Trusted Connectivity Alliance (TCA) and IoT Security Foundation share a common vision: to secure the IoT and drive sustained growth through trusted connectivity. In this article, Claus Dietze, Chair of the TCA Board, explains how Tamper Resistant Elements (TRE) can help the IoT achieve its potential.
The IoT landscape is notoriously under-secured. In the rush to meet demand for online products, services and infrastructure, many manufacturers have adopted a ‘connect first, think later’ strategy where security has been an afterthought. This has resulted in years of serious security and privacy breaches, ranging from hacked baby monitors to the disablement of a Ukrainian powerplant.
Today, nearly everything can be brought online. Yet potential brings challenges. Connecting IoT devices on this scale is exposing more homes, hospitals, power plants and other critical infrastructure to cyberattacks.
Now, regulators and authorities across the world are stepping in and finally getting serious about securing the IoT.
Although a common global standard for IoT security has not yet been realised, strong progress is being made. Similar principles and best practices are being emphasised, such as the importance of secure storage and communication of credentials, the protection of personal data, software and firmware integrity, in addition to ensuring secure and reliable connectivity both between devices and from devices to the cloud.
It is also becoming increasingly apparent that hardware technology offers the highest levels of protection needed for such robust security requirements. Tamper Resistant Elements (TREs), for example, are already deployed as SIMs and eSIMs in billions of devices globally to deliver trusted connectivity to cellular networks.
What is a TRE?
A TRE is a standalone secure element or a secure enclave, consisting of hardware and low-level software, providing resistance against logical and physical attacks, capable of hosting secure applications and their confidential and cryptographic data. These features combine to give TREs a unique ability to offer the most stringent secure end-to-end connectivity solutions.
Importantly, there are significant advantages to leveraging these TRE-based SIM products to protect all types of devices across the entire IoT ecosystem. What is not widely recognised is that TREs are available in removeable, embedded and more recently, integrated form factors – more commonly known as the removable SIM, eSIM and Integrated SIM.
An established platform for secure authentication and trusted connectivity
Firstly, the tens of billions of devices (and growing) that use cellular connectivity worldwide already contain TRE-based SIM products. The SIM application is required to authenticate a device’s access to cellular networks and the SIM is the most widely distributed, secure application delivery platform in the world.
By leveraging the advanced capabilities of TREs already contained within their product, device manufacturers can quickly address security pain points with minimal investment and without having to reinvent the wheel. This leaves more time and resource to focus on their core business.
Importantly, TREs can also be easily leveraged to secure connectivity to a range of non-cellular networks. This means IoT devices which do not use cellular networks also stand to benefit from TRE technology.
An untapped platform for protecting data at rest and in transit
TRE-based SIM products support advanced functionality which enables the highest level of security when storing credentials on the SIM and personal data on the device. But the security benefits go beyond the device.
By using the untapped potential of the SIM as a secure hardware Root of Trust (RoT), devices can securely connect or authenticate themselves to IoT cloud platforms and services and establish a secure communication channel for the safe transportation of data.
This capability is supported by industry initiatives such as IoT SAFE – a partnership between GSMA and TCA – which defines a standardised way to leverage the SIM and eSIM to securely perform mutual authentication between the IoT device applications and the IoT service within the cloud.
Future-proof security through remote management
Finally, the sheer scale of the IoT is making remote management capabilities critical. TRE-based SIM technology is supported by an established, certified infrastructure which enables secure in-factory and in-field provisioning and personalisation, remote lifecycle management and security services.
This allows security to be enhanced and updated throughout a device’s lifetime. For example, secure credentials can be provisioned remotely to a device or on the factory production line to support a secure-by-design approach, without impacting manufacturing processes.
And since IoT security is not static and threats evolve over time, SIM remote management technology enables these credentials and security parameters to be updated, enhanced or revoked to address new and emerging threats. Striking this balance between robust security and simplicity is particularly important where devices have long lifespans and potentially multiple owners, such as vehicles.
Enabling trust in a connected future
It is clear that addressing security and privacy vulnerabilities across the IoT landscape is an urgent priority, but also poses significant challenges.
While the ability of the SIM application on the TRE to provide trusted connectivity between the device and cellular network is well-known, there is vast and untapped potential for the TRE to be used far more widely in connected devices for unsurpassed security features and services.
This will help promote the sustained growth of a connected society through trusted connectivity which protects assets, end-user privacy and networks.