(U)SIM Examination (Physical) Pt2
Before we can
progress to consider various methods of (U)SIM physical examination
there are more standards we need to be aware and there are reasons for
that. Transitioning from GSM to 3GPP (*wcdma) standards required
rewriting existing GSM standards to make the standards technology
neutral to integrate GSM into future mobile developments under 3GPP
global standards. Technology-wise, we know that GSM is a defined
circuit-switched voice mobile communications system that has evolved
with value-added data services (GPRS, HSCSD and EDGE). 3GPP (wcdma) as
we know is a defined packet-switched technology and thus would be a
pointless exercise to re-invent the wheel, so to speak, and introduce a
new voice circuit-switched system and the matured installation base that
went with it. That needs to be understood on many levels when dealing
with mobile communications. Three examples of GSM and 3GPP working
together:
(i) generally, we refer to Release 99 (R99)
as a reference point whereby 3GPP could transition and re-write mobile
communication technology standards with birthing-periods: GSM only
before 3GPP Release 4 (Rel-4); GSM only (Rel-4 and later); 3GPP and
beyond / GSM (R99 and later). This enabled manufacturers, developers
and operators and service
providers to conintue with GSM standards in a pure GSM environment or
evolve to a 3GPP environment but in the knowledge access and
inter-connectivity to GSM would continue:
(ii)
introduction of 3GPP (*wcdma) would take time and thus should avoid, as
best possible, disruption to existing moble services;
(iii)
GSM user/subscriber base was still growing at that time and has now
reached over 3-billion users, from which we can draw a conclusion that
GSM's importance in its relationship with 3GPP should not be
under-estimated.GSM is by no means the junior partner.
In
the mobile examination environment, we, as examiners, are exposed to
multitude and multiple-layers of technical and technology standards many
of which impact on (U)SIM, and particuarly so if the technical and
technology generates a mobile communication outcome associated to/with a
user/subscriber.
(*) wcdma is one of a family of mobile technology standards under 3GPP and has been used for easy of reference.
The scope of the tests and the requirements set down in GSM1117 were reproduced under the approved and adopted standard 3GPP TS51.017. In Pt1( usim-examination-physical-pt1.html ) reference was made to GSM11.11, however the approved and adopted standard (and the counterpart to GSM11.11) is 3GPP TS51.011:
PHY: Physical characteristics - 3GPP TS 51.011 [1], clause 4.
ELEC: Electronic signals and transmission protocols - 3GPP TS 51.011 [1], clause 5.
AFS: Application and File structure - 3GPP TS 51.011 [1], clause 6.
SEC: Security features - 3GPP TS 51.011 [1], clause 7.
CMD: Description of the commands - 3GPP TS 51.011 [1], clause 9.
CEF: Contents of the elementary files - 3GPP TS 51.011 [1], clause 10.
APP: Application Protocol - 3GPP TS 51.011 [1], clause 11.
Whilst
GSM11.17 standard is the starting point for ICC/SIM and 3GPP TS51.011
moved the technology to neutral ground to enable 3GPP to evolve 3G
environment standards incorportating interconnectivity to and backward
compatibility for ICC/UICC, the 3GPP evolution hasn't stopped there.
There is, of course, 3GPP TS 31.120 the aim of which is to ensure
interoperability between an UICC and a Terminal independently of the
respective manufacturer, card issuer or operator. This is the expansion
of the 3GPP domain going beyond specific limitations encumbent with a
particular proprietory technology.
The run of standards doesn't end there. Attention and consideration should be given to:
ETSI standards
TS 102 230
TS 102 221
International standards
ISO/IEC 7816-pt1 to pt4
The standards referred to above are merely a starting point to identify the complexities involved in dealing with (U)SIM
card and tasks involved in considering examination techniques that may
not simply relate to recovery of data but other aspects and attributes
of a card which may point to evidence. Readers should be
prepared to delve into the standards above and release the huge number
that haven't been mentioned. There are various analogies that may be
used to imagine what I have in mind for this physical series, but I
quite like the analogy about forensic vehicle tyre analysis.
Evidentially, consideration is given to tyre size, tread, pressure,
rubber, moulding, any wheel balacing and so on to assess a skid mark or
tracks at the scene of a crime. It is equally possible to use an
investigative and examination approach to SIM/USIM card materials,
contacts, gold content, embossing etc to identify potential evidence.
