input. Trigger events can be voltage impulses, intense radiations, temper-ature changes or ionized radiations. Especially, during the computation stepsof a cryptographic function, if an undetected error can be induced, differ-ent mathematical techniques could be used to retrieve secret pieces of data,the cryptographic key among others. Such analysis is known as DifferentialFault Attack (DFA) [5]. An efficient protection against this attack can onlybe achieved with a combination of hardware and software countermeasures.

Modern state-of-the-art smart card microcontrollers embed sensors ableto detect the interference, release an alarm signal, and interrupt the function-ing of the chip in case of an attack. Nevertheless, it is most important, asan additional protection barrier, to detect wrong operations actively per soft-ware being executed. For instance, during a program execution, unprotectedmicrocontrollers disclose the sequence of bits that are being processed. TheDifferential Power Analysis (DPA) [4] uses statistical tools to take advantageof that weakness and retrieve secret pieces of data. The power consumptiondiagrams of a chip are recorded a few thousands of times during the processingof the secret information with different sequences of input. A statistical eval-uation program sorts the input-output values according to a hypothesis andchecks the existence of correlations. Plotted on a diagram, the curves disclosethe correct key value through a visible peak. In order to face the problem thereare both hardware and software approaches. The simplest hardware solutionis to integrate a fast-acting voltage regulator in the chip that uses a senseresistor to monitor the current drawn and ensures that it is independent ofthe instructions and data. Another approach is to generate artificial noise inthe current consumption by using the CRC checksum generator with random


data as input values. From a software perspective, there are solutions basedon defining instructions which have the same current consumption. On theother hand, it is possible to have different, randomly selected procedures forperforming the same computation in cryptographic algorithms, thus makingpower analysis difficult.

During an ElectroMagnetic Analysis (EMA) [12], the electromagnetic ra-diation emitted by a smart card microcontroller, even though with smallstrength, can be measured using Superconducting Quantum Interference De-vices (SQUIDs) [26]. In order to overcome this problem, smart card developershave applied design measures and dedicated architecture with the so-calledIntegral Security, including complete hardware memory and bus transport en-cryption, which are efficiently implemented in order to prevent data dependentbehaviors of the chip. In addition, integrated circuits can be protected againstthis sort of attack by using several layer shields, so that it is not possible tocorrelate the measured electromagnetic spectrum with inner components.

3 Cellular Network Elements: An Overview

In sections 1 and 2 we have given an overview about smart cards from afunctional perspective by also pinpointing attacks and countermeasures. Con-versely, the purpose of this section is to portray the central component used inthe cellular network that is the Subscriber Identity Module (SIM) with respectto the Global System for Mobile Communications (GSM) / General PacketRadio Service (GPRS) system, and the Universal Subscriber Identity Module(USIM) with respect to the third generation (3G) cellular network systemUniversal Mobile Telecommunication System (UMTS).

3.1 Digital Forensics Science

Before introducing the SIM and USIM cards, by detailing their real filesystem,it is necessary to make a brief overview about the Digital Forensics Science.It is a recent branch of computer science, which has been established as ascientific research area in 2001. It has been defined as follows:

The use of scientifically derived and proven methods toward the preserva-tion, collection, validation, identification, analysis, interpretation, documen-tation and presentation of digital evidence derived from digital sources for thepurpose of facilitating or furthering the reconstruction of events found to becriminal, or helping to anticipate unauthorized actions shown to be disruptiveto planned operations.

This definition highlights the main tasks, or categories of the digital foren-sics research. For each task, a set of subtasks, or techniques, has been pro-posed. Categories may be viewed as the main phases or steps of an inves-tigative process, while techniques may be viewed as the actions that an in-vestigator has to take to complete a phase of the investigative process. Theinvestigative process itself has been defined in [1] and is shown in Table 2.


Identification Preservation Collection Examination Analysis Presentation

Event/Crime Case Preservation Preservation Preservation Documentation

Detection Management

Resolve Imaging Approved Traceability Traceability Expert Testimony

Signature Technology Methods

Profile Chain of Approved Validation Statistical Clarification

Detection Custody Software Techniques

Anomalous Time Approved Filtering Protocols Mission Impact

Detection Synchronization Hardware Techniques Statement

Complaints Legal Pattern Data Recommended

Authority Matching Mining Countermeasure

System Lossless Hidden Data Timeline Statistical

Monitoring Compression Discovery Interpretation

Audit Sampling Hidden Data Link

Analysis Extraction

Data Spatial

Reduction

Recovery

Techniques

Table 2. Investigative Process for the Digital Forensics Science

By looking carefully at Table 2, it is possible to see that, from identification topresentation, the execution of at least one technique from every category seemsto be essential in every investigation. That is, some kind of identification isnecessary for starting every investigation; preservation must be carried out forevery piece of physical item; every data object must be examined; a timelineand chain of evidence must be built and a presentation must be scheduled.Therefore, identification, preservation, examination, analysis and presentationare “operational” categories. On the other hand, collection is a “management”category, as it involves considerations about the way to manage data objects,such as choosing a preservation strategy, hardware, software, methods, waysto reduce the amount of data without losses and to eventually recover it;assigning legal authority. Hence, the design of a preservation tool able to dealwith SIM/USIM cards must take into account that the real users of its outputwill be the people at the examination stage.

According to the investigative process illustrated in the previous Table 2,a software which should be capable of dealing with SIM and USIM cards canbe placed in the imaging technology group of techniques in relation to thepreservation phase. That is, its mission is to extract from a SIM/USIM card,defined as the physical item [19], the information stored in it, to the widestpossible extent, and to produce as output what is called a primary image,which can be subsequently used throughout the investigation instead of thephysical item itself, which is secured as evidence and never used any more.The primary image itself is seldom used, because it acts as a master fromwhich working copies can be created for the investigators. All the precautionstaken for the physical item are used also for the primary image acting as themaster.


This method can be applied if the primary image, from which digital evi-dence is derived, maintains its digital integrity throughout the entire process.Digital evidence integrity is defined as the property whereby digital data hasnot been altered in any manner since the time it was created, transmitted,or stored. Besides digital integrity, an imaging tool is required to produce aforensically sound digital evidence, that is, a copy which contains, as an ab-solute minimum, the full operating area of information stored in all activesemi-permanent storage [3]. It is clear that such a requirement cannot be sat-isfied when the physical item is a SIM/USIM card, because trying to extractsuch a copy could harm the physical item itself, resulting in an investiga-tion that is not forensically sound, which means that is not adherent to theprinciples and best practices of the Digital Forensic Science, because digitalintegrity is not ensured. Indeed, as a matter of fact, there are no availablesystems to deal with a full and forensically sound image of the EEPROM of aSIM/USIM card, and this because of the intrinsic level of security, hardwareand software, at the level of this system.

That said, it is interesting to explain why SIM card investigation is valu-able and what pieces of information we might expect to be extracted froma SIM. The first aspect is the fact that the subscriber of a mobile telephonysystem essentially wants a means to communicate: this implies an exchangeof information, voice and data, potentially useful for investigations. Second,every mobile telephone system traces the position of handset terminals to ex-change information between the mobile part and the fixed part of the system.Since the subscriber needs the handset to transmit and receive information,he/she will bring the handset in his/her pocket, precluding the use of it fromother people. Therefore, in most cases, there is a unique relationship betweenthe user and his/her handset, and this is very interesting from an investiga-tor’s point of view. Note that this marks a big difference from fixed telephonesystems, where a terminal identifies only a geographical location (home, busi-ness, etc.) but not the users of that terminal.

