Embedded SIM New opportunities for security sensitive IoT applications
Embedded SIM New opportunities for security sensitive IoT
applications
Evolu&onfromSIMtoeSIM
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 2 • 30/09/2016
1988
• Invention of GSM SIM
1992
• First SIM supporting OTA
• Wide adoption
for GSM networks
• First SIM based payments solution
• SIM Tookit
• De-factor standard for mobile security
1998
• Introduction of USIM for 3G Networks
• First combined
2G/3G solution
2002
28 years of keeping mobile networks secure
2014
• First NFC USIM • Introduction of
LTE USIM
• Embedded SIM based on ETSI Specifications
2008
• First embedded
SIM specification from GSMA (M2M)
• Apple SIM
• Original SIM is digitized
UnderstandingeSIM
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 3 • 30/09/2016
▸ An embedded SIM (aka eSIM or eUICC* ) is a UICC supporting OTA** remote SIM provisioning of digital SIM-tokens
▸ 2 Industry Standards (GSMA-backed and Apple SIM)
▸ A physical hardware is still required to make eSIM fully secure
▸ An eSIM can have several form factors : from traditional plug-in to solderable
▸ Remote SIM provisioning is a feature providing a way to download Over-The-Air the a digital SIM containing operator profile
*UICC – Universal Integrated Chip Circuit (ETSI Standards)
IoTMarketDevelopment
▸ Industry stays at the beginning of a new Epoch – Industry 4.0
▸ Internet of things is where objects connect to each other directly
▸ Number of connected devices and connections will grow rapidly over next few years
▸ Most communicating objects will be simple LPWA IoT devices with low or no security at all
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 4 • 30/09/2016
Situa&onwithmobilesecurity
90%ofdevicesstorepersonaldataandinforma1on60%ofdeviceshave
userinterfacevulnerabili1es
80%ofdeviceshavegotweakpasswords
70%devicestransmitunprotecteddata
60%ofdevicesdownloadso8warewithoutpropersecurity
*HPE Research
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 5 • 30/09/2016
Hackerscantarget:
WhyIoTsystemsareaffected
▸ IoT devices are mostly low power LPWA devices or devices with short range connectivity and lack computing performance
▸ There are too many unprotected data end-points to protect them with a separate security system
▸ There are too many diversified data objects transmitted
▸ Communications should be real-time for many systems
Security is often disabled, data transmission is not secured, integrity is not ensured
ü ControlSystemsü Networkequipmentü Communica&on
channelsü Dataend-points
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 6 • 30/09/2016
MNOSPACEOEMSPACE
eSIMarchitecture:OEMvs.MNO
eSIM
Global Platform Java Card VM & RE 3.0.4
Profile 2
ISD-R
NFC
3G File System
Profile 1
Profile 3
UICC Framework Authentication
OEM “user” applications SSD-P (1) SSD-P(2) SSD-P(3)
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 7 • 30/09/2016
Formfactorevolu&on
WLCSPMFF1/MFF2
(DFN6x5)
DFN4x4.2
So8wareTEE
ASIC
1988 2003 2010 2012
Evolution from physical form-factor to software solution
2015
3FF
4FF
5FF?
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 8 • 30/09/2016
SingleSEforconsumerdevices
▸ Combination of NFC Secure Element and eSIM in a single chip
▸ High level of security is ensured by a single high security microcontroller
▸ Significant cost reduction with respect to double chip solution
▸ BYOD-Model for several applications: payment and access control
▸ Standard Android Open API to access SE
NFC SIM cards are successful only on several markets. Adoption world-wide is still low after 10 years
Ideal solution for consumer devices and wearables with payment or authentication function
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 9 • 30/09/2016
eSIM:FromdiscretechiptoASIC
▸ Cost reduction comparing with separate highly-secure SIM-chip solution
▸ High level of protection can be ensured by various hardware components (IP blocks)
▸ Shared on-chip resources with other components (cost reduction factor)
▸ Different secure cores can be used (ARM SC300, Synopsys ARC, Cortus APS3)
▸ Close integration with Baseband subsystem
▸ Support of GSMA Remote SIM Provisioning for consumer devices enabling in-device provisioning
Significant cost reduction for new devices implementing Embedded SIM concept!
