Addressing IoT cyber security with GSMA IoT SAFE

​

The IoT is set for a period of extraordinary growth, with a predicted 5.5 billion cellular IoT connections by 2027 (Ericsson mobility report, November 2021).

To reach this figure, there is a clear opportunity for everyone involved in the IoT ecosystem to leverage widely deployed and field-proven networks.

There's more.

The new generation of  5G networks is a tremendous asset for 5G IoT, helping to enable an explosive increase in the number of devices connected to people and each other. 

However, the emergence of billions more connected IoT devices also presents profound security challenges for IoT service providers in order to protect sensitive data. In response, the GSMA specifications (the IoT SAFE initiative) are being introduced to address the cyber security for IoT.

These are designed specifically to secure IoT devices as well as addressing IoT cloud security. All this by leveraging the IoT SIM card: the industry recognized tamper resistant elements of eSIM, SIM and, more recently, iSIM.

The key stakeholders in the cellular IoT ecosystem

• Mobile network / Telecoms operators - preparing for significant new commercial opportunities by providing the connectivity that embraces not only billions of people but also billions of device
• IoT Service Providers - developing applications for clouds and devices, managing fleets
• Public Cloud Providers - hosting and managing IoT applications and credentials
• OEMs - building IoT devices

Within the IoT ecosystem, devices collect, process and send data to the cloud, where various IoT applications are executed.

But while the emergence of billions more IoT devices creates a wealth of new opportunities for stakeholders, it also presents profound security challenges. 

Increasing IoT attacks 

The volume of IoT attacks is skyrocketing, doubling in six months according to a Kaspersky analysis: 1.5 billion IoT attacks were conducted in H1 2021, up from 639 million in H2 2020 (IoT Attacks Skyrocket, Doubling in 6 Months, Threatpost, September 2021).

To address these threats, the cloud platform for IoT must have absolute trust in the data received from IoT devices.

This is only possible by ensuring that both the device and the server are mutually authenticated (i.e. the device knows it is sending its data to the right server, and the server knows it is a genuine device which requests data to be sent). 

However, the IoT is set to be characterized by fragmentation in terms of the OS and chips employed.

An array of open source and proprietary IoT OS is already on the market and, given the rich and varied mix of applications, hardware and connectivity encompassed by the IoT, it is likely that the market will continue to sustain multiple OS and chips for the foreseeable future.

The result?

Proprietary IoT security solutions will not be able to scale or be duplicated.

Leveraging the hardware tamper resistant element 

The critical challenge is, therefore, how the device middleware can leverage the security services embedded in tamper resistant elements in a scalable manner.

This is the problem that the GSMA IoT SAFE (IoT on-SIM Applet For Secure End-2-End Communication) initiative solves:

specifying an API so the IoT device middleware can use the credentials and security services in the SIM card for IoT, namelly iSIM, eSIM or SIM in a standardized manner.

In short, utilizing hardware tamper resistant elements to secure IoT applications by design. 

The foundation of IoT cyber security is the TLS handshake protocol between the IoT device and the IoT cloud; mutual authentication must be enabled before any data exchange can occur.

Specifically, this is achieved through hardware tamper resistant element-based security and cryptography, and GSMA IoT SAFE specifications. 

Hardware tamper resistant elements are ideally suited to the three key requirements of IoT security

Hardware tamper resistant elements are a standard technology that integrates the new GSMA IoT SAFE specifications. They deliver scalable 'security by design' for the IoT, meeting the scalability requirements of an IoT security framework by utilizing standardized and field-proven SIM/eSIM technology, irrespective of form factor, and leveraging the multitude of devices already deployed in the field. 

Hardware tamper resistant elements address the three key IoT security requirements: 

1. Mutual trust between the IoT device and cloud
   This end-to-end mutual authentication enables a TLS connection
2. Protection of data at rest and in motion
   Data integrity
   Data confidentiality
3. Scalability
   There are already billions of Secure Elements in the field

Hardware tamper resistant elements deliver scalable trust for IoT applications.

They act as the root of trust / cryptographic toolbox, based on tamper-proof hardware that stores private keys, digital certificates and security services.

Our solutions

We can address the challenge of securely and efficiently connecting IoT devices to clouds through cellular networks, thereby offering demonstrable benefits for all key stakeholders.

Specifically, we enable the opportunity to leverage assets that include widely deployed and field-proven cellular networks and Secure Element-based security solutions that store credentials, to deliver services that can be enhanced to address IoT security in an interoperable environment defined by GSMA IoT SAFE specifications. 

We proactively lead the creation of new specifications, collaborating with the GSMA and other key industries to facilitate streamlined deployment of IoT security, and offer THALES' advanced implementation of the GSMA IoT SAFE initiative. 

We are the world leader in OTA (Over The Air) platform solutions that enable credential life cycle management. 

Need more information on scalable security for the IoT?

Interested in a proof of concept?

Contact us:

Thales Wins Gold for Best Cellular IoT Initiative

More resources

• Thales Adaptive Connect
• Thales Instant Connect
• IoT Connectivity – Understanding the role of SIM and eSIM in IoT