Description
The Subscriber Identity Module (SIM) and its evolution into the Universal Subscriber Identity Module (USIM) is a tamper-resistant hardware component, traditionally an integrated circuit card (ICC), or a software-based implementation (eSIM, iSIM). It serves as the secure anchor for the subscriber within the mobile network. The module contains a microprocessor and persistent memory that stores critical data, including the International Mobile Subscriber Identity (IMSI), the unique Integrated Circuit Card Identifier (ICCID), a set of authentication keys (Ki for GSM, K for UMTS/5G), and security algorithms. It also holds subscriber-related information such as the phonebook, SMS messages, and network selection preferences.
Architecturally, the SIM/USIM operates as an independent secure element within the User Equipment (UE), interfacing with the Mobile Equipment (ME) via standardized electrical and logical interfaces. Its primary role is to execute the Authentication and Key Agreement (AKA) protocol with the network. When a UE attempts to attach to a network, the network's Authentication Centre (AuC) generates an authentication vector containing a random challenge (RAND), an expected response (XRES), a ciphering key (CK), and an integrity key (IK). This vector is sent to the serving network node (e.g., VLR, SGSN, MME, AMF). The network sends the RAND to the UE, which passes it to the SIM/USIM. The SIM/USIM uses its stored secret key (Ki/K) and the received RAND to compute a response (SRES for GSM, RES for UMTS/5G) and the session keys (CK, IK) locally. The UE sends the computed RES back to the network for verification. A match authenticates the subscriber and establishes secure, encrypted communication.
The evolution from SIM to USIM marked a significant security enhancement. The classic SIM used the COMP128 algorithm for GSM AKA, which had known vulnerabilities. The USIM, introduced for 3G, supports the stronger Milenage algorithm suite for UMTS and later 5G AKA. It provides mutual authentication (network authenticates the user, and the user authenticates the network), stronger key derivation, and mandatory integrity protection for signaling. The USIM also manages multiple operator profiles and facilitates secure services beyond basic access, such as GBA (Generic Bootstrapping Architecture) for application authentication. In 5G, the USIM is crucial for supporting the enhanced 5G AKA and the primary authentication procedure between the UE and the Authentication Server Function (AUSF), anchoring the subscriber's permanent subscription identifier (SUPI).
Purpose & Motivation
The SIM was created to solve the fundamental problem of securely identifying and authenticating a subscriber on a mobile network, decoupling subscriber identity from the physical handset. Before its introduction, subscriber identity was tied to the mobile equipment, making it difficult to change devices and posing significant security and fraud risks. The SIM modularized the subscriber's identity, credentials, and personal data onto a portable, secure token. This enabled global roaming, as a subscriber could insert their SIM into any compatible handset and immediately have access to their subscribed services and personal data.
The primary motivation was to establish a robust security foundation. By storing authentication keys in a tamper-resistant environment and performing cryptographic computations internally, the SIM prevents key extraction and cloning, mitigating fraud like subscription fraud and eavesdropping. It provides a trusted execution environment for the AKA protocol. The evolution to USIM was driven by the need for stronger cryptographic algorithms and mutual authentication to address security weaknesses in 2G GSM networks, where only the user was authenticated to the network. 3G and beyond required protection against false base station attacks, which the USIM's network authentication capability helps to prevent.
Furthermore, the SIM/USIM platform evolved into a service enabler. Its secure storage and processing capabilities were leveraged for value-added services like secure payment applications (through SIM Toolkit or Java Card), secure storage for driver licenses or digital keys (in eSIM profiles), and as a root of trust for network-based applications. It solves the problem of secure credential management in a multi-operator, multi-service, and multi-device ecosystem, forming the basis for trusted mobile identity.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (8 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.
In Release 15, a new mechanism for identity attestation and verification was introduced for the USIM. Additionally, the specification updated the `+CEMBMSSAI` command to include parameters for Frequency and Service area identity. These changes enhanced the USIM's capabilities for secure identity management and improved its interaction with the network for service area information.
In Release 16, a new UDR-based service was introduced to enable the mapping of an IMS Public Identity to an HSS Group ID for the purpose of HSS selection. This provides a specific mechanism for network functions to resolve a user's public identity to the appropriate HSS group. The enhancement falls under the broader scope of USIM and network interactions for service access and security as defined in the specifications.
- UDR service for mapping IMS Public Identity to HSS Group ID for HSS selection TS 23.228CR1226
In Release 19, the SIM/USIM function introduced support for third-party user identity information within the IMS, requiring new procedures and updated security references for its implementation. Additionally, a new AT command (+CLOGBUFFSIMAPDU) was standardized for logging and buffering SIM APDU transactions. The release also specified a cancellation procedure for subscriber-specific IMS events.