3.2 Architecture of the GSM System

A general overview about the GSM system is necessary to understand wherethe SIM card acts. Every GSM network [18] can be divided into three mainsubsystems, namely the Radio SubSystem (RSS), the Network and Switch-ing Subsystem (NSS) and the Operation SubSystem (OSS). The RSS consistsof two main elements. The former is the Mobile Station (MS), which con-sists of two physically and logically separate components, called respectivelythe Mobile Equipment (ME) and the Subscriber Identity Module (SIM). Thelatter module is the Base Station Subsystem (BSS), which permits the com-munication between a cellular phone with the higher-level components of thenetwork. This subsystem is placed at the center of every cell and has twobasic elements, one or more Basic Transceiver Stations (BTSs), responsible


for data transmission and reception, and a Base Station Controller (BSC),which controls the transceivers of a certain network cell.

The Network and Switching Subsystem consists of the Mobile SwitchingCenter (MSC), which manages multiple base station subsystems, and theVisitor Location Register (VLR), which contains information about all mo-bile stations currently within the range of the associated mobile switchingcenter, and it provides a list of mobile stations belonging to subscribers ofother networks that have logged into the network of the associated MSC viaroaming.

At the vertex of the GSM system there is the operational subsystem. Itconsists of the Operation and Maintenance Center (OMC), which is responsi-ble for network operation, subscriber administration and billing, the Authen-tication Center (AuC), responsible for all keys and algorithms required bythe system (e.g. authentication of SIMs), the Home Location Register (HLR),which contains all the data pertaining to subscribers as well as the data re-garding the localization of mobile stations, and finally the Equipment IdentityRegister (EIR), which contains all the serial numbers of all mobile stations inthe network.

3.3 The SIM Card

The subscriber identity module (SIM) is a smart card which contains theidentity of the subscriber, and it is aimed at securing the authenticity of themobile station with respect to the network. As a consequence of a SIM beinga smart card, the aforementioned requirements are used to accomplish thefollowing tasks:

• Confidentiality: the user privacy must be guaranteed by encrypting voiceand data traveling over the air. The keys of cryptographic algorithms thatimplement this feature reside in the SIM.

• Authentication: no unauthorized user should be able to access the net-work. The keys of the authentication algorithms reside in the SIM.

• Integrity: no user should be able to alter the data within the SIM toimplement frauds, for example by increasing the charge on a prepaid SIMor by enabling restricted services without paying for them.

• Non repudiation: the sender can verify that a certain recipient has re-ceived a particular message, which means that the message has bindingforce.

Apart from authentication, the SIM provides storage allocation for dialingnumbers, short messages, and personal configuration settings for the mobilephone. Normally, the SIM can be seen in two different formats in the GSMsystem, ID–1 or ID–0000, according to Table 1. As a rule, communications be-tween the mobile equipment and the SIM use the T = 0 protocol, as specifiedin ISO standard 7816-3.


A smart card can be viewed as a safe containing data. As a safe, it is verywell armored against every unauthorized or unforeseen access. A very impor-tant fact that must be taken into consideration is that, just as an attempt ofintrusion into a safe protected by a security system could lead to an alarm,tampering attempts with a smart card could lead to an irreversible blockingof the card; this block can only be resolved by substituting it with a newsmart card issued by the same provider. From a forensics perspective, thisleads to the conclusion that no sound forensic investigation can be carried outusing tools that try to force anomalous behavior on the part of the SIM orwhich require a physical manipulation of it. Indeed, we will provide generalguidelines to acquire all the observable contents at the filesystem level, whichis stored in the EEPROM of the card.

A smart card’s filesystem is stored in an internal EEPROM, protected bythe security features of the card. It has a hierarchical tree structure, witha root called Master File (MF). As in many other filesystems, there are twoclasses of files: directories, called Dedicated Files (DF) and regular files, calledElementary Files (EF). They could be viewed as the nodes and leaves of atree, respectively. The MF is a DF and the main difference between a DF andan EF is that a DF contains only a header, whereas an EF contains a headerand a body. The header contains all the meta-information that quantitativelyrelates the file to the structure of the filesystem (available space under a DF,number of direct children, length of a record, etc.) and security information,whereas the body contains information related to the application for whichthe smart card has been issued. Depending on the structure of the body, fourtypes of EF are possible in a smart cards filesystem:

• Transparent EF: these files are organized as a sequence of bytes. Itis possible to read all or only a subset of their contents by specifying anumeric interval.

• Linear-fixed EF: the atomic unit for these files is the record, instead ofthe byte. A record is a group of bytes that have a known coding: everyrecord of the same file represents the same kind of information. In a linear-fixed EF, all the records have the same length.

• Linear-variable EF: same as linear-fixed EF, but here the length mayvary from one record to the other.

• Cyclic EF: these files implement a circular buffer where the atomic unitof manipulation is the record. Therefore, the concepts of first and last aresubstituted by those of previous and next.

SIM cards do not allow linear-variable EFs; they implement only transparent,linear-fixed and cyclic EFs. Every file is unambiguously identified by its ID,which is a hexadecimal number that acts as the name of the file. No twofiles in the whole filesystem are allowed to have the same ID. The operationsallowed on the filesystem are coded into a set of commands that the interfacedevice (IFD), which is the device capable of interfacing with a smart card andsetting up a communication session, issues to the smart card, and then waits


for responses. The IFD acts therefore as the master and the smart card as theslave. This is different in so called proactive smartcards, which are capable ofissuing commands to the IFD. The aforementioned commands [24], by meansof which it is possible to interact with a SIM cards filesystem, are:

• SELECT: this command, which is fundamental to SIMbrush, selects afile for use and makes the header of that file available to the IFD.

• STATUS: has the meaning of a SELECT with MF as argument.• READ BINARY: reads a string of bytes from the current EF.• UPDATE BINARY: updates a string of bytes in the current EF.• READ RECORD: reads one complete record in a record-formatted file.• UPDATE RECORD: updates one complete record in a record-formatted

file.• SEEK: searches the records of a record-formatted file for the first record

which starts with the given pattern.• INCREASE: adds the value passed as a parameter by the IFD to the last

increased/updated record of the current cyclic EF and stores the result inthe oldest increased/updated record. It is used for incrementing time orcharge information.

• GET RESPONSE: in SIM cards, if some data is to be communicatedfrom the smartcard to the IFD after a command, it is the IFD itself thathas to request it, using this command.

What is important to note is that there is no command to delete or createfiles. No command to quickly browse the filesystem is available, either. Thosementioned are the most important commands of a SIM cards operating systemand have been reported here for completeness.

Smart cards can be compared with safes. Like safes, they implement manysecurity systems to protect their content: data. One of such security systemsis access conditions. A short introduction to access conditions in a SIM card isprovided in the following. If all the aforementioned commands were executableby anyone at any time, all sensible data stored in the filesystem would bereadily available to the external world. Access conditions are constraints tothe execution of commands which filter every execution attempt to makeonly those people who are authorized served, and only for the duration oftheir authorization. There are 16 access conditions, shown in Table 3, andevery file in the filesystem has its own specific access conditions for eachcommand. Access conditions are organized in levels, but this organizationis not hierarchical: that is, authorization for higher levels does not implyauthorization for lower levels.

Briefly, the meaning of these access conditions is:

• ALW: the command is always executable on the file. Thus, the file couldbe read and modified arbitrarily.


Byte(s) Level

0 ALWays

1 CHV1

2 CHV2

3 Reserved for GSM future use

4 - 14 ADMinistrative

15 NEVer

Table 3. Access conditions and related levels for SIM/USIM cards.

• CHV1: the command is executable on the file only if one among CardHolder Verification 1 (CHV1) code or Unblock Card Holder Verification 1(UNBLOCK CHV1) code has been successfully provided.

