Since the beginning of mobile telephony, most cellular-connected devices use a built-in number or a subscriber identity module (SIM) card for security and authentication to the cellular networks. Most current cellular phones and cellular-connected computers use a SIM module as a secure element.
One of the key features of SIM cards is enhanced security. The individual subscriber authentication key, burned in the SIM module, is never transmitted over the radio channel.
The handshake with the radio station and calculation of the signed response is processed within the SIM. Confidential subscriber information such as the international mobile subscriber identity or the individual key is never released from the SIM.
To guarantee the security and privacy of communications, SIM manufacturers need to have their facilities certified with maximum security clearances and processes. As part of the process, the SIM manufacturer sends the cards to the operator and separately sends the encryption keys for authentication.
Sometimes, this procedure is not enough. A few years ago, it was discovered that Gemalto, the biggest manufacturer of SIM modules worldwide, was hacked by American and British agencies, stealing hundreds of thousands, if not millions, of SIM card encryption keys1. The access to those keys made it possible, with the right tools, to eavesdrop on GSM communications. Several government agencies were found using the keys for several years.
The birth of the embedded SIM
In 2016, during the Mobile World Congress, the GSMA presented the final release of its Embedded SIM Specification2 (also called eSIM or eUICC), enabling operators and manufacturers to start using the spec to provision credentials for the growing number of connected devices worldwide.
Picture courtesy of Infineon Technologies
Today, the biggest challenge for device manufacturers, operators, and enterprises alike is to provide credentials for the billions of deployed devices every year worldwide. Here is where the embedded SIM (eSIM) and its integrated version (iSIM) come in.
Both solutions have significant advantages over SIM cards. While the format of the traditional cards has shrunk in size over the years, up until the current nano-SIM used in today’s devices, it still requires physical delivery, a hole in the device, and significant space on the device board.
Additionally, with traditional SIM cards, to change operator profiles or on-board multiple devices, it is necessary to physically access each device and replace the module.
While this is still not critical for smartphones, as those are devices with service subscriptions, it poses a significant problem for massive IoT deployment of small, inexpensive units such as sensors and edge computing devices.
Smartwatches, tablets, e-readers, and other small, cellular-connected consumer devices have been using eSIMs for years. Both Apple (for iPads) and Amazon (for Kindles) started using their own versions of embedded SIMs before the GSMA specifications became a reality.
Today, Apple manufactures all their smartphones (since the 2018 iPhone XS) with an embedded SIM inside, and most Android manufacturers incorporate eSIMs into their high-end models. Over 200 mobile carriers in more than 80 countries offer eSIM consumer services, and by 2024, it is expected that the embedded UICC will reach over 875 million shipments for both consumer and IoT markets.
Most consumers are still not familiar with the existence of eSIMs. “The fact that 80% of consumers are still unaware of eSIM technology poses real risks to wide-scale adoption,” said Søren Haubold, strategic marketing manager for mobile security at G+D.
eSIMs are the present and future of cellular-connected IoT
Initially adopted for connected cars and wearables, eSIMs are now in the industrial space, especially for massive IoT deployments. The ability to deploy thousands of IoT devices, perform secure onboarding, and provision cellular credentials over the air makes eSIMs a key technology for adoption in several industries.
A recent report from Juniper Research3 estimates that by 2025, there will be 3.4 billion connected devices using eSIMs and iSIMs.
The iSIM advantage
While a separate embedded SIM provides advantages such as smaller size, OTA onboarding and updates, and lower power consumption, integrating the SIM module into a larger SoC further benefits OEMs that want a smaller, cheaper solution for their modules.
For inexpensive devices that require only basic connectivity, an eSIM is a good solution. An integrated SIM can offer significant advantages over more sophisticated units using different radios and requiring some on-board processing.
Companies such as SONY Semiconductors (formerly Altair Semiconductor) offer integrated IoT modules such as the ALT12504 and ALT1255. Both modules integrate NB-IoT and LTE-CatM (1250 only) cellular connectivity, including 2G fallback, an ARM Cortex M4 MCU for application execution, and an iSIM.
NXP offers the SN100U5 single-die chipset featuring an embedded secure element, near-field communications, and eSIM. The company also sells the SU070 standalone eSIM solution.
The iSIM further reduces the real-estate requirements on the device board, lowers the power consumption of the SIM, and offers faster performance, as it sits on the local bus of the SoC, communicating with the other components such as the radio modem, memory, and processor.
Integration of iSIM solutions also lowers the BOM of the device and reduces maintenance costs.
Security is paramount for massive eSIM adoption
Because eSIMs are integrated into the wireless device, it is impossible to remove or exchange them. Therefore, the main challenge of using embedded SIMs is to provide the carrier credentials and software updates securely. The GSMA IoT SAFE6 framework and eSIM specification provide for the secure OTA delivery of new operator profiles and security upgrades.
Here is where a secure manufacturing facility comes into play. Because the root keys need to be locked into the modules and those keys will be the basis for trust, a safe, certified manufacturing facility is necessary. That’s why companies such as Infineon, one of the major manufacturers of eSIMs, have state-of-the-art secure facilities with GSMA certification.
Additionally, Kigen, an ARM company, provides secure OTA delivery of new credentials. According to Kigen’s CEO, Vincent Korstanje 7, “We have a remote SIM provisioning server, which allows you to switch the credentials on the eSIM. If you want to do a security update, it will also allow you to change operators.”
Picture courtesy of Kigen, an ARM company
According to GSMA Intelligence 8, “eSIM adoption in the IoT market is still low relative to its long-term potential. Automotive is an exception and a benchmark for other verticals. Connected cars account for a significant share of eSIM connections today. [...] Beyond connected vehicles and wearables, eSIM could become the primary means of cellular network authentication in other use cases such as consumer electronics, utilities, and smart manufacturing, especially if 5G adoption reaches scale in the enterprise market.”
[1] https://www.theregister.com/2015/02/25/gemalto_everythings_fine_security_industry_hang_on_a_minute/
[2] https://www.gi-de.com/en/spotlight/connectivity/connect-iot-devices
[3] https://www.juniperresearch.com/researchstore/devices-technology/esims-research-report
[4] https://www.altair-semi.com/products/alt1250/
[5] https://www.nxp.com/company/blog/connect-with-confidence-gsma-membership-solidifies-nxps-position-in-the-esim-market:BL-GSMA-MEMBERSHIP-ESIM-MARKET
[6] https://www.gsma.com/membership/resources/how-esim-helps-to-keep-the-iot-safe/
[7] https://iot.eetimes.com/arms-kigen-provides-the-services-for-esims-and-isims-used-on-iot-devices/
[8] https://data.gsmaintelligence.com/research/research/research-2020/esim-moving-up-the-agenda-from-industry-work-to-customer-adoption