GSMA IoT SAFE
The importance of security for IoT solutions cannot be stressed enough as we have highlighted in our previous posts about generic security requirements and how PKI can increase security - the remaining question is HOW to implement security.
In most current IoT devices, end-to-end security is provided through Transport Layer Security (TLS) between a dedicated stack in the device, the TLS stack, and a remote cloud-based service.
The Internet of Things operates under certain constraints:
- IoT devices are in general cost sensitive.
- IoT devices are in general physically accessible by third parties.
- There is no acceptable device security without hardware-based protection mechanisms (secrets can be extracted more easily from non-protected hardware).
- The costs to configure a device on-site might be 100 times more than the device cost itself (cost of personnel visiting the device, cost to bring the device to the maintenance facility, …).
A common approach to provide security to IoT devices is the use of dedicated secure elements but they have some disadvantages:
- They require integration, in particular regarding space, connectivity and communication into the device.
- They require a dedicated personalization process.
- They increase the per device costs (manufacturing and maintenance).
From our point of view, a more efficient approach to implement IoT device security is to use existing elements and mechanisms. Our approach focusses on IoT devices with mobile communication capabilities. We have recognized early on the benefits of using the SIM - later eSIM - as secure element and have been engaged in the development of solution prototypes using it as anchor of trust for IoT implementations. The later arrival of the IoT SAFE initiative has just confirmed our vision.
The approach to use SIM as an anchor of trust for IoT devices in combination with the IoT SAFE application offers the following advantages:
- The SIM as Root of Trust utilizes the physical properties of a SIM card or eSIM chip for tamper resistance.
- The concept of the SIM as Root of Trust has been standardized as IoT SAFE (Internet-of-Things SIM Applet For Secure End-2-End Communication).
- IoT SAFE has been developed and is maintained by industry expert groups: GSMA, TCA, Java Card Forum, GlobalPlatform.
- It is vendor-neutral, platform-independent and based on proven standards.
In short, the IoT SAFE applet is a standard Java Card applet which provides cryptographic services:
- Random Number Generation
- Cryptographic operations like hashing, encryption, decryption, signing and signature verification
- Storage of secrets and certificates
Let's take a closer look - the GSMA specified IoT SAFE provides a common mechanism to secure IoT data communications using a highly trusted secure element, the SIM or eSIM, rather than using proprietary and potentially less trusted hardware secure elements implemented elsewhere within the device.
The specified solution consists of new components as well as modifications with standardized APIs to existing components.
IoT SAFE applet
- depending on the preferred security scheme and device capabilities there are two types that a solution provider can choose from
- Type I applets use asymmetric keys to manage digital certificates and can optionally handle pre-shared keys (PSK).
- Type II applets use only symmetric pre-shared keys.
Client Middleware on device
- incorporates a standard D(TLS) stack, with a low layer IoT SAFE interface providing a means to securely store Pre-Shared Keys (PSKs) and certificates used during the standard handshake operations with external entities
- can be implemented in different sub-elements of the device depending on the device’s architecture and design.
IoT Server Middleware
- is linked with the application server and the IoT SAFE security services platform for provisioning purposes.
IoT SAFE Security Services Platform
- is connected with the IoT SAFE applet and the IoT Server Middleware
- enables provisioning of initial credentials to both the applet and Server Middleware at device switch-on (if they weren’t pre-provisioned)
- manages the life cycle of those credentials.
When implementing IoT SAFE all components must be properly orchestrated to achieve the desired function and security level.
The key items being:
- IoT SAFE applet
- TLS stack / hardware drivers compatible with IoT SAFE
- Means of provisioning/managing the lifecycle of credentials remotely
- IoT SAFE ready hardware
Based on our extensive experience in smartcard specific development (on-card and off-card), we offer the services to implement the IoT SAFE applet and to integrate it with the customer server components.
Get in touch to learn more!