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 10 • 30/09/2016
SoRwareimplementa&onsofeSIM
▸ Functionally implement full ETSI and GSMA software stacks
▸ Significant cost reduction per a single end-point
▸ Use of ARM® TrustZone® CryptoCell Technology, can run on application processor
▸ Execution on top of Trusted Execution Environment
▸ Common criteria qualification EAL2+
▸ Can be hardened by hardware components, ex. Secure Memory
• No tamper resistance without additional hardware
• Several TEE providers including Open Source solutions
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 11 • 30/09/2016
5FF:towardssingleSEforIoTdevices
▸ Secure end-point concept for wide-range of devices including narrow band technologies
▸ Different security levels: from highly secure to software-based (cost reduction per device)
▸ Extensible list of supported network access technologies, ex. LoRa, Sigfox
▸ Focus on industrial interfaces (SPI, I2C, ISO7816)
▸ Focus on IoT industrial protocols (IPv6, CoAP, MQTT)
▸ Adoption of ETSI, Global Platform and GSMA standards
• Flexibility and easy integration • Additional costs per a secured
device • Simple maintenance
eSIM Specifications paves the road for the universal SE for IoT devices
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 12 • 30/09/2016
Challenges:
Is Common Criteria evaluation applicable?
eSIMinAutomo&ve:beyondnetworkauthen&ca&on
▸ Migration from wired to wireless interfaces is a significant security challenge for the car industry
▸ Different national regulations lead to requirements to have many eSIMs/SEs (Tolls, tachograph, fleet management etc)
Ø A connected car is very sensitive to external attacks. There are lot of documented cases
Ø eSIM has a chance to play much more significant role than just a network authentication token:
• Secure end-point for remote services • Root of trust for on-board equipment
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 13 • 30/09/2016
SecuringIoTwitheSIM
▸ Security model based of the protected data/access endpoint concept
▸ Initial provisioning of IoT devices and lifecycle support
▸ Security for TLS-communication (End-to-End Security)
▸ Storage of important credentials
▸ Bootstrapping of M2M devices
▸ Data integrity and security during firmware updates
▸ Trusted execution environment for critical applications
eSIM will provide a significant value for the security of connected IoT devices
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 14 • 30/09/2016
▸ M2M Root Key used for mutual authentication and key agreement between the D/G M2M Node and the M2M Service Provider
Kmr
Kmc
KMA1
▸ M2M Connection Key, renewed with every new D/G M2M Node authentication
Supported bootstrap procedures • GBA (Generic Bootstrapping Architecture). Uses
Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application)
• EAP/PANA - Uses network access credentials by means of EAP-AKA
KMA2
Optional bootstrap of M2M Service Layer Credentials in the field:
• Establishment of shared secret Kmr in Device and Network, adequately protected
• Alternative - pre-provisioning, e.g. via eUICC
KMA3
M2MBootstrappingwitheSIM
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 15 • 30/09/2016
OverviewofdifferentIoTSEsolu&ons
more expensive
Hardware based solutions
less secure
No hardware bundling
more secure
▸ More hardware in most of the cases means more security
▸ Different hardware and software options provide a way to minimize costs
less expensive
HighlysecureSE,CCEAL5+
TEE-based
TEE-basedwithhardwarehardening
So8eSIM
HardwareSecure,NoCC
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 16 • 30/09/2016
CellnetrixeSIMSolu&on
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 17 • 30/09/2016
CelsiumeSIMEmbeddedOpera&ngSystem
ReferenceDesignandSamples
Addi&onalApplica&ons
• Support of multiple semiconductor platforms
• No hardware mandatory, solutions for mobile SoC available
• Support of various operating environments: Android, Embedded Linux, Windows, ThreadX
• Different security levels
• Full compliance with GSMA and most recent ETSI specifications
• Flexible licensing models including full source code options
CelSIUM significantly reduces time to market for new devices implementing Embedded SIM concept!
Key Advantages: CelsiumDevelopmentPlaXormisoursolu&ontoaddressintegra&onofeSIMintoconnecteddevices
Simula&onanddevelopmentenvironment
Ques&ons?
Email: [email protected] Web: www.cellnetrix.com
Cellnetrix GmbH Holstenkamp 54, D-22525 Hamburg, Germany Tel. + 49 40 49022 360 Fax.+ 49 40 49022 358
Thank you for your attention!
We’re pleased to answer your questions!