Arm division cashes in on SIM chips for IoT security
As SoftBank looks to sell Arm to Nvidia (see Arm and Nvidia. Heads or Tails), it’s holding on to some of Arm’s divisions, notably Kigen. This company was acquired by Arm in 2017 and is a leading provider of SIM cards, as well as security solutions and services. Recently, I had the chance to catch up with its CEO, Vincent Korstanje, to talk about how he sees its future as a separate company within SoftBank’s empire.
The main part of Kigen’s business is SIM technology. It has enabled 2 billion SIM cards worldwide during its life and sees a long future for the technology, as the market progresses from e-SIM, where a small SIM card is embedded in a module, to an integrated SIM, or iSIM, which is a secure element within a chip.
Kigen believes this progression will enable SIM security to address a much larger market, and especially to play a central role in the Internet of things (IoT). To date, most IoT deployments don’t use cellular connectivity, partly because of the size and cost of SIM cards. But as these get smaller and cheaper, and can be more tightly integrated with modules and chips, wider opportunities will start to open up for SIMs. The high expectations for 5G networks in IoT should then bring a wave of suppliers starting to use the technology, which companies like Kigen can then surf.
To demonstrate this, Kigen points out that an e-SIM is less than a third the size of a nano SIM, and the smallest form, the iSIM, is half the cost of an e-SIM. Rapid growth is already underway, with e-SIM shipments up 83% year-on-year in 2020, following the technology’s launch in 2016. An iSIM takes no extra space in equipment as it’s integrated into the chip itself. It also uses 70% less power and is much faster because any constraints on speed or memory are set by the host chip, not by the SIM or its connection into the circuit board.
So, when iSIMs are widely used by chipmakers, Kigen expects somewhat higher growth, only limited by external factors like the overall adoption of cellular IoT. And this is where things get very interesting.
An iSIM has a hardware aspect — a secure enclave inside a chip — with an operating system, Kigen OS in this case, and application software running on it. In many cases, the SIM is just application software running on the operating system. And the same system could run other applications, such as transport layer security (TLS) certification for cloud suppliers, or security for a payment system. Or multiple applications could run on one secure element.
In turn, this means that Kigen and other SIM providers will be able to target not only users of cellular IoT, but also any IoT system that uses secure elements in its hardware. Kigen’s growth and future are therefore no longer tied mainly to the success of cellular and the SIM, but could expand into almost any area of IoT.
Naturally, Mr Korstanje is very enthusiastic about this huge expansion of the market. He talks about Kigen in a way similar to how Arm is positioned, saying that innovation doesn’t have to come only from the five big web players, and that independent companies like Kigen are setting out to “democratize trust”. To reinforce this message, he points to the growing ecosystem of e-SIM and iSIM partners, in which eight of the top 10 chipset and module sellers have already integrated Kigen designs.
Looking at the broader IoT market, for both consumers and enterprises, security has been the top concern for buyers for some years, and still is today. And they have strong reason to feel nervous: every few weeks there’s a new story of a vulnerability found in IoT systems, often affecting millions of devices.
The risks of a data breach in IoT are potentially higher than with the loss of personal data, because IoT is normally used in the operations of a company — the machinery, the factory, the processing, the logistics and so on. At the very least, the data involved is some of the most commercially sensitive in the organization. Beyond that, a hacked machine could cause a huge amount of damage, as we saw recently with Colonial Pipeline, an oil pipeline in the US that suffered a ransomware cyberattack. But perhaps most worryingly, it could also endanger life, for example, if a self-driving car were hacked and operated remotely.
So there’s enormous need for a very secure, but low-cost approach to IoT security that can be trusted globally in all sectors. Ideally this needs to be built into devices as standard, so that customers don’t even notice it anymore because it has become how most suppliers approach the subject. SIM cards, with their presence in billions of phones, are a good candidate for this, especially if they’re integrated into the chips themselves, like with iSIM.
However, getting to that level of adoption in many industrial sectors will take a lot of work. Establishing a large range of suppliers starts with chipset and module providers, an area in which Kigen already operates successfully. But it will also involve a lot of effort to build consensus across industries before anything can be seen as a standard. SIM suppliers such as Kigen are well-placed to serve this role but it will clearly take some time and effort to see some large-scale results.