Unleash the Mobile IoT with Secure Connectivity Powered by Integrated SIM

Dana Neustadter, Product Marketing Manager, Synopsys

Introduction

Connected IoT devices such as sensors, object trackers, security cameras, intelligent traffic lights, wearables and smart meters are proliferating at a rapid pace. A significant number of connected IoT devices use cellular technology for communication. 5G is setting the stage for the next wave of devices to enable rapid IoT connectivity at an even greater scale. NB-IoT and LTE-M, which are low power, wide area (LPWA) communication technologies designed for IoT applications, will continue evolving as part of the 5G evolution.

As IoT devices of varied capabilities enter the market, users are looking for seamless, secure connectivity and software upgrades after they purchase the product. Security and remote management can be addressed with scalable and cost efficient solutions based on Subscriber Identification Module (SIM) technology integrated directly into chipsets. Integrated SIM (iSIM) technology provides strong identification and authentication of devices to the network and can act as the trust anchor for secure communications at a lower cost and potential higher security than discrete devices. In addition to the security benefits for users, integrated SIM helps mobile network operators protect their networks from fraud and misuse.

Users like the security that SIM provides, but the traditional SIM technology ties each SIM card to a single mobile network operator. To change network operators, users need to swap out SIM cards—fairly easy for a mobile phone, but more challenging for small form-factor or widely deployed IoT devices with built-in SIMs, such as smart meters used in thousands of households.

New IoT devices need to accept credentials issued by different network operators, and often multiple operators at a time, which is a very different model from the operator-centric model of just a few years ago. To successfully scale and secure IoT devices, system architects are designing in operator flexibility at the silicon level.

This article showcases how end-to-end iSIM solutions enable seamless secure IoT cellular connectivity, providing companies with a scalable model for management and monetization of millions of devices.

iSIM: The Future of Mobile IoT

The SIM card has played a crucial role in the rapid rise of mobile communications over the last 20 years and has evolved over time with various new features introduced along the way and with different form factors (Figure 1) to support new, more capable, and/or smaller devices.

The standard SIM card is now morphing into embedded SIM (eSIM) in consumer and IoT devices. New eSIM standards, driven by the GSMA, allow for devices to include a fixed SIM hardware secure element in the device when it is manufactured, instead of inserting operator provided discrete SIM cards later. The GSMA standardized eSIM protocols enable mobile operators to remotely install and manage the connectivity profiles and subscriber identities of devices in the field. eSIM is also referred to as eUICC (embedded Universal Integrated Circuit Card) and can be offered as a secure element chip, soldered down to a board.

Despite the rapid evolution of SIM technology to date, consumers and product designers are looking for more optimized, secure, and flexible solutions to “unlock” the IoT at a faster pace. They prefer a more open ecosystem model to enable control of any device by any mobile operator, while optimizing cost, size, power, and performance. The result of these market demands is the evolution from eSIM to iSIM. iSIM builds on the eSIM/eUICC remote provisioning functionality, but it is embedded directly into the modem or application system-on-chip (SoC). 

Figure 1: Evolution to iSIM 

Solutions for iSIM

The industry adoption of iSIM is driving a more open mobile network operator ecosystem while cutting form factor and power. iSIM enables designers to integrate functions that previously required discrete chips and modules – such as application processors, modems, and SIMs – into a single SoC (Figure 2). 

Figure 2: Cellular capable SoC that integrates Application Processor, Modem and iSIM secure module

Implementing an integrated solution leads to fewer components, simpler PCBs, and more efficient resource sharing. For example, instead of a SIM card or eSIM chip that requires application and modem processors with their own non-volatile memory, using iSIM on an SoC enables some of these elements to be shared. In addition, peripherals used for communication between separate chips can be eliminated.

Hardware Secure Module with Root of Trust for iSIM

Synopsys provides multiple iSIM solution options for designers to choose from when implementing an iSIM secure module:

  • tRoot Fx Hardware Secure Modules (HSMs) are configurable solutions with hardware (RTL), reference software, and tools. In this case the customer finalizes the solution with eSIM/eUICC OS and remote provisioning services from an internal source, Synopsys partners or other third-party providers (Figure 3).

Figure 3: tRoot Fx HSM block diagram

  • tRoot V330 Hardware Secure Module for iSIM is a complete solution that includes hardware (RTL) and Global Platform-qualified eSIM/eUICC software. It offers as an option additional services like a pre-integrated bootstrap communication profile and the GSMA-certified Io3 platform provided by Synopsys’ partner Truphone for secure over-the-air provisioning and management of mobile operator profiles. The bootstrap profile provides out-of-the-box global connectivity that can be used for initial provisioning of devices with an operator subscription. The solution is not locked to Truphone and can be used with any mobile carrier. Device makers can choose to use the bootstrap profile only at power-on, or for the life of the device (Figure 4).

Figure 4: Complete Chip-to-Cloud solution provided by tRoot HSM for iSIM and Truphone Io3 managed services

DesignWare tRoot HSMs are Synopsys’ highly secure hardware secure modules with root of trust that are designed to easily integrate into SoCs. The HSMs provide a scalable platform to offer diverse security functions in a trusted execution environment as a companion to one or more host processors.

tRoot HSMs protect IoT devices using unique code protection mechanisms that provide run-time tamper detection and response as well as code privacy protection, without the added cost of more dedicated secure memory. This unique feature reduces system complexity and cost by allowing tRoot’s firmware to reside in any non-secure memory space. Commonly, tRoot programs reside in shared system (flash) memory. Due to the confidentiality and integrity provisions of its secure instruction controller, the memory is effectively private to tRoot and impervious to attempts to modify it originating in other subsystems in the chip or from the outside.

The eSIM/eUICC software of tRoot V330 HSM includes the JavaCard Virtual Machine and Global Platform runtime environment. It provides flexibility to add secure applets and to extend the secure functionality of the iSIM solution. In addition, it includes a software layer that implements the SIM authentication and remote provisioning protocols.

The capability of integrating with a remote SIM provisioning platform enables end-to-end control over the lifecycle of a device and its preferred connectivity. Remote SIM provisioning replaces the existing SIM fulfilment processes of device manufacturers and mobile operators to make connectivity activation simpler than connecting to a WiFi access point. Truphone’s Io3 SIM provisioning platform for mobile operators can generate, manage, host, and install eSIM profiles that can be securely installed onto devices, at any time, over-the-air.

Conclusion

IoT is an incredibly exciting advancement in the improvement of our everyday lives, but there are still hurdles to overcome to scale the current initial IoT deployments into billions of devices. Despite a unanimous chorus of shared fears around device misuse, data privacy and malicious attacks, the security aspect of IoT is still not yet being taken seriously enough. iSIM technology provides a simpler future for seamless secure connectivity and management of IoT devices, providing a step towards the broad proliferation of billions of devices.

Figure 5: iSIM implementations provide multiple benefits for consumers

Synopsys offers a broad range of hardware and software security for iSIM and other applications, including tRoot HSMs for iSIM. The HSMs integrate Truphone software to secure the mobile connectivity of cellular IoT devices. Synopsys’ tRoot HSM for iSIM, combined with Truphone’s Io3 Platform and worldwide cellular network communication, provide the necessary hardware, software, and services for mobile network operators and product manufacturers to securely connect and manage devices in worldwide cellular networks.

 

Web page: DesignWare tRoot Hardware Secure Modules for iSIM

Press release: Synopsys and Truphone Enable Secure Over-the-Air Provisioning with Integrated SIM IP and Managed Services Solution