View
17
Download
1
Category
Preview:
Citation preview
Embedded SIM
New opportunities for
security sensitive IoT
applications
Embedded SIM
New opportunities for
security sensitive IoT
applications
EvolutionEvolution from SIM to from SIM to eeSIMSIM
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 2 • 30/09/2016
1988
• Invention of
GSM SIM
1992
• First SIM
supporting OTA
• Wide adoption
for GSM
networks
• First SIM based
payments solution
• SIM Tookit
• De-factor
standard for
mobile security
1998
• Introduction of
USIM for 3G
Networks
• First combined
2G/3G solution
2002
28 years of keeping mobile networks
secure
2014
• First NFC USIM
• Introduction of
LTE USIM
• Embedded SIM
based on GSMA
Specifications
2008
• First embedded
SIM specification
from GSMA (M2M)
• Apple SIM
• Original SIM is
digitized
Understanding Understanding eeSIMSIM
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 3 • 30/09/2016
▸ An embedded SIM (aka eSIM or eUICC* ) is a UICC
supporting OTA** remote SIM provisioning of digital
SIM-tokens
▸ 2 Industry Standards (GSMA-backed and Apple SIM)
▸ A physical hardware is still
required to
make eSIM fully secure
▸ An eSIM can have several
form factors : from traditional
plug-in to solderable
▸ Remote SIM provisioning is a feature providing a way
to
download Over-The-Air the a digital SIM containing
operator profile
*UICC – Universal Integrated Chip Circuit (ETSI Standards)
IoTIoT Market DevelopmentMarket Development
▸ Industry stays at the beginning of a new Epoch – Industry 4.0
▸ Internet of things is where objects connect to each other directly
▸ Number of connected devices and connections will grow rapidly over next few years
▸ Most communicating
objects will be simple
LPWA IoT devices with
low or no security at all
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 4 • 30/09/2016
Situation with mobile securitySituation with mobile security
90% of devices store personal data and information 60% of devices have
user interface vulnerabilities
80% of devices have got weak passwords
70% devices transmit unprotected data
60% of devices download software without proper security
*HPE Research
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 5 • 30/09/2016
Hackers can target:
Why Why IoTIoT systems are affectedsystems are affected
▸ IoT devices are mostly low power LPWA devices or devices with short range connectivity and lack computing performance
▸ There are too many unprotected data end-points to protect them with a separate security system
▸ There are too many diversified data objects transmitted
▸ Communications should be real-time for many systems
Security is often disabled, data Security is often disabled, data
transmission is not secured, integrity transmission is not secured, integrity
is not ensured is not ensured
Control Systems Network equipment Communication
channels Data end-points
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 6 • 30/09/2016
MNO SPACE OEM SPACE MNO SPACE OEM SPACE
eSIMeSIM architecturearchitecture: OEM vs. MNO: OEM vs. MNO
eSIM
Global Platform Java Card VM & Java Card VM & RE 3.0.4RE 3.0.4
Profile 2
ISD-R
NFC
3G File System
Profile 1
Profile 3
UICC FrameworkUICC Framework
Authentication
OEM “user” applicationsOEM “user” applications
SSD-P (1) SSD-P(2) SSD-P(3)
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 7 • 30/09/2016
Form factor evolutionForm factor evolution
WLCSP MFF1/MF
F2 (DFN6x5)
DFN 4x4.2
Software TEE
ASIC
1988 2003 2010 2012
Evolution from physical form-factor to
software solution
2015
3FF
4FF
5FF?
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 8 • 30/09/2016
Single SE Single SE forfor consumerconsumer devicesdevices
▸ Combination of NFC Secure Element and eSIM in a single chip
▸ High level of security is ensured by a single high security microcontroller
▸ Significant cost reduction with respect to double chip solution
▸ BYOD-Model for several applications: payment and access control
▸ Standard Android Open API to access SE
NFC SIM cards are successful only on several
markets. Adoption world-wide is still low after
10 years
Ideal solution for consumer
devices and wearables with
payment or authentication
function
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 9 • 30/09/2016
eSIMeSIM: From discrete chip to ASIC: From discrete chip to ASIC
▸ Cost reduction comparing with separate highly-secure SIM-chip solution
▸ High level of protection can be ensured by various hardware components (IP blocks)
▸ Shared on-chip resources with other components (cost reduction factor)
▸ Different secure cores can be used (ARM SC300, Synopsys ARC, Cortus APS3)
▸ Close integration with Baseband subsystem
▸ Support of GSMA Remote SIM Provisioning for consumer devices enabling in-device provisioning
Significant cost reduction for new devices implementing Embedded SIM concept!
