SIM Evolution. Klaus Vedder. Presented by: 10 July 2018 ETSI th Sigos Conference

Similar documents
2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient

The SIM Turns 20. Dr. Klaus Vedder. Chairman ETSI TC SCP. 3rd ETSI Security WS Sophia Antipolis, France January 2008

The UICC. Recent Work of ETSI TC Smart Card Platform. Dr. Klaus Vedder Chairman ETSI TC SCP

The UICC. Recent Work of SCP and Related Security Aspects. Dr. Klaus Vedder Chairman ETSI TC SCP

GSMA Embedded SIM Specification Remote SIM Provisioning for M2M. A single, common and global specification to accelerate growth in M2M

GSM Association (GSMA) Mobile Ticketing Initiative

Connected Living. SIMs & M2M the Central and Developing Role of SIMs

ebook - TRUSTED esim TESTING FRAMEWORK - June 2016 BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

GSMA Embedded SIM 9 th December Accelerating growth and operational efficiency in the M2M world

SEPA goes Mobile Dr. Marijke De Soete ETSI Security Workshop January 2011 Sophia Antipolis, France

New Business. Opportunities for Cellular IoT. Loic Bonvarlet Director of Marketing Secure Identity Arm. Copyright 2018 Arm, All rights reserved.

The Open Application Platform for Secure Elements.

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

Secure Over-The-Air Services in NFC Ecosystems

Secure Application Trend in Smartphones. STMicroelectronics November 2017

SMART CARDS. Miguel Monteiro FEUP / DEI

5G SIM: Maximising MNO Investment in 5G Networks

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

introducing it? CME Sharing Initiative 21 st of July 2016

Solutions to Enhance IoT Authentication Using SIM Cards (UICC)

EUROPEAN ETS TELECOMMUNICATION September 1994 STANDARD

GSMA Embedded SIM for Connected Cars

Enabler Release Definition for Smartcard-Web-Server

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Enabling Mobile NFC CTST 2008

Building Digital Key Solution for Automotive

3GPP R15 5G SIM card: A definition

USIM Quad Short Product Information

esim Whitepaper The what and how of Remote SIM Provisioning March 2018

Preface. Structure of the Book

Security Strategy for Mobile ID GSMA Mobile Connect Summit

M2MD Communications Gateway: fast, secure, efficient

Die Zukunft des M-Payment The future of m-payment NFC. Andreas Johne. Düsseldorf, 25. Januar 2008

Smart cards are made of plastic, usually polyvinyl chloride. The card may embed a hologram to prevent counterfeiting. Smart cards provide strong

Smartcards. ISO 7816 & smartcard operating systems. Erik Poll Digital Security Radboud University Nijmegen

Provisioning secure Identity for Microcontroller based IoT Devices

M2MD Communications Gateway: fast, secure and efficient

Telenor SIM specification General Purpose Telematics (GPT) Profile no: 001

Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011

ETSI TS V7.1.0 ( )

TCG activities on Mobile Security standardization. Mr. Janne Uusilehto, Nokia Chairman, TCG MPWG Embedded Security Seminar September 12, 2005

Embedded SIM (esim)/euicc Technology

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

euicc for: Connected cars

RESHAPING SIM BUSINESS PARIS. MOSCOW. DUBAI. SINGAPORE. SEATTLE.

Emerging Mobile IoT Technologies: Use Cases, Business and Security Requirements

Smart Card Operating Systems Overview and Trends

GSME proposals regarding mobile theft and IMEI security

Extensible standards and impact on technology switching costs. Mark Pecen, Sr. VP, BlackBerry Research and Advanced Technology September 2013

ETSI TS V6.0.0 ( )

Microcontrollers. Claude Dardanne Executive Vice President, General Manager, Microcontrollers, Memory & Secure MCU Group.

Mobile/NFC Security Fundamentals. Secure Elements 101. Smart Card Alliance Webinar March 28, 2013

Design and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet

... Lecture 8. Smartcards and Related Application Infrastructures. Mobile Business I (WS 2017/18) Prof. Dr. Kai Rannenberg

Bringing you an end to end Mobile Connect Solution. Mobile Connect for Mobile Network Operator. Mars 2016

WAVECOM All rights reserved Erik Rasmussen Key Accounts Manager. Meter Communications: What Makes Sense?

onem2m - A Common Service Layer for IoT Basic principles and architecture overview

MIFARE4MOBILE: the road TO NFC MASS ADOPTION. NFC WORLD CONGRESS Sophia Antipolis, 2011

euicc for: Connected wearable technology

3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia

ETSI TS V7.1.1 ( )

MasterCard NFC Mobile Device Approval Guide v July 2015

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

CALYPSO FUNCTIONAL SPECIFICATION. CNA Calypso rev 3.1 Applet Presentation

Minne menet, Mobiili-Java?

