The SIM (Subscriber Identity Module) is the hardware which enables connectivity to the cellular networks owned by mobile network operators (MNOs). The SIM applications contained within the hardware provides individual end users who subscribe to the mobile network (subscribers) with authenticated access and related value-added services.
SIM and UICC – What is the difference?
SIM is sometimes used interchangeably with the term UICC (Universal Integrated Circuit Card). There is, however, a difference. The UICC is the platform that can be used to run multiple security applications. These applications include the SIM for 2G networks, USIM for 3G, 4G and 5G networks, CSIM for CDMA and ISIM (not to be confused with iSIM) for IP multimedia services.
The ability of SIM technology to deliver trusted connectivity and prevent unauthorised access has been proven over decades and on a massive scale. Global mobile connections have now exceeded 9 billion, the majority of which are related to mobile phones. But cellular connectivity is quickly expanding to new devices such as wearables, tablets, PCs, drones, automotive and many connected devices across verticals (IoT). An estimated 5.6 billion SIMs were shipped in 2018 alone, with estimated total shipments from 2013 to 2018 hitting 32 billion.
SIM technology offers benefits beyond authenticated connectivity. The SIM is the most widely distributed and secure application delivery platform in the world and has never been hacked. And as its usage is ruled by interoperable solutions defined across various organisations such as ETSI, GlobalPlatform, ISO and Java Card Forum, it can be evaluated by independent security laboratories performing state-of-the art attacks prior to deployment.
The SIM has advanced security and cryptographic features, including a securely designed central processing unit and dedicated secure memory to store operating system programmes, keys and certificate data. This protects devices from various hacking scenarios, such as cloning, physical attacks to a single device, and remote attacks from the internet to numerous devices. For specific use-cases such as payments and electronic ID where the highest levels of security are required, the SIM can also be Common Criteria certified.