Securing Cellular Connectivity for IoT with SIM technology

Securing cellular connectivity in Internet of Things (IoT) applications is seeing a peak in market interest, with a number of new announcements in the field this month:

• The Kudelski Group partnered with Sequans Communications to create a secure connectivity solution for LTE-M and Narrowband IoT (NB-IoT) devices.
• Cubic Telecom showcased a secure solution for LTE and 5G-ready IoT devices to communicate with the cloud.
• Tata Communications and Thales are developing a secure global IoT connectivity solution, targeting the automotive sector initially, specifically Vehicle-to-Vehicle (V2V) and Vehicle-to-Everything (V2X).

All three services focus on leveraging the security features of SIM technology. Kudelski will combine a personalized SIM/eSIM with the Kudleski root of trust for use on Sequan’s LTE-M/NB-IoT chips to securely connect industrial, medical, consumer, and automotive devices to any cloud platform. Cubic is focusing on the onboarding angle, and automating what has been to date a rather manual process with a zero-touch SIM provisioning solution to connect the device seamlessly to a network and cloud using X.509 certificates. Tata and Thales are using a digital identity solution (Thales T-Sure) with the MOVE SIM cards from Tata (which are themselves based on technology by Germalto, a company that was recently acquired by Thales) to protect both data at rest (in the card) and in motion (over systems and networks). The trend for secure IoT connectivity is one that is currently looking to the SIM to provide a hardware security anchor to protect data as it travels to the cloud. 

These firms are not the only ones looking to push their secure connectivity solutions. A number of Mobile Network Operators (MNOs) and telcos have been striving to showcase their SIM platforms as secure solutions for IoT connectivity. Telefonica and Schindler, for example, are providing secure IoT connectivity for elevators and escalators through Telefonica’s IoT Kite Platform (cellular, LPWA, and Sigfox), and Telstra and Ericsson are trialing IoT on Cat-M1 for smart agriculture in Australia.

Clearly, secure IoT connectivity is finally coming of age. The announcements come off the back of a set of recent GSMA documents published in June this year providing IoT security guidelines for network operators, services and endpoint ecosystems. Specifically, the guidelines offer detailed recommendations on the secure design, development and deployment of IoT services. The accompanying GSMA IoT Security Assessment can be used to ensure the guidelines have been implemented accordingly. The GSMA recommends MNOs and Services Providers to read the ‘IoT Security Guidelines for Network Operators’ which provides top-level security guidelines to ensure system security and data privacy on the connectivity front.

Further, the Cellular Telecommunications Industry Association (CTIA) announced the certification of its first device under its IoT Cybersecurity Certification Program, which establishes an industry baseline for device security on wireless networks. The device is the Harman Spark, offered by AT&T, which provides aftermarket telematics for connected cars. Certification means the device passes the requirements not just for secure hardware, but also for secure connectivity features.

The support of trade bodies in the advancement of securing connectivity is important, even if the implementation of guidelines or certification takes time. The announcements of various commercial offerings demonstrate that the market is finally maturing and stakeholders are willing to start taking security seriously. SIM and eSIM technology is the ideal starting point and offers a straightforward, tried and tested mechanism for a secure connection that can provide identity and authentication in the IoT ecosystem.