Feeds

All you need to know about nano SIMs - before they are EXTERMINATED

The chip inside the iPhone 5

New hybrid storage solutions

Apple's iPhone 5 uses a nano SIM, the smallest SIM ever designed and, quite possibly, the last SIM we'll see in any mobile telephone.

The nano SIM used in the new smartphone is tiny and its pattern of electrical contacts are about two thirds the size of the original SIM. It's almost too small to hold and certainly small enough to lose in a pocket, but despite the diminutive size its basic functionality remains unchanged: hosting encryption electronics and serial communications at 9,600 baud.

Size comparison

The SIM and nano SIM in proportion

The GSM standard mandates a removable SIM, and consumer devices can conform to one of four different form factors [PDF, dry, really dry]. The first is a credit-card-sized monster. The second is the traditional SIM we've come to know. The third form factor (3FF) retains the same contact pattern as the first two so one can just trim down an existing SIM, but the fourth - the nano SIM - makes these DIY jobs a lot more challenging (although not impossible) as it changes the layout and positioning of the connections.

A Subscriber Identity Module (SIM) contains a cryptographic chip, but critically it also stores a copy of the unique subscriber key, the other copy being held in the network operator's authentication server (AuC). During the GSM authentication a random number is encrypted using that key and must be decrypted by the phone to prove the subscriber is genuine. On 3G networks the process is also reversed to mitigate against man-in-the-middle attacks, and it's notable that while the encryption on GSM calls has been compromised (once or twice) the authentication remains secure.

The chips holding the key, and doing the cryptography, are suspended in space, glued to the back of the SIM's metal contacts. The silicon dies are small, but it's the air space around them which has hitherto prevented SIMs from getting thinner. The nano SIM is slimmer, thanks to thinner chips and more precise engineering, so the nano SIM is only .67mm thick.

It's also exempted it from the physical flexibility requirements of the SIM specification, which SIMs inherited largely from the credit card specification (ISO 7816). Nano SIMs will snap more easily than their larger contemporaries, but given the size that's not really important.

Let's make a connection

Contacts on the nano SIM. C1-3 and C5-7 are compatible with previous SIMs.
Source: ETSI. Pads highlighted by The Reg

There are eight connections on all the SIM designs, although on both the traditional SIM and the mini SIM (3FF) the electrical ground connection (C5, see diagram) is generally extended down the middle. That's harder on the nano SIM because it has two connections in the middle (C4 and C8), although some designs stretch the ground pad out and more than a few don't bother with those two optional pads.

As the chips in a SIM shrank, manufacturers tried to extend the functionality many times, from optimistic GPS to accelerometers, and ultimately loads of memory - up to 4GB of flash storage hampered only by the impossibility of getting the data off the SIM in a reasonable timeframe.

SIMs communicate with the phone over a single wire (C7) using a serial protocol similar to RS232 running at 9,600 baud. Older readers will remember that as the Blue US Robotics Sportster, younger readers should just understand that this is really, really, slow - transferring the aforementioned 4GB would take more than a month.

So the manufacturers lobbied for, and got, an extension to the standard that allocated the two lowermost pins to create a USB connection for fast communications. But despite enthusiastic support, from France Telecom, high-capacity SIMs never took off, so the USB connection quickly became redundant and the two contacts are optional. On traditional and mini SIMs that means losing the two bottom connectors, on the nano SIM that removes the two central pads.

Smaller tattoo

Reg man Bill Ray proves his SIM credentials
with this tasteful tattoo

Also optional is pad C6, known as Vpp as it was used to carry the higher voltage needed for writing data to early chips. Vpp is redundant these days as the voltage used to run the SIM, Vcc supplied over C1, is good enough for programming, but C6 is now used for transferring data wirelessly over NFC if the Single Wire Protocol (SWP) is supported, enabling the SIM (even in nano form) to communicate direct with NFC radio hardware. This avoids the security implications of going through the handset.

Of the eight contacts, therefore, three are optional, but in most cases six pads will be visible. C1 is the supply voltage; C2 is the reset signal so the SIM knows when to start doing something; and C3 is the clock signal as the timing clock was left out of the SIM spec to keep the cost down. C5 is ground, often extended down the middle; C6 is the NFC SWP contact; and C7 is the serial communications connection that actually does the stuff one expects a SIM to do.

The SIM can't, realistically, get any smaller, but if the requirement to make it removable is dropped then the functionality could be fitted into a processor die in the form of a typical system-on-a-chip. Hardware-based security can be implemented on the package, as exemplified by ARM's TrustZone and Intel's Secure Element which provide comparable functionality without the need for a physical SIM.

Such a "soft SIM" would require a change to the GSM standard, to which all mobile phones in Europe are required to conform, but that change is already in progress having been proposed in 2010 by Apple.

Apple's interest isn't just in making the SIM even smaller: it also wants to wrest control of the secure store from the network operators whose ownership of the SIM would appear unassailable. The repeated paring away of the physical SIM might be technically driven, but its ultimate disappearance is a matter of politics and power rather than technical necessity. That's particularly irritating for those of us who've opted to have the iconic pattern permanently marked upon us, but it could have been much, much worse. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.