Kigen SIM Solutions. Unlock the full potential of IoT

Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans

Wireless Best Kept Secret For Now

Basics of GSM in depth

Recommendations on residual issues relevant to ecall

SOLUTIONSPORTFOLIO RESHAPING SIM BUSINESS

ETSI TS V (201

3GPP TS V9.1.0 ( )

OmniRAN Overview and status

NTT DOCOMO Technical Journal. 1. Introduction. Kazunari Suzuki Teppei Azuma

A MODEL FOR INTERCONNECTION IN IP-BASED NETWORKS

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

Contents. Preface. Acknowledgments. xxiii. List of Acronyms i xxv

NFC Identity and Access Control

Case Study. gsma.com/iotsecurity

ECC Recommendation (17)04. Numbering for ecall

NFC is the double click in the internet of the things

ETSI TS V9.1.0 ( ) Technical Specification

3GPP TS V ( )

OECD work on IoT. Regulatory impacts of IoT or the liberalisation of the SIM-card

New Approaches to Connected Device Security

- Lessons Learnt in Asia. Dr. Jack C. Pan Watchdata Technologies

Scalable Security solutions to enable Cyber Security and to manage Digital Identities

Göran Näslund M2M Business Development Manager Smart Metering Vodafone Global Enterprise Sweden

Natural Security Alliance

Hitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip

Mobile telephones/international roaming frequently asked questions (see also IP/05/161)

3GPP TS V6.4.0 ( )

FOUR INDEPENDENT TOOLS TO MANAGE COMPLEXITY INHERENT TO DEVELOPING STATE OF THE ART SYSTEMS. DEVELOPER SPECIFIER TESTER

The Mobile Java Card TM Grid Project

ETSI standards are enabling a global M2M solution. Enrico Scarrone, ETSI TC M2M Chairman, Telecom Italia 3 ETSI M2M workshop, Mandelieu, France, EU

Windows 10 IoT Core Azure Connectivity and Security

SIM Smart Card Overview

Connect Your IoT Device: Bluetooth 5, , NB-IoT

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD

Transcription:

SIM Evolution Presented by: Klaus Vedder For: 20 th Sigos Conference 10 July 2018 ETSI 2018

The Subscriber Identity Module in 1988 "A SIM is the physically secured module which contains the IMSI, an authentication algorithm, the authentication key and other (security related) information and functions. The basic function of the SIM is to authenticate the subscriber identity in order to prevent misuse of the MS (Mobile Station) and the network." From the report of SIMEG#1 in January 1988 GSM System Requirement: provide the same level of security as the fixed network Plug-in SIM with carrier Telemig, Brazil, 2005 The question at the time: Wouldn't it be sufficient to have a functional specification and let every operator specify its own interface (except for the form factor)? ETSI 2018 2

3 The Form Factors in 1988 Option 1: "IC card" The ID-1 card used by Deutsche Telekom in their analogue network Option 2: "Fixed" = Software SIM fully incorporated into the handset Rejected due to security concerns and less flexibility - would require operator specific personalisation of the handset Option 3 (Plug-in SIM): "Removable" a vs 24 pin DIL with 8 pins connected ETSI 2018 3

The SIM card: The key to gain access to your customer Some Early SIMs Used for the first call in June 1991 The contact area well integrated into the design Signature strip Plastic not suitable for embossing and use as a credit card ETSI 2018 4

Security, Technology and Services The SIM: Providing the security Issuer specific authentication algorithm Issuer specific algorithm for cipher key generation Security management specified by issuer Attacks 1998 black box attack against Comp 128-1 Chosen plaintext-ciphertext attack to calculate the secret authentication key 2013 Black Hat Conference Las Vegas: Faulty SW implementations This talk ends this myth of unbreakable SIM cards and illustrates that the cards - like any other computing system are plagued by implementation and configuration bugs. Karsten Nohl The SIM card: Providing universal plastic roaming The SIM card: Fostering the mass market by Freeing the Mobile of the subscription The SIM: Driving Technology and Applications Leading to new generations of micro-controllers Memory requirements for smart cards were driven solely by GSM High temperature card material to satisfy the new environment The SIM Application Toolkit The world's first global platform for secure Value Added Services ETSI 2018 5

