5G SIM and iSIM Technology
5G SIM, iSIM, and integrated secure elements for next-generation mobile and IoT identity management.
5G SIM and iSIM Technology
The evolution from 4G LTE to 5G introduces a new authentication framework, a redesigned SIMSIMApplicationSmart card for mobile network authentication.Click to view → architecture, and the integrated SIM (iSIMiSIMApplicationSIM integrated into device SoC.Click to view →) form factor. Understanding SUCI, 5G-AKA, and the GSMA iSIM specification is essential for device manufacturers, network operators, and enterprise IoT teams deploying 5G hardware.
5G Authentication: SUCI and 5G-AKA
SUPI and SUCI
In LTE, the subscriber identity (IMSI) was sent in cleartext during initial attach — a well-known vulnerability exploited by IMSI catchers. 5G replaces this with:
- SUPI (Subscription Permanent Identifier): The permanent identity, analogous to IMSI, stored only on the SIM and in the UDM (Unified Data Management) network function.
- SUCI (Subscription Concealed Identifier): A one-time, encrypted SUPI derived using the Home Network Public Key stored on the SIM.
SUCI generation uses an Elliptic Curve Integrated Encryption Scheme (ECIES) profile:
SUCI = Home Network Identifier || SUCI Protection Scheme || HN Public Key ID
|| Encrypted MSIN || MAC
The Home Network Private Key (held in the UDM) decrypts the SUCI to recover the SUPI. This protects subscriber privacy even if a rogue base station intercepts the initial registration request.
5G-AKA Authentication
5G-AKA (Authentication and Key Agreement) extends EPS-AKA with:
| Enhancement | Purpose |
|---|---|
| Home network control | HRES* verification at UDM, not just AMF |
| Sequence number sync | Enhanced AUTS handling |
| Key hierarchy | KAUSF → KAMF → KNASint/KNASenc/KRRCint/KRRCenc/KUPint/KUPenc |
| EAP-AKA' | Alternative method for non-3GPP access (Wi-Fi calling) |
The SIM (now called USIM in 5G) stores the long-term key K and operator variant OPc. The SUPI and SUCI are generated entirely on the iSIM or USIM chip; K never leaves the secure element.
iSIM vs. eSIM vs. Physical SIM
| Dimension | Physical SIM | eSIM | iSIM |
|---|---|---|---|
| Form factor | Removable nano/micro/mini | Soldered chip | Integrated in SoC |
| Profile management | Carrier swap = physical swap | RSP over air | RSPRSPApplicationOver-the-air SIM profile management.Click to view → over air |
| Standards | ETSI TS 102 221 | GSMA SGP.22/SGP.02 | GSMA SGP.32 (iSIM IoT) |
| Security boundary | Dedicated IC | Dedicated IC | Shared die (logically isolated) |
| Power draw | ~10 mW active | ~10 mW active | ~1–3 mW (integration benefit) |
| Target market | Consumer replacement | Consumer / enterprise | IoT, wearables, industrial |
The key distinction between eSIMeSIMApplicationProgrammable embedded SIM chip.Click to view → and iSIM is physical integration: an eSIM is a discrete IC soldered to the board, while an iSIM is a security domain within the application processor die, isolated by hardware TrustZone or equivalent partitioning.
GSMA Specifications
| Specification | Scope |
|---|---|
| SGP.02 (M2M RSP) | Remote provisioning for M2M/IoT eSIMs without LPALPAProvisioningDevice-side app for managing eSIM profile operations.Click to view → |
| SGP.22 (Consumer RSP) | End-user profile management, LPA-based |
| SGP.31 / SGP.32 | iSIM IoT architecture and provisioning |
| GSMA TS.48 | iSIM Security Requirements |
| 3GPP TS 33.501 | 5G security architecture (SUCI, 5G-AKA) |
| 3GPP TS 31.102 | USIM application characteristics |
UICC Evolution Timeline
1991 SIM (ID-000, plug-in)
1996 SIM (mini-SIM, 2FF)
2003 USIM (3G authentication algorithms)
2010 micro-SIM (3FF) — iPhone 4
2012 nano-SIM (4FF) — iPhone 5
2016 eSIM (MFF2 soldered) — Apple Watch
2019 iSIM (integrated SoC) — Qualcomm Snapdragon X55
2022 5G-capable iSIM + SUCI — mass market IoT modules
Security Considerations
- SUCI privacy: SUCI provides unlinkability — each registration uses a fresh ephemeral key, so two SUCI values cannot be correlated to the same subscriber without the UDM's private key.
- Profile binding: iSIM profiles are cryptographically bound to the specific SoC; cloning attacks that worked on removable SIMs are computationally infeasible.
- Firmware attacks: The iSIM security domain must be isolated from the application processor even if the OS is compromised — verified by Common Criteria evaluation of the SoC.
Use the eSIM Checker to determine whether a device supports SGP.22 consumer RSP or the M2M SGP.02 profile, and the Cost Estimator to model 5G iSIM deployment costs.
คำถามที่พบบ่อย
Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.