Definition of a 5G SIM
A 5G SIM is a tamper-proof secure element, which is the only solution to secure 5G network access.
It has been specified by the 5G standardization body ETSI-3GPP in Releases 15 & 16 UICC specifications (UICC: Universal Integrated Circuit Card, better known as a SIM).
It aims at directly addressing the key 5G attributes: enhanced mobile broadband, massive IoT, critical communications.
Launched commercially in 2019, 5G will reach 1.9 billion subscriptions worldwide in 2024 (i.e., 20% of all mobile subscriptions), making it the fastest generation ever to be rolled out globally scale.
A 5G SIM encompasses all form factors (removable SIM, IoT SIM, 5G eSIM).
Challenges for 5G operators
To help deliver the full 5G promise to enterprises and users, trust is increasingly perceived as a pervasive transversal factor added to a mandatory trust-by-design virtualized 5G architecture.
But a certain number of legal and security concerns arise:
- User privacy management is nowadays increasingly seen as crucial in a digitalized society. This reality hurts mobile operators most dear to them concerning their relationship with their users: reputation, and thus trust. In particular, mobile subscriber identity is at stake (i.e., International Mobile Subscriber Identity, aka IMSI, used to identify the user of a mobile network and a unique identification associated with all mobile networks): thanks to IMSI catcher equipment, IMSIs can be easily misused to locate, trace individuals and collect data.
→ Definition: An IMSI catcher (or Stingray) is an intrusive piece of technology that acts as a false base station to locate and track all mobile phones switched on in a certain area. It does this by ‘pretending’ to be a mobile phone tower - tricking your phone into connecting to the IMSI catcher and then revealing your personal details without your knowledge. Source: Privacy International.
The full anonymization of the end-to-end subscriber identity is required (i.e., from mobile equipment to core network): it can be imposed on mobile operators by stringent regulations (e.g., GDPR, ePrivacy Regulation, aka ePR) or implemented by mobile operators as part of their own security policy or strategy.
The ePR aims at ensuring "a high level of protection of the right to the confidentiality of communications and individual privacy, and the creation of a level playing field between digital services relying on data in the EU."
- On November 6, 2020, the GSMA and ETNO (European Telecommunications Network Operators' association) have issued a joint telecoms industry letter on the ePrivacy Regulation. Sent to EU national ministries and the Member States’ Permanent Representations to the EU, it aims to reaffirm the importance of such a regulation, particularly the support of the pseudonymised metadata process.
- Current mobile security architectures mainly rely on the secrecy of mobile operators’ network authentication elements (i.e., the operator’s network access authentication algorithm and long-term secret-key credentials used for mutual authentication of users onto their mobile networks). Such information can be unexpectedly exposed via hacking attacks (e.g., state intelligence agencies or other actors) or accidental breaches during exchanges between the mobile operators and their providers. This vulnerability can sometimes lead to communication spying, SIM cloning, and other unwanted activities. Should the mobile operator believe that this sensitive data is compromised or suspected of being compromised, it can be forced to change its network authentication algorithm and/or physically replace end-users’ SIM cards. Such actions are damaging to the user experience. They result in SIM card renewal costs and eventually lead to a loss of trust and the mobile operator's reputation. Hence mobile operators must maintain a cyber-resilient environment in case of an attack by restoring a trusted security level over the entire SIM lifecycle.
- Enterprises are meant to be the main beneficiaries of 5G. Leveraging 5G virtualization and network slicing, mobile operators will provide tailored connectivity Service Level Requirements to enterprises. But in a post-COVID 19 era, companies' data integrity and confidentiality are increasingly at threat - and thus must be ensured.
Then 5G roaming is on the agenda too.
While traveling abroad, 5G users –particularly the early 5G adopters– logically expect to continue to roam on other 5G networks.
They would not understand that while roaming, they could be connected to a 3G or 4G network, thus losing the 5G enhanced mobile experience.
Mobile operators must ensure that their roaming policy across 5G / 4G and 3G is correctly applied in any country.
Benefits of Thales' 5G SIM
Introduced in 2019 as the world's first 5G SIM, Thales' 5G SIM can address these challenges.
Subscriber identity privacy
Mobile operators can now ensure user data anonymisation thanks to IMSI encryption made possible by the highly customisable onboard identity encryption capabilities built into our 5G SIMs.
Mobile operators can securely and remotely swap on demand the authentication algorithm contained in the SIM thanks to key rotation management, thus maintaining a trusted environment.
Tailored enterprise & private networks confidentiality
Mobile operators can bring higher integrity and confidentiality levels for enterprise 5G services and private networks thanks to network authentication mechanisms.
Operators can provide tailored security, authentication, and authorization for each network slice.
Seamless 5G roaming experience
The 5G SIM ensures that mobile operators can offer users a seamless & optimal 5G roaming experience while maximizing their roaming revenues, thanks to 5G SIM-based over-the-air 5G steering of roaming capabilities.
Thales' 5G SIM is supported by the world's first 5G chipset for smartphones.
All the world's first 5G smartphones rely on Qualcomm®'s SnapdragonTM 855 Mobile Platform chipset.
Thales has been working closely with the world's leading mobile chipset and modem leader Qualcomm Technologies to fully support its 5G SIM with the Qualcomm flagship mobile platform.
"Qualcomm Technologies has a longstanding relationship with Thales focused on delivering mobile solutions with robust security," said Gautam Sheoran, Senior Director, Product Management, Qualcomm Technologies, Inc.
"We are now extending this collaboration to allow OEMs to easily develop exciting 5G devices with strong security, using both Thales 5G SIM and our next-generation flagship Qualcomm® Snapdragon™ 855 Mobile Platform to pave the path for 5G commercialization in 2019."