Embedded SIMs and M2M Communications - ETSI docbox

Embedded SIMs and M2M Communications Michael Walker Vodafone Fellow and Executive Technical Advisor Professor of Telecommunications, Royal Holloway University of London ETSI Security Workshop, 20th January 2011

1

Embedded SIMs & M2M Communications

20th January 2011

New Opportunities for Mobile Communications • Mobile networks are starting to be used to connect all sorts of devices –wireless for mobility, ease of connection and remote management

•The traditional removable SIM may not be appropriate for certain applications •SIMs may be embedded in devices at manufacture –this may even be in advance of choice of country of use and network operator –network operator may be changed during life time of the device

•Deutsche Telekom, Telefónica O2 UK, Vodafone and Giesecke & Devrient (G&D) have worked together to prepare for the standardization of a trusted and flexible solution for the remote management of embedded SIMs Our work will contribute to the GSMA Task Force on the subject 2


20 January 2011

Example Use-cases for the Embedded SIM • Set-up subscriptions for a number of connected M2M devices to start telecommunication services, and if later needed, change MNO: – automated reading of utility meters – provided by the utility company

– household security camera – a consumer purchased service – automotive – provided by vehicle manufacturer

• Set-up a subscription for a consumer electronics devices to start telecommunication services, and if later needed, change MNO: – tablet PC – with or without wireless service included – personal navigation device – with wireless service included

3


20 January 2011

Remote Management of the Embedded SIM • Main security challenge is to securely provision the MNO unique key and authentication algorithm needed for chargeable telecommunication services – download of key in encrypted form, or secure means to derive key – download of an MNO authentication algorithm is an unacceptable security risk, so standard algorithms must be used

• SIM card is the MNO network presence in the device, and this function should be preserved • End user must be provided with use of communications services without limitation in choice and without additional effort • Solution proposed makes use of a Subscription Manager – trusted by M2M service providers and MNOs – securely provisions, changes and deletes MNO subscriptions – may use a provisioning subscription and OTA access to embedded SIMs

4


20 January 2011

High Level Architecture eSIM Supplier

Device Vendor

M2M Service Provider

eSIM

M2M Device Subscription Credentials

eSIM ID and Key Data

Provisioning Network

Subscription Manager Subscription Credentials

MNO 1

MNO 1

Provisioned Telecom Services

MNO 2 MNO 2 MNO 2

MNO 2 eSIM / device provisioning data

5


20 January 2011

telecom services

Options to Provision the Authentication Key

• The overall security shall be at least equivalent to that achieved with current removable SIM card, processes and OTA management • A number of symmetric key solutions considered for provisioning of the secret key (as well as asymmetric solutions) but not developed further: – pre-provision of multiple keys as used for vehicle tracking in Brazil – derive keys from a root key and MCC/MNC data – sequence of keys generated by a deterministic random bit generator from a secret seed in embedded SIM and the Subscription Manager

• Preferred method is to encrypt the subscription key under a root key shared by the SM and the embedded SIM –allows MNO to choose subscription key –may be installed using OTA if provisioning subscription is enabled, or over Internet connection –will include integrity checking 6


20 January 2011

Architecture for Provisioning Use secure packets in the proven OTA mechanism [TS 102 225]; run over other forms of connectivity:

Device wired network device Internet, private network

1a

eUICC 3

1b 2

mobile network via provisioning subscr.

mobile network via MNO2 subscr.

mobile network via MNO1 subscr.

Internet (fixed or wireless) local connectivity (eg Bluetooth or NFC)

SM1

• Provision first MNO key + IMSI:

1a 1b

MNO1

2

– Over the wire (1a) MNO2

– Over the air (1b)

• Change key + IMSI to second MNO (2)

7


20 January 2011

Working for an Industry Solution • Leverage the proven strengths of the SIM card and provide a new capability for secure remote management of an embedded version – a separate hardware integrated circuit soldered into the device using the recently standardised ETSI SCP MFF2 package – the embedded SIM and its manufacture will be accredited to industry standards so that only certified embedded SIMs will be supplied to device vendors

• Once provisioned, the embedded SIM will hold the active key and IMSI authorising the device for telecommunication services, possibly together with dormant subscriptions

8


20 January 2011

In Summary • Traditional SIM needs to be re-considered in the context of new mobile communication opportunities, in particular machine to machine communications • Deutsche Telekom, Telefónica O2 UK, Vodafone and Giesecke & Devrient are preparing for the development of an open and standardized solution in 2011 – SIMEG 2010 • We can re-use and profile existing international standards and minimise changes to existing SIM processes

Extend the proven secure hardware identity module and secure OTA mechanisms that have made the SIM the bedrock for secure mobile communications world wide and contribute to the GSMA Task Force 9


20 January 2011