Fire walls between applications From the SIM to the UICC or from mono -application to multi-application 1999/2000 Split of all SIM specifications and responsibility A generic part (UICC) to form the multi-application platform (ETSI) An application specific part, the SIM application (3GPP) The UICC consists of (all) application independent functions and features Separation of lower layers and applications Up to 20 logical channels to run applications in parallel USB, NFC, security, part of UICC specification ID Ticketing Specified by the respective industry sector Specified by ETSI TC SCP USIM SIM Toolkit Public Transport UICC the multi-application smart card platform Electr. Purse ETSI 2018 6

7 Some Thoughts on Standardisation Standardisation can create a mass market GSM vs Telepoint ("Birdie", "Rabbit, ) Standardisation can drive technology Standardisation is a way to achieve interoperability There is, however, more needed than just the specification containing the technical realisation of the requirement specification Standardisation shall not prevent technical, commercial and market progress Backwards compatibility is not always a desired feature Advancing from 2G to 3G and ignoring total backwards compatibility would have provided a huge improvement on the technical side with a high potential for the commercial side in the mid to long term Using a standards body to delay or block a topic may prove counterproductive and lead to a fragmented market Standardisation for the sake of standardisation is a waste of time and money ETSI 2018 7

The What s Machine a Title to? Machine UICC March 2010: ETSI TC SCP approves a new specification for UICCs inm2m (TS 102 671 Smart Cards, Machine to Machine UICC, Physical and logical characteristics) M2M specific constraints such as data retention, temperature, memory update cycles, vibration resistance, humidity MFF1 (M2M Form Factor 1) socketable 8 pin solution MFF2 : a non-removable, to-be-soldered package (SON8) Plug-in SIM card 15mm x 25 mm SON8 5mm x 6mm SON8 5mm x 6mm Can the use of M2M Form Factors really be restricted to Machine-to-Machine applications? ETSI 2018 8 8

Some Impacts of a Solderable UICC No more "plastic roaming " Need to change the operator after deployment Ownership of an embedded UICC In some countries the end user will own the "black beetle No point in stealing a mobile device with an embedded UICC Lifetime issues of the chip - as long as the device (?) Lifecycle management - personalisation and distribution Future role of the MNOs and service providers (car manufacturers, energy suppliers, ) ETSI 2018 9

Managing an embedded UICC Today: HW, SW, security data out of one and the same source The SIM manufacturer develops OS including security optimised algorithms The SIM manufacturer generates personalisation data (serial numbers, keys, MNO credentials, ), loads them into the chip in its premises, together with an MNO specific profile, and sends SIMs and data to the MNO Tomorrow: Split system OEMs (device vendors) are provided with chips containing OS and algorithms Subscription Manager (SIM manufacturer) generates personalisation data (serial numbers, keys, MNO credentials. ) and sends these data to MNO and OEM OEM loads data on its premises in a secure way into the UICCs Two questions: How to handle the case that the device is not specifically produced for a specific MNO (in particular in the case of M2M devices) How to change the subscription of a device in the field 10 ETSI 2018 10

Challenges Provisioning of subscriptions over-the-air or over-the-wire after production, outside of factory New ecosystem with dynamic subscription management (changing of subscriptions and profiles in the field) ETSI 2018 11

The Road to embedded UICCs, the Loss of the Fast Interface and Other Form Factors "Today's SIM card is the most expensive piece of real estate on a PCB" (OEM manufacturer in 2012) The ID-1 Card (1FF, 1988) Plug-in Card (2FF, 1989) 3FF (2003) 4FF (2012) MFF2 (2010) ~ 2016 Non-standardised packages - size of the package down to chipscale VCC RST GND SWP The 4th form factor does not provide the space for the USB interface which had taken years to be approved Courtesy Giesecke & Devrient CLK USB I/O USB SWP (Single Wire Protocol) is the standardised interface for NFC-applications ETSI 2018 12

Secure Elements: From Separate to Integrated The traditional SIM needs to be re-considered in the context of new mobile communication challenges, including machine to machine communications.* euicc** The UICC becomes an integrated, though dedicated piece of hardware of the device (e.g.,mff2) Provides the possibility of dematerialising the issuance of the SIM SSP (Smart Secure Platform) First informal discussions at SCP#71 in Cupertino in October 2015 Idea: Get rid of the UICC transport protocol (T=0), APDUs,.. Create a new high level interface application - independent of lower levels * Prof. Mike Walker when presenting the work of Deutsche Telekom, G&D, Telefónica O2 UK and Vodafone on the management of embedded UICCs at the ETSI Security Conference in January 2011 ** An embedded UICC or euicc is a "UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions" (ETSI TS 103 383) ETSI 2018 13

