This document discusses the role of eSIM in new IoT security services. It begins by providing background on eSIM and SIM technology. It then outlines several ways eSIM can enhance IoT security, including:
1) Enabling zero-touch authentication of IoT devices in third-party services by leveraging the proven authentication of SIMs in cellular networks.
2) Hardening data encryption using the eSIM as a root of trust by generating encryption keys within the secure element of the eSIM.
3) Potential future roles like integrating the eSIM with threat detection to trigger authorization actions, and increasing the robustness of remote attestation through eSIM cryptographic abilities.
The document argues
3. +25000000
… eSIM profiles generated and
provisioned (to IoT and consumer devices).
A global connectivity provider with…
4. 10/11/2022 4
European Commission, Shaping Europe’s digital future
Internet of Things (IoT) devices play a key role in ensuring
the resilience of networks and keeping data private and
secure.
But, the increasing trend in the complexity of
cybersecurity threats brings a need for more robust
security frameworks for IoT devices and networks.
“ ”
What’s next for unleashing
the IoT potential(and the related businesses)?
5. 10/11/2022 5
• Autonomous Trust, Security and Privacy
Management for IoT
• 12 partners experts in cybersecurity and
IoT
• So… what’s the role of eSIM
here? Isn’t it just for
connectivity?
• … also… what’s is Truphone role in Authentication?
Isn’t Truphone a cellular connectivity provider?
Funded by the EU's Horizon2020 programme under agreement n° 101020259
7. 10/11/2022 7
SIM
securing subscribers identity and
authentication in cellular networks
SINCE1991
Truphone was founded in 2001…
… 962 million SIMs where already securing
subscribers identity and authentication in
cellular networks by then
In 2021…
… there were +8.7 billion SIMssecuring subscribers
identity and authentication across 2G, 3G, 4G, 5G, Nb-IoT, LTE-M (…)
When the world population was of 7.84 billion
Number of SIMs per year and world population by Statista
8. 10/11/2022 8
SIM
In any of its forms (SIM, eSIM, iSIM, …)…
… the SIM is always a dedicated hardware (UICC) with
sensitive information stored and security functions being
executed (data and software).
Nano SIM vs eSIM
11. 10/11/2022 11
AUTHENTICATIONOFIoTDEVICESIN
THIRDPARTYSERVICES
Context Main requirement Specific
requirement
Old (non-
adequate)
solutions
New solutions Trade-offs of the
new solutions
• IoT growth and
application span
(w/ medical,
homes, smart
grids, …, data)
leads to new
security and
privacy
challenges
• Secure device
authentication and
authorization
assumes a critical
role
• Many IoT devices
are resource-
constrained, which
calls for a
lightweight (but
secure) solutions
• Static hardcoded
passwords lead to
weak
authentication
security
• Public key
infrastructures
(PKI) and
certificates (e.g.
X.509) jointly with
Hardware Security
Modules (HSMs)
and Trusted
Platform Modules
(TPMs) are well-
accepted for
authentication
• Secret
provisioning in the
manufacturing time
• One more piece of
hardware in IoT
devices
• Processing and
storage
12. 10/11/2022 12
ZERO-TOUCH,NETWORK-BASED
AUTHENTICATIONOFIoTDEVICESINTHIRDPARTYSERVICES
Remember the proven
secure element for
authentication of
subscribers in cellular
networks, well-accepted for
more than 30 years?
Truphone leverages* the SIM
authentication for IoT authentication in
services like AWS, Azure, or in private
clouds
* patented technology
ü Lightweight:
ü no new cryptographic material – just the
SIM secrets and processes)
ü no added hardware (just the SIM, eSIM, iSIM…
already needed for connectivity)
ü Secure:
ü Leverages proven security standards
ü Scalable
ü No added provisioning effort on IoT device
manufacture time (other than the SIM)
Data + Destination +
Authentication token
request with its cellular
network IDs
Data +
Destination +
Signed
Authentication
Token
(protected)
Cellular network
authentication
according to the
standards
13. 10/11/2022 13
DATAENCRYPTION
HARDENEDWITHeSIMASROOTOFTRUST
Impenetrable security joining state of the art
encryption with unique material from the hardware
secure element (eSIM)
IoT Device Hardened Encryption
(according to GSMA IoT
SAFE)
SIM IoT
security
Applet
IoT Device
Middleware
Encryption
application
Device
Application
Sensor A
Sensor B
Sensor C
Sensor
data
Payload
Encrypted payload
hash signing
Payload +
Signed hash
• Medical IoT (patient data)
• Smart Grid Monitoring (grid
operational data)
• Drone-based Surveillance
(persons data and operational data)
• Key pair (private and public) is generated in the eSIM (unique material)
• Private key is stored in the secure element and never leaves it
• Public key is sent to the key management system for signature validation
14. 10/11/2022 14
OTHERROLESOFeSIMINTHEFUTUREOFIoTSECURITY
Integrated threat / risk response:
1. Integrate eSIM with threat detection tools (e.g. cloud based), informing the secure
element of devices trustworthiness
2. Leverage the independence of eSIM in IoT devices to trigger authorization actions
from the secure element
Remote Attestation:
1. Use eSIM cryptographic abilities to increase the robustness of
attestation evidences