How the Need for IoT Security is Driving eSIMs in 2023

February 2023

Telecoms & Connectivity

Scarlett Woodford

Principal Analyst

When considering the relationship between eSIM adoption and IoT security, it is important to note that once a device is connected to a network and a profile has been stored, eSIMs and iSIMs use the same algorithms as traditional plastic SIMs. However, eSIM-enabled devices will offer a stronger defence against DoS (Denial of Service) attacks, with users able to select different operator profiles via a local profiler assistant.

For consumer devices, the issue of end-to-end security is arranged via the operating system. This means that the download specifications of an eSIM is not the responsibility of consumers, simplifying the process and encouraging market adoption. Within IoT use cases, some devices may have this option adding via a password-encrypted user interface.

Juniper Research notes that governments in several countries have implemented IoT cybersecurity regulations, including Australia, Brazil, Canada, China, Finland, India, Japan, Oman, Saudi Arabia, Singapore, Thailand, UAE, UK, US, and Vietnam. 

However, it is important to note that the introduction of ‘cleaner’, more secure IoT infrastructure will come at an elevated price, which may deter stakeholders operating in LPWA connectivity. Only IoT use cases that involve personal data or sensitive information will be considered for this new infrastructure, such as telehealth and connected vehicles. 

The Android Ready SE (Secure Element) Alliance is a collaboration between Google and SE vendors, offering open-source implementations of hardware backed security applets for use cases such as digital money solutions, identity credentials, and digital keys. Google’s partners on this initiative include G+D, Goodix, Kigen, NXP Semiconductors, Samsung, STMicroelectronics, Thales, Tongxin Micro, Unisoc, and VALID. 

As part of this alliance, Google Strongbox has been designed for the secure provisioning of Android keys. This applet can be preloaded onto new smartphones, acting as a keymaster applet, transferring security features to the embedded SIM. This is certified by a third-party security specialist and offered free to OEMs who no longer need to pay for the secure element. 

By removing the eSE (embedded Smart Element) from smartphones, and transferring security applications to eSIMs, OEMs would reduce their bill of materials, lowering the production cost of devices. If this cost-saving is translated into lower retail costs, the removal of eSEs could make eSIM enabled smartphones cheaper and more accessible to consumers.

When considering IoT security, it is important to remember that the majority of IoT connections do not use cellular connectivity. Juniper Research notes that, as cellular networks are run by operators and are subject to regulations, there is a stronger level of security. If IoT devices are connecting using alternative networks, such as LoRaWAN, additional security measures will need to be taken in order to ensure device security. 

As mentioned above, IoT SAFE (SIM Applet for Secure End-to-End Communication) is a connectivity-agnostic mechanism, introduced by the GSMA, which enables enterprises to secure IoT data communications. It achieves this by using the SIM as a ‘crypto-safe’, compatible with all SIM form factors including eSIMs and iSIMs. 

If an enterprise chooses to connect devices via LoRa or Wi-Fi, the devices’ chips will not include a data security enclave. However, if enterprises make the choice to use cellular connectivity, security is a de-facto element. If security is embedded within the eSIM, the enterprise then becomes the decision maker and is able to choose what type of connectivity to use. This will enable applicative security, which comes at a much lower cost. Juniper Research notes that security requirements are increasing flowing in from the IT world to the IoT landscape, with traditional IT practices now infiltrating the IoT space. 

In China specifically, there is growing demand for security to be built-in by OEMs. While this will have very low-cost implications for operators such as China Telecom and China Unicom, Juniper Research believes that in-built security features will be key for Chinese OEMs if they wish to expand outside of China, within wider Asia and across growing markets. 

Operators do have a significant role to play in security, namely in the definition of average data consumption per device. Once these thresholds have been defined, AI and machine learning algorithms can be used to detect anomalies in data consumption. This will enable operators to terminate the anomalous connectivity and prevent additional expenses.
 

Related Reading

 
Our complimentary whitepaper, Top Three eSIM Trends in 2023, evaluates how an enterprise-led need for device security, demand for in-factory profile provisioning, and requirements for automation and self-service capabilities will impact eSIM adoption during 2023.

“ A new Juniper Research study, has found that the value of the global eSIM market will increase from $4.7 billion in 2023, to $16.3 billion by 2027. Increasing by an impressive 249%, the market will be driven by the adoption of eSIM-enabled consumer devices, as seen in Apple’s recent release of the eSIM-only iPhone 14, triggering accelerated operator support.”
 
“Juniper Research’s latest eSIMs research provides in-depth analysis and evaluation of how the requirements of connectivity are rapidly changing, and how eSIM technology is rising to meet challenges by introducing enhanced flexibility and remote profile provisioning capabilities. The eSIM-enabled devices report delivers critical and actionable insights on the state of eSIM adoption, key eSIM management platform providers and silicon/SIM hardware vendors and their future prospects. The eSIM market report contains two Juniper Research Competitor Leaderboards; positioning 20 key eSIM management platform providers and 10 key silicon/SIM hardware vendors respectively.”