The Smart Secure Platform Objective: better integration of the UICC into the specific use case while retaining its characteristics Layout of the SSP protocol stack SSP is designed to be a modular platform offering a core set of features as well as a number of options that need to be selected at the time of implementation based on the intended application (e.g., a system of sensors in an IoT application will most likely not require full fledged UICCs in every sensor). An open platform for multiple applications Clear separation of layers Choice of protocols (SPI, I2C, ) Faster and flexible Choice of hardware New filesystem Support of existing features Contactless, Toolkit, Figure taken from ETSI TS 103 465 v 1.3.0 ETSI 2018 14

The New SSP Specifications The SSP classes issp: the UICC (and thus the SIM) becomes an integrated part of the chipset (SoC) essp: SSP version of the euicc; rssp: SSP version of the (removable) UICC Priority on integrated SSP; essp and rssp to follow Requirements split into generic requirements for all classes and class specific requirements (currently only for issp) TS 103 465 Smart Secure Platform; Requirements Status: under change control The technical realisations TS 103 666-1 Smart Secure Platform; General characteristics TS 103 666-2 Smart Secure Platform; Integrated SSP (issp) characteristics Status: both are approaching completion ETSI 2018 15

The issp Concept Integration of the functionality of the UICC into a System on Chip (SoC) solution. The issp is an independent secure processor within the SoC Advantage lies in the reduction of the number of chips, deeper integration and thus reduced amount of space Several bundles may co-exist in the SoC; one being executed within the Tamper Resistant Element (TRE) and the rest stored securely outside the TRE, ready to be swapped in and executed as required Bundle 1 Telecoms Bundle 2 Payment Bundle 3 Identity Bundle 4 DRM Bundle 5 IoT Primary Platform Interface Primary Platform * (underlying HW, low level OS, ) Technology & use ase independent *For details and a diagram depicting an SoC solution see GlobalPlatform Technology VPP Concepts and Interfaces Version 1.0 (March 2018) ETSI 2018 16

Multiple Industry Sector SSP Device Payment Bundle Management Entity* Connections forbidden? Under discussion 3GPP Functions Connects to the enabled and active Telecom Bundle(s)** Telecom Bundle Management Entity* ** (s) or no (s), that s the question SSP Bundle 1 Bundle 2 Family Identifier: Family Identifier: Payment Payment Bundle 3 Family Identifier: XYC Bundle 4 Bundle 5 Bundle 6 Family Identifier: Family Identifier: Family Identifier: Telecom Bundle Telecom Bundle Telecom Bundle *Not yet specified; rules up to the specific industry sector Primary Platform Interface Primary Platform ETSI 2018 17

Conclusion The standardised SIM packages will (largely) disappear and x SoC a new logical interface will replace today s rather old interface for use by all industry sectors. ETSI 2018 18

Where is this Trip Really Leading Us? The meeting which started the concept of the UICC at the total eclipse of the sun in 1999 ETSI 2018 19

Thank You nearly Dr. Klaus Vedder Chairman ETSI TC SCP Zeata Security Ltd. ETSI TC Smart Card Platform Home of the UICC The most widely deployed Secure Element in the world Next ETSI TC SCP Plenary Meeting Paris, France 20-21 September 2018 see: www.etsi.org ETSI 2018 20

ETSI TC SCP Home of the UICC the most widely deployed Secure Element with more than 5 billion pieces going into the market every year 30 years of dedication and real-life experience Scope Creation of a series of specifications for a Secure Element platform on which bodies from inside and outside the telecom-world can base their system specific applications to achieve compatibility between all applications resident on the Secure Element Development and maintenance of interface, procedures and protocol specifications between the Secure Element and entities (remote or local) used in the management of that Secure Element. This includes interfaces, procedures and protocol specifications used between such entities for the secure provisioning and operation of services making use of that Secure Element Output Over fifty specifications and reports on Secure Elements encompassing for every topic the whole range from requirements via the technical solution to the related test specification; topics range from administrative commands to APIs, browsers, Internet connectivity, Machine-to-Machine, new interfaces for high speed and NFC as well as remote management All specifications can be downloaded free of charge from the ETSI website The specifications are application agnostic. ETSI 2018 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback