M2M_Summit_VNagin_eSIM_opportunities_for_IoT

Embedded SIM New opportunities for security sensitive IoT

applications

Evolu&onfromSIMtoeSIM

© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 2 • 30/09/2016

1988

•  Invention of GSM SIM

1992

•  First SIM supporting OTA

•  Wide adoption

for GSM networks

•  First SIM based payments solution

•  SIM Tookit

•  De-factor standard for mobile security

1998

•  Introduction of USIM for 3G Networks

•  First combined

2G/3G solution

2002

28 years of keeping mobile networks secure

2014

•  First NFC USIM •  Introduction of

LTE USIM

•  Embedded SIM based on ETSI Specifications

2008

•  First embedded

SIM specification from GSMA (M2M)

•  Apple SIM

•  Original SIM is digitized

UnderstandingeSIM


▸  An embedded SIM (aka eSIM or eUICC* ) is a UICC supporting OTA** remote SIM provisioning of digital SIM-tokens

▸  2 Industry Standards (GSMA-backed and Apple SIM)

▸  A physical hardware is still required to make eSIM fully secure

▸  An eSIM can have several form factors : from traditional plug-in to solderable

▸  Remote SIM provisioning is a feature providing a way to download Over-The-Air the a digital SIM containing operator profile

*UICC – Universal Integrated Chip Circuit (ETSI Standards)

IoTMarketDevelopment

▸  Industry stays at the beginning of a new Epoch – Industry 4.0

▸  Internet of things is where objects connect to each other directly

▸  Number of connected devices and connections will grow rapidly over next few years

▸  Most communicating objects will be simple LPWA IoT devices with low or no security at all


Situa&onwithmobilesecurity

90%ofdevicesstorepersonaldataandinforma1on60%ofdeviceshave

userinterfacevulnerabili1es

80%ofdeviceshavegotweakpasswords

70%devicestransmitunprotecteddata

60%ofdevicesdownloadso8warewithoutpropersecurity

*HPE Research


Hackerscantarget:

WhyIoTsystemsareaffected

▸  IoT devices are mostly low power LPWA devices or devices with short range connectivity and lack computing performance

▸  There are too many unprotected data end-points to protect them with a separate security system

▸  There are too many diversified data objects transmitted

▸  Communications should be real-time for many systems

Security is often disabled, data transmission is not secured, integrity is not ensured

ü  ControlSystemsü  Networkequipmentü  Communica&on

channelsü  Dataend-points


MNOSPACEOEMSPACE

eSIMarchitecture:OEMvs.MNO

eSIM

Global Platform Java Card VM & RE 3.0.4

Profile 2

ISD-R

NFC

3G File System

Profile 1

Profile 3

UICC Framework Authentication

OEM “user” applications SSD-P (1) SSD-P(2) SSD-P(3)


Formfactorevolu&on

WLCSPMFF1/MFF2

(DFN6x5)

DFN4x4.2

So8wareTEE

ASIC

1988 2003 2010 2012

Evolution from physical form-factor to software solution

2015

3FF

4FF

5FF?


SingleSEforconsumerdevices

▸  Combination of NFC Secure Element and eSIM in a single chip

▸  High level of security is ensured by a single high security microcontroller

▸  Significant cost reduction with respect to double chip solution

▸  BYOD-Model for several applications: payment and access control

▸  Standard Android Open API to access SE

NFC SIM cards are successful only on several markets. Adoption world-wide is still low after 10 years

Ideal solution for consumer devices and wearables with payment or authentication function


eSIM:FromdiscretechiptoASIC

▸  Cost reduction comparing with separate highly-secure SIM-chip solution

▸  High level of protection can be ensured by various hardware components (IP blocks)

▸  Shared on-chip resources with other components (cost reduction factor)

▸  Different secure cores can be used (ARM SC300, Synopsys ARC, Cortus APS3)

▸  Close integration with Baseband subsystem

▸  Support of GSMA Remote SIM Provisioning for consumer devices enabling in-device provisioning

Significant cost reduction for new devices implementing Embedded SIM concept!


SoRwareimplementa&onsofeSIM

▸  Functionally implement full ETSI and GSMA software stacks

▸  Significant cost reduction per a single end-point

▸  Use of ARM® TrustZone® CryptoCell Technology, can run on application processor

▸  Execution on top of Trusted Execution Environment

▸  Common criteria qualification EAL2+

▸  Can be hardened by hardware components, ex. Secure Memory

• No tamper resistance without additional hardware

• Several TEE providers including Open Source solutions


5FF:towardssingleSEforIoTdevices

▸  Secure end-point concept for wide-range of devices including narrow band technologies

▸  Different security levels: from highly secure to software-based (cost reduction per device)

▸  Extensible list of supported network access technologies, ex. LoRa, Sigfox

▸  Focus on industrial interfaces (SPI, I2C, ISO7816)

▸  Focus on IoT industrial protocols (IPv6, CoAP, MQTT)

▸  Adoption of ETSI, Global Platform and GSMA standards

•  Flexibility and easy integration •  Additional costs per a secured

device •  Simple maintenance

eSIM Specifications paves the road for the universal SE for IoT devices


Challenges:

Is Common Criteria evaluation applicable?

eSIMinAutomo&ve:beyondnetworkauthen&ca&on

▸  Migration from wired to wireless interfaces is a significant security challenge for the car industry

▸  Different national regulations lead to requirements to have many eSIMs/SEs (Tolls, tachograph, fleet management etc)

Ø  A connected car is very sensitive to external attacks. There are lot of documented cases

Ø  eSIM has a chance to play much more significant role than just a network authentication token:

• Secure end-point for remote services • Root of trust for on-board equipment


SecuringIoTwitheSIM

▸  Security model based of the protected data/access endpoint concept

▸  Initial provisioning of IoT devices and lifecycle support

▸  Security for TLS-communication (End-to-End Security)

▸  Storage of important credentials

▸  Bootstrapping of M2M devices

▸  Data integrity and security during firmware updates

▸  Trusted execution environment for critical applications

eSIM will provide a significant value for the security of connected IoT devices


▸  M2M Root Key used for mutual authentication and key agreement between the D/G M2M Node and the M2M Service Provider

Kmr

Kmc

KMA1

▸  M2M Connection Key, renewed with every new D/G M2M Node authentication

Supported bootstrap procedures •  GBA (Generic Bootstrapping Architecture). Uses

Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application)

•  EAP/PANA - Uses network access credentials by means of EAP-AKA

KMA2

Optional bootstrap of M2M Service Layer Credentials in the field:

•  Establishment of shared secret Kmr in Device and Network, adequately protected

•  Alternative - pre-provisioning, e.g. via eUICC

KMA3

M2MBootstrappingwitheSIM


OverviewofdifferentIoTSEsolu&ons

more expensive

Hardware based solutions

less secure

No hardware bundling

more secure

▸  More hardware in most of the cases means more security

▸  Different hardware and software options provide a way to minimize costs

less expensive

HighlysecureSE,CCEAL5+

TEE-based

TEE-basedwithhardwarehardening

So8eSIM

HardwareSecure,NoCC


CellnetrixeSIMSolu&on


CelsiumeSIMEmbeddedOpera&ngSystem

ReferenceDesignandSamples

Addi&onalApplica&ons

•  Support of multiple semiconductor platforms

•  No hardware mandatory, solutions for mobile SoC available

•  Support of various operating environments: Android, Embedded Linux, Windows, ThreadX

•  Different security levels

•  Full compliance with GSMA and most recent ETSI specifications

•  Flexible licensing models including full source code options

CelSIUM significantly reduces time to market for new devices implementing Embedded SIM concept!

Key Advantages: CelsiumDevelopmentPlaXormisoursolu&ontoaddressintegra&onofeSIMintoconnecteddevices

Simula&onanddevelopmentenvironment

Ques&ons?

Email: [email protected] Web: www.cellnetrix.com

Cellnetrix GmbH Holstenkamp 54, D-22525 Hamburg, Germany Tel. + 49 40 49022 360 Fax.+ 49 40 49022 358

Thank you for your attention!

We’re pleased to answer your questions!

M2M_Summit_VNagin_eSIM_opportunities_for_IoT

Documents