How GlobalPlatform is securing the Internet of Things | Exclusive Q&A

How GlobalPlatform is securing the Internet of Things | Exclusive Q&A

Internet of Business says

Today’s connected things do much more than simply provide information at your fingertips; they make use of sensitive data, gather information, and even have an impact on the physical world.

With their ability to collect and share data, and to network with other connected things, the need for device security in the Internet of Things (IoT) has never been greater. But the challenge is not just about protecting the data itself; it is also about preventing devices from becoming a platform for attacks.

GlobalPlatform is a non-profit industry association working on standards for securing digital services and devices. Internet of Business spoke to executive director Kevin Gillick to learn more about its work and the technical standards it has been developing.

First, we looked at connected cars. Then we moved on to how GlobalPlatform is helping to secure smartphones, through its involvement in SIM and eSIM development.

Internet of Business: GlobalPlatform works to create fully collaborative and ‘open ecosystems’ for IoT devices. What do you mean by ‘open’, and why are these ‘ecosystems’ necessary?

Kevin Gillick: “According to Gartner, the number of connected devices is predicted to reach over 20 billion by 2020. This dynamic landscape creates real security challenges that GlobalPlatform aims to solve by working to create ‘open ecosystems’.

“By that we mean service providers and device manufacturers interacting seamlessly to collaborate and build relevant solutions to ensure the security and interoperability of digital services and devices.

“GlobalPlatform works to create these ecosystems by standardising and certifying a security hardware/firmware combination known as a ‘secure component’, which acts as an on-device trust anchor, as well as the secure management of digital services and devices once deployed. This facilitates collaboration between service providers and device manufacturers, empowering them to ensure the right level of security within all devices to protect against threats.

“Open ecosystems are necessary so that all stakeholders can efficiently deliver innovative digital services, while providing greater security, privacy, simplicity and convenience for users.”

“Without them, developers would need to understand many different security and trust models, for many types of devices. This would greatly inhibit scalability and the delivery of mass-market products. Furthermore, without standardisation, some actors would push for de facto proprietary technology that would limit innovation.

“Altogether, open ecosystems enable convenient and secure digital service delivery to end users, while supporting privacy, regardless of market sector or device type.”

Let’s look at one use of an open security ecosystem: so-called digital car keys. Can you explain what these are and their benefits?

“In this scenario, smart devices – including smartphones and smart watches – act as a digital key for a connected vehicle, allowing drivers to lock, unlock, start the engine, and share access to a car. Benefits to the consumer include the opportunity to restrict key validity to a certain timeframe. This is especially useful if the car is shared with a third party, such as a family member or a valet.

“Digital car keys are an excellent example of the balance of security and user experience that’s required of connected devices, because although they bring consumer convenience and benefits, the transformation of a car key from a physical to a digital solution raises questions about identity and privacy.”

So, are you looking at developing an ecosystem that can cover all cars and all devices? If so, how can you ensure that such a platform is fully secure?

“GlobalPlatform is collaborating with the Car Connectivity Consortium – an organisation focused on enabling seamless mobile device-to-vehicle connectivity – and other consortia, such as Jaspar.

“The CCC is developing a technical specification, of which version 1.0 has already been published, which will form the basis of a digital key ecosystem that covers all cars and devices. This will deliver a fully interoperable digital car key solution that can be used in a variety of use cases, from individual drivers to fleet management, car rental, and car sharing companies.

“The Digital Key Specification 1.0 provides a framework for deployment that allows vehicle manufacturers to securely transfer a digital key implementation to a smart device using the existing Trusted Service Manager [TSM] infrastructure. By leveraging NFC distance bounding and a direct link to the Secure Element [SE] of the device, state-of-the-art security level for vehicle access is assured.

“GlobalPlatform SE technology facilitates secure and interoperable deployment and management of multiple embedded applications on secure components. This ensures that a secure connection between the car and the device is enabled, facilitating deployment of the key from the car manufacturer to the first consumer purchasing the vehicle, the transition of digital key ownership between drivers, and authentication of the owner – or permitted user of the vehicle – and the access rights that they have been granted.

“In addition to this, GlobalPlatform Trusted UI protects end user authentication to the service hosted within the smartphone – a critical function, especially in a key-sharing scenario.”

Increasing numbers of IoT devices communicate with each other in M2M environments, using the mobile network. With the rise of eSIMs, remote provisioning and security control is vital. What roles can GlobalPlatform play in this scenario?

