Feeds

All you need to know about nano SIMs - before they are EXTERMINATED

The chip inside the iPhone 5

High performance access to file storage

Apple's iPhone 5 uses a nano SIM, the smallest SIM ever designed and, quite possibly, the last SIM we'll see in any mobile telephone.

The nano SIM used in the new smartphone is tiny and its pattern of electrical contacts are about two thirds the size of the original SIM. It's almost too small to hold and certainly small enough to lose in a pocket, but despite the diminutive size its basic functionality remains unchanged: hosting encryption electronics and serial communications at 9,600 baud.

Size comparison

The SIM and nano SIM in proportion

The GSM standard mandates a removable SIM, and consumer devices can conform to one of four different form factors [PDF, dry, really dry]. The first is a credit-card-sized monster. The second is the traditional SIM we've come to know. The third form factor (3FF) retains the same contact pattern as the first two so one can just trim down an existing SIM, but the fourth - the nano SIM - makes these DIY jobs a lot more challenging (although not impossible) as it changes the layout and positioning of the connections.

A Subscriber Identity Module (SIM) contains a cryptographic chip, but critically it also stores a copy of the unique subscriber key, the other copy being held in the network operator's authentication server (AuC). During the GSM authentication a random number is encrypted using that key and must be decrypted by the phone to prove the subscriber is genuine. On 3G networks the process is also reversed to mitigate against man-in-the-middle attacks, and it's notable that while the encryption on GSM calls has been compromised (once or twice) the authentication remains secure.

The chips holding the key, and doing the cryptography, are suspended in space, glued to the back of the SIM's metal contacts. The silicon dies are small, but it's the air space around them which has hitherto prevented SIMs from getting thinner. The nano SIM is slimmer, thanks to thinner chips and more precise engineering, so the nano SIM is only .67mm thick.

It's also exempted it from the physical flexibility requirements of the SIM specification, which SIMs inherited largely from the credit card specification (ISO 7816). Nano SIMs will snap more easily than their larger contemporaries, but given the size that's not really important.

Let's make a connection

Contacts on the nano SIM. C1-3 and C5-7 are compatible with previous SIMs.
Source: ETSI. Pads highlighted by The Reg

There are eight connections on all the SIM designs, although on both the traditional SIM and the mini SIM (3FF) the electrical ground connection (C5, see diagram) is generally extended down the middle. That's harder on the nano SIM because it has two connections in the middle (C4 and C8), although some designs stretch the ground pad out and more than a few don't bother with those two optional pads.

As the chips in a SIM shrank, manufacturers tried to extend the functionality many times, from optimistic GPS to accelerometers, and ultimately loads of memory - up to 4GB of flash storage hampered only by the impossibility of getting the data off the SIM in a reasonable timeframe.

SIMs communicate with the phone over a single wire (C7) using a serial protocol similar to RS232 running at 9,600 baud. Older readers will remember that as the Blue US Robotics Sportster, younger readers should just understand that this is really, really, slow - transferring the aforementioned 4GB would take more than a month.

So the manufacturers lobbied for, and got, an extension to the standard that allocated the two lowermost pins to create a USB connection for fast communications. But despite enthusiastic support, from France Telecom, high-capacity SIMs never took off, so the USB connection quickly became redundant and the two contacts are optional. On traditional and mini SIMs that means losing the two bottom connectors, on the nano SIM that removes the two central pads.

Smaller tattoo

Reg man Bill Ray proves his SIM credentials
with this tasteful tattoo

Also optional is pad C6, known as Vpp as it was used to carry the higher voltage needed for writing data to early chips. Vpp is redundant these days as the voltage used to run the SIM, Vcc supplied over C1, is good enough for programming, but C6 is now used for transferring data wirelessly over NFC if the Single Wire Protocol (SWP) is supported, enabling the SIM (even in nano form) to communicate direct with NFC radio hardware. This avoids the security implications of going through the handset.

Of the eight contacts, therefore, three are optional, but in most cases six pads will be visible. C1 is the supply voltage; C2 is the reset signal so the SIM knows when to start doing something; and C3 is the clock signal as the timing clock was left out of the SIM spec to keep the cost down. C5 is ground, often extended down the middle; C6 is the NFC SWP contact; and C7 is the serial communications connection that actually does the stuff one expects a SIM to do.

The SIM can't, realistically, get any smaller, but if the requirement to make it removable is dropped then the functionality could be fitted into a processor die in the form of a typical system-on-a-chip. Hardware-based security can be implemented on the package, as exemplified by ARM's TrustZone and Intel's Secure Element which provide comparable functionality without the need for a physical SIM.

Such a "soft SIM" would require a change to the GSM standard, to which all mobile phones in Europe are required to conform, but that change is already in progress having been proposed in 2010 by Apple.

Apple's interest isn't just in making the SIM even smaller: it also wants to wrest control of the secure store from the network operators whose ownership of the SIM would appear unassailable. The repeated paring away of the physical SIM might be technically driven, but its ultimate disappearance is a matter of politics and power rather than technical necessity. That's particularly irritating for those of us who've opted to have the iconic pattern permanently marked upon us, but it could have been much, much worse. ®

SANS - Survey on application security programs

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.