Massive IoT? Massive set of security requirements

Paul Bradley, chairman, 5G Working Group, SIMalliance

IoT is here right now but it’s also one of the biggest application areas for 5G. Yet it’s easy to forget that while the industry has a clear vision of services that it hopes 5G will facilitate, much remains to be determined on the technical front with standardisation activities just beginning.

However, it is clear that just as IoT security is big news today, security and privacy will remain fundamental requirements, with the changes foreseen for 5G likely to broaden the range of attractive attack targets, says Paul Bradley, chairman, 5G Working Group, SIMalliance.

The massive IoT segment, and its close neighbours the critical machine type communications and vehicle-to-X segments are extremely broad, covering not just M2M but consumer based services too. Typical use cases are highly varied and may include drones, driverless cars, home appliances, some wearables and machine type communications including metering, sensors and alarms.

Clearly this is a very broad range of use cases and as such, operational and security requirements will vary. For example, communications will be either:

  • long range, low power, low bandwidth and infrequent or
  • focused on speed.

Data is likely to encompass geolocation data, sensor data such as meter readings and private consumer data. Location and privacy protection for data must be enforced to ensure, for example in the case of a meter, that a thief cannot determine if the premises are occupied are not.

Devices may be connected to the network either directly or indirectly, for example via a gateway. How this is done may have implications for security requirements.

Security requirements in this segment will be based around devices, the network and backend. That means that following high level types of security requirements can be distinguished:

  • Network access security
  • Network application security
  • Service layer security
  • Authenticity, Integrity and confidentiality of data transmitted at different network layers.

In use cases such as smart metering the data transferred needs to be protected against manipulation, as, compared to voice communications, data can be more easily attacked and modified. Because the value comes from the integrity of the data, integrity protection becomes more important for 5G IoT.

Because these devices are connected to the network, if they lack adequate security, they could be used as an entry point to the network for attackers who may have little interest in the device or service itself.

There is also a risk of equipment cloning, leading to potential massive attacks to overload the network leading to denial of services. Carefully managing the identity of the device and securing the authentication to the network is therefore key to ensuring a good network quality of service.

Managing initial network connectivity securely will require secure provisioning of unique device and user identities for both network and service level access, network and service authentication credentials and communication cryptographic keys as well as application identifiers. The content of the securely provisioned data will likely depend on the devices’ location as well as agreements between integrators, service providers and mobile network operators.

Managing identities on the network will require identification of the application and corresponding application provider. It will also need secure storage of the unique identity on the device.

Mutual authentication of the device and network will also be necessary (it has been mandatory since 3G) as may mutual authentication for applications back to their service platforms.

SIMalliance believes that it is vital that security is built into 5G from the outset. It has just published a marketing paper An Analysis of the Security Needs of the 5G Market outlining its view of the security needs of each 5G segment. It is now starting work on a follow up technical security requirements paper that will be published later in 2016.

For more information go to: http://simalliance.org/

The author of this blog is Paul Bradley, chairman, 5G Working Group, SIMalliance.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more

Panasonic and Jasmy unveil Web3 Platform for IoT data control

Posted on: March 28, 2024

Panasonic has joined forces with Jasmy (JASMY) blockchain to introduce a Web3 platform that will facilitate the connection of personal data on the Internet of Things (IoT). The collaboration between the Japanese-based blockchain and Panasonic Advanced Technology was initiated in February, but the official announcement was made on March 26.

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more