• CHV2: same as CHV1, but using Card Holder Verification 2 (CHV2) codeor Unblock Card Holder Verification 2 (UNBLOCK CHV2).

• ADM: allocation of these levels is a responsibility of the administrativeauthority which has issued the card: the card provider or the telephonyprovider which gives the card to its subscribers.

• NEV: the command is never executable on the file.

As stated in the standard reference [24], in the filesystem of a SIM there are 70elementary files, which can be easily acquired by issuing a SELECT commandwith the file as argument. A partial list of elementary files inside a standardSIM/USIM can be seen in Table 4.

In order to be able to acquire all the data content from a SIM/USIM, it isfoundamental to analyze the meta-information of EFs and DFs headers. Thus,the real filesystem structure of a smart card may be unveiled and discovered.

In Table 5, the first part of the bytes of a Dedicated File header can be seen.Briefly, the ID specifies the name of the DF, and in general, of each EF presentin the filesystem. These identifiers, as stated by the standard reference [24],are unique and they are expressed in hexadecimal within the range from 0000

to FFFF. For example, as already mentioned, 3F00 specifies the name of theMaster File, which is the root of the filesystem. The byte related to the typeof file specifies which kind of file, (MF, DF or EF), is this. The bytes shown inTable 7 are rather trivial but very important. The 14-th byte is related to thetechnology of the SIM/USIM card, whereas bytes 15-16 are respectively thenumber of DFs and EFs that are direct children of the current DF. Thus, withthis information, it is possible to understand the size of a part of the filesystem.Bytes from 17 to 22 indicate the types of authentication code, namely CHV1

or CHV2 (CHV means Chain Holder Verification) and their relative status,which can be enabled or disabled. For example, the CHV1 code, also known asPIN1 (Personal Identification Number 1 ), is important in order to access thecontents of the various EFs in the filesystem.We can proceed with the analysis of the EF header by analyzing Table 6.Apart from the file size and the ID, mentioned above, it is interesting to no-tice the type of file, which can be transparent (a simple sequence of bytes),


Name ID Function

PHASE 6FAE Phase Identification

SST 6F38 SIM Service Table

ICCID 2FE2 ICC Identification

LP 6F05 Language Preference

SPN 6F46 Service Provider Name

MSISDN 6F40 Mobile Subscriber Phone Number

ADN 6F3A Abbreviating Dialling Numbers

FDN 6F3B Fixed Dialling Numbers

LND 6F44 Last Numbers Dialled

EXT1 6F4A Extension 1

EXT2 6F4B Extension 2

GID1 6F3E Group Identifier Level 1

GID2 6F3F Group Identifier Level 2

SMS 6F3C Short Messages Service

SMSP 6F42 Short Messages Service Parameters

SMSS 6F43 SMS Status

CBMI 6F45 Cell Broadcast Message Identifier Selection

PUCT 6F41 Price per Unit and Currency Table

ACM 6F39 Accumulated Call Meter

ACMmax 6F37 ACM Maximum Value

HPLMN 6F31 Higher Priority PLMN Search Period

PLMNsel 6F30 PLMN Selector

FPLMN 6F7B Forbidden PLMNs

CCP 6F3D Capability Configuration Parameters

ACC 6F78 Access Control Class

IMSI 6F07 International Mobile Subscriber Identity

LOCI 6F7E Location Information

BCCH 6F74 Broadcast Control Channels

Kc 6F20 Ciphering Key

Table 4. An example of files which can be extracted from a SIM card.

Byte(s) Description Length

1 - 2 Reserved for Future Use 2

3 - 4 Total amount of memory of the directory which is not allocated 2

to any of the DFs or EFs under the selected directory

5 - 6 File Identifier 2

7 Type of file 1

8 - 12 Reserved for Future Use 5

13 Length of the following data (byte 14 to the end)

14 - 34 GSM specific data 21

Table 5. Structure of a Dedicated File’s header.


linear fixed (a sequence of records) or cyclic (a circular buffer structured asa set of records). As already specified, the access conditions specify the con-straints to the execution of commands, which protect files from unauthorizedmanipulation. These constraints, specified by bytes 9-11, are related to a pre-cise group of commands which can be issued to a card, namely Read, Update,Increase, Rehabilitate and Invalidate. The two commands that are importantin order to see, and subsequently modify, the contents of an EF, are Readand Update. The latter command allows a user to overwrite the contents ofan elementary file which is accessed with the right privileges. Thus, startingfrom these considerations, we will see how it is possible to realize data hidingat the filesystem level, by using its slack part.


1 - 2 Reserved for future use 2

3 - 4 File size 2

(for transparent EF: the length of the body part of the EF)

(for linear fixed or cyclic EF: record length multiplied by

the number of records of the EF)

5 - 6 File identifier (ID) 2

7 Type of file 1

8 Reserved for future use 1

9 - 11 CHV1 status 3

12 UNBLOCK CHV1 status 1

13 CHV2 status 1



16 and Reserved for future used -

following

Table 6. Structure of a Elementary File’s header.


14 File characteristics 1

15 Number of DFs which are a direct child of the current directory 1

16 Number of EFs which are a direct child of the current directory 1

17 Number of CHVs, UNBLOCK CHVs and administrative codes 1


19 CHV1 status 1


21 CHV2 status 1



24 - 34 Reserved for administrative management 1

Table 7. GSM specific data.


3.4 The USIM Card

The Universal Subscriber Identity Module (USIM) can be defined as the end-user part with respect to the Universal Mobile Telecommunication System(UMTS) network, which is known also as 3G network. It is primarily thebearer of the identity of the subscriber, and it is aimed at providing authenti-cation of the mobile station with respect to the cellular network. It has manysimilarities at the filesystem level with the SIM card. The operating systemneeds to be compliant to the ISO/IEC 78126 family of standards, which im-plies that it must be multiapplication capable. The main difference resides inthe file types. Indeed, every USIM has a special feature in the form of theApplication Dedicated File (ADF) type. Basically, this is a new DF whichcontains all the EFs and DFs pertaining to a specific application that doesnot have the MF as its root directory. In this way, for instance, in a UMTSIntegrated Circuit Card (UICC) there could reside multiple filesystems formultiple cards, both SIM and USIM.

4 Observable Memory and Full Filesystem Extraction

As said before, the underlying problem is that no command exists to quicklybrowse the filesystem, similar to the dir or ls commands in the DOS or Linuxoperating systems. The structure must therefore be inferred. Reference stan-dards [24] help in the solution of this problem. Indeed, we will see how toobtain the full and complete filesystem of a SIM/USIM card.

First, the standards say that no two files may have the same ID (filename)and there are a lot of files that have a standard ID; for example, 3F00 identifiesthe master file of a SIM cards filesystem. Second, the SELECT command maybe issued with any file as argument, with no restrictions. This leads to theopportunity to “brush” the ID space by issuing a SELECT command for eachvalid “name”, from 0000 to FFFF, obtaining either a warning from the SIMwhen the ID does not exist (that is, the file with that name is not presentin the filesystem of the SIM under examination), or the header of the file(that is, of the file with that name present in the filesystem of the SIM underexamination) when it does.

With these two pieces of information, it seems possible to obtain the headerof every file present in the filesystem of the SIM with a single scan of the IDspace. This is only partially true. In fact, the standards define the concepts ofcurrent file and current directory. The current file is simply the last success-fully selected file. The current directory is the last successfully selected DF,or the parent DF of the current file, if the current file is an EF: it defaultsto MF and may coincide with the current file. At any time, there are exactlyone current file and one current directory. The current directory determineswhich files are selectable and which are not, according to the following rules:

1. MF is selectable no matter what the current directory is.


2. The current directory is always selectable.3. The parent of the current directory is selectable.4. Any DF which is an immediate child of the parent of the current directory

is selectable.5. Any file which is an immediate child of the current directory is selectable.