“GlobalPlatform plays an integral role in securing the IoT landscape. GlobalPlatform’s Device Trust Architecture is a security framework which shows how GlobalPlatform’s standardised secure component technology can be used to build a chain of trust to protect connected devices and digital services.

“It does this by offering secure services, implemented within a secure component, which can be used at each level of a chain of trust from the boot mechanism to the device operating system and up to the application layer.

“GlobalPlatform has a significant role in securing access to cellular networks, since SIMs and eSIMs are SEs, which are types of secure components. GlobalPlatform SE technology is directly referenced within ETSI’s Smart Card Platform [SCP] specifications, thanks to over a decade of synchronisation between the two bodies on key technology developments, such as application management and OTA application download.

“The SCP specifications provide the foundational infrastructure for Universal Integrated Circuit Cards [UICCs, more commonly known as SIMs], which were developed by ETSI in response to requirements outlined by the Third Generation Partnership Project [3GPP], an initiative which unites telecommunications standard development organisations to develop specifications for cellular telecommunications network technologies. UICCs encompass the SIM and offer a multi-application security platform, allowing applications to run securely and in parallel.

“GlobalPlatform’s UICC Configuration outlines requirements for implementing GlobalPlatform Specifications on the UICC platform according to ETSI specifications, and to GSMA’s requirements for third-party application management and contactless application support. It is integral to the estimated 5.6 billion SIMs that comprised the total available market in 2017.

“The key difference between SIMs and eSIMS is the latter’s capability for hosting multiple network subscriptions, as defined in the GSMA Embedded SIM Specification, and remote updates to the operating system, sensitive data, applications, and subscriptions. Since GlobalPlatform technology is integral to securing remote SIM provisioning, it is central to the eSIM’s value proposition.”

Can you give any examples of real-world deployment?

“When a smartphone attempts to connect to a cellular network, both the device and user, known as a subscriber, must be authenticated by the network owner [mobile network operator, or MNO] to gain network access.

“To achieve this, the MNO initiates an optimised authentication mechanism between the network and the device. On the device, the SIMs within each phone protect confidential identifying data unique to each subscriber and authentication engine.

“To protect against unauthorised access, secret keys, algorithms and other sensitive data – held on both the SIM card and within a centralised authentication server – must be fully secured both while at rest and when data is being exchanged between the two entities over the air.

“Besides authenticated connectivity, a new cellular use case is now being standardised by the GSMA: Remote SIM Provisioning [RSP]. It has emerged in parallel with the increase in usage of eSIMS. They are defined by their capability to support secure OTA remote subscription provisioning, as well as updates to the operating system, keys, application and connectivity parameters.

“RSP plays a central role in the growth of the IoT landscape. It allows network subscriptions to be loaded on demand in M2M devices and enables consumers to choose subscriptions and connect multiple devices seamlessly.

“RSP allows MNO subscriptions to be securely downloaded to a device dynamically over the air [OTA], at any point post-production, and when devices are already deployed in the field.

“It also enables subsequent OTA subscription changes, from one MNO to another. This is especially important in cases of certain connected device types with long life cycles, such as cars and industrial equipment.

“From a corporate and consumer perspective, RSP delivers many advantages, including flexibility and greater choice over MNO contracts, open roaming opportunities, and increased competition within the marketplace.”

What’s next for the SIM and SE world?

“Last year, GlobalPlatform began publishing fundamental specifications for the integrated SE. Thanks to the evolution of chipset design, it is now possible to integrate a tamper resistant element inside a processor – such as an application processor in a smartphone. These new form factors for Secure Elements require a standardised loading mechanism and standardised hardware abstraction layers.

“GlobalPlatform has recently published two technologies to support this new form factor. First, the Open Firmware Loader [OFL] standardises how SE firmware – combining the secure operating system, applications and data – can be remotely loaded and managed onto an SE such as a SIM, embedded SE, such as a eUICC /eSIM, or integrated SE, even after a device has been issued.

“With the OFL protocol, the selection of an OS can be delayed until the device reaches its destination. So, if a smartphone is manufactured in one country, for example in China, a country-specific OS can be loaded to the eSIM or integrated SE once it reaches the country where it will be deployed.

“In parallel to OFL, GlobalPlatform has released a set of specifications that standardise a Virtual Primary Platform [VPP].

“A VPP defines clear boundaries for responsibility and standardises the interfaces and behaviour of a Tamper Resistant Element [TRE] integrated into a chipset. This standardised VPP improves the portability and deployment of software loaded into using OFL, regardless of the underlying platform implementation. VPP is relevant to any use case utilising TREs.”