Telco Security

SIM Security Checklist

Comprehensive security assessment framework for mobile operators to evaluate and enhance SIM card security across their network infrastructure.

36
Total Security Controls
10
Critical Controls
9
Security Categories
100%
Coverage Target

Security Categories

2 Critical
Hardware Security
5 security controls
3 Critical
Cryptographic Implementation
5 security controls
3 Critical
OTA Security
6 security controls
1 Critical
Provisioning & Lifecycle
5 security controls
1 Critical
Identity Management
5 security controls
Compliance & Standards
5 security controls
Hardware Security
Physical SIM card hardware and tamper resistance controls
Critical

Tamper-Resistant Hardware

Deploy SIM cards with certified tamper-resistant hardware meeting Common Criteria EAL4+ or higher

Verification: Vendor certification review and hardware testing
High

Side-Channel Attack Resistance

Ensure SIM cards implement countermeasures against power analysis, electromagnetic analysis, and timing attacks

Verification: Independent security testing by specialized labs
Critical

Secure Storage of Cryptographic Keys

Ensure SIM cards store cryptographic keys in secure, isolated memory with hardware protection

Best Practice: Require hardware security modules (HSMs) for key storage
Cryptographic Algorithm Implementation
Authentication algorithms and cryptographic implementations
Critical

Modern Authentication Algorithms

Implement MILENAGE or TUAK authentication algorithms instead of legacy COMP128 variants

Action: Standardize on MILENAGE or TUAK for all new SIM deployments
Critical

Unique Authentication Keys

Ensure each SIM card has a unique Ki/K authentication key that is randomly generated

Best Practice: Use HSMs for key generation with sufficient entropy
Critical

Secure Key Management

Implement strict controls for handling, storing, and transferring authentication keys throughout the SIM lifecycle

Best Practice: Maintain air-gapped systems for key generation and implement strict access controls
Over-the-Air (OTA) Security
Remote SIM management and update security controls

High-Risk Area

OTA vulnerabilities like SIMjacker and WIBattack have enabled remote surveillance and data theft. Securing OTA is critical.

Critical
Secure OTA Key Management
Use HSMs for OTA key management and implement regular key rotation
Critical
Encrypted OTA Communications
Use 3DES or AES encryption for all OTA communications with proper key management
Critical
OTA Command Authentication
Use cryptographic signatures or MACs for all OTA commands
High
Binary SMS Filtering
Deploy SMS firewalls to detect and filter unauthorized OTA commands
Subscriber Identity Management
Identity verification and SIM swap prevention controls
Critical

Strong SIM Swap Procedures

Implement robust identity verification procedures for SIM swap requests

Require multiple forms of identity verification
Implement cooling-off periods for high-risk accounts
Send notifications through multiple channels
High

SIM Swap Notification

Send notifications through multiple channels (email, alternate phone) when SIM swaps are requested or completed

High

SIM Swap Monitoring

Implement analytics to detect unusual patterns in SIM swap requests that could indicate social engineering attacks

Implementation Roadmap
Prioritized approach to implementing security controls

Phase 1: Critical Controls (0-3 months)

  • Phase out COMP128v1/v2 algorithms
  • Implement strong SIM swap procedures
  • Secure OTA key management
  • Deploy tamper-resistant hardware

Phase 2: High Priority Controls (3-6 months)

  • Implement SMS Home Routing
  • Deploy binary SMS filtering
  • Enhance OTA platform security
  • Implement SIM swap monitoring

Phase 3: Medium Priority Controls (6-12 months)

  • Enhance monitoring and incident response
  • Implement compliance frameworks
  • Prepare for emerging threats (eSIM, 5G)
Related Resources
→ SIM Attack Vectors→ SIM Attack Case Studies→ Security Testing Methodology→ Security Resources