It is possible to associate a set of files and directories to each of the abovementioned groups:

1. The first set is called MF SET. It has a single element: the MF.2. The second set is called CURRENT SET. It has a single element: the current

directory.3. The third set also has a single element: the parent of the current directory.

It is called the PARENT SET.4. The fourth set has the obvious name of DF SIBLINGS SET.5. The fifth set is called SONS SET.

At any time, selection must obey the rules of selection just explained: this canbe formalized by introducing another set, which represents, given the currentdirectory, all the files and directories on which issuing a SELECT commandresults in a successful response from the SIM, if and only if the file exists:

SELECTABLE SET = MF SET ∪CURRENT SET ∪PARENT SET ∪DF SIBLINGS SET ∪SONS SET

(1)

Because the relationship between the set of every possible current directoryand the set of possible SELECTABLE SET is univocal, it is possible to reconstructthe entire filesystem, finding the missing part of it, which is, at each level ofthe n-ary tree, the set of sons:

SONS SET = SELECTABLE SET \(MF SET ∪CURRENT SET ∪PARENT SET ∪DF SIBLINGS SET)

(2)

The above relation is important because it makes it possible to reconstructthe entire filesystem tree contained in a SIM card, even without commands toexplicitly explore it. More precisely, at this stage the structure of the entirefilesystem has been reconstructed, and for each file the header has also beenextracted. However, the interesting part of the filesystem resides in the bodyof EFs; extracting this information is subject to access conditions limitations.Every software which should be considered compliant with the Digital Foren-sics guidelines should be able to extract the body of those files whose access


conditions are ALW and CHV1/CHV2, the second case being possible only if theappropriate codes are provided. An attack against these codes, even if possiblein some way, is not acceptable from a digital forensics point of view, as statedin the first section.To clarify the concepts, it is useful to explain how it is possible, from a theoret-ical point of view, to reconstructs the filesystem of a SIM/USIM, by simulatingits behavior with an example. The starting point is MF, because this is thedefault current directory of a SIM card. This initial situation is shown in step0 of Table 8.

Step 0 1 2

CURRENT SET {3F00} {7F10} {7F4F}

MF SET {3F00} {3F00} {3F00}

PARENT SET {} {3F00} {3F00}

DF SIBLINGS SET {} {7F4F} {7F10}

SELECTABLE SET {3F00,7F10, {3F00,6F3A, {3F00,6F16,

7F4F} 6F3B,...,6F4B, 6F1C,6F1E,

7F10,7F4F} 7F10,7F4F}

SONS SET {7F10,7F4F} {6F3A,6F3B, {6F16,6F1C,

...,6F4B} 6F1E}

Table 8. Evolution of the core algorithm in reconstructing the filesystem of aSIM/USIM.

The key point is that, at this stage, the MF SET is known and coincides withMF, the CURRENT SET is also known and coincides with MF, and PARENT SET

and DF SIBLINGS SET are empty sets because MF is the root of the filesystemtree. Under these conditions, Equation (2) becomes:

SONS SET = SELECTABLE SET \MF SET

(3)

Step 0 is completed. Step 1 starts with the determination of the sets of interestfor the first child of MF, namely DF 7F10. MF SET is known and coincides withMF, CURRENT SET is also known and coincides with DF 7F10, PARENT SET isknown and coincides with MF and DF SIBLINGS SET is also known and coin-cides with DF 7F4F. After the extraction of SONS SET from SELECTABLE SET,step 1 is completed. No DF is present among the sons of DF 7F10 and sorecursion for this branch stops at this depth level. Step 2 will proceed in thesame way but on DF 7F4F, as shown in Table 8. Figure 2 shows the SIM cardfilesystem reconstructed. Obviously, all information necessary to reconstructthe links between nodes is indirectly obtained from direct child relationshipsand recursion. It is important to note that browsing the entire file ID space,while slowing the process of extraction, allows us to extract non standard fileswhich otherwise would be unreachable. From a Digital Forensics perspective,this is an advantage that largely overcomes the overhead in computation time.


MF3F00

DF7F10

DF7F4F

EF6F3A

EF6F3B

EF6F4B

EF6F1F

EF6F1C

EF6F1E

....

Fig. 2. Graph which shows the extracted filesystem.

To demonstrate what we have explained, we have implemented an opensource tool, SIMBrush [9] [20] [23] [10], which is aimed at exploring and carv-ing out all the observable memory content of a SIM/USIM card. Presently,SIMBrush is able to extract the body of those files whose access conditionsare ALW and CHV1/CHV2, and the latter case is possible only if the appropriatecode is provided, that is when PIN1 (CHV1) or PIN2 (CHV2) are provided. Themain algorithm is based on the construction of a binary tree, which is a suit-able data structure for SIM card data, being this structure equivalent to ann-ary tree. The algorithm is outlined in the following snippet of pseudo-code:

Procedure Build_TreeExpand_DF(PARENT_SET = 0,

CURRENT_SET = {MF},DF_SIBLINGS_SET = 0);

EndProcedure Expand_DF(PARENT_SET: NODE, CURRENT_SET: NODE, DF_SIBLINGS_SET: NODE)

Select(CURRENT_SET);SELECTABLE_SET = Brush(CURRENT_SET);SONS SET = SELECTABLE_SET \

(MF_SET UCURRENT_SET UPARENT_SET UDF_SIBLINGS_SET);

For each node N belonging to SONS_SET,Place_in_tree(N);If N equal DF Then

Expand_DF(PARENT_SET = CURRENT_SET,CURRENT_SET = N,DF_SIBLINGS_SET = DF_SIBLINGS_SET \ {N});

EndEnd

• Build Tree: this procedure initializes the parameters of the recursivefunction Expand DF.

• Expand DF: is the recursive function that, starting from the filesystemroot, brushes the ID space, searching all existing EFs and DFs and findingall sons of the current node, which are placed, dynamically, in a binarytree data structure. For each son, if this is an EF then it is placed in the


data structure; otherwise, if it is a DF then the Expand DF function actsrecursively, updating all interested sets.

• NODE: defines the main data structure to store all filesystem’s data.• Select: sends a SELECT command to the SIM card.• Brush: this function selects a Dedicated File, passed as the argument,

which becomes the current DF, and brushes the entire logical ID’s space,obtaining the SELECTABLE set related to such DF as a result.

We then show the pseudo-code of the Brush function, which has been reportedfor completeness:

Start:Select(Starting_Point);ID_FILE = 0x0000;

Label 2:Select(ID_FILE);If (ID_FILE is present)

Header_extraction(ID_FILE);If (ID_FILE is EF)

Body_extraction(ID_FILE);Else

Add ID_FILE to SELECTABLE_SET;Select(Starting_Point);

Label 1:If (ID_FILE equal 0xFFFF)

Go to Start;Else

ID_FILE = ID_FILE + 1;Go to Label 2;

ElseGo to Label 1;

As already explained before, it is quite trivial to extract the standard part ofthe filesystem because the various EFs are accessible by fixed paths startingfrom the root of the filesystem. For example, in order to read the contentsof the ICCID EF (2FE2) it is sufficient to select it with the SELECT commandand read it by giving the path 3F00/2FE2. If an EF had to be read under DF7F20, such as the SST EF (6F38), 3 SELECT commands should have been issued- for 3F00, 7F20 and finally, for 6F38. After that, it would be possible to readthe contents by issuing a READ command with the path 3F00/7F20/6F38. Allthe standard part of the filesystem, about 70 EFs, can be used to extract alot of information regarding the subscriber, his/her acquaintances, the SMStraffic, the provider or the location of the subscriber [10][9]. Many proprietaryor open-source tools, as already mentioned, do this without considering theso-called nonstandard part of the filesystem that we are going to analyze indepth in the next section.

