Is the GSMA’s IoT SAFE a Cure for Device Security Vulnerabilities, High Deployment Costs, and Complex Device Provisioning?

Subscribe To Download This Insight

By Abdullah Haider | 3Q 2022 | IN-6653

This ABI Insight provides an overview of the GSMA’s IoT SAFE technology and its implications for SIM provisioning. It also explains what the hurdles to implementation are, and how they can be overcome.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.


IoT SAFE Is Gaining Traction among Connectivity Players


At its core, IoT SAFE is an applet that resides inside the Subscriber Identity Module (SIM) of a mobile connected device. Orange, one of Europe’s largest carriers, collaborated with Thales to introduce IoT SAFE. Subsequently, the initiative has been standardized by the GSMA. This standardization is significant if IoT SAFE is to become a success. IoT SAFE’s first open-source implementation was released in October 2020 with the intent to secure Internet of Things (IoT) deployments. Making the solution an open standard is a turning point compared to other security solutions, which are proprietary and center around a physical root of trust, based on a hardware secure element like Trusted Platform Modules (TPMs). Thus, IoT SAFE is gaining adoption as it overcomes the market fragmentation that was driven by proprietary solutions.

IoT SAFE Is Critical to Enable a Simpler and More Cost-Effective Device Security Solution


IoT SAFE’s impact on IoT security is expected to be large and deep, as it overcomes the need for a TPM. A device with a TPM typically costs more due to the additional manufacturing and assembly costs of the dedicated secure element. Other benefits of relying on SIM cards for a secure root of trust is their ubiquity in cellular devices, general reliability, and standardization of the SIMs themselves. The underlying technology of IoT SAFE is premised on the basis that SIM cards are well protected against cyberattacks. The standardized nature of SIMs significantly streamlines the process of ensuring IoT SAFE compatibility, enabling IoT SAFE to have an impact on secure connectivity and connectivity management of a similar magnitude to what the Lightweight Machine-to-Machine (LwM2M) protocol has on device management. At the heart of the challenge is a coordination problem, as the network connectivity providers have to collaborate with IoT device manufacturers to ensure that the IoT SAFE-enabled SIMs can securely communicate with IoT devices.

Although, the network plane and the device manufacturing plane are not direct competitors, the two vendor groups traditionally serve as distinct operational silos in the IoT value chain. These silos emerged due to limited overlap between service-based connectivity and product-based device manufacturing. Hence, the coordination problem persisted. The Open Mobile Alliance (OMA) overcame a similar challenge with LwM2M, which involves multiple players across the IoT ecosystem (chipset makers, gateway manufacturers, connectivity providers, and platform service vendors) coordinating and adopting a single baseline standard for device management. The traction that the LwM2M industry standard has gained in device management is a good omen for IoT SAFE, which can expect to benefit from the GSMA facilitating coordination among hardware and service providers, on the connectivity and connectivity management planes, replicating LwM2M’s success in the device management stage of the value chain.

Will IoT SAFE Solve the Security Challenge and Gain Widespread Adoption?


Despite the introduction of IoT SAFE, several pain points for IoT customers seeking a secure network solution still persist. For example, IoT SAFE provides two pathways to perform device identity and attestation; these are digital certificates (X.509s), or Pre-Shared Keys (PSKs). The pain point of X.509s is that they’re less suited for resource-constrained devices, as the device authentication process uses up computing power (and thus, has greater energy intensity). The pain point of PSKs is that they have to be pre-loaded onto the Universal Integrated Circuit Card (UICC) at the point of device manufacture, flashing the device with the credentials. Therefore, using PSKs denies customers the flexibility in choosing credentials. This makes PSKs impractical should the final destination of their device be unknown, even though it is less intensive in computing power compared to X.509s. However, IoT SAFE is certainly a significant step forward in enabling IoT solutions that are built with security in mind. Challenges include ensuring that the hardware and SIM is IoT SAFE compliant. Then, Connectivity Management Platforms (CMPs) and Device Management Platforms (DMPs) can support secure zero-touch provisioning with a SIM acting as a root of trust. The GSMA says that IoT SAFE can work for non-cellular technologies, too, namely Wi-Fi and Bluetooth devices, provided the devices have a Java Card secure element built in.

Nonetheless, the first point of success for IoT SAFE is likely to be in the cellular module and cellular gateway space where SIM-based provisioning is possible with a Transport Layer Socket (TLS) stack in the IoT-safe enabled modules. Then Embedded SIM (eSIM) providers will provide an eSIM to enable network authentication for a module manufacturer. To conclude, the biggest driver of IoT SAFE is the flexibility the technology provides. For example, authentication is possible with a bootstrap server, and customers have the flexibility to deploy it through X.509s or PSKs. The flexibility is not just on the network plane, but also on the device plane, because the TLS stack can be deployed either on the Microcontroller Unit (MCU) or deployed independent of the MCU on a cellular module. Thus, IoT SAFE is built in with security and flexibility in mind, so it can cater to a larger variety of IoT use cases.