[CAMBRIDGE,27th July 2020] In another world-first, and following last year’s live on-air nuSIM demonstration, HiSilicon (Shanghai) Ltd has worked with TÜViT GmbH the independent IT security authority to achieve industry recognised security certification for HiSilicon’s nuSIM enabled NB-IoT System-on-Chip. This allows IoT devices to operate on-air without any additional SIM card or eSIM chip..
• HiSilicon, TÜViT and Deutsche Telekom collaborated to define the test criteria and pipe-clean the certification programme for others to follow..
• The HiSilicon NB-IoT device was ‘white box’ analysed by an experienced team of security auditors at TÜViT. Based on this comprehensive and skilful analysis, any potential areas for attack were identified, and tests were written and conducted. The chip passed all these tests and is now the first device to be certified nuSIM secure..
• Commercial availability of certified devices will follow towards the end of the year.. As an early collaborator on nuSIM, HiSilicon leveraged the in-built security features of the Boudica NB-IoT device to create their nuSIM stack. The dedicated security CPU, protected from the rest of the system and with encrypted memory functions enables a strong root of trust from boot-time to run-time, resulting in a high degree of system security and integrity.
Marc Le Guin, Deputy Head of the Hardware Evaluation Department of TÜViT said “TÜViT are pleased to announce the nuSIM certification of HiSilicon under our Trusted Product Certification Program at Security Evaluation Assurance Level 4 (SEAL 4). This affirms the integrity of the HiSilicon device for operation on mobile communications networks and paves the way for many more successful device certifications”.
Charles Sturman, Director of International Marketing for HiSilicon said “From the beginning, we saw the opportunity for nuSIM to lower the barrier to entry for IoT; both in terms of unit cost, and deployment flexibility; allowing service providers to provision connectivity at the point of deployment rather than manufacture. However, security is a core requirement for IoT and so any integrated SIM solution must be proven robust against unauthorised attacks.”.
Chris Lowe, SIM Technology Lead, commented: “It has been a pleasure to work with Marc and the team at TÜViT to obtain this first security certification for a nuSIM implementation. TÜViT’s thorough and rigorous approach to the evaluation required a detailed understanding of our secure chip design and security code. Our experienced engineering team were able to answer all of TÜViT’s enquires in order to pass the evaluation. This certification clears the path for our nuSIM partners to create the next generation of cellular-connected IoT solutions using HiSilicon's Boudica NB-IoT chip with nuSIM.”.
Technical Details. The nuSIM security evaluation concept is based on principles from the Common Criteria [CC] (for IT security evaluation; an international ISO standard security framework), and the EU Information Security Joint interpretation working group on Smartcard Hardware-related Attacks [JHAS]. The evaluation comprises multiple technical investigations which cover a complex range of attack vectors, such as direct logic attacks, fault injection, hardware tampering and intra-chip snooping with specialist equipment. The testing aims to ensure that key assets inside the device (such as network and device authentication keys, network configuration settings and executable code) are sufficiently robust to ensure that attackers with moderately sophisticated attack potential cannot gain access. Thereby ensuring only multiple highly skilled technicians with extensive expertise and months of time are able to overcome the mitigation techniques employed.
About nuSIM. The nuSIM initiative was introduced by Deutsche Telekom during Q1 2019 and has been adopted by many IoT players since then. As an integrated alternative to existing SIM solutions, optimised for use in IoT networks, the rigorous downsizing of SIM functionality combined with a straight forward digital provisioning process achieves significant advantages in terms of cost, efficiency and flexibility. The low-footprint implementation allows SIM functionality to be hosted within the communications chip, thus eliminating the need for an external SIM component.
About TÜViT. TÜV Informationstechnik GmbH focuses solely on security in information technology and, as an independent testing service provider for IT security, is an international leader. Numerous corporations already benefit from the TÜViT-tested security. Its portfolio includes cyber security, software and hardware evaluation, IoT/Industry 4.0, data protection, ISMS, Smart Energy, mobile security, automotive security, eID and identity verification services as well as the testing and certification of data centers for physical security and high availability. TÜV Informationstechnik, founded in 1995 and headquartered in Essen, Germany, is a member of the TÜV NORD GROUP, one of the world's largest technology service providers with over 10,000 employees and business activities in 70 countries worldwide. TÜViT is the brand of the IT division of the TÜV NORD GROUP and is one of six global business units. The IT business unit includes the companies TÜV Informationstechnik GmbH and TÜV NORD IT Secure Communications GmbH & Co. KG, a Berlin-based consulting company founded in January 2018 .