Silicon chip
2 minutes

iSIM and IoT SAFE: Why they’re perfect partners for IoT security

Here Paul Bradley introduces why inherent trust in IoT devices is imperative, explains the importance of the new IoT SAFE standard in IoT security, and why iSIM is the form factor to get it there.

If we’re going to succeed in enabling true Internet of things (IoT) security, we all need to agree on a few things. Things like IoT SAFE (IoT SIM Applet For Secure End-2-End Communication), a new standard from the GSMA that declares the SIM (Subscriber Identity Module) to be the most secure location within a device from which to process and secure the data exchange from chip to cloud.

Before I explain why IoT SAFE makes so much sense for IoT security, let’s look at what ‘secure location’ means within this context. Today’s IoT devices typically employ any number of isolated and trusted components we call Root (or Roots) of Trust (RoT). Often proprietary, they’re spread across hardware, firmware and software elements, performing specific critical functions.

Standardizing the IoT’s Root of Trust

For manufacturers, establishing these roots of trust will be the first step in ensuring a new device is built to include trustable security. But while each component may be trustworthy in itself, the lack of standardization has resulted in inconsistent methods of provisioning, reduced interoperability across vendors not to mention uncertainty, from those eager to build IoT devices, over whether proprietary security methods are truly secure.

No wonder a recent Arm survey, compiled in conjunction with the Economist Business Unit, found that – among other things – security concerns still constrained respondents’ IoT ambitions.

Standardizing the RoT, within a device’s SIM, ensures a common mechanism for secure data communications using a highly trusted and time-tested module. It offers a cost-effective mechanism for cloud authentication and end-to-end security, since SIMs are already used for authentication on mobile networks. That makes IoT SAFE a key step towards uniting the industry in realizing the vision of a truly secure IoT, from chip to cloud.

Kigen focuses on eSIM and iSIM solutions with a commitment to IoT security that goes back 15 years, long before we called that global network of diverse devices the ‘Internet of Things’. It’s why we’ve seen the important in adopting IoT security best practices such as PSA Certified, which offers a security framework and independent assessment program to enable IoT developers to build devices that IoT solution deployers trust to readily secure their data channels from chip to cloud.

iSIM takes IoT SAFE further than any other form factor

Kigen sees the value in investing, utilising and advancing IoT security and technologies. iSIM, which embeds the SIM within a trusted, tamper-resistant enclave at the heart of the device’s System on Chip (SoC), is the ultimate foundation for a secure IoT SAFE device.

IoT SAFE meets the needs of IoT security for all SIM form factors: SIM, eSIM and iSIM. But if we’re looking to maximize IoT security, it makes most sense to bake that RoT directly into the SoC, where it’s integrated into the heart of a device’s capabilities from the off. iSIM takes IoT SAFE further than any other SIM form factor as its existence in a device can be relied upon. An iSIM’s security already offers industry-recognized levels of protection of network and subscriber credentials that are built-in from point of manufacture.

Read More: SIM, eSIM, iSIM: What’s the difference?

And if we need to update that security in future (a somewhat cumbersome and proprietary task until now), IoT SAFE standardizes the delivery and provisioning of over-the-air (OTA) security certificates directly to the most secure place in a device, ensuring that the transfer of information from iSIM chip to cloud can’t be intercepted and modified.

It gives device manufacturers the best chance to mitigate potential attacks, and by using a secure, tamper-resistant hardware element to protect credentials, it reduces the risks associated with spoofing or man-in-the-middle attacks when exchanging sensitive data with the IoT service provider’s cloud.

Secure IoT device provisioning and management with iSIM and IoT SAFE

iSIM also takes the concept of simplifying the SIM SKU count further than other form factors. The SIM or eSIM is until now built on a discrete secure microcontroller (MCU), so it makes perfect sense to add these SIM capabilities into the device’s main SoC, reducing the bill of materials (BOM), optimizing the supply chain and shrinking the physical size of the SoC’s die. That size reduction will be particularly important to IoT SAFE devices that are physically too small (or too well sealed, for example in high-moisture applications) to accommodate SIM or eSIM chips.

And of course, iSIM makes the secure, zero-touch provisioning and ongoing management of these devices, their authentication credentials and connectivity, using remote orchestration platforms, much more seamless and inherently more scalable.

We’ve always believed innovators should be able to choose any device, any data source, any network and any cloud to tailor their solutions. In keeping with this philosophy, the combination of IoT SAFE running on an iSIM allows for self-contained processing and encryption elements to manage security-related workloads for network and cloud authentication in a more integrated yet tamper-resistant way. It enables a vast new range of secure use cases covering a combination of smaller device sizes, ‘baked in’ connectivity and seamless provisioning and lifecycle management.

Learn how Kigen SIM solutions unlock the potential of IoT security and enable new growth in your business.