Jun 5, 2008 - candidate security solutions and signalling procedures for provisioning ... USIM of intended new home oper
3GPP SA3 FEASIBILITY STUDY ON REMOTE MANAGEMENT OF USIM APPLICATION ON M2M EQUIPMENT Vesa Lehtovirta, SA3 study item rapporteur Ericsson Research NomadicLab [
[email protected]] Luis Barriga Ericsson Research Communications Security Lab [
[email protected]] ETSI Workshop on Machine to Machine Standardization 4 - 5 June 2008 - ETSI, Sophia Antipolis, France
Outline Introduction Use cases Scope of the study Identified issues M2M equipment architecture alternatives Network architecture alternatives More detailed issues Example of provisioning Timeline of the study
2
Introduction The diversity of possible application areas for M2M communication is enormous Big potential for new subcriptions / traffic in 3GPP networks and therefore new revenue possibility for mobile operators SA1 has studied the general aspects of M2M communications in TR 22.868 –
Some perceived obstacles for M2M business in current 3GPP model are mentioned in the TR
A possible obstacle for M2M business in mobile networks is subscription handling –
–
Change of subscription /operator can be costly or non-trivial Changing UICC (subscription) would involve costly physical maintenance work on all machines in the field, especially for large numbers of terminals Changing UICC (subscription) may be non-trivial physically as the UICC needs to be carefully protected against tampering or stealing since a M2M terminal is usually unattended. The operator needs to be chosen before the M2M terminals are deployed in the field 3
Introduction The SA3 study (TR 33.812) is inspired by 3GPP SA1 study (TR 22.868) but also use cases outside of SA1 study are considered The SA3 study studies how to make it possible – – –
for the network to provision remote management (e.g. download) of USIM and ISIM application in an M2M equipment in a secure way in a 3GPP system
4
Use cases SA1 TR 22.868 has identified a multitude of application areas for M2M communication –
e.g. Security, Tracking and Tracing, Payment, Health, Remote Maintenance & Control, Metering
Example: Tracking a fleet of delivery vehicles
5
Scope of the study Study the feasibility of remote management of USIM/ISIM application when the USIM/ISIM application resides – –
in the UICC within the M2M equipment and in M2M equipment without UICC
The scope includes – –
definition of a trust model for remote management of USIM/ISIM application and identification of security threats and security requirements
6
Scope of the study The study will also investigate –
–
candidate security solutions and signalling procedures for provisioning and remote management of USIM/ISIM application in a M2M equipment in a secure manner what existing and new functionality of the current USIM/ISIM application has to be covered by remote management of the USIM/ISIM application
The study may identify principle requirements for protected storage and the execution environment –
e.g. by collaborating with relevant working groups (such as the OMTP Hardware group)
7
Identified issues TR 33.812 has identified three main issues to be studied so far: 1. How to initially provision (download) a M2M equipment with a new USIM/ISIM application from an operator of customer’s choice? – This issue is currently studied most in the TR 2. How to change subscription to a different operator? – Preliminary analysis exists on this issue in the TR 3. How to prevent theft of and tampering with subscription credentials? – Preliminary analysis exists on this issue in the TR – The study may identify principle requirements for protected storage and the execution environment
8
M2M equipment architecture alternatives Three M2M equipment architecture alternatives have been proposed
M2M equipment USIM/ISIM
1. the UICC is physically integrated into the M2M equipment 2. the USIM/ISIM application is integrated and embedded within the M2M equipment in a protected module (without a physical UICC) 3. the USIM/ISIM application is implemented on a removable UICC (i.e. if needed, the UICC is physically replaced in the M2M equipment, without remote downloading of a new USIM/ISIM application)
9
M2M equipment USIM/ISIM
M2M equipment USIM/ISIM
Network architecture alternatives Alt 1
Five network architecture alternatives have been proposed – – –
– –
Alternative 1 Alternative 2: Open Architecture Alternative 3: Architecture with separated connectivity and remote application management services Alternative 4: Unified Network Architecture Alternative 5: Architecture with removable-UICC
10
Alt 2
Alt 3
Network architecture alternatives Alt 2
Network architecture alternatives 1, 2 and 3 were seen to address similar issues and propose similar concepts Alternative 4 is an effort to combine alternatives 1, 2 and 3 into a unified architecture alternative
Alt 3 Alt 1
Alt 4: Unified architecture
11
Further issues of USIM/ISIM provisioning When solving the issue: How to initially provision (download) a M2M equipment with a new USIM/ISIM application from an operator of customer choice? alternatives 1- 4 in the current SA3 study address, albeit with differences, the following three further issues: –
Initial connectivity
–
Discovery and Registration of the operator
–
Provisioning of credentials
How to get initial network connectivity and IP connectivity when USIM of intended new home operator is not yet provisioned to the M2M equipment? How to find the intended new home operator? How to do the provisioning of USIM/ISIM credentials in a secure way?
12
Simplified example of possible USIM provisioning scenario 0. Pre-phase before M2ME is powered on
Initial Connectivity Operator (ICO)
Selected Home Operator (SHO)
0 Initial credentials of Initial Connectivity Operator (ICO) are provided to the M2ME at manufacturing.
DR
User selects the home operator. Reference to Selected Home Operator (SHO) is registered at Discovery and Registration service (DR).
Visited Operator
M2ME
13
Simplified example of possible USIM provisioning scenario 1. Initial connectivity with bulk provisioned/produced devices 2. Discovery and Registration service 3. Download and Provisioning of USIM application credentials
Initial Connectivity Operator (ICO)
Selected Home Operator (SHO)
1 M2ME uses initial credential of Initial Connectivity Operator (ICO) to do a standard 3G AKA authentication via Visited Operator network and get IP connectivity.
DR DP
1 2
3b
2 M2ME
3a
Visited Operator
M2ME contacts Discovery and Registration service (DR) which redirects the M2ME to the correct Download and Provisioning service (DP), probably hosted by the Selected Home Operator (SHO). 14
3a Download and Provisioning (DP) service checks the trustworthiness of M2ME.
3b USIM application with related credentials is downloaded to the M2ME over secured connection.
Timeline of the study Study TR 33.812 is expected to be finalised in Release 8 timeframe – Approximately meaning year 2008
Possible Work Item targeting for specification work would be for Release 9 – The development of concrete service requirements has not yet started and it is subjected to the agreement of new Work Item on the issue in 3GPP SA1
15
Thank you Questions?
16