5 Analysis of a Complete Filesystem of a SIM/USIMCard

The nonstandard part of the SIM/USIM filesystem has been discovered by theauthors using an open-source tool, SIMbrush, created with the main purpose


Start

Select(Starting_Point);

ID_FILE = 0x0000;

Select(ID_FILE);

ID_FILE is present?

Header_extraction(ID_FILE);

ID_FILE is an EF?

Body_extract(ID_FILE);

YES

YES

Add ID_FILE to

SELECTABLE_SET

Select(Starting_Point);

ID_FILE equal 0xFFFF?

ID_FILE = ID_FILE+1;

NO

NO

NO

Start

YES

Fig. 3. Flow chart of the main algorithm.

to acquire, without using any “black-hat” methods, the entire contents of asmart card memory. An example of a complete filesystem present in a 128Kbyte SIM card can be seen in Table 11. Moreover, another example of a fullfilesystem of a 32 Kbytes SIM card can be seen in Figure 5. Each row of thetable represents a node of the n-ary tree of the filesystem. This way, we canmanage the huge amount of information regarding the meta-data in a compactmanner. We can see seven fields which are ID, standard name of an EF or DF,file type (MF,DF,EF), privileges, (which are related to the constraints on theexecution of a set of commands, as already said), structure of file (transparent,linear fixed or cyclic), the field related to father of nodes, important to see thereal structure of the n-ary tree, and finally, the size of the elementary files.

By analyzing the full list of files in the table, it can be seen that non-standard files, labelled as “NS”, are the predominant part, and our goal is to


prove that some of these files can be used for data hiding purposes. Dedicatedfile 7F21 contains the same elementary file of DF 7F20, for backward compat-ibility through mobile equipment belonging to Phase 1 DCS 1800 [24], andthere are no apparent inconsistencies related to the presence of files with thesame ID, because the standard explains such a fact. There are also other filesplaced in nonstandard directories, such as the 7FBB DF, but unfortunately,even looking at non official reference standards, there is no official interpreta-tion about this DF. It is our opinion that some of these replicated standardfiles are placed in nonstandard locations for backward compatibility.

By analyzing, for example, the nonstandard elementary files under DF5FFF, namely the EFs ranging from 1F0C to 1F3F, it is easy to see that thesefiles can be modified with the Update command, because the privilege for thiscommand is CHV1. This means that everyone who knows the PIN1 of the cardis authorized to store arbitrary data by replacing the contents of the existingfiles. Clearly, this is the worst case scenario: indeed, it is always possible tomodify the contents of these files, if the card is not protected with the CHV1

code.This fact raises a new question about the concrete possibility to hide in-

formation in nonstandard locations of SIM/USIM cards, and it is clearly anopen issue, that could also be analyzed from the steganography point of view.As stated in [21] [22], steganography refers to the science of concealed com-munication over a covert channel, such as an ordinary digital image. It isdifferent from cryptography, where the goal is to secure communications froman eavesdropper, and it tries to conceal the real presence of the message froman external observer. Its formulation can be done in terms of the prisoner’sproblem, where two inmates, Alice and Bob, wish to communicate a secretmessage “m” between one another in order to carry out an escape plan. Tocommunicate between one another and not raise any suspicion in the warden,Wendy, the two prisoners use a steganographic algorithm to hide message “m”into a so-called cover object “c”, thus obtaining the stego-object “s”. Subse-quently, the stego-object is sent through the public channel and is analyzedby the warden with the help of steganalysis techniques to see if there are anysecret messages concealed in the transferred object. In the next section, weare ready to explore a possible framework which can be used to demonstratethat data hiding is feasible in this kind of devices.

6 Data Hiding and Recovery on a SIM/USIM Card

As already explained, hiding data in SIM/USIM cards is based on the presenceof a non declared part of the filesystem that can be used to store arbitrarydata if the privileges permit. We will now present a possible methodology toperpetrate the data hiding, and subsequently, we will discuss best practiceswhich can be used in order to recover the hidden message.


Fig. 4. Transmission of information by using an ordinary SIM/USIM card as cover-object.

Nowadays, there is a massive use of data hiding techniques for concealingarbitrary information in means which are not normally used for this purpose.In other words, we are constrained to consider the fundamental problem ofdata hiding by analyzing how an innocent means, such as an ordinary digitalimage or a SIM/USIM card, can become a covert channel. From a forensicsperspective, it is absolutely mandatory to know which best practices to applyin order to recover all data which has a potential evidential value, and to knowhow to deal with this emerging problem.

As described in [2], a covert channel is a communications link betweentwo parties that allows one individual to transfer information to the otherin a manner that violates the system’s security policy. Covert channels areclassified into covert storage channels, in which one transfers information toanother by writing to a shared storage location, and covert timing channels,in which one signals information to another by modulating temporal systemresources. We will focus on a covert storage channel present in SIM/USIMcards by making use of the writable nonstandard part of the filesystem ofsuch devices. As already stated in the previous section and in [23], there isa specific nonstandard part in the filesystem of a SIM/USIM card that cannot be discovered by using the standard tools belonging to the field of cellularforensics [25][6][14][8], which are used to create a binary image of the memoryof such embedded device. This creates a potentially dangerous situation thatcan be used by whoever wants to conceal communication and/or perpetratea criminal action.


6.1 A Possible Data Hiding Procedure

In order to create the stego-object we need to embed the message in the cover-object, namely the SIM/USIM, by using a portion of the nonstandard part ofthe filesystem. Here we present a possible scheme for this purpose.

• Extraction of the binary image: at this stage we need to deal with theimportant task of acquiring all the observable content from a SIM/USIMcard. This is clearly possible for example by using the mentioned toolwhich is able to analyze the entire logical space of the EEPROM, thusdiscovering the nonstandard part.

• Creation of the File Allocation Table (FAT): having extracted the completeset of headers related to the SIM/USIM filesystem, it is quite trivial toobtain the FAT, as shown in Table 11.

• Selection of the Writable Nonstandard Part (WNSP): by inspecting theprivileges regarding the Update command, it is possible to discover all thenonstandard files which can arbitrarily be modified, in the worst case withthe users’ privileges.

• Allocation of the message in the WNSP : the message that is going to beconcealed needs to be broken into many chunks, according to the size ofthe nonstandard files that will be rewritten. At this stage, there are manypossible strategies that can be used. The selected nonstandard files willconstitute the steganographic key, used to recover the hidden message.

In order to understand this procedure we can analyze an example, by consid-ering the FAT presented in Table 11. In this case, by adding up all file sizes,the total occupied space amounts to 56887 bytes, whereas the non standardpart is 42859 bytes. The effective writable nonstandard part (WNSP) is 16549bytes, about 29,1% of the total space.

ID Name Type Privileges Structure Father Size [bytes]

1F0C NS EF CHV1,CHV1,NEV,CHV1,CHV1 linear fixed 5FFF 34

1F1E NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 70

1F1F NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 70

1F21 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 1280






Table 9. A portion of Writable Non-Standard Part.

