Subscriber identity in 5G: shall we still see SIMs?
Those of us who have been in the mobile communication industry for long enough remember generation changes always happen the same way. The inception of 2G, 3G, LTE and 4G has followed the same evolution path. As 4G is deployed in most places around the world, the industry needs something new to keep growth going! Now, 5G is on everyone’s lips!
First focus is on connectivity: the industry develops means to communicate faster than ever. Infrastructure vendors come first: they demonstrate they are able to provide base stations and other network equipment to build a network that allows faster speeds than ever before. In the case of 5G, low latency is also at stake along with the ability to support a wide variety of devices. Then terminal vendors come into play; if first handsets do not totally deliver the promise, the second generation fulfills it.
Then, the industry starts to wonder about security and explores the best way to secure user authentication. Since the SIM card has been adopted and GSM has won against CDMA, there has been little changes: subscriber identification relies upon a detachable component embedded in a piece of plastic.
Now, everything is changing. The industry that had been keeping the same concept and the same form factor for decades is now opening to wide spectrum of new possibilities. After the detachable SIM, comes the eSIM (embedded SIM), and many envision the iSIM (internet SIM) as a potential evolution.
5G is often qualified of network or networks. 5G will support the connection of end user devices as well as objects belonging to the Internet of Things. This means, at the same time, a diversity in connection modes, in underlying RF technologies, in connection points, etc. leading to a dramatic increase in attack surface. The consensus is now that such a diversity of devices will not share a single security solution. 5G is bound to have a wide variety of user authentication options, from total hardware-based solutions to totally software ones.
Ericsson recently published a White Paper about 5G security in which they write: "A multi-stakeholder approach involving operators, vendors, regulators, policymakers and representatives of 5G users … is fundamental to the security baseline of trustworthy, cost-efficient and manageable 5G networks. Pre-standardization consensus building, such as joint research by the different stakeholders, will be important."
SIMs regardless whether they come in the form of detachable SIMs or in the form of eSIMs provide a highly standardized proven technology, with test and certification schemes in place associated with a low cost. Most in the industry consider these advantages make them a viable solution for many more years.
At the same time, we should be ready to see other authentication solutions emerge, such as eSE (embedded Secure Element) or even security functions in another processor, such as a TEE, or the main processor of a device.
While the SIM has been universal for decades, future networks will be more segmented, and each development will need an in-depth security assessment to identify the best user authentication solution.