SIMs have served the mobile industry well over the years, providing enhanced security and a personal identity seperate from the phone in use. However physical versions of SIMs are reaching an end to their lives in favour of embedded or downloadable SIMs. These are big changes for the industry.
The SIM was a major departure from the previous models of security in the phone. In the TACs system for instance in the UK (the first real cellular systems in the UK launched in the 1980s) there was no separate customer identity as such, there was a customer and phone identity embedded in the actual device. This was all very well but the whole system suffered from a variety of weaknesses, not least of which were the problems of cloning phones, and the complete lack of any form of encryption that allowed eavesdropping with very basic radio scanners (remember the Dianagate overhearing scandal).
In hindsight, the SIM has been something of a success story, when was there last a real scare about handset security in terms of cloning for instance. The scares are all around malicious apps that can rack up your bill, rather than an attack on the core identity provided by the SIM. The security the SIM has provided has largely been sufficient and not responsible for any major losses, with those limited failures often down to poor implementations, or the use of outdated or disabled security algorithms, not fundamental SIM issues as such.
The SIM explicitly separated the identity of the subscriber, from the terminal identity, and put a lot of emphasis on the protection of the subscription information used to secure the customer’s bill, and privacy. The SIM was also specified as being physically removable and the main reason for this was security:
- Authentication algorithms could be changed or updated (the 3GPP Standards allow for Operators to choose their own authentication algorithms), this is especially important with the IoT where the lifetime of a device may be 10 to 20 years,
- Lack of trust of the mobile equipment hardware by the mobile operators, so the sensitive elements could all be put in a secure module, and updated when security issues emerged albeit at a cost.
But, and there is always a but, there are some disadvantages to the SIM such as:
Inflexible (in terms of a SIM having its algorithms updated) – This is important because while the SIM can be removed and swapped for a new one if there is an issue, this is expensive, typically a pound per (basic) SIM, significantly more for the more exotic SIMs which may contain NFC for instance. By the time it has been ordered, personalised, and posted. In addition, for substantial parts of the pre-pay market the operators only have a sketchy idea where the customer resides and so a SIM swap invites high levels of churn.
Expensive – SIMs can be relatively expensive, manufacturers will provide low cost basic SIMs but by the time various optional features, and ISIM functionality is added they can be 2 pounds per customer even at significant volume.
Logistically complex in terms of fulfilment – The whole chain of matching the right SIM with the right terminal can be complex and fraught with process issues if they are delivered seperately. This is further complicated by the fact that there are several form factors for SIMs, this can be handled by a push out SIM allowing all 3 common form factors to be available in one time, but again this can add cost, and can be quite physically awkward for some customers.
Connectors – The SIM has changed physical form factor and become less of a physical overhead on the supporting terminals by becoming smaller over the last 20 years, although the actual connectors have remained the same size and configuration. Whilst the removable SIM has many advantages, there are some physical issues which come with making it removable, by definition it requires a connector:
- Reliability, connectors are always a reliability issue
- Connector mechanisms always take additional volume compared to an embedded piece of silicon in the terminal involved.
- Reliability of the SIM/connector contacts which may become scored or worn, or damaged/dirty.
Soft/embedded SIM and remote programming concepts
Looking to embedded and soft SIMs it is probably best to be clear about the Terminology:
- A soft SIM is SIM functionality that has been implemented in software as part of the main device, not as a recognisable hardware module (embedded/removable) as currently exists.
- Embedded means it is a recognisable hardware entity, normally meeting the agreed international standards, that is embedded in the terminal i.e. it is soldered in and cannot be removed by the user.
It sounds to have gone full circle then, with an embedded SIM now part of the terminal again just as it was in the pre-GSM days. However, with modern embedded SIMs there is one new feature which is critical to their success, standards and implementations have emerged that allow a SIM to be remotely, securely programmed or at least to have all subscription information remotely downloaded, such that there can be multiple subscriber profiles stored and selected at will by the user.
Implications of embedded SIMs – At first sight all seems good, the original problems of integrating customer identity into a lump of hardware in the terminal can be overcome by remote re-personalisation, and the issues associated with reliability of a SIM connector have been removed. Reliability is key when the M2M IoT is considered, some of these devices might be planned to be in situ for a decade or more, and the economics of them mean that maintenance visits are just not viable.
A second benefit, yet to be seen at any scale at the time of writing, is that the customer can in theory elect to change operators very quickly, potentially having more than one subscription available on the phone.
The removal of the connector not only improves reliability but also reduces costs of the terminal, and the SIMs themselves are cheaper, not requiring the high-quality connector or plastic shielding.
Another interesting potential development in the market is the possibility of non-exclusive arrangements between MVNOs and their host networks. Currently these contracts (between MVNOs and their host MNOs) are re-negotiated yearly, and moving between MNO hosts is quite unusual. In the future, we believe that a spot market will emerge with MVNOs having the ability to shift traffic between MNOs on a daily or more frequent basis. The exact technology optimal for this is unclear but dynamic subscriptions in embedded SIMs is a candidate option.
Security and the SIM card – Having looked at some of the benefits of the embedded SIM it must be emphasized that downloadable embedded technology is inherently risky and must be very carefully engineered and maintained. Imagine if an entire operator’s phones were hacked and disabled, a SIM swap is one issue, the concept of having to swap terminals on mass is massively expensive.
SIMs do have a cost as does the effective management of them. In many IoT applications people may take a view that this layer of security is unnecessary. The issue with this is that if mass IoT devices are turned into botnets, then the harm is not to the device owner, it is to the DDOS attack victim that these millions of botnet IoT devices are used against. For that reason, a SIM level of security may be a reasonable approach for IoT devices, we have already seen poorly secured CCTV devices being harnesses for DOS attacks. Imagine the situation when botnets are measured in billions rather than millions of devices.
Consequently, manufacturers and operators must embed sufficiently secure algorithms into the SIM to ensure they will last the lifetime (such as two different possibilities). Deep analysis must be done of the hardware security (to avoid such attacks as voltage sensitive clocking of keys, electromagnetic radiation of sensitive parameters etc.). In addition, the protocols for changing keys, algorithm selection and changing sensitive parameters must be secure (to prevent replay and insertion/ deletion attacks).
To some degree it is a war of attrition, the embedded SIM vendors must design the technology sufficiently well to last 20 years, the hackers only have to find one weakness exploitable at scale during that time to seriously compromise the entire eco-system.
If you would like advice on Embedded SIMs please contact us.