![<?echo $_SERVER['SERVER_NAME'];?>](/template/twentyseventeen/skin/images/header.jpg)
1 Introduction
The SIM card is the abbreviation of Subscriber Identity MOdule, which is the user identification module. A network connection used to identify a particular mobile user. The main function of the SIM card is to store user data and complete customer identity authentication and client information encryption process. This function is mainly done by a microprocessor with an operating system in the SIM card. The full name of COS is the Cllip Opemting System, which is generally developed around the characteristics of the smart cards it serves. Because it is inevitably affected by the performance and memory capacity of the microprocessor chip in the smart card. therefore. COS is largely different from the operating systems (such as DOS, UNIX, etc.) on the microcomputers we usually see. In this article we are talking about the COS system in the SIM card. The main function is to maintain the file system in the SIM card and process various commands sent by the mobile phone to the SIM card. And the SIM card application development kit (STK) is provided to realize the development of value-added services. The emergence of COS not only greatly improved the interactive interface of the smart card, but also made the management of the smart card easy, and more importantly, made the smart card itself a big step in the direction of personal computerization. It has opened up a very broad road for the development of smart cards.
2 Basic model of COS
The SIM card integrates the microprocessor CPU, memory and chip operating system (COS) to form a complete computer system with independent data processing capabilities. The structure of the SIM card is shown in Figure 1.
The COS system is in the middle layer in the structure of the SIM card. Between the underlying hardware and the upper application. It organizes and coordinates system hardware down to implement I/O, storage management and other functions. Serve the application upwards. The COS system in the SIM card is mainly for the purpose of implementing mobile communication services. We refer to the network IS0 model. The structure of the COS system is divided into the following four levels as shown in FIG. 2.
.jpg)
Figure 1 SIM card structure
.jpg)
Figure 2 COS repeated structure
The main principle of such hierarchical division is. The application code is separated from the COS body to provide a unified interface for management; the operations related to the underlying SIM card hardware are extracted. It is easy to reuse and transplant with the upper layer code; the whole system is managed by unified scheduling. An interface is provided between each level to invoke the service. The internal implementation of the lower layer is transparent to the upper layer.
3 COS security system
According to the contact IC card international standard IS0, IEC7816_4, the COS security system consists of three parts: security status, security attributes, and security mechanisms.
The security status refers to the security level at which the SIM card is currently located. That is, the value of the current security status register. This state is initialized after the SIM has completed a reset response or after processing a certain command.
A security attribute that defines the conditions required to execute a command, that is, what the value of the security status register is required to perform an operation.
The security mechanism is broadly defined as the various security modes supported by the SIM card. In a narrow sense, it is the method and means used to achieve the transfer of security status.
A security state is transferred to another state through the above security mechanism. Comparing the security state with a security attribute, if consistent, indicates that the command corresponding to the attribute can be executed: if not consistent. The relevant command cannot be executed. Thereby achieving the purpose of safety control. This is the basic working principle of the COS security system. As shown in Figure 3.
.jpg)
Figure 3 security state transfer
4 COS application security
4.1 Application script security
The application script for the downloaded SIM card must have the functionality to ensure integrity and security. Since the downloading of the application script is implemented by means of short messages, in the existing short message transmission mechanism, the plaintext data transmission is performed, and the user customizes the menu and the new service through the wireless network. Some messages are going through a wired network. This gives the attacker an opportunity to tamper with, falsify, retransmit, etc. the air download service system. Therefore, in order to provide a secure and reliable data transmission channel, an identity authentication and synchronization processing mechanism is provided for the downloaded application script data during the download process.
The following is a brief introduction to identity authentication. The over-the-air system uses a two-way authentication technology. When the user makes a download request, the over-the-air system will verify the validity of the user. This ensures that only download requests from legitimate users can be responded; at the same time, the SIM card also verifies the legitimacy of the over-the-air system. This avoids the intrusion of malicious code on the user's SIM card. At the same time, the two-way authentication machine also ensures the integrity and correctness of the interactive information. The over-the-air download system receives the user's request information. The MAC code of this message is calculated immediately and matches the MAC code in the request message. If the same, the user who sent this information is legal and has not been modified in the transmission of the data. After the SIM card receives the downloaded data, the MAC code of the downloaded data is also calculated. And match the MAC code in the downloaded data. The same proves that the downloaded data is legal and is completely valid, otherwise the downloaded data is discarded.
4.2 GSM network security mechanism
The authentication of the user identity by the GSM network is achieved through a challenge response mechanism. The security authentication parameter triplet in the GSM system includes a 128-bit pseudo-random number RAND. The 32-bit long authentication response SREs and a 64-bit long temporary encryption key KC. The mobile user's identity authentication process is described as follows:
(a) The mobile subscriber sends a TMSI and access network service request to the mobile base station, which sends the TMSI and the request to the visited office.
(b) The visiting office retrieves the mobile user's authentication parameters (RAND, RES, KC) from the database according to the TMSI and transmits the RAND to the mobile user.
(c) The SIM card in the mobile phone uses the mobile user's secret key and RAND to generate an authentication response RES'Ho KC through the identity authentication algorithm and the key generation algorithm, and sends the RES' to the visited office via the base station.
(d) The visiting office compares RES???' with RES; if the same, the visiting office reassigns a new TMSI' to the mobile user. And the TMSI is encrypted by the encryption key KC, and then sent to the mobile user, and the registration is confirmed to be successful.
The above mobile user identity authentication process can not only realize the identity authentication of the mobile user. Mobile user identity confidentiality can also be achieved. The GSM network uses a temporary identity number method. The true identity IMSI of the mobile user can be protected to a certain extent. But when the mobile phone is used for the first time. It passes its IMSI and other data to the visiting office on the network for registration.
5 Conclusion
The development of mobile communication brings convenience and freedom to users. However, the wireless propagation of information in the air also poses a potential threat to mobile communications. The content of the communication may be eavesdropped, and the identity of the communicating party may be impersonated. As a security carrier for user identity, the SIM card uses encryption and identity authentication technology to protect the user's call content and prevent illegal users from accessing the mobile network. The security of mobile communication is greatly improved. This article has done a ten-fold detailed analysis of the security foundation of the SIM card, the COS system. It lays a solid foundation for the application development of e-commerce in the future.
(Text / School of Computer Science, China University of Geosciences Song Mailing Chen Yunliang)
Pet Thinning Scissors,Small Teeth 440C Pet Scissors,Pet Styling Scissors,Pet Grooming Scissor Kit
Zhangjiagang Mister Tools Co., Ltd , https://www.mingshitools.com