Blog from ARM: Unlocking Secure IoT Device Connectivity with iSIM

Unlocking Secure IoT Device Connectivity with iSIM

It is not far-fetched imagining trillions of devices at every point of intelligence around the world, all hyperconnected to the Internet of Things (IoT). There certainly is no shortage of IoT use cases. We already have technology for connecting devices on a wireless sensor network, in turn connected through a gateway to an IP-based network. So, what’s holding back faster progress?

Three factors limit today’s IoT: monetization, fragmentation, and security. Achieving the trillions potential for IoT devices means unlocking cellular-grade IoT device connectivity. This approach enables network operators and application developers to make money, overcomes network fragmentation, and adds security features necessary to protect data and people everywhere.

Silicon implementations will be at the heart of this new approach. Just as cores and chips ignited explosive growth in mobile devices, on-chip integration will drive the IoT into new territory.

Operators can Double Down

The cellular-connected IoT device ecosystem now includes nearly every major mobile network operator (MNO) worldwide. The opportunity is enormous. Ericsson is projecting IoT devices will outnumber mobile phones in 2018, and 70% of a projected 2.1B wide-area IoT devices will use cellular technology by 2022. Seeing large numbers of cellular-connected IoT devices, Machina Research is anticipating a $1.8T opportunity for IoT service revenue by 2026. [1], [2]

This growth hinges on a secure, flexible, scalable digital subscriber model for cellular-connected devices. If IoT devices can be provisioned much like mobile devices, monetizing IoT devices is straightforward for operators.

Sidebar: iSIM builds on eUICC

The Universal Integrated Circuit Card, or UICC, has served the mobile industry for decades. The subscriber identity module (SIM), a function within a UICC, became ubiquitous in GSM and newer CDMA phones supporting LTE. A programmed SIM contains network-specific information and a subscriber’s international mobile subscriber identity (IMSI), allowing a phone to join a network securely.

For M2M modules where there is no need to change a SIM card, embedded UICC (eUICC) provides a MFF2 chip form factor soldered-down to a board. eUICC added the ability to hold multiple SIM profiles, and to update them over-the-air. This means eUICC-enabled devices can switch from network to network over their extended lifetime, avoiding obsolescence if networks are sunsetted.

Integrated SIM (iSIM) technology builds on eUICC functionality targeting low-power IoT devices. By integrating the processor core and encryption in a system-on-chip (SoC), iSIM technology has benefits in cost, power, and security.

New low-power, on-chip integrated SIM (iSIM) technology completes the picture for MNOs looking to tap into the IoT. An iSIM approach allows a connected device to go anywhere in the world and join an IoT network, securely and cost-effectively. It enables a common set of operating principles MNOs already use, including:

  • Device identity
  • Trusted boot sequence
  • Remote provisioning and over-the-air (OTA) programming
  • Subscription management
  • Orchestration

Leveraging cellular connectivity and iSIM technology, MNOs can effectively “double down” on their investments in mobile infrastructure and people. This can bring tremendous numbers of devices onto the IoT quickly. Use cases that were priced out due to infrastructure issues, such as agricultural, automotive, or anything requiring mobile or rural coverage, now become feasible. When more IoT device designers incorporate iSIM technology, deployment and lifecycle support become easier as the ecosystem grows.

Defragmenting the IoT Horizon

Several low-power wide-area (LPWA) networks exist today – mostly within closed ecosystems. While they each address connectivity for their preferred use case, they force infrastructure choices. With several competitors offering proprietary protocols, interoperability between these networks at the edge becomes a problem. Today, islands operate on various LPWA technologies rather than forming a true IoT.

Cellular connectivity specifications can cut this fragmentation. Release 8 of the 3GPP specification offered LTE Cat-1, in between higher bandwidths needed for consumer mobile and lower bandwidths most IoT sensors use. Cat-0 was added in Release 12, reducing complexity for IoT use cases. Release 13 in June 2016 specified two new UE categories. Cat-M1 reduces complexity further while retaining the LTE radio interface; NB-IoT brings a new radio interface, with an “in-band” mode using LTE resource blocks yet needing far less power and bandwidth.

These cellular connectivity specifications have enormous unifying potential. They open more IoT use cases by piggybacking on cellular infrastructure in licensed spectrum, across bandwidth and power operating points. Use cases including smart metering, automotive, home automation, agriculture, and asset tracking, especially applications requiring indoor coverage.

Creating a Secure Enclave in SoCs

IoT SoCs are becoming distinct from mobile SoCs and high-performance microcontrollers. Unique requirements push SoC optimization for an IoT use case, targeting requirements including connectivity, battery life, and security.

iSIM technology embraces the “secure enclave” concept, implemented on-chip using semiconductor and software IP. This secure enclave is fully partitioned from the rest of the SoC, with self-contained processing and encryption elements running a secure operating system. The iSIM approach is at least as logically secure, and more physically secure, than using a discrete SIM outside an SoC.  A secure enclave on-chip has several other strong benefits:

  • Reduced BOM cost: Obviously, bill-of-materials cost is reduced through eliminating either a plastic card and tray, or a soldered-down chip. With compute cores, wireless radios, and iSIM functions integrated within one SoC, power management can fully optimize battery life.
  • Minimized attack surface: Integration in the SoC eases certification of the secure operating system and reduces the efforts for creating secure applications. The resulting attack surface is minimized, with only a defined API available to the rest of the SoC.
  • Total cost of ownership (TCO): With no plastic cards or extra chips, no assembly steps, and fewer devices in the supply chain, manufacturing costs for iSIM-based devices are lower. iSIM technology also eliminates any chance of mishandling prior to, during, and after deployment, and reduces the opportunity for physical tampering.

Expanding the iSIM Ecosystem

As the last piece in the cellular-grade IoT puzzle, iSIM technology brings everything together. It is more cost-effective, both at the device level and in TCO terms. It provides a totally secure identity that enables remote provisioning, subscription management, and orchestration for MNOs. With standardized platform elements, interoperability is enhanced.

Arm has announced a new iSIM solution at MWC 2018, helping IoT design teams and MNOs in jumpstarting efforts. Arm Kigen technology addresses an end-to-end identity solution:

  • Kigen OS: For a GSMA-compliant iSIM implementation, Arm provides a low-footprint Kigen OS secure operating system and embedded application stack, which can run on the Arm TrustZone CryptoIsland energy-efficient hardware security subsystem in IP form.
  • Kigen remote provisioning server: For a remote provisioning solution compliant with GSMA, ETSI, and SIMalliance specifications, Arm provides a modular implementation with integrated OTA functionality easily integrated into MNO platforms.

For more on the Arm announcements, visit:

Arm delivers integrated SIM identity to secure next wave of cellular IoT devices

Once an end-to-end cellular-grade IoT device connectivity solution exists, we can bring what could be trillions of new IoT devices into play. Expanding the iSIM ecosystem is a major step in completing the cellular-grade solution. iSIM provides a solid technological implementation and enables a business model that allows rapid deployment and effective lifecycle management.


By Loic Bonvarlet, Director of Marketing – Secure Identity


[1] “The connected future: Internet of Things forecast”, Ericsson web site,

[2] “GSMA Highlights US$1.8 Trillion IoT Revenue Opportunity for Mobile Network Operators”, GSMA, September 7, 2017,