Secure protocol for Subscriber Identity Module

摘要

Subscriber Identity Module (SIM) is the backbone of modern mobile communication. SIM can be used to store a number of user sensitive information such as user contacts, SMS, banking information (some banking applications store user credentials on the SIM) etc. Unfortunately, the current SIM model has a major weakness. When the mobile device is lost, an adversary can simply steal a user's SIM and use it. He/she can then extract the user's sensitive information stored on the SIM. Moreover, The adversary can then pose as the user and communicate with the contacts stored on the SIM. This opens up the avenue to a large number of social engineering techniques. Additionally, if the user has provided his/her number as a recovery option for some accounts, the adversary can get access to them. The current methodology to deal with a stolen SIM is to contact your particular service provider and report a theft. The service provider then blocks the services on your SIM, but the adversary still has access to the data which is stored on the SIM. Therefore, a secure scheme is required to ensure that only legal users are able to access and utilize their SIM.