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 10 •
30/09/2016
Software Software implementations implementations ofof eSIMeSIM
▸ Functionally implement full ETSI and GSMA software stacks
▸ Significant cost reduction per a single end-point
▸ Use of ARM® TrustZone® CryptoCell Technology, can run on application processor
▸ Execution on top of Trusted Execution Environment
▸ Common criteria qualification EAL2+
▸ Can be hardened by hardware components, ex. Secure Memory
• No tamper resistance
without additional
hardware
• Several TEE providers
including Open Source
solutions
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 11 •
30/09/2016
5FF: 5FF: towardstowards singlesingle SE SE forfor IoTIoT devicesdevices
▸ Secure end-point concept for wide-range of devices including narrow band technologies
▸ Different security levels: from highly secure to software-based (cost reduction per device)
▸ Extensible list of supported network access technologies, ex. LoRa, Sigfox
▸ Focus on industrial interfaces (SPI, I2C, ISO7816)
▸ Focus on IoT industrial protocols (IPv6, CoAP, MQTT)
▸ Adoption of ETSI, Global Platform and GSMA standards
• Flexibility and easy integration
• Additional costs per a secured
device
• Simple maintenance
eSIM Specifications paves the road for
the universal SE for IoT devices
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 12 •
30/09/2016
Challenges:
Is Common Criteria evaluation applicable?
eSIMeSIM in Automotive: beyond network in Automotive: beyond network authenticationauthentication
▸ Migration from wired to wireless
interfaces is a significant security
challenge for the car industry
▸ Different national regulations lead to
requirements to have many eSIMs/SEs
(Tolls, tachograph, fleet management
etc)
A connected car is very sensitive to external
attacks. There are lot of documented cases
eSIM has a chance to play much more significant role than just a
network authentication token:
• Secure end-point for remote services
• Root of trust for on-board equipment
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 13 •
30/09/2016
Securing Securing IoTIoT with with eSIMeSIM
▸ Security model based
of the protected data/access endpoint concept
▸ Initial provisioning of IoT devices and lifecycle
support
▸ Security for TLS-communication (End-to-End
Security)
▸ Storage of important credentials
▸ Bootstrapping of M2M devices
▸ Data integrity and security during firmware updates
▸ Trusted execution environment for critical
applications
eSIM will provide a significant value for the
security of connected IoT devices
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 14 •
30/09/2016
▸ M2M Root Key used for mutual authentication
and key agreement between the D/G M2M Node
and the M2M Service Provider
Kmr
Kmc
KMA1
▸ M2M Connection Key, renewed with every
new D/G M2M Node authentication
Supported bootstrap procedures
• GBA (Generic Bootstrapping Architecture). Uses
Access Network credentials in UICC (e.g. USIM,
CSIM or ISIM application)
• EAP/PANA - Uses network access credentials by
means of EAP-AKA
KMA2
Optional bootstrap of M2M Service Layer Credentials in the
field:
• Establishment of shared secret Kmr in Device and Network,
adequately protected
• Alternative - pre-provisioning, e.g. via eUICC
KMA3
M2M BootstrappingM2M Bootstrapping with with eSIMeSIM
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 15 •
30/09/2016
OverviewOverview ofof different different IoTIoT SE SE solutionssolutions
more expensive
Hardware based solutions
less secure
No hardware bundling
more secure
▸ More hardware in most of the cases means
more security
▸ Different hardware and software options
provide a way to minimize costs
less expensive
Highly secure SE, CC EAL5+
TEE-based
TEE-based TEE-based with hardware hardening
Soft eSIM
Hardware Secure, No CC
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 16 •
30/09/2016
Cellnetrix Cellnetrix eSIMeSIM SolutionSolution
© Cellnetrix 2016 • New opportunities for security sensitive IoT Applications • English • 17 • 30/09/2016
Celsium eSIM Embedded
Operating System
Reference Design and Samples
Additional Applications
• Support of multiple
semiconductor platforms
• No hardware mandatory,
solutions for mobile SoC
available
• Support of various operating
environments: Android,
Embedded Linux, Windows,
ThreadX
• Different security levels
• Full compliance with GSMA and
most recent ETSI specifications
• Flexible licensing models
including full source code options
CelSIUM significantly reduces time to market for new devices implementing Embedded SIM concept!
Key Advantages:
CelsiumCelsium Development Platform Development Platform is our solution to is our solution to address integration of address integration of eSIMeSIM into connected into connected devicesdevices
Simulation and development environment
QuestionsQuestions??
Email: vnagin@cellnetrix.com
Web: www.cellnetrix.com
Cellnetrix GmbH
Holstenkamp 54,
D-22525 Hamburg, Germany
Tel. + 49 40 49022 360
Fax.+ 49 40 49022 358
Thank you for your attention!
We’re pleased to answer your questions!
Recommended