Arm plans to use its existing cryptography cores and technology brought in through its 2017 acquisition of Simulity Labs to provide customers with the ability to integrate virtual subscriber identity modules (SIMs) into IoT devices.
Chet Babla, vice president of IoT device solutions at Arm, said: “The SIM is often associated with a mobile phone number but its role is to store identity and encryption keys. The SIM has evolved from being a relatively large physical module to a small embedded component that can be remotely configured with network-access credentials. But even the eSIM is still too large for many designs. That’s why Arm believes a SIM integrated within an SoC is needed. It becomes just a fraction of a square millimeter inside the SoC.”
Together with the hardware IP to support its cryptography functions, Arm aims to sell an operating system to provide the common SIM services. The Kigen OS is designed so that it can work with third-party cryptocores, with some porting effort. On the server side, Arm will operate provisioning services to activate and remotely configure modules containing the SIMs when they are added to a network.
What has yet to be determined is how each integrated SIM obtains its secure credentials. The focus in the current launch is on provisioning SIMs that have been programmed with secure keys from a remote server. However, an issue with any integrated SIM is to find a secure mechanism for inserting its private keys and certificates during manufacture that is not vulnerable to industrial espionage.
Dedicated SIM manufacturers employ a higher level of security around their fab and packaging operations to provide a guarantee of security. For fabless chipmakers, the choice is whether to use these secure fab operators to make the entire SoC or go to a foundry that cannot offer the same level of guarantee. One option is to use physically unclonable functions (PUFs), which is supported by IP suppliers such as IntrinsicID. In developing a secure addon for lowc-cost devices, Maxim Integrated developed its own PUF technology because it saw the traditional mechanisms for key insertion that it employs for the financial-transaction market as too expensive for the IoT sector.
Babla said Arm is looking at a number of options in conjunction with partners but has yet to make a decision as to which technologies Kigen will support.