Definition of a 5G SIM
A 5G SIM is a tamper-proof secure element which is the only solution allowed to secure 5G network access. It has been specified by the 5G standardization body ETSI-3GPP in Releases 15 & 16 UICC specifications (UICC: Universal Integrated Circuit Card, better known as a SIM).
It aims at directly addressing the key 5G attributes: enhanced mobile broadband, massive IoT, critical communications.
Launched commercially in 2019, 5G will reach 1.9 billion subscriptions worldwide in 2024 (i.e. 20% of all mobile subscriptions), making it the fastest generation ever to be rolled out on a global scale.
A 5G SIM encompasses all form factors available (removable SIM, M2M SIM, 5G eSIM).
Challenges for 5G operators
In order to help to deliver the full 5G promise to enterprises and users, trust is increasingly perceived as a pervasive transversal factor to be added to a mandatory trust-by-design virtualized 5G architecture.
But a certain number of legal and security concerns arise:
- User privacy management is nowadays increasingly seen as crucial in a digitalized society. This reality hurts mobile operators in the thing most dear to them with respect to their relationship with their users: reputation, and thus trust. In particular, mobile subscriber identity is at stake (i.e. International Mobile Subscriber Identity, aka IMSI, used to identify the user of a mobile network and a unique identification associated with all mobile networks): thanks to IMSI catcher equipment, IMSIs can be easily misused to locate, trace individuals and collect data.
→ Definition: An IMSI catcher (or Stingray) is an intrusive piece of technology, that acts as a false base station, able to locate and track all mobile phones that are switched on in a certain area. It does this by ‘pretending’ to be a mobile phone tower - tricking your phone into connecting to the IMSI catcher and then revealing your personal details without your knowledge. Source: Privacy International.
The full anonymization of the end-to-end subscriber identity is required (i.e. from mobile equipment to core network): it can be imposed on mobile operators by stringent regulations (e.g. GDPR, ePrivacy Regulation) or implemented by mobile operators as part of their own security policy or strategy.
- Current mobile security architectures mainly rely on the secrecy of mobile operators’ network authentication elements (i.e. the operator’s network access authentication algorithm and long term secret-key credentials used for mutual authentication of users onto their mobile networks). Such information can be unexpectedly exposed via hacking attacks (e.g. by state intelligence agencies or other actors) or accidental breaches during exchanges between the mobile operators and their providers. This vulnerability can sometimes lead to communication spying, SIM cloning and other unwanted activities. Should the mobile operator believe that this sensitive data is compromised or suspected of being compromised, it can be forced to change its network authentication algorithm and/or physically replace end-users’ SIM cards. Such actions are damaging to the user experience, they result in SIM card renewal costs, and eventually lead to loss of trust and reputation of the mobile operator. Hence mobile operators must be able to maintain a cyber-resilient environment in case of an attack by restoring a trusted security level over the entire SIM lifecycle.
- Enterprises are meant to be the main beneficiaries of 5G. Leveraging 5G virtualization and network slicing, mobile operators will be able to provide tailored connectivity Service Level Requirements to enterprises. But in a post-COVID 19 era, companies' data integrity and confidentiality is increasingly at threat - and thus must be ensured.
Then 5G roaming is on the agenda too.
While traveling abroad, 5G users –particularly the early 5G adopters– logically expect to continue to roam on other 5G networks. They would not understand that while roaming they could be connected to a 3G or 4G network, thus losing the 5G enhanced mobile experience. Mobile operators must be able to ensure that their roaming policy across 5G / 4G and 3G is correctly applied in any country.
Benefits of Thales' 5G SIM
Introduced in 2019 as the world's first 5G SIM, Thales' 5G SIM can help to address these challenges.
Subscriber identity privacy
Mobile operators can now ensure user data anonymisation thanks to IMSI encryption made possible by the highly customisable onboard identity encryption capabilities built into our 5G SIMs.
Mobile operators can securely and remotely swap on demand the authentication algorithm contained in the SIM thanks to key rotation management, thus maintaining a trusted environment.
Tailored enterprise & private networks confidentiality
Mobile operators can bring higher levels of integrity and confidentiality for enterprise 5G services and private networks thanks to the implementation of network authentication mechanisms
Operators can provide tailored security, authentication and authorization for each network slice.
Seamless 5G roaming experience
The 5G SIM ensures that mobile operators can offer users a seamless & optimal 5G roaming experience while maximizing their roaming revenues, thanks to 5G SIM-based over-the-air 5G steering of roaming capabilities.
Thales' 5G SIM supported by the world's first 5G chipset for smartphones
All the world's first 5G smartphones rely on Qualcomm®'s SnapdragonTM 855 Mobile Platform chipset.
Thales has been working closely with the world's leading mobile chipset and modem leader Qualcomm Technologies to ensure full support of its 5G SIM with the Qualcomm flagship mobile platform.
"Qualcomm Technologies has a longstanding relationship with Thales focused on delivering mobile solutions with robust security," said Gautam Sheoran, Senior Director, Product Management, Qualcomm Technologies, Inc. "We are now extending this collaboration to allow OEMs to easily develop exciting 5G devices with strong security, using both Thales 5G SIM and our next generation flagship Qualcomm® Snapdragon™ 855 Mobile Platform to pave the path for 5G commercialization in 2019."