eUICC - what is it and why should you care?

By Guest - July 10, 2019

In this post, we've invited Alice Gillam from DevicePilot partner, Pod Group, to explain one of the most significant innovations in cellular connectivity since roaming - and discuss how it could change the IoT landscape forever.

What is eUICC?

eUICC provides companies that are deploying cellular-connected devices with the ability to update the SIM remotely, freeing customers and vendors from the need for physical SIM installation or swapping.

The current generation of SIM cards uses a UIC C (Universal Integrated Circuit Card). This holds all the information necessary for a SIM card to function, such as the file system, operator keys, and International Mobile Subscriber Identity (IMSI). Usually, one SIM card holds one profile (though not always).

eUICC is different because it enables one SIM card to hold several different connectivity options - and operators - at the same time, and to choose between these options. The specification allows users to change their SIM profile if an outage occurs, a network is sunsetted, or an operator raises their prices. 

The ability to remotely add or 'provision' SIM profiles Over The Air (OTA) while the SIM is embedded in a device is particularly useful as it allows IoT applications to be updated in the field, without the need to physically change the SIM. This is particularly useful for organizations with large quantities of SIMs or devices in remote locations.

Why will eUICC democratize IoT?

eUICC will change the types of companies deploying IoT solutions. eUICC is part of the trend towards lowering the barrier of entry to IoT, sitting alongside the trend of IoT without software and a proliferation of companies offering straight out of the box IoT solutions. 

By making it easier to deploy IoT solutions without necessarily needed advanced technical knowledge, we'll see more applications coming to market and a greater variety of applications.

Similar to how in the early days of the internet, where websites were complicated, time-consuming, and costly to build, most websites were built by those with in-depth technical knowledge, scientific institutions, universities, or passionate autodidacts. 

But now, anyone with an internet connection can build a website on their lunch break. 

With eUICC and software as a service, we could be about to see a similar revolution in the world of IoT. As the barriers to development and deployment drop, we'll see a huge increase in the quantity and variety of IoT applications.

It might be hard to imagine, but one day we might see the same quantity and variety of IoT applications as we see of websites today. 

The ease of eUICC

With eUICC technology, SIMs are able to be provisioned OTA without ever needing to remove the SIM from the device. This means that SIMs can be embedded into a device by an OEM (original equipment manufacturer) during the manufacturing process. If necessary, the operator can easily be changed at a later date, once the device is in the field. 

This frees up IoT application developers and OEMs to make decisions and develop devices without worrying that they will be locked into using one operator or one type of connectivity in the future.

Swift, simple, scalable 

IoT devices can be produced in large quantities, all with the same embedded SIM, then shipped to different markets, where they will be provisioned OTA and for networks and operators to be changed if necessary means that choosing eUICC technology effectively future-proofs your IoT application's connectivity. 

What about security?

Security has been one of the major roadblocks to mass adoption of IoT. Understandably, people have security concerns and there have been a number of worrying security breaches during the comparatively brief life of IoT so far.

So, will embedded SIMs help or harm the security outlook for IoT devices?

According to the GSMA, "eSIM provides an equivalent level of security as the removable SIM card". Given the security challenges and breaches that we've witnessed with removable SIM cards that is not a great comfort. Unfortunately it's likely that the security problems which have afflicted IoT applications in the past will not be improved by the uptake of eUICC technology. 

Lack of two-factor authentication, poor password protocol, problems with applying firmware patches and updates; these updates will not be addressed by introducing embedded SIM technology. 

Many IoT devices do not have the power to support sufficient security measures. They lack the ability to receive updates and often arrive with security issues already present. As securing the devices themselves can be problematical, impractical or impossible, it is often a better option to secure the network. 

By securing the network, rather than the device, you can ensure that data is flowing to the right places - and nowhere else, even if the device itself is too simple to support adequate security measures.

Securing the network is a scalable and cost-effective option. Because you do not need to install anything on the individual IoT devices, you're able to easily scale the size of your IoT application, adding more devices as necessary, without worrying about adding security measures to each individual device.

More devices, more problems

So, the introduction of embedded SIM technology will not change existing security issues. Companies will still need to be responsible for introducing adequate security measures. 

Give that security has too often been an afterthought for many IoT applications, it's possible that with the introduction of eSIMs we will see an increase in security breaches as more companies (and particularly more companies without the requisite technical expertise) deploy IoT devices.

More badly-secured IoT devices in the world is likely to lead to more large-scale botnet DDoS (distributed denial-of-service) attacks. One famous example of a DDoS attack is Mirai, which saw over 600,000 poorly-secured IoT devices take major websites such as Amazon, Twitter, PayPal and Spotify offline

eUICC is a step forward, not the complete answer

In conclusion, eUICC is an exciting new development which will democratize the world of IoT and help more companies to take part in building the connected world of the future. The more diverse voices we have when building this future, the more likely it is that it will benefit everyone.

However, we must proceed with caution, learn from mistakes that have already been made, and ensure that security is never an afterthought. Much like eUICC, security needs to be embedded from the start. 

To discuss Pod Group's eUICC offering or our security solutions, please do get in touch today.

Further reading

IoT without software

What can we learn from the Libelium survey?

IoT security: in brief, but also in full

magnus in a circle in a rectangle 2x

Want to see more great IoT content?

Sign up to our (spam-free!) newsletter for industry news, updates, and advice on how to get the most out of your project:

Comments

We promise that we won't SPAM you.