SafeSIM: SIM Card Authentication Framework Enhancement Using Zero-Knowledge Protocols and PUFs

As cyberattacks on mobile networks become increasingly sophisticated, particularly SIM-based threats like SIM swap fraud and cloning, there is a critical need for robust, hardware-rooted authentication mechanisms. This paper introduces SafeSIM, a novel authentication framework aimed at enhancing SIM card security in mobile environments. Unlike traditional schemes that rely on fixed identifiers and shared secrets, such as the International Mobile Subscriber Identity (IMSI), which uniquely identifies users, and the Authentication Key ( Ki ), used to verify their identity, SafeSIM employs dynamic, privacy-preserving Zero-Knowledge Protocols (ZKPs) and hardware-anchored Physically Unclonable Functions (PUFs), specifically VIA PUFs, embedded in SIM cards to ensure hardware-level uniqueness and robust resistance to cloning and fraud. The choice of VIA PUF is intentional, as VIA PUFs are more suited to constrained environments such as SIM cards due to their compact design and simplicity of integration. The authentication protocol is designed to operate securely in both trusted and untrusted service provider environments. In adversarial scenarios, SafeSIM integrates a two-factor authentication mechanism combining biometric verification with ZKP-based authentication for scenarios involving untrusted service providers, thereby offering heightened protection even in adversarial environments. We have analyzed the security of the proposed scheme in detail, alongside practical implementation using an Android mobile application, demonstrating strong resilience against a wide range of cyberattacks. These results position SafeSIM as a scalable and secure solution for next-generation mobile network deployments.