The IoT landscape is notoriously under-secured. In the rush to meet demand for online products, services and infrastructure, many manufacturers have adopted a ‘connect first, think later’ strategy where security has been an afterthought. This has resulted in years of serious security and privacy breaches, ranging from hacked baby monitors to the disablement of a Ukrainian powerplant.
Today, nearly everything can be brought online. Yet potential brings challenges. Connecting IoT devices on this scale is exposing more homes, hospitals, power plants and other critical infrastructure to cyberattacks.
Now, regulators and authorities across the world are stepping in and finally getting serious about securing the IoT.
Although a common global standard for IoT security has not yet been realised, strong progress is being made. Similar principles and best practices are being emphasised, such as the importance of secure storage and communication of credentials, the protection of personal data, software and firmware integrity, in addition to ensuring secure and reliable connectivity both between devices and from devices to the cloud.
It is also becoming increasingly apparent that hardware technology offers the highest levels of protection needed for such robust security requirements. Tamper Resistant Elements (TREs), for example, are already deployed as SIMs and eSIMs in billions of devices globally to deliver trusted connectivity to cellular networks.
A TRE is a standalone secure element or a secure enclave, consisting of hardware and low-level software, providing resistance against logical and physical attacks, capable of hosting secure applications and their confidential and cryptographic data. These features combine to give TREs a unique ability to offer the most stringent secure end-to-end connectivity solutions.
Importantly, there are significant advantages to leveraging these TRE-based SIM products to protect all types of devices across the entire IoT ecosystem. What is not widely recognised is that TREs are available in removeable, embedded and more recently, integrated form factors – more commonly known as the removable SIM, eSIM and Integrated SIM.
Firstly, the tens of billions of devices (and growing) that use cellular connectivity worldwide already contain TRE-based SIM products. The SIM application is required to authenticate a device’s access to cellular networks and the SIM is the most widely distributed, secure application delivery platform in the world.
By leveraging the advanced capabilities of TREs already contained within their product, device manufacturers can quickly address security pain points with minimal investment and without having to reinvent the wheel. This leaves more time and resource to focus on their core business.
Importantly, TREs can also be easily leveraged to secure connectivity to a range of non-cellular networks. This means IoT devices which do not use cellular networks also stand to benefit from TRE technology.
TRE-based SIM products support advanced functionality which enables the highest level of security when storing credentials on the SIM and personal data on the device. But the security benefits go beyond the device.
By using the untapped potential of the SIM as a secure hardware Root of Trust (RoT), devices can securely connect or authenticate themselves to IoT cloud platforms and services and establish a secure communication channel for the safe transportation of data.
This capability is supported by industry initiatives such as IoT SAFE – a partnership between GSMA and TCA – which defines a standardised way to leverage the SIM and eSIM to securely perform mutual authentication between the IoT device applications and the IoT service within the cloud.
Finally, the sheer scale of the IoT is making remote management capabilities critical. TRE-basedSIM technology is supported by an established, certified infrastructure which enables secure in-factory and in-field provisioning and personalisation, remote lifecycle management and security services.
This allows security to be enhanced and updated throughout a device’s lifetime. For example, secure credentials can be provisioned remotely to a device or on the factory production line to support a secure-by-design approach, without impacting manufacturing processes.
And since IoT security is not static and threats evolve over time, SIM remote management technology enables these credentials and security parameters to be updated, enhanced or revoked to address new and emerging threats. Striking this balance between robust security and simplicity is particularly important where devices have long lifespans and potentially multiple owners, such as vehicles.
It is clear that addressing security and privacy vulnerabilities across the IoT landscape is an urgent priority, but also poses significant challenges.
While the ability of the SIM application on the TRE to provide trusted connectivity between the device and cellular network is well-known, there is vast and untapped potential for the TRE to be used far more widely in connected devices for unsurpassed security features and services.
This will help promote the sustained growth of a connected society through trusted connectivity which protects assets, end-user privacy and networks.
Tanaya is a Senior Content Developer at IoT Avenue who helped to build the content of the site along with several other sites with her compassionate SEO driven content. She is also a HubSpot, certified Content Marketer. She brings her five years of experience to her current role, where she is dedicated to developing the content of different websites.
Nov 21, 2019 | Press Releases
Dec 05, 2019 | IoT Applications & Examples
Dec 17, 2019 | IoT Applications & Examples
Dec 23, 2019 | IoT Technology News
Jan 02, 2020 | IoT Devices & Sensors, IoT Applications & Examples