During the discussion of the previous two parts of the Tottoli GSM project description “Everything under control: protecting corporate conversations” ( Part 1 , Part 2 ), it became clear that the technology of using and implementing MULTI SIM requires a separate description. In this article we will describe in detail exactly the technology MULTI SIM.

Everyone is accustomed to perceive the SIM card as a certain unconditional element of subscriber authentication in the network. As part of the Tottoli GSM platform, the MULTI SIM module is an integral part of the system and performs the necessary functions shown by the project. Since the SIM card is a network element, it is impossible to consider its functionality outside the system. A more illustrative will be the consideration of the module functionality with respect to specific scenarios.

First, about MULTI SIM itself:

• Memory size: 256 KB
• Hardware support for the MILENAGE algorithm card and below COMP128v1-v3.
• Support javacard 2.2
• Download applets using APDU, and with support for GSM 03.48 downloads

Support of functions for the purpose of implementing MULTI SIM functionality: changing "files" (EF GSM 11.11) in (u) SIM card in order to change the profiles of the mobile operator: IMSI, KI, HPLMN, PLMN, FPLMN.
Also, on the SIM-cards, the applets developed by us and the basic profile (IMSI / KI and other parameters necessary for registering on the network) of one of the operators available to us are pre-installed. By “operator availability” in this context is meant the support contract with this operator and the implementation of the profile pool in our HLR.

In the described scenarios, we intentionally omitted the standard procedures of interaction with the network and focused on the main points.

Scenario 1:

An employee receives a telephone set (TA) with MULTI SIM installed. When you turn on the phone, MULTI-SIM is automatically registered in the local network due to the pre-defined network settings in the SIM card. The local network, in turn, allows this SIM card to register based on the prescribed SIM parameters in the HLR of its network.

Scenario 2:

Outgoing calls within the local network are made in the standard way. FMC short numbers are used for calls between employees. FMC numbers and routing rules for them are configured in the company's billing. Employees can use FMC numbers both inside and outside the local network.

Scenario 3:

The employee leaves the local network coverage area, the telephone apparatus performs the Location Update (LU) procedure from the networks currently available. All network parameters when LU automatically get into the billing company for further analysis and management. If necessary, the server makes a decision about changing the current profile and / or changing the operator. For this, the OTA team is formed with the parameters of the profile and the priority network. This command is sent to the subscriber device and the profile is changed and the network is re-elected. When an employee is in public networks, all his communications also pass through the company's resources and are subject to internal rules. This makes it possible to allow or prohibit the use of specific networks or make them a priority. A special applet continuously transmits network parameters to the company's server. Thus, depending on the location of the employee, the parameters of the trust network come to the SIM card.

Scenario 4:

If the outgoing call goes to the external PLMN network, it also passes through the company's PBX. This is achieved by using a special applet on the SIM card. After dialing the number and pressing the call button, the applet intercepts the call and routes it to the service number, which is allocated to the company's billing for each call. Thus, a company PBX is always located between subscriber A and subscriber B, which does not allow detecting direct communication between subscribers.

Scenario 5:

The organization of the incoming call is made using a virtual number (DID).
Each employee has a virtual number in the format ABC / DEF. Rules for routing calls to these numbers are also registered in the company's billing. Thus, a call from an external PLMN network to a virtual number (DID) also passes through the company's PBX.

Scenario 6:

The use of the Internet (DATA) in the external network occurs according to the rules prescribed in the company's billing. Access point settings are registered on the SIM-card. The APN is provided by the company and thus all DATA traffic is routed to the company's equipment (GGSN). On the side of the company, the Policy Controller (DPI) is also deployed to analyze the DATA traffic of employees. This ensures security at the Internet level, regardless of which operator’s network is on the network.

Scenario 7:

SMS service is also on the side of the company. Thus, the company has all the SMSC management tools: enable / disable sending / receiving SMS, routing control and logic. All this is done at the network level. Thus, if the billing company has a flag to ban incoming SMS, such an attempt will be stopped at the level of the initiator operator. This mechanism does not allow attacks using SMS of any class, including the so-called silent SMS.

Scenario 8:

USSD service is available to all employees. Through the SIM MENU of the SIM card, an employee can use the services of this service. All logic is deployed on the company's service. Thus, an employee receives all relevant information and manages available services and services that are authorized for a specific employee or group of employees.

Scenario 9:

A profile change (IMSI / KI) on a SIM card may occur due to different events: during the LU procedure, an employee himself initiates a profile change via the SIM MENU, a profile change is initiated from the server without an employee, the profile is changed according to a specified timing. The profile change is provided by a pre-applet on the SIM-card. Profile loading is performed using OTA from the company's server side. The profile change procedure is synchronized with the TA function and the IMEI change. Thus, there is a change of all identifiers in the network.

Also on the data MULTI-SIM cards are available applets with features:

1. Track IMEI
2. Remote control
3. Dynamic SIM menu
4. History Location
5. Notification Bar

As a result, thanks to software additions implemented on MULTI-SIM, we were able to realize the necessary interaction between the subscriber device and the server part in the local network and in public networks without compromising security.

Read more:

Everything is under control: we protect corporate conversations. Part 1.
Everything is under control: we protect corporate conversations. Part 2: Secure Telephone