Tech Tips #11: What is the quantum safe SIM and why does it matter?
11 January 2024

Tech Tips #11: What is the quantum safe SIM and why does it matter?

11 January 2024

Quantum is a term we’re all going to hear a lot more about in the coming years. Perhaps until now, you’ve only come across it in the title of a James Bond film, but it has a long tradition. Technically, a quantum is “the minimum amount of any physical entity…involved in an interaction”. So, it’s pretty small – but it has big implications.

That’s because they’re behind the next generation of super-fast computers that leverage ‘qubits” (a few more bits for your bytes, essentially). Now, that may seem remote from the telecom’s domain and the world of mobile connectivity – but there is an important implication that we all need to consider.

Quantum computers, it turns out, are very, very good at breaking encryptions. And this is what matters. In fact, some predictions have it that quantum computers will be able to break “95% of existing cryptographic standards, in 99.9% of all systems” within the next decade[1].

That’s a huge problem – and one that affects the SIM in mobile devices. With SIMs increasingly important for authentication in banking systems, central to autonomous vehicles and so on, the risk of quantum computing being used for nefarious purposes and targeted against SIM-based applications and devices is huge.

SIMs and encryption

Several vulnerabilities in SIMs have been identified over the years – including the famous Simjacker and SIM swap threats. Operators like Telecom26 have taken measures to protect their SIMs (and hence their users) from such risks, and agencies such as the GSMA have worked to close such vulnerabilities and enhance SIM protection.

Of course, this has always been a moving target. SIMS have evolved since first launched through the incorporation of newer levels of protection. This ensures that calls are encrypted, and user data are protected. For example, earlier versions of SIMs used DES (Data Encryption Standard), which has long-since been broken. Today, AES – Advanced Encryption Standard – is widely used in SIMs for protection.

However, none of these defences will be proof against the new capabilities offered by quantum computers. In fact, they’re not even entirely secure today, being vulnerable to what’s known as “side channel” attacks, which use metrics such as power consumption, electromagnetic activities and so on to understand what’s going on and hence to break the cypher.

This is the principle behind SIM card cloning and can easily be replicated once a system has been established. There are some so-called ‘encrypted SIMs’ available from specialist vendors, but even these are unlikely to offer an adequate defence.

A world in which SIMs are part of critical infrastructure

There are already billions of SIMs deployed globally, with earlier generations persisting in many applications and markets. Many billions more are expected to be deployed in the coming years.

As those who follow developments in IoT applications may already know, connected devices are becoming the norm for remote monitoring, measurement ,and control. With 5G, massive IoT slices dramatically increase the number of devices that can be connected in a given area, a move that is set to usher in a step-change in the overall number of mobile-connected IoT sensors and more.

Many of these will be integrated into critical infrastructure, such as electricity grids, gas distribution facilities, as well as households and for smart city applications. Factory 4.0, too, depends on connected devices. Each of these will require a SIM for network authentication.

Not only that, but the phone is also a key element in global banking systems, particularly in countries that lack internal branch infrastructure. With many payments enabled by mobiles, the SIM is central to both the global economy and to individual lives.

What’s to be done?

Fortunately, there is a solution – and more encryption is the answer. Extended AES is an updated version of AES that is, well, longer. It uses more bits in the key – 256, with 512 proposed. Simultaneously, the ITU (a UN agency that drives developments in telecommunications standards, radio spectrum allocation and more) is also pursuing programmes to help networks generally defend against quantum attack.

In the short term, users can upgrade SIM cards as often as possible, a task made much easier with the advent of eSIM. eAES is already available for 5G SIMs, so it’s not that the problem has been solved (there are still billions of SIMs that remain active in networks around the world, and which use lesser levels of protection), but there’s definitely a pathway towards quantum-safe computing devices – and these include those that use SIMs of all forms.

Telecom26 – following the standards to protect your devices

Telecom26 has invested in one of the most secure networks globally. We provide additional levels of security to protect our customers and their devices, which go above and beyond standard offers from traditional mobile network operators.

However, we are not complacent. We continue to work with our partners and suppliers to ensure that our assets are quantum safe – and that includes the SIMs that are the vital component for network authentication and connectivity. And, unlike other providers, we’re always open to discuss our security measures and safeguards, as well as our plans to strengthen them. When you choose Telecom26, you get a partner that understands security and takes care of your business. It’s our future – and yours.

 

[1] The way towards quantum-safe 5G, tomorrow, Stiepan A. Kovac, QRCrypto SA, itk.swiss group

Ready to talk?

We are here to help!
Let us know how we can help your project.