ESIMs offer security, manufacturing benefits for IoT

ESIMs decrease complexity, improves security

There are several main benefits to eSIMs. They are more durable than removable SIM cards, less susceptible to user error and offer an updated form factor compared to legacy SIMs. These benefits are already generally well known, so why is interest in eSIM technology now growing among innovative SMBs, SMEs and enterprise IoT?

A SIM's main purpose is to connect to a cellular network. It is a tiny, tamper-resistant computer that performs a challenge-and-response authentication based on a set of credentials stored inside that is unreadable from outside. A cellular operator can make sure a SIM issued for a subscriber can securely authenticate the subscriber, and there is no way to spoof the identity via SIM duplication.

With these features, why aren't SIMs used more often as the secure element embedded in an IoT device? For every IoT project, device authentication and secure provisioning represent common elements of undifferentiated heavy lifting. Advanced players in IoT are now examining how eSIM capabilities can reduce this burden while improving IoT security.

Typically, a unique set of credentials must be issued for every device and then provisioned individually during the manufacturing process, which adds nontrivial production cost and lead time. Moreover, each set of credentials must be stored securely to prevent external access. This requires adding secure storage capability to the device spec, with a corresponding increase in bill of material cost.

If an IoT project uses the eSIM as an authentication token, there is no need to provision initial credentials because the eSIM can authenticate the device when it is turned on. It is possible to uniquely authenticate the device even without having an authentication back end if the eSIM provider offers it as part of the service.

Plus, such devices do not require secure storage just to store authentication credentials because eSIM is a tamper-tolerant device. If bootstrapping based on eSIM authentication is performed every time the device is turned on, the subsequent credentials can be only in the RAM, and there is no need for persistent storage.

ESIM use also reduces manufacturing errors. With eSIM technology, IoT innovators no longer need to insert a SIM card into the device during manufacturing or end-user activation. Removing this step can both reduce production cost and eliminate a significant point of failure related to human or mechanical error.

ESIMs also bring future-proofing into device design. There is a Global System for Mobile Communications Association standard subscription management for embedded universal integrated circuit card (eUICC) subscription management.

In many cases, eSIMs have the eUICC capabilities, and they enable the user to download multiple profiles and switch between them without changing the eSIM chips. Even if eUICC capabilities are not supported, if the issuing provider supports a proprietary multi-international mobile subscriber identity solution, it should be possible to switch cellular subscriptions within the provider.

Preparing for the next generation of embedded devices

Between their built-in physical advantages and their potential to improve IoT security and streamline IoT deployments when implemented correctly, eSIMs are clearly ready for their moment as IoT expands worldwide. For teams that work on the leading edge, the next generation of embedded connectivity is now arriving.

Beyond eSIMs, integrated SIMs (iSIMs) combine the IoT hardware communications module and SIM or eSIM capability within a single, purpose-built system on a chip. ISIMs address several IoT deployment challenges and enable significant reductions in the circuit board footprint, circuit complexity and manufacturing cost. ISIMs also simplify the supply chain by removing the need for sourcing an additional eSIM chip and offer meaningful improvements in power consumption for low-power IoT devices.

About the author
Kenta Yasukawa is CTO and co-founder of Soracom, where he has led deployment of the industry's most advanced cloud-native telecom platform, designed specifically for the needs of connected devices. Before co-founding Soracom, Kenta served as a solutions architect with AWS and conducted research for connected homes and cars at Ericsson Research in Tokyo and Stockholm. Kenta holds a Ph.D. in engineering from the Tokyo Institute of Technology, with additional studies in computer science at Columbia University's Fu Foundation School of Engineering and Applied Science.