How Does the SIM Help to Secure Data When Using LTE-M or NB-IoT?

Monday 15 Jul 2019 | Both Technologies | MIoT Technology |

How Does the SIM Help to Secure Data When Using LTE-M or NB-IoT? image

Below, get insights from leading industry experts that form the Mobile IoT Expert panel. Questions are submitted by members of the GSMA Mobile IoT Innovators. To submit your own question, join the community for free here and find out more about the panel here.

 

How does the SIM help to secure data when using LTE-M or NB-IoT?

 
Sharath Muddaiah, Director, Strategic Solutions & IoT at Giesecke+Devrient Mobile Security GmbH

Sharath-Muddaiah-websiteUplink IoT sensor data & downlink IoT commands and configuration sets need to be secured and protected against snooping and tampering. There is no common secure area for the storage of the security keys in the many thousand Mobile IoT devices. A suggested solution can be to make use of the widespread ever present SIM* in the IoT devices. With the data security keys & functions embedded and enabled by the SIM, the application developers & service providers need not worry about the handling of the security credentials. They can use the trusted SIM as a black-box for their security and assurance.

Using the SIM, the uplink bound IoT sensor data from the IoT device to the cloud are securely encrypted with the IoT application layer security keys. The downlink received command (data set) sent to the IoT device can be securely decrypted and verified by the SIM before the IoT device executes the sensitive commands. This low dependency solution is a fast and cost effective way to introduce IoT security instead of modifying or redesigning existing IoT devices. The encryption key derivation and management in the Mobile Network Operator’s (MNO’s) own trusted secure element eliminates the need for disparate, uncoordinated and other disjoint non-secure solutions. Standard industry trusted and proven crypto algorithms are the basis of such a SIM based solution.

An alternative option would be having the security keys stored in the IoT device, which in most cases do not have a secure element (SE) due to its targeted low cost. Here, each service provider has to figure out a way to securely and confidentially load the security keys onto the IoT devices. Most companies are not familiar with such processes and do not have the time and resources to implement it properly. In the worst case this allows various security cracks compromising their IoT devices. We’ve also experienced from the many security discussions, that to be market competitive the security solution must ideally be independent of the IoT device and module or chipset to not raise the bill of material (BOM) of these cost sensitive end devices.

The advantage of the simple and secure SIM based solution is that the service providers do not need to setup expensive VPN’s or lease lines to transport the IoT data, and the device manufacturers do not need to invest in extra SE’s. The uplink IoT sensor data & downlink IoT commands and configuration sets can only be viewed and generated only by the Party with the proper ownership credentials. Such a SIM based solution prevents attackers from illicitly falsifying data or hijacking IoT devices. Importantly, this easily meets the demand from IoT device manufacturers for low cost and robust security solutions.

* SIM cards (UICC cards as defined by 3GPP/ETSI) are secure elements designed to protect secret keys and perform secure operations like network authentication for MNO’s.