As shown in Table 9, we have isolated a portion of the nonstandard part inorder to give a proof-of-concept of the possibility to implement data hiding atthe filesystem level of a SIM/USIM card. These nonstandard elementary filesbelong to the nonstandard DF 5FFF, located under the standard DF 7F10


0000

0011

0100

0200

2F20

2F30

2F31

2F32

2F33

2F34

2FEE

2FEF

EECF

EF (ICCID)

2FE2

MF

3F00

DF (TELECOM)

7F10DF (GSM)

7F20

DF (DCS1800)

7F217F4F

EF (ADN)

6F3A

EF (FDN)

6F3B

EF (SMS)6F3C

EF (CCP)6F3D

EF (MSISDN)

6F40EF (SIMSP)

6F42

EF (SMSS)

6F43

EF (LND)

6F44

EF (EXT1)

6F4A

EF (EXT2)

6F4B

6F16

6F1C

6F1E

EF (LP)

6F05

EF (IMSI)

6F07

EF (Kc)

6F20

EF (PLMNcel)

6F30

EF (HPLMN)

6F31

EF (ACMmax)

6F37EF (SST)

6F38

EF (ACM)

6F39

EF (PUCT)

6F41

EF (CBMI)

6F45

EF (SPN)

6F46

EF (BCCH)

6F74

EF (ACC)

6F78

EF (FPLMN)

6F7B

EF (LOCI)

6F7E

EF (AD)

6FAD

EF (PHASE)6FAE

EF (KcGPRS)

6F52

EF (LOCIGPRS)

6F53EF (SUME)

6F54

0005 0006

Fig. 5. Real Filesystem of a 32 Kbytes SIM card.


(DF Telecom) [24]. All the files are writable because the privileges related toUpdate are set to CHV1, which allows the storage of any message. As mentionedabove, the size of the hidden message is limited by the size of the WNSP. Inthis case we have selected only a subset of this hidden part and the maximumsize of the storable message will be 4544 bytes, as can be verified by addingup all the sizes of the nonstandard files. To verify the possibility of applyingour method, we have implemented an ad-hoc tool based on open-source soft-ware [13], which is able to communicate with the SIM/USIM by using thestandard API with a set of Perl procedures. In this example, the stego-keywill be the sequence of paths of the nonstandard EFs. Thus, a possible keycould be (3F00, 7F10, 5FFF, #, 1F0C, 1F1E, 1F1F, 1F21, 1F22, 1F23, 1F24,1F34, 1F38), where the # symbol indicates the separation between DFs andEFs: thus, the first nonstandard EF will be located in 3F00/7F10/5FFF/1F0C.The key specifies the order of nonstandard EFs that must be read in order toproperly recover the hidden message. Clearly, a different coding is possible,as well as the use of cryptography. For our purposes, we have used the sim-ple 7-bit coding, normally used to store an SMS in the standard part of thefilesystem. After the generation of the message, whose size, as already said, islimited to 4544 bytes, the next step is to divide it into chunks of suitable sizes,by matching the sizes of nonstandard EFs. There are many different strategiesin this allocation phase, depending on the stego-key. In our example we haveused a simple allocation policy, similar to the first fit technique used by amemory allocator in an operating system. It is also possible to use a scram-bling technique, by using a different order in the allocation step. For example,we could use the following stego-key that is related to a different allocationfor the same message: (3F00, 7F10, 5FFF, #, 1F1E, 1F0C, 1F21, 1F1F, 1F23,1F22, 1F34, 1F24, 1F38).

Having proved that data hiding is possible in such devices, it is mandatoryto sketch some guidelines about which best practices can be used by theforensics practitioner in order to deal with this problem. Undoubtedly, the firstthing is to understand that the actual tools belonging to the field of cellularforensics, whose aim is to extract the standard part, have a fundamentaldrawback, not being able of acquiring all the memory content. Having saidthis, in the authors’ opinion, it is important to alert the forensics community inorder to fix this absence. If we assume that we have the complete SIM/USIMmemory image, we can see how one can deal with the problem of the extractionof sensitive data from this device.

• Extraction of the nonstandard part from the image: this task is necessaryin order to isolate all the potentially valuable data.

• Application of the steganalysis methods: this is the most challenging stepbecause it is unknown whether there are any concealed data in the non-standard part, or which coding has been used for the hiding purpose.

The latter step can be really time-consuming and is very similar to theproblem of detecting a hidden message in an ordinary digital image [21]. A


possible solution to approach this problem is to apply a brute force translationmethod, by decoding the various chunks of nonstandard contents trying to seesomething intelligible.

We have applied the proposed data hiding procedure to 7 SIM cards and1 USIM. As can be seen from Table 10, the biggest writable nonstandard partcan be found in 128 Kbytes SIM cards, whereas there is a substantial absenceof such space in the lower sized SIM cards. In the USIM card analyzed, onlya few accessible nonstandard files are present, because the WNSP is equalto 107 bytes. The acronym NSP, present in Table 10, means NonstandardPart whereas TES stands for Total Engaged Space and they are expressed inbytes. All the WNSPs have been rewritten according to the proposed datahiding methodology. After that, all cards have been tested in order to verifythe functionality, and all the concealed contents has been recovered with thementioned software.

# Provider Country EEPROM Phase Services WNSP NSP TES

1 TIM Italy 16KB 2 GSM 0 151 6997

2 Vodafone Italy 32KB 2 GSM 0 531 8743

3 BLU Italy 64KB 2+ GSM 0 21122 31087

4 Omnitel Italy 64KB 2+ GSM 0 17427 25689

5 Wind Italy 64KB 2+ GPRS 96 4737 22651

6 TIM Italy 128KB 2+ GPRS 16549 42859 56887

7 TIM Italy 128KB 2+ GPRS 12478 25112 45729

8 H3G Italy 128KB 3 UMTS 107 21290 30826

Table 10. WNSP of some of the analyzed SIM/USIMs.

7 Conclusions

In this chapter we have illustrated the real filesystem related to the SIM/USIMcard embedded devices. We have depicted the main building blocks of suchdevices, by pinpointing possible vulnerabilities and attacks to such systems.After that, we have introduced the fundamental blocks of a cellular networkand where a SIM/USIM can be placed. In addition, the basic logical structureof a smart card for TLC has been described with a detailed discussion on howit is possible to interact with it. Moreover, a general algorithmic procedurefor extracting all the observable content has been provided, by mentioningalso an implementation of these concepts in an open source tool [20]. Finally,we have discussed about data hiding at the filesystem level of a SIM/USIM,also providing some useful examples to demonstrate the effectiveness of theprocedure.


Table 11: A full list of standard and nonstandard files extracted from a TIM 128Kbytes SIM card. The field Size is expressed in bytes.

