The nuSIM initiative was introduced by Deutsche Telekom during Q1 2019. It allows SIM functionality to be hosted within the communications chip, thus eliminating the need for an external SIM component

The nuSIM initiative was introduced by Deutsche Telekom during Q1 2019. It allows SIM functionality to be hosted within the communications chip, thus eliminating the need for an external SIM component

The security certification means IoT devices can operate on-air without any additional SIM card or eSIM chip.

HiSilicon, TÜViT and Deutsche Telekom collaborated to define the test criteria and pipe-clean the certification programme for others to follow. The HiSilicon NB-IoT device was ‘white box’ analysed by an experienced team of security auditors at TÜViT.  Based on this analysis, any potential areas for attack were identified, and tests were written and conducted.   The chip passed all these tests and is now the first device to be certified nuSIM secure. Commercial availability of certified devices will follow towards the end of the year.

As an early collaborator on nuSIM, HiSilicon leveraged the in-built security features of the Boudica NB-IoT device to create their nuSIM stack. The dedicated security CPU, protected from the rest of the system and with encrypted memory functions enables a strong root of trust from boot-time to run-time, resulting in a high degree of system security and integrity.

The nuSIM security evaluation concept is based on principles from the Common Criteria [CC] (for IT security evaluation; an international ISO standard security framework), and the EU Information Security Joint interpretation working group on Smartcard Hardware-related Attacks [JHAS].

The evaluation comprises multiple technical investigations which cover a complex range of attack vectors, such as direct logic attacks, fault injection, hardware tampering and intra-chip snooping with specialist equipment.

The testing aims to ensure that key assets inside the device (such as network and device authentication keys, network configuration settings and executable code) are sufficiently robust to ensure that attackers with moderately sophisticated attack potential cannot gain access. Thereby ensuring only multiple highly skilled technicians with extensive expertise and months of time are able to overcome the mitigation techniques employed.