Embedded SIM New opportunities for security sensitive IoT applications

Embedded SIM

New opportunities for

security sensitive IoT

applications

Embedded SIM

New opportunities for

security sensitive IoT

applications

EvolutionEvolution from SIM to from SIM to eeSIMSIM

© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 2 • 30/09/2016

1988

• Invention of

GSM SIM

1992

• First SIM

supporting OTA

• Wide adoption

for GSM

networks

• First SIM based

payments solution

• SIM Tookit

• De-factor

standard for

mobile security

1998

• Introduction of

USIM for 3G

Networks

• First combined

2G/3G solution

2002

28 years of keeping mobile networks

secure

2014

• First NFC USIM

• Introduction of

LTE USIM

• Embedded SIM

based on GSMA

Specifications

2008

• First embedded

SIM specification

from GSMA (M2M)

• Apple SIM

• Original SIM is

digitized

Understanding Understanding eeSIMSIM


▸ An embedded SIM (aka eSIM or eUICC* ) is a UICC

supporting OTA** remote SIM provisioning of digital

SIM-tokens

▸ 2 Industry Standards (GSMA-backed and Apple SIM)

▸ A physical hardware is still

required to

make eSIM fully secure

▸ An eSIM can have several

form factors : from traditional

plug-in to solderable

▸ Remote SIM provisioning is a feature providing a way

to

download Over-The-Air the a digital SIM containing

operator profile

*UICC – Universal Integrated Chip Circuit (ETSI Standards)

IoTIoT Market DevelopmentMarket Development

▸ Industry stays at the beginning of a new Epoch – Industry 4.0

▸ Internet of things is where objects connect to each other directly

▸ Number of connected devices and connections will grow rapidly over next few years

▸ Most communicating

objects will be simple

LPWA IoT devices with

low or no security at all


Situation with mobile securitySituation with mobile security

90% of devices store personal data and information 60% of devices have

user interface vulnerabilities

80% of devices have got weak passwords

70% devices transmit unprotected data

60% of devices download software without proper security

*HPE Research


Hackers can target:

Why Why IoTIoT systems are affectedsystems are affected

▸ IoT devices are mostly low power LPWA devices or devices with short range connectivity and lack computing performance

▸ There are too many unprotected data end-points to protect them with a separate security system

▸ There are too many diversified data objects transmitted

▸ Communications should be real-time for many systems

Security is often disabled, data Security is often disabled, data

transmission is not secured, integrity transmission is not secured, integrity

is not ensured is not ensured

Control Systems Network equipment Communication

channels Data end-points


MNO SPACE OEM SPACE MNO SPACE OEM SPACE

eSIMeSIM architecturearchitecture: OEM vs. MNO: OEM vs. MNO

eSIM

Global Platform Java Card VM & Java Card VM & RE 3.0.4RE 3.0.4

Profile 2

ISD-R

NFC

3G File System

Profile 1

Profile 3

UICC FrameworkUICC Framework

Authentication

OEM “user” applicationsOEM “user” applications

SSD-P (1) SSD-P(2) SSD-P(3)


Form factor evolutionForm factor evolution

WLCSP MFF1/MF

F2 (DFN6x5)

DFN 4x4.2

Software TEE

ASIC

1988 2003 2010 2012

Evolution from physical form-factor to

software solution

2015

3FF

4FF

5FF?


Single SE Single SE forfor consumerconsumer devicesdevices

▸ Combination of NFC Secure Element and eSIM in a single chip

▸ High level of security is ensured by a single high security microcontroller

▸ Significant cost reduction with respect to double chip solution

▸ BYOD-Model for several applications: payment and access control

▸ Standard Android Open API to access SE

NFC SIM cards are successful only on several

markets. Adoption world-wide is still low after

10 years

Ideal solution for consumer

devices and wearables with

payment or authentication

function


eSIMeSIM: From discrete chip to ASIC: From discrete chip to ASIC

▸ Cost reduction comparing with separate highly-secure SIM-chip solution

▸ High level of protection can be ensured by various hardware components (IP blocks)

▸ Shared on-chip resources with other components (cost reduction factor)

▸ Different secure cores can be used (ARM SC300, Synopsys ARC, Cortus APS3)

▸ Close integration with Baseband subsystem

▸ Support of GSMA Remote SIM Provisioning for consumer devices enabling in-device provisioning

Significant cost reduction for new devices implementing Embedded SIM concept!

© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 10 •

30/09/2016

Software Software implementations implementations ofof eSIMeSIM

▸ Functionally implement full ETSI and GSMA software stacks

▸ Significant cost reduction per a single end-point

▸ Use of ARM® TrustZone® CryptoCell Technology, can run on application processor

▸ Execution on top of Trusted Execution Environment

▸ Common criteria qualification EAL2+

▸ Can be hardened by hardware components, ex. Secure Memory

• No tamper resistance

without additional

hardware

• Several TEE providers

including Open Source

solutions


30/09/2016

5FF: 5FF: towardstowards singlesingle SE SE forfor IoTIoT devicesdevices

▸ Secure end-point concept for wide-range of devices including narrow band technologies

▸ Different security levels: from highly secure to software-based (cost reduction per device)

▸ Extensible list of supported network access technologies, ex. LoRa, Sigfox

▸ Focus on industrial interfaces (SPI, I2C, ISO7816)

▸ Focus on IoT industrial protocols (IPv6, CoAP, MQTT)

▸ Adoption of ETSI, Global Platform and GSMA standards

• Flexibility and easy integration

• Additional costs per a secured

device

• Simple maintenance

eSIM Specifications paves the road for

the universal SE for IoT devices


30/09/2016

Challenges:

Is Common Criteria evaluation applicable?

eSIMeSIM in Automotive: beyond network in Automotive: beyond network authenticationauthentication

▸ Migration from wired to wireless

interfaces is a significant security

challenge for the car industry

▸ Different national regulations lead to

requirements to have many eSIMs/SEs

(Tolls, tachograph, fleet management

etc)

A connected car is very sensitive to external

attacks. There are lot of documented cases

eSIM has a chance to play much more significant role than just a

network authentication token:

• Secure end-point for remote services

• Root of trust for on-board equipment


30/09/2016

Securing Securing IoTIoT with with eSIMeSIM

▸ Security model based

of the protected data/access endpoint concept

▸ Initial provisioning of IoT devices and lifecycle

support

▸ Security for TLS-communication (End-to-End

Security)

▸ Storage of important credentials

▸ Bootstrapping of M2M devices

▸ Data integrity and security during firmware updates

▸ Trusted execution environment for critical

applications

eSIM will provide a significant value for the

security of connected IoT devices


30/09/2016

▸ M2M Root Key used for mutual authentication

and key agreement between the D/G M2M Node

and the M2M Service Provider

Kmr

Kmc

KMA1

▸ M2M Connection Key, renewed with every

new D/G M2M Node authentication

Supported bootstrap procedures

• GBA (Generic Bootstrapping Architecture). Uses

Access Network credentials in UICC (e.g. USIM,

CSIM or ISIM application)

• EAP/PANA - Uses network access credentials by

means of EAP-AKA

KMA2

Optional bootstrap of M2M Service Layer Credentials in the

field:

• Establishment of shared secret Kmr in Device and Network,

adequately protected

• Alternative - pre-provisioning, e.g. via eUICC

KMA3

M2M BootstrappingM2M Bootstrapping with with eSIMeSIM


30/09/2016

OverviewOverview ofof different different IoTIoT SE SE solutionssolutions

more expensive

Hardware based solutions

less secure

No hardware bundling

more secure

▸ More hardware in most of the cases means

more security

▸ Different hardware and software options

provide a way to minimize costs

less expensive

Highly secure SE, CC EAL5+

TEE-based

TEE-based TEE-based with hardware hardening

Soft eSIM

Hardware Secure, No CC


30/09/2016

Cellnetrix Cellnetrix eSIMeSIM SolutionSolution


Celsium eSIM Embedded

Operating System

Reference Design and Samples

Additional Applications

• Support of multiple

semiconductor platforms

• No hardware mandatory,

solutions for mobile SoC

available

• Support of various operating

environments: Android,

Embedded Linux, Windows,

ThreadX

• Different security levels

• Full compliance with GSMA and

most recent ETSI specifications

• Flexible licensing models

including full source code options

CelSIUM significantly reduces time to market for new devices implementing Embedded SIM concept!

Key Advantages:

CelsiumCelsium Development Platform Development Platform is our solution to is our solution to address integration of address integration of eSIMeSIM into connected into connected devicesdevices

Simulation and development environment

QuestionsQuestions??

Email: [email protected]

Web: www.cellnetrix.com

Cellnetrix GmbH

Holstenkamp 54,

D-22525 Hamburg, Germany

Tel. + 49 40 49022 360

Fax.+ 49 40 49022 358

Thank you for your attention!

We’re pleased to answer your questions!

http://www.cellnetrix.com/