‘Smart’ Tactics for Smothering Fraud

Smart card and device manufacturers team up to prevent 3G subscriber fraud

A lively story now passing around the circuits concerns SIM (Subscriber Identity Module) cards—and the ability to tamper with the user information. The story goes like so: A group of renegades are stealing mobile phones and reconfiguring the SIM cards to gain free mobile service on GSM networks.

Among the experts asked, most rated the rumor as a 10 on the “Strongly disagree that this story holds water” scale.

“Our cards can’t be reconfigured,” says Jean-Louis Carrara, director of telecommunications in North America at Gemplus, a maker of smart-card-based security, wireless and e-commerce applications. “I’ve heard of security breaches occurring internally in development labs, but not once the cards are released into the public sector.”

The cards gain additional security when the card is personalized with a subscriber’s information, says Carrara. During the personalization stage, the retailer loads specific user data into the card’s memory. The mobile operator or retailer can update certain data files on the card, and other files can only be read. “Some files can never be updated again,” says Carrara. “No one can get to those files or read the files. This ensures that the subscribers using those SIM cards cannot use the network unless they are authenticated.”

Because of the strong authentication and encryption requirements, GSM phones are more tamper-resistant, says Clay Simmons, technical account manager for Nokia’s mobile phones research and development, and other security professionals. The SIM allows the network to guarantee the subscriber’s identity for billing purposes, which lowers potential fraud.

In a GSM network, each subscriber has a unique identity, which is programmed into the SIM card during personalization. This code identifies the subscriber to the network operator as the network and the SIM compare a series of numbers, explains Simmons.

When a user turns on a phone with a SIM card, the subscriber number is released into the network. The network then challenges the SIM card to provide the subscriber’s identity by sending the card a random value. The SIM must send the same random value to the network. The network and the card both run a 128-bit algorithm. The SIM card must respond with an arbitrary value that matches the network’s value. If the values match, the network assumes that the user is the mobile subscriber. This “handshake” identifies the subscriber to the operator.

Prior security breaks

Although many industry insiders are unfamiliar with SIM reconfiguration fraud, hackers have cracked the SIM encryption. “It’s highly unlikely that someone can reconfigure a SIM to obtain free service. However, these attacks are possible, if someone has cloned a SIM in their possession and the operator is using the COMP128 algorithm,” said David Pullen, a consultant with FML Solutions, a professional services firm specializing in revenue assurance, fraud and security management.

In 1998, a team of graduate students at the University of California at Berkeley and a cryptologist cloned a phone by cracking the SIM encryption. The group subjected the SIM to hours of “challenges” by a computer before gaining the user ID. At the time, industry officials belittled the hack, claiming that at best it gained a few hours of airtime. In most cases, the mobile operator’s antifraud system would kick the phone off the air once the subscriber reported the theft. The cloned phone would only be in service for a minimal amount of time.



Progress in North America

As mobile operators introduce 2.5 and 3G networks into North America, the device manufacturers are refining GSM specifications to work in TDMA and CDMA environments. North America is using R-UIM (Removable User Identity Module) cards that have the same physical and logical properties as SIMs.

To use these removable cards, the network will require limited changes, says Scott Hicks, who works with standards and carrier features at Ericsson. “TDMA and CDMA networks have defined subscriber parameters where the device’s electrical serial number is inseparable from the mobile subscriber identity,” explains Hicks. This combination is separated with a SIM or R-UIM. The mobile subscriber identity will be on the card, and the electronic serial number will be on the device. The network will have to communicate with the R-UIM rather than the device. But the signature ID will look the same from the network’s point of view, he says.

Additional defense measures

To further minimize fraud, subscribers can activate their PIN (personal identification number), which authenticates the user to the network. This second layer of authentication prevents fraud in the case of lost or stolen phones. If an incorrect PIN code is entered three times, the phone will lock up and refuse service except for emergency numbers. Only the mobile operator can reactivate the phone.

“It’s one extra level of protection. Only the owner knows the PIN, and it must be used to operate the phone or access files,” says Hicks.

PIN-activated phones have been available for years, but subscribers rarely add the extra protection. They would rather accept the possible consequences than key in the extra numbers. To offset this vulnerability, manufacturers plan to add WIM (Wireless Identity Module) applications to the SIM to strengthen the security during a WAP session. WIM will allow public and private key loading into the SIM card, which can be used to ensure the consumer’s data integrity and confidentiality, as well as protect the retailer from nonrepudiation.

Other long-range plans from device and smart card manufacturers to strengthen security include multifactor authentication, which would require a thumb or a voice match to enable service. “We will provide as strong an authentication as necessary for the mobile Internet,” says Verne Meredith, vice president of sales and marketing at Diversinet, a wireless security infrastructure provider. “This advanced type of authentication uses an elliptical curve with higher algorithms, which make it more difficult for hackers to crack the encryption than current implementations available on the Internet.”