Systems & Design
SPONSOR BLOG

Navigating IoT Security

Deploying integrated SIM as a tamper-resistant secure element in a baseband SoC.

popularity

By Dana Neustadter (Synopsys), Ruud Derwig (Synopsys), and Martin Rösner (G+D)

IoT expansion requires secure and efficient connectivity between machines. Integrated SIM technology and remote SIM provisioning can make this possible.

Subscriber Identity Module (SIM) cards have been around for a long time, with Giesecke+Devrient (G+D) developing and delivering the first commercial SIM cards in 1991. If you have a cell phone, you will be familiar with these small security anchors that protect phones, networks, and data from fraud and misuse. They also enable phones to securely authenticate and communicate within a mobile network infrastructure managed by carriers. With deployment starting over the last few years, iSIM, also called an integrated Universal Integrated Circuit Card (iUICC), is the newest SIM kid on the block. iSIMs are embedded directly into a system on chip (SoC) as a tamper-resistant secure element, bringing trust and enabling secure connectivity and control, while saving cost and space, simplifying the system development process, and overall offering a significant ease-of-use improvement in the way IoT device connectivity is activated and secured. In addition to the functional advantages, the iSIM also offers sustainability benefits such as reduced CO2 emissions.

Enabling iSIM to support remote SIM provisioning (RSP) calls for an integrated solution that brings together secure services and a secure SIM operating system (OS) with secure hardware. This is the type of challenge that has led to a collaboration between G+D, which continues to lead the way in SIM innovation, and Synopsys, with its expertise in trusted hardware. Putting their heads together, the two companies have come up with an innovative integrated, secure iSIM solution. In a nutshell, Synopsys tRoot Hardware Secure Modules (HSMs) provide silicon-proven, self-contained security IP solutions with root of trust. The HSMs are combined with G+D’s secure SIM OS to enable tamper-resistant elements which are usable within an SoC and serve as an isolated hardware component. G+D’s award-winning RSP services provide seamless management of the SIM profiles. Figure 1 depicts the secure iSIM solution.

“Offering the promise of seamless secure management of SIM profiles, iSIMs help accelerate the broad scaling of the IoT by providing high flexibility to choose the preferred cellular networks throughout the lifetime of devices,” said Andreas Morawietz, global head of Digital Connectivity Portfolio Strategy at G+D. “Our standards-compliant remote SIM provisioning service together with the secure SIM OS integrated with Synopsys’ tRoot Hardware Secure Modules provide an integrated iSIM secure solution at the start of the IoT value chain, delivering benefits to downstream IoT players.”

Fig. 1: Integrated, secure iSIM solution featuring Synopsys and G+D technologies. 

Evolution of SIM technology charts course for the IoT

The breadth of the IoT has become expansive thanks to the prevalence of cellular networks, sensors, cloud computing, AI, and other technologies that enable connectivity and intelligence. Consider, as one example, all the devices and systems that can bring a smart city to life. From traffic signals and streetlights to meters and energy grids, each of these systems must be able to collect and share data that leads to better decision-making and outcomes, as well as more efficient and effective processes. With the integration of AI capabilities, these devices would also be able to act autonomously. SIM technology acts as a trust anchor for secure identification, authentication, and communication. Over the years as new devices enter the IoT realm, users have expectations of increasingly seamless connectivity, simple remote management, and the ability to select their preferred carriers. This has seen removable physical SIMs giving way to embedded SIMs (eSIM) which are soldered onto devices.

As the newest entry in this evolution, iSIMs are anticipated to grow in popularity, answering the call for more optimized, flexible, and secure solutions to allow more things to be connected and controlled. Because it isn’t a disparate chipset, an iSIM provides cost, power, and area efficiency, ideal for small, battery-powered IoT devices, particularly those that operate in low-power wide area networks (LPWANs) through narrowband IoT (NB-IoT) or long-term evolution for machines (LTE-M) technologies. iSIMs also work well in larger industrial systems such as smart meters or even vehicles. In such systems, the SIM technology could be located in hard-to-reach places, making remote management an ideal approach.

While iSIM and remote provisioning are opening up a new ecosystem, these capabilities are only appealing if they’re backed by rock-solid security. Fortunately, there’s quite a lot of technology available to secure network connections and authenticate communicating partners. iSIMs must be developed to offer the same level of security as traditional SIM solutions. For network operators to trust iSIMs, security certification of iSIMs is essential. This is especially important since the network operators don’t control the SIM hardware and software, as it comes with the IoT device and can originate from any number of vendors.

Complete, integrated IoT security solution

The Synopsys and G+D collaboration has been successfully deployed in the field and acknowledged by Tier1 operators for several years. Our efforts bring together complementary technologies that form a complete iSIM security solution for integration into a baseband SoC.

Synopsys’ tRoot HSMs are ideal for SoCs supporting a variety of applications in addition to the IoT, including industrial control, networking, automotive, media, and mobile devices. A hardware root of trust allows chip manufacturers and their OEM customers to create a strong cryptographic device identity for a unique device instance and provides a secure environment for protecting sensitive data and operations. In addition to the secure SIM OS, G+D also provides remote provisioning and device management secure services. The resulting iSIM solution comes with a small footprint and low power consumption and allows for more efficient production, faster time to market and, without extra housing or plastic, greater sustainability. With encrypted loading of chip-unique data (the SIM BLOB, or binary large object), the iSIM can be installed on a chipset without certification of the production facility.

As smart, connected devices become more ubiquitous, ensuring trust that the devices and their data will remain safe from security threats will remain a top priority. Secure remote SIM provisioning helps to streamline device connections and controls in a safe manner. Through our collaboration, Synopsys and G+D are providing mobile network operators and semiconductor manufacturers with a complete security solution for all-in-one connectivity that can nurture the continued expansion of the IoT.

For more information, see Synopsys tRoot Hardware Secure Modules (HSMs).

Ruud Derwig is a principal software engineer for Security IP Solutions at Synopsys.

Martin Rösner is the director for the Digital Connectivity Portfolio Strategy at G+D.



Leave a Reply


(Note: This name will be displayed publicly)