ID Name Type Privileges Structure Father Size3F00 MF MF — — — —2F00 NS EF ALW3,ALW,ADM,NEV,NEV linear fixed 3F00 462F05 ELP EF ALW,CHV1,NEV,NEV,NEV transparent 3F00 42F06 NS EF ALW,NEV,NEV,NEV,NEV linear fixed 3F00 3302FE2 ICCID EF ALW,NEV,NEV,NEV,NEV transparent 3F00 102FE4 NS EF ALW,NEV,NEV,NEV,NEV transparent 3F00 352FE5 NS EF ALW,NEV,NEV,NEV,NEV transparent 3F00 62FFE NS EF CHV1,ADM,NEV,NEV,NEV transparent 3F00 87F10 DFTELECOM DF — — 3F00 —5F3A NS DF — — 7F10 —4F21 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 5004F22 NS EF CHV1,CHV1,NEV,ADM,ADM transparent 5F3A 44F23 NS EF CHV1,CHV1,NEV,ADM,ADM transparent 5F3A 24F24 NS EF CHV1,CHV1,NEV,ADM,ADM transparent 5F3A 24F25 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 5004F26 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 12504F30 SAI EF CHV1,ADM,NEV,ADM,ADM linear fixed 5F3A 1284F3A NS EF CHV1,CHV1,NEV,CHV2,CHV2 linear fixed 5F3A 70004F3D NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 754F4A NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 394F4B NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 704F4C NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 704F50 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 12804F61 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 3404F69 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5F3A 5005FFF NS DF — — 7F10 —1F00 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 1051F01 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 1751F02 NS EF CHV1,CHV1,NEV,NEV,NEV transparent 5FFF 111F03 NS EF ALW,ADM,NEV,NEV,NEV linear fixed 5FFF 401F04 NS EF ALW,CHV1,NEV,NEV,NEV transparent 5FFF 41F05 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 5FFF 6401F06 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 5FFF 4201F07 NS EF CHV1,ADM,NEV,ADM,ADM transparent 5FFF 201F08 NS EF CHV1,CHV1,NEV,NEV,NEV transparent 5FFF 1751F09 NS EF CHV1,CHV1,NEV,ADM,ADM transparent 5FFF 1001F0A NS EF ADM,ADM,NEV,ADM,ADM linear fixed 5FFF 161F0B NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 161F0C NS EF CHV1,CHV1,NEV,CHV1,CHV1 linear fixed 5FFF 341F1E NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 701F1F NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 701F20 NS EF CHV1,ADM,NEV,ADM,ADM linear fixed 5FFF 1281F21 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 12801F22 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 3401F23 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 5001F24 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 12501F34 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 5001F38 NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 5FFF 5001F3D NS EF CHV1,CHV1,NEV,ADM,ADM transparent 5FFF 41F3E NS EF CHV1,CHV1,NEV,ADM,ADM transparent 5FFF 21F3F NS EF CHV1,CHV1,NEV,ADM,ADM transparent 5FFF 21F40 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 7001F41 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 1001F42 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 131F43 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 110001F44 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 50001F45 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 800

Continued on next page

3 The sequence of privileges is related to, as explained in the text, the execution ofa defined set of commands issuable to a SIM card, namely Read, Update, Increase,Rehabilitate and, finally, Invalidate.


Table 11 – continued from previous pageID Name Type Privileges Structure Father Size

1F52 NS EF ADM,ADM,NEV,ADM,ADM transparent 5FFF 506F06 NS EF ALW,NEV,NEV,NEV,NEV linear fixed 7F10 7706F3A ADN EF CHV1,CHV1,NEV,CHV2,CHV2 linear fixed 7F10 70006F3B FDN EF CHV1,CHV2,NEV,ADM,ADM linear fixed 7F10 3646F3C SMS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 7F10 52806F40 MSISDN EF CHV1,CHV1,NEV,ADM,ADM linear fixed 7F10 286F42 SMSP EF CHV1,CHV1,NEV,ADM,ADM linear fixed 7F10 846F43 SMSS EF CHV1,CHV1,NEV,ADM,ADM transparent 7F10 26F44 LND EF CHV1,CHV1,NEV,ADM,ADM cyclic 7F10 846F49 SDN EF CHV1,ADM,NEV,ADM,ADM linear fixed 7F10 3366F4A EXT1 EF CHV1,CHV1,NEV,ADM,ADM linear fixed 7F10 396F4B EXT2 EF CHV1,CHV2,NEV,ADM,ADM linear fixed 7F10 396F4F NS EF CHV1,CHV1,NEV,ADM,ADM linear fixed 7F10 756F54 SUME EF ADM,ADM,NEV,NEV,NEV transparent 7F10 22C000 NS EF ADM,ADM,NEV,NEV,NEV linear fixed 7F10 427F20 DFGSM DF — — 3F00 —0002 NS EF NEV,NEV,NEV,NEV,NEV transparent 7F20 166F05 LP EF ALW,CHV1,NEV,NEV,NEV transparent 7F20 26F07 IMSI EF CHV1,ADM,NEV,CHV1,NEV transparent 7F20 96F20 Kc EF CHV1,CHV1,NEV,NEV,NEV transparent 7F20 96F30 PLMNsel EF CHV1,CHV1,NEV,NEV,NEV transparent 7F20 1056F31 HPLMN EF CHV1,ADM,NEV,ADM,ADM transparent 7F20 16F38 SST EF CHV1,ADM,NEV,NEV,NEV transparent 7F20 126F3E GID1 EF CHV1,ADM,NEV,ADM,ADM transparent 7F20 96F3F GID2 EF CHV1,ADM,NEV,ADM,ADM transparent 7F20 96F45 CBMI EF CHV1,CHV1,NEV,NEV,NEV transparent 7F20 46F46 SPN EF ALW,ADM,NEV,NEV,NEV transparent 7F20 176F48 CBMID EF CHV1,ADM,NEV,ADM,ADM transparent 7F20 66F52 PKcG EF CHV1,CHV1,NEV,NEV,NEV transparent 7F20 96F53 LOCIGPRS EF CHV1,CHV1,NEV,NEV,NEV transparent 7F20 146F54 SUME EF ADM,ADM,NEV,NEV,NEV transparent 7F20 226F74 BCCH EF CHV1,CHV1,NEV,NEV,NEV transparent 7F20 166F78 ACC EF CHV1,ADM,NEV,ADM,ADM transparent 7F20 26F7B FPLMN EF CHV1,CHV1,NEV,NEV,NEV transparent 7F20 126F7E LOCI EF CHV1,CHV1,NEV,CHV1,NEV transparent 7F20 116FAD AD EF ALW,ADM,NEV,NEV,NEV transparent 7F20 46FAE PHASE EF ALW,ADM,NEV,NEV,NEV transparent 7F20 16FF5 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F20 8806FF6 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F20 11006FF7 NS EF ADM,ADM,NEV,ADM,ADM transparent 7F20 1006FF8 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F20 1206FF9 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F20 246FFA NS EF ADM,ADM,NEV,ADM,ADM transparent 7F20 166FFB NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F20 2436FFF NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F20 48C000 NS EF ADM,ADM,NEV,NEV,NEV linear fixed 7F20 1447F21 NS DF — — 3F00 —0002 NS EF NEV,NEV,NEV,NEV,NEV transparent 7F21 166F05 LP EF ALW,CHV1,NEV,NEV,NEV transparent 7F21 26F07 IMSI EF CHV1,ADM,NEV,CHV1,NEV transparent 7F21 96F20 Kc EF CHV1,CHV1,NEV,NEV,NEV transparent 7F21 96F30 PLMNsel EF CHV1,CHV1,NEV,NEV,NEV transparent 7F21 1056F31 HPLMN EF CHV1,ADM,NEV,ADM,ADM transparent 7F21 16F38 SST EF CHV1,ADM,NEV,NEV,NEV transparent 7F21 126F3E GID1 EF CHV1,ADM,NEV,ADM,ADM transparent 7F21 96F3F GID2 EF CHV1,ADM,NEV,ADM,ADM transparent 7F21 96F45 CBMI EF CHV1,CHV1,NEV,NEV,NEV transparent 7F21 46F46 SPN EF ALW,ADM,NEV,NEV,NEV transparent 7F21 176F48 CBMID EF CHV1,ADM,NEV,ADM,ADM transparent 7F21 66F52 PKcG EF CHV1,CHV1,NEV,NEV,NEV transparent 7F21 96F53 LOCIGPRS EF CHV1,CHV1,NEV,NEV,NEV transparent 7F21 146F54 SUME EF ADM,ADM,NEV,NEV,NEV transparent 7F21 226F74 BCCH EF CHV1,CHV1,NEV,NEV,NEV transparent 7F21 166F78 ACC EF CHV1,ADM,NEV,ADM,ADM transparent 7F21 2

Continued on next page


Table 11 – continued from previous pageID Name Type Privileges Structure Father Size

