Evolving SIM solutions for IoT
By 2024, there will be more than 22 billion connected IoT devices, according to recent Ericsson research. Out of those devices, 4.1 billion will have cellular connections. As a result, enterprises that deliver hardware-based solutions are working to develop strategies to stay competitive. However, with a large variety of devices, networks, applications and infrastructures available, building a global IoT strategy is becoming more difficult.
The IoT involves billions of devices, and the majority of these are expected to be low-cost devices that are small in size, have limited processing power and storage, are battery driven, and may be expected to run for more than 10 years. These devices must remain connected to deliver sensor data or act upon commands from remote locations, and they must do this securely. Secure identities are required to securely identify these devices, their data, and protect them from misuse by remote attacks.
SIM for IoT
3GPP Authentication and Key Agreement (AKA) is an established technology for authentication of subscribers in cellular networks, and its protocol simplicity also makes it usable for IoT devices. Historically, plastic SIM cards (aka UICC) containing subscriber credentials and algorithm implementation have been used for authentication, but this solution has many drawbacks for IoT. One drawback is the costs associated with manually changing SIM cards when swapping operators, which would be essentially impossible for billions of devices in hard-to-reach places, such as devices built into walls or hermetically sealed devices. Another drawback is the increased cost and size of the physical device due to the inclusion of a SIM card reader. Even though the SIM card form factor has shrunk over time, its cost and size are not negligible for constrained IoT devices. Furthermore, the logistics of handling the SIM component is an additional cost factor.
The embedded SIM (eSIM) technology allows remote provisioning of subscriber credentials and addresses some of the above issues. This technology, already in use today, relies on an embedded UICC (eUICC), which is a dedicated chip soldered into the device during manufacturing. An eUICC is smaller than a SIM card and does not require a card reader, but the cost of using eUICC may still be too high for low-cost constrained IoT devices.
An ongoing evolution
Currently, the industry is working to define an integrated SIM (iSIM) solution where the SIM functionality, including the remote provisioning support, is implemented in a trusted environment within the System-on-Chip. This is called an integrated UICC (iUICC). But there is not yet a clear definition of iUICC, and one might expect several different hardware vendor specific realizations in the future. We use the term xUICC to denote either a UICC, an eUICC, or an iUICC.
The use of eSIM and iSIM technology is crucial for cellular IoT, and for NB-IoT in particular, to gain market share. The 3GPP AKA authentication technology fits very well as a generic network access technology. It can be used advantageously with devices that connect via non-3GPP radio technologies such as WiFi and Bluetooth. The already existing authentication infrastructure of mobile network operators could also be leveraged for non-3GPP IoT devices. However, to compete with other authentication technologies, an efficient, low-cost iSIM solution is required.
The future SIM solution
Ericsson teams are working to further optimize the SIM solution for IoT devices. The goal of this work is to develop a simplified SIM solution that enables networks to scale for the billions of devices we will see on the market over the next few years.
Through a global standard, an evolved SIM solution can lower complexity on provisioning infrastructure and devices to decrease the cost of devices and infrastructure. The solution will also lower the use of bandwidth and local device compute, which in turn prolongs battery lifetime.
The SIM cards and eUICCs we use today contain a full environment for downloading and running Java applications, and also have many legacy functions and data elements. To reduce device costs, a SIM implementation optimized for low-cost constrained IoT shall only include the bare minimum functionality such as network access authentication and download of new subscriber credentials, a so-called SIM profile. This allows SIM profile packages downloaded to IoT devices to be reduced from several tens of kilobytes today to less than 200 bytes, while still containing the necessary data according to standardized formats. The use of small profile packages saves costs in the device, independently of the xUICC realization, in terms of storage, transmission power, and has an increased transfer reliability compared to large profile packages.
To reduce device costs further, it’s efficient to also leverage existing protocols in the IoT device for remote SIM profile provisioning and SIM profile management. For example, the existing protocol stack for device management can be leveraged. We propose adapting the GSMA RSP protocol targeting consumer devices to make it function well with IoT devices. The local profile assistant (LPA) in the device that assists in profile download and profile management (enable, disable, and delete of profiles) will be split up into two parts. LPAdv, which interfaces the xUICC, remains in the device, while LPApr, which handles interactions with the device owner and the profile provisioning server (SM-DP+) such as the Ericsson DSE, is offloaded from the device to a proxy. This proxy may be a device management server (MS) such as the Ericsson IoT Accelerator.
This adaptation offers several benefits. First, the majority of the LPA functionality can be moved out from the device to reduce the device footprint. Secondly, communications between the two LPA components can leverage a protocol stack that already exists in the device such as a LwM2M stack for device and data management, where the LwM2M stack also includes security (e.g. DTLS). This removes the need for dedicated protocols as standardized by GSMA in the device. Also, profile management becomes a natural part of the device management instead of being operated by an independent system. Finally, compression can be used on the message structures exchanged between the two LPA components to lower power consumption in the device. The profile protection is still end-to-end between the SM-DP+ and the xUICC, and the use of a device management server does not require any modifications to the SM-DP+ and xUICC.
The cost reductions are beneficial to the device manufacturer and the device owner/user. The use of small profiles reduces the xUICC footprint and power consumption. Device owners will have the option to control profile management for their devices, so they can choose when to enable, disable, or delete profiles.
Testing the evolution
Ericsson is driving standardization within GlobalPlatform of a functional API for the needed SIM functionality to help IoT device developers deal with different deployments and realizations of the xUICC. The need for an evolved SIM solution is clear, which is why Ericsson is working with Sprint and SoftBank to assess the described technology.
Through the adaption of existing protocols, careful optimization and proper API design, we can develop secure identity solutions for IoT devices that are cost-effective and easy to use for developers that need to handle different deployments and realizations of xUICCs.
"Sprint and Ericsson are continuing to work hand-in-hand to provide our customers a wider choice of secure connectivity options. eUICC and iSIM can provide our customers seamless global connectivity for IoT solutions while managing them easily using the self-service management capabilities of Sprint Curiosity OS," said Ricky Singh, Chief of Products and Solutions, IoT at Sprint.
"We expect this technology will be one solution for issues with IoT devices, especially those that need to optimize data volumes using NB-IoT. We also believe this technology will stimulate the IoT business by becoming a global standard in the future," said Takenori Kobayashi, Vice President, Head of Device Technology Division at SoftBank Corp.
To read more research by these authors, please see Key technology choices for optimal massive IoT devices