3GPP SA3 FEASIBILITY STUDY ONREMOTE MANAGEMENT OF USIM

APPLICATION ON M2M EQUIPMENT

Vesa Lehtovirta, SA3 study item rapporteurEricsson Research NomadicLab[Vesa.Lehtovirta@ericsson.com]

Luis BarrigaEricsson Research Communications Security Lab

[Luis.Barriga@ericsson.com]ETSI Workshop on Machine to Machine Standardization

4 - 5 June 2008 - ETSI, Sophia Antipolis, France

2

Outline

� Introduction� Use cases� Scope of the study� Identified issues� M2M equipment architecture alternatives� Network architecture alternatives� More detailed issues� Example of provisioning� Timeline of the study

3

Introduction

� The diversity of possible application areas for M2M communicationis enormous

� Big potential for new subcriptions / traffic in 3GPP networks andtherefore new revenue possibility for mobile operators

� SA1 has studied the general aspects of M2M communications in TR22.868

– Some perceived obstacles for M2M business in current 3GPPmodel are mentioned in the TR

� A possible obstacle for M2M business in mobile networks issubscription handling

– Change of subscription /operator can be costly or non-trivial� Changing UICC (subscription) would involve costly physical

maintenance work on all machines in the field, especially forlarge numbers of terminals

� Changing UICC (subscription) may be non-trivial physicallyas the UICC needs to be carefully protected againsttampering or stealing since a M2M terminal is usuallyunattended.

– The operator needs to be chosen before the M2M terminals aredeployed in the field

4

Introduction

� The SA3 study (TR 33.812) is inspired by 3GPP SA1 study (TR22.868) but also use cases outside of SA1 study are considered

� The SA3 study studies how to make it possible– for the network to provision remote management (e.g. download)

of USIM and ISIM application– in an M2M equipment– in a secure way in a 3GPP system

5

Use cases

� SA1 TR 22.868 has identified a multitude of application areas forM2M communication

– e.g. Security, Tracking and Tracing, Payment, Health, RemoteMaintenance & Control, Metering

� Example: Tracking a fleet of delivery vehicles

6

Scope of the study

� Study the feasibility of remote management of USIM/ISIMapplication when the USIM/ISIM application resides

– in the UICC within the M2M equipment and– in M2M equipment without UICC

� The scope includes– definition of a trust model for remote management of USIM/ISIM

application and– identification of security threats and security requirements

7

Scope of the study

� The study will also investigate– candidate security solutions and signalling procedures for

provisioning and remote management of USIM/ISIM application ina M2M equipment in a secure manner

– what existing and new functionality of the current USIM/ISIMapplication has to be covered by remote management of theUSIM/ISIM application

� The study may identify principle requirements for protectedstorage and the execution environment

– e.g. by collaborating with relevant working groups (such as theOMTP Hardware group)

8

Identified issues

� TR 33.812 has identified three main issues to be studied so far:

1. How to initially provision (download) a M2M equipment with a newUSIM/ISIM application from an operator of customer’s choice?

–This issue is currently studied most in the TR

2. How to change subscription to a different operator?–Preliminary analysis exists on this issue in the TR

3. How to prevent theft of and tampering with subscription credentials?–Preliminary analysis exists on this issue in the TR–The study may identify principle requirements for protectedstorage and the execution environment

9

M2M equipment architecturealternatives� Three M2M equipment

architecture alternatives havebeen proposed

1. the UICC is physicallyintegrated into the M2Mequipment

2. the USIM/ISIM application isintegrated and embeddedwithin the M2M equipment in aprotected module (without aphysical UICC)

3. the USIM/ISIM application isimplemented on a removableUICC (i.e. if needed, the UICCis physically replaced in theM2M equipment, withoutremote downloading of a newUSIM/ISIM application)

M2M equipment

USIM/ISIM

M2M equipment

USIM/ISIM

M2M equipment

USIM/ISIM

10

Network architecture alternatives

� Five network architecturealternatives have been proposed

– Alternative 1– Alternative 2: Open

Architecture– Alternative 3: Architecture

with separated connectivityand remote applicationmanagement services

– Alternative 4: UnifiedNetwork Architecture

– Alternative 5: Architecturewith removable-UICC

Alt 3

Alt 2

Alt 1

11

Network architecture alternatives

� Network architecture alternatives1, 2 and 3 were seen to addresssimilar issues and proposesimilar concepts

� Alternative 4 is an effort tocombine alternatives 1, 2 and 3into a unified architecturealternative

Alt 3

Alt 2

Alt 1

Alt 4: Unified architecture

12

Further issues of USIM/ISIMprovisioning� When solving the issue:

How to initially provision (download) a M2M equipment with a newUSIM/ISIM application from an operator of customer choice?alternatives 1- 4 in the current SA3 study address, albeit withdifferences, the following three further issues:

– Initial connectivity� How to get initial network connectivity and IP connectivity when

USIM of intended new home operator is not yet provisioned to theM2M equipment?

– Discovery and Registration of the operator� How to find the intended new home operator?

– Provisioning of credentials� How to do the provisioning of USIM/ISIM credentials in a secure

way?

13

Simplified example of possibleUSIM provisioning scenario

0. Pre-phase before M2ME is powered on

VisitedOperator

InitialConnectivityOperator (ICO)

Selected HomeOperator (SHO)

M2ME

0

Initial credentials of InitialConnectivityOperator (ICO) are provided to theM2ME at manufacturing.

User selects the home operator.

Reference to Selected HomeOperator (SHO) is registered atDiscovery and Registration service(DR).

DR

14

Simplified example of possibleUSIM provisioning scenario

1. Initial connectivity with bulk provisioned/produced devices2. Discovery and Registration service3. Download and Provisioning of USIM application credentials

VisitedOperator

1

M2ME uses initial credentialof Initial Connectivity Operator(ICO) to do a standard 3G AKAauthentication via Visited Operatornetwork and get IP connectivity.

InitialConnectivityOperator (ICO)

Selected HomeOperator (SHO)

M2MEM2ME contacts Discovery andRegistration service (DR) whichredirects the M2ME to the correctDownload and Provisioning service(DP), probably hosted by theSelected Home Operator (SHO).

2

1DR

DP

USIM application with relatedcredentials is downloaded to theM2ME over secured connection.

3b

2 3a Download and Provisioning (DP)service checks the trustworthinessof M2ME.

3a

3b

15

Timeline of the study

� Study TR 33.812 is expected to be finalised in Release8 timeframe

– Approximately meaning year 2008

� Possible Work Item targeting for specification workwould be for Release 9

– The development of concrete service requirements has notyet started and it is subjected to the agreement of newWork Item on the issue in 3GPP SA1

16

Thank you

Questions?