6F7B FPLMN EF CHV1,CHV1,NEV,NEV,NEV transparent 7F21 126F7E LOCI EF CHV1,CHV1,NEV,CHV1,NEV transparent 7F21 116FAD AD EF ALW,ADM,NEV,NEV,NEV transparent 7F21 46FAE PHASE EF ALW,ADM,NEV,NEV,NEV transparent 7F21 16FF5 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F21 8806FF6 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F21 11006FF7 NS EF ADM,ADM,NEV,ADM,ADM transparent 7F21 1006FF8 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F21 1206FF9 NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F21 246FFA NS EF ADM,ADM,NEV,ADM,ADM transparent 7F21 166FFB NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F21 2436FFF NS EF ADM,ADM,NEV,ADM,ADM linear fixed 7F21 48C000 NS EF ADM,ADM,NEV,NEV,NEV linear fixed 7F21 1447FBB NS DF — — 3F00 —6F11 NS EF NEV,NEV,NEV,NEV,NEV transparent 7FBB 566F1F NS EF NEV,NEV,NEV,NEV,NEV transparent 7FBB 566F21 NS EF ADM,ADM,NEV,NEV,NEV transparent 7FBB 96F2F NS EF ADM,ADM,NEV,NEV,NEV transparent 7FBB 96F30 PLMNsel EF NEV,NEV,NEV,NEV,NEV linear fixed 7FBB 406F31 HPLMN EF ADM,ADM,NEV,NEV,NEV linear fixed 7FBB 206F33 NS EF ADM,ADM,NEV,NEV,NEV transparent 7FBB 2C001 NS EF ADM,ADM,NEV,NEV,NEV transparent 7FBB 8C002 NS EF ADM,ADM,NEV,NEV,NEV transparent 7FBB 2C003 NS EF ADM,ADM,NEV,ADM,ADM transparent 7FBB 1C018 NS EF NEV,ADM,NEV,NEV,NEV transparent 7FBB 16C019 NS EF NEV,ADM,NEV,NEV,NEV transparent 7FBB 80C01A NS EF NEV,ADM,NEV,NEV,NEV transparent 7FBB 5C01B NS EF ADM,ADM,NEV,NEV,NEV transparent 7FBB 37FBC NS DF — — 3F00 —C010 NS EF NEV,ADM,NEV,NEV,NEV linear fixed 7FBC 80C011 NS EF ADM,NEV,NEV,NEV,NEV linear fixed 7FBC 28C012 NS EF ADM,NEV,NEV,NEV,NEV linear fixed 7FBC 77C013 NS EF ADM,NEV,NEV,NEV,NEV linear fixed 7FBC 28C01C NS EF ADM,ADM,NEV,NEV,NEV transparent 7FBC 3C01F NS EF ADM,NEV,NEV,NEV,NEV transparent 7FBC 5

References

1. Digital Forensics Research Workshop 2001. DFRWS Technical Report DTR-T001-01 final, 2001. Paper available at: http://www.dfrws.org/2001/

dfrws-rm-final.pdf.2. K. Ahsan and D. Kundur. Department of Defence Trusted Computer System

Evaluation Criteria. Tech. Rep. DOD 5200.28-ST, Department of Defence, De-cember 1985.

3. J. Bates. Foundamentals of Computer Forensics. Information Secuity TechnicalReport, 4:16–17, 1999.

4. L. Benini, A. Macii, E. Macii, E. Omerbegovic, F. Pro, and M. Poncino. Energy-aware Design Techniques for Differential Power Analysis Protection. In Proceed-ings of High-Level Design Validation and Test, IEEE, 2005.

5. E. Biahm and A. Shamir. Differential Fault Analysis of Secret Key Cryptosys-tems. In Proceedings of the 17th Annual International Cryptology Conferenceon Advances in Cryptology, Springer-Verlag, 1997.

6. R. Binns. BitPim. Software available at: http://bitpim.sourceforge.net/.7. Secure Microcontrollers 32 bit RISC CPU. Techical Specifications, 2007. http:

//www.atmel.com/products/SecureARM/.


8. G. Manes C. Swenson and S. Shenoi. Imaging and Analysis of GSM SIM Cards.In IFIP International Federation for Information Processing, Springer Boston,pages 205–216, 2006.

9. A. Savoldi F. Casadei and P. Gubian. SIMBrush: An Open Source Tool forGSM and UMTS Forensics Analysis. In Proceedings of Systematic Approachesto Digital Forensic Engineering, First International Work-shop, IEEE, pages105–119, 2005.

10. A. Savoldi F. Casadei and P. Gubian. Forensics and SIM Cards: An Overview.International Journal of Digital Evidence, 5, 2006. Paper available at: http://www.utica.edu/academic/institutes/ecii/ijde/index.cfm.

11. D. Harril and R. Mislan. A Small Scale Digital Device Forensics Ontology.Small Scale Device Forensics Journal, 1, 2007. Paper available at: http://www.ssddfj.org/papers/SSDDFJ_V1_1_Harrill_Mislan.pdf.

12. L. Huiyun, A.T. Markettos, and S. Moore. Security Evaluation Against Elec-tromagnetic Analysis at Design Time. In Proceedings of the 40th Conference onDesign Automation, ACM Press, 2003.

13. SimSoft Inc. GSM Phone Card Viewer. Software available at: http://www.

linuxnet.com/applications/files/gsmcard_0.9.1.tar.gz.14. Netherland Forensics Institue. Card4Labs. Software available at: http://www.

forensischinstituut.nl/NFI/nl.15. D. Leroy, S.J. Piestrak, F. Monteiro, and A. Dandache. Modeling of Transients

Caused by a Laser Attack on Smart Cards. In Proceedings of On-Line TestingSymposium (IOLTS), IEEE, 2005.

16. ARM Ltd. ARM SecurCore Technology, 2003. http://www.arm.com/.17. MIPS. SmartMIPS Architecture Smart Card Extension1, 2005. http://www.

mips.com.18. M. Mouly and M. Pautet. Current Evolution of the GSM Systems. Personal

Communications, 2:9–19, 1995.19. Scientific Working Group on Digital Evidence. Proposed Standards for the Ex-

change of Digital Evidence, 2001. http://www.fbi.gov/hq/lab/fsc/backissu/april2000/swgde.htm.

20. A. Savoldi. SIMBrush: An Open Source Tool for Digital Investigation ofSIM/USIM, 2005. Software available at: http://www.ing.unibs.it/~antonio.savoldi.

21. A. Savoldi and P. Gubian. A Methodology to Improve the Detection Accuracy inDigital Steganalysis. In Proceedings of International Conference on IntelligentInformation Hiding and Multimedia Signal Processing, IEEE, 2006.

22. A. Savoldi and P. Gubian. Blind Multi-Class Steganalysis System Using WaveletStatistics. In Proceedings of International Conference on Intelligent InformationHiding and Multimedia Signal Processing, IEEE, 2007.

23. A. Savoldi and P. Gubian. SIM and USIM Filesystem: A Forensics Perspective.In Proceedings of Symposium on Applied Computing, Computer Forensics Track,ACM, 2007.

24. ETSI TS 100 977 v8.3.0. Specification of the Subscriber Identity Module - MobileEquipment (SIM - ME) Interface. Paper available at: http://www.id2.cz/

normy/gsm1111v830.pdf.25. J. van den Bos and R. van der Knijff. TULP2G An Open Source Forensic

Software Framework for Acquiring and Decoding Data Stored in ElectronicDevices. International Journal of Digital Evidence, 4, 2005. Software availableat: http://www.utica.edu/academic/institutes/ecii/ijde/index.cfm.


26. C. Yang, G. Tian, and S. Ward. Security Systems of Point-of-Sales Devices.The International Journal of Advanced Manufacturing Technology, 34:799–815,2007.

Documents

Embedded Forensics: An Ongoing Research on SIM/USIM Cards, Antonio Savoldi