- Support of third party user identity information in IMS TS 23.228CR1478
- Procedure for supporting of third party user identity information in IMS TS 23.228CR1524
- New AT Command for Logging and Buffering SIM APDU +CLOGBUFFSIMAPDU TS 27.007CR0904
- Update the IETF reference to the process of signing and verifying third party user identity information TS 23.228CR1652
- KI#1: Cancel procedure for subscriber specific IMS Events TS 23.228CR1655
Explore further
Broader topics and technologies where SIM plays a role.
Defining Specifications
3GPP specifications that define or reference SIM, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 21.111 vj00 | USIM and UICC Requirements for 3G | Rel-19 |
| TS 21.133 v1400 | 3G Security Requirements | Rel-5 |
| TR 21.905 vj00 | 3GPP Technical Terms and Definitions | Rel-19 |
| TS 22.022 vj00 | ME Personalisation Features for GSM/3G | Rel-19 |
| TS 22.038 vj00 | USIM Application Toolkit (USAT) Stage 1 | Rel-19 |
| TS 22.057 vj00 | Mobile Execution Environment (MExE) Stage 1 | Rel-19 |
| TS 22.066 vj00 | Mobile Number Portability Stage 1 | Rel-19 |
| TS 22.100 v1320 | UMTS Service Requirements Phase 1 | Rel-4 |
| TS 22.101 vk00 | Service Principles for PLMNs | Rel-20 |
| TS 22.121 v1400 | Virtual Home Environment Requirements | Rel-5 |
| TS 22.226 vj00 | Global Text Telephony (GTT) Stage 1 | Rel-19 |
| TS 22.234 vd10 | 3GPP-WLAN Interworking Index Specification | Rel-13 |
| TR 22.907 v1312 | UMTS IC Card and Terminal Concepts | Rel-4 |
| TR 22.944 vj00 | UE Functionality Split Scenarios and Requirements | Rel-19 |
| TR 22.967 vj00 | eCall Emergency Data Transmission | Rel-19 |
| TR 22.980 vj00 | Network Composition Feasibility Study | Rel-19 |
| TS 23.048 v1400 | Secured Packets for UICC Remote Management | Rel-5 |
| TS 23.050 v1100 | UMTS Network Principles and Architecture | R99 |
| TS 23.057 vj00 | Mobile Execution Environment (MExE) Specification | Rel-19 |
| TS 23.067 vj00 | Enhanced Multi-Level Precedence and Pre-emption Service | Rel-19 |
| TS 23.110 vj00 | Access Stratum Services Specification | Rel-19 |
| TS 23.127 v1600 | Virtual Home Environment Stage 2 Specification | Rel-6 |
| TS 23.171 v1300 | LCS Stage 2 Specification for UMTS | Rel-4 |
| TS 23.228 vj50 | IMS Stage-2 Service Description | Rel-19 |
| TS 23.234 vd10 | 3GPP-WLAN Interworking Index | Rel-13 |
| TS 23.271 vj00 | LCS Stage 2 Specification | Rel-19 |
| TR 23.758 vh00 | Study on Edge Application Architecture | Rel-17 |
| TS 23.804 v1700 | SMS/MMS over IP Access Support | Rel-7 |
| TS 24.234 vc20 | 3GPP-WLAN Interworking Network Selection | Rel-12 |
| TS 25.305 vj00 | UTRAN UE Positioning Stage 2 | Rel-19 |
| TS 26.804 vj10 | 5G Media Streaming Extensions Study | Rel-19 |
| TR 26.967 vj00 | eCall via CTM Suitability Analysis | Rel-19 |
| TS 27.007 vj40 | AT Command Set for UE | Rel-19 |
| TS 29.198 v1900 | OSA API Overview Specification | Rel-9 |
| TS 31.115 vj00 | Secured Packet Structure for UICC Applications | Rel-19 |
| TS 31.131 vj00 | C Language Binding for (U)SIM API | Rel-19 |
| TR 31.900 vj00 | 3GPP TS 31.900: Security Interworking Guidance | Rel-19 |
| TS 32.102 vj00 | Telecom Management Physical Architecture Framework | Rel-19 |
| TS 32.240 vj40 | Charging Management Architecture & Principles | Rel-19 |
| TS 32.272 vj00 | Charging for Push-to-Talk over Cellular (PoC) | Rel-19 |
| TS 32.277 vj20 | Charging Management for Proximity Services (ProSe) | Rel-19 |
| TS 33.401 vj10 | EPS Security Architecture | Rel-19 |
| TS 34.131 vj00 | SIM API C Language Test Specification | Rel-19 |
| TR 35.934 vj00 | Tuak algorithm set for 3GPP auth & key gen | Rel-19 |
| TS 36.896 ve00 | Study on Flexible eNB-ID and Cell-ID in E-UTRAN | Rel-14 |
| TS 43.318 vj00 | Generic Access Network (GAN) Stage 2 | Rel-19 |
| TR 43.901 vj00 | Generic Access to A/Gb Interface Feasibility Study | Rel-19 |
| TR 43.902 vj00 | GAN Enhancements Feasibility Study | Rel-19 |
| TS 51.013 vj00 | SIM API for Java Card Test Specification | Rel-19 |