[prev in list] [next in list] [prev in thread] [next in thread]
List: cfrg
Subject: Re: [CFRG] PK algorithm(s) in SIMS
From: Robert Moskowitz <rgm-sec () htt-consult ! com>
Date: 2023-06-16 18:51:29
Message-ID: f9e17214-8853-aeb3-497c-6fd965db6e39 () htt-consult ! com
[Download RAW message or body]
And thus I wonder about what they (the other party) is smoking.
I guess I have a couple weeks to dig into this.
And thank you.
Bob
On 6/16/23 14:30, Michael StJohns wrote:
> On 6/16/2023 11:43 AM, Robert Moskowitz wrote:
> > This question is particularly targeted at Vodafone SIMS.
> >
> > I was in a conversation recently, that ended rather abruptly, about
> > using the crypto in the SIMS for some other applications.
> >
> > So I got to wondering and tried to search to find out what is in
> > these cards, but my search foo is weak (nothing new here).
> >
> > So I thought to ask here for any pointers.
> >
> >
> > Is it ECSDA? Some Brainpool EC? Something smaller? Ready to be
> > trashed for some PQC thingee that will use up much of the cellular
> > bandwidth (showing my bias here)?
> >
> > Again pointers would be OK.
> >
> > Bob
> >
> > _______________________________________________
> > CFRG mailing list
> > CFRG@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
>
>
> Hi Bob -
>
> This is not a quick question to answer and is esoteric in the extreme:
>
> https://www.gsma.com/security/security-algorithms/ probably will
> answer part of your initial question - but those are algorithms used
> to protect the calls mostly. The SIMs may implement stronger
> algorithms for their handshakes.
>
> The capability of a given sim depends both on the SIM hardware and the
> code executing on it. But generically, take a look at the spec's
> here:
> https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1807 \
> and
> https://www.etsi.org/deliver/etsi_ts/102200_102299/102223/14.00.00_60/ts_102223v140000p.pdf
>
> Mostly the GSM SIM applet doesn't expose its underpinnings. However,
> many of GSM chips are built around a javacard core with a Global
> Platform management model for the card. So it's possible a given GSM
> sim might also have a non-GSM applet running on it.
>
> You'd be better off going straight for a card/chip more or less
> designed to provide consumer cryptography. E.g. NXP SE050s or any of
> a number of similar items.
>
> For the vodaphone sim, if you really want to do a deep dive, the first
> thing you need to do is get a few different tools together: smart card
> reader, maybe a sim adapter (credit card sized object in which you can
> place a sim so it can be used in a normal reader - but there are a few
> purpose built SIM readers that won't require this. A set of tools
> that can send and receive APDUs from the SIM - CCID and PCSC are the
> search terms here. Once you have these retrieve the ATR - Answer to
> Reset. There's a parse atr tool on line that will probably tell you
> the underlying manufacturer of the card from the ATR. Otherwise, try
> and do a get data command for the CPLC data (tag 0066) and take a
> look at that.
>
> Also
> https://1ot.mobi/resources/blog/iot-hacking-series-6-what-is-a-sim-applet-and-why-is-it-important-for-iot-m2m \
> looks interesting as well.
>
> Enjoy - Mike
>
>
>
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic