Transatel pleads for new pillars of IoT security

Jacques Bonifay, CEO, Transatel

On May 22nd 2017, the European Union Agency for Network and Information Security (ENISA) issued a position paper raising this very issue of IoT security. Together with major actors of the semiconductor industry (Infineon, NXP, STMicroelectonics), the agency warned of a “market failure” in IoT security so far: it’s important to act now.

It’s true that the current enthusiasm for connecting objects hasn’t brought about a corresponding concern for security issues. As the Mirai botnet and Wannacry attacks made the headlines, there was however growing concern that data theft or device hacking within the IoT ecosystem could lead to dramatic outcomes—and not only in the virtual world.

Achieving true end-to-end security for the IoT will require to leverage on cellular networks’ intrinsic security mechanisms, says Jacques Bonifay, CEO for global embedded connectivity provider Transatel.

Connecting without securing is hazardous

The number of connected ‘things’ is expected to reach 50 billion by 2020 and the opportunities of this tectonic shift are limitless. When all is connected, things work together. It becomes possible to better manage our homes, our factories, our cars, our health, and our environment. This may very well be the key to economic growth and prosperity in the coming decades.

Nothing new under the sun. But let’s pause for a moment. We’re all aware that massive cyber-attacks are taking place in the digital world, with critical consequences such as theft, loss of privacy or ransom. If you believe these threats are important, just imagine how harmful they could be if they occurred in the physical world, for example in a connected car!

Everyone is at risk. 48% of small firms polled in a recent survey by Altman Vilandrie & Company, have experienced at least one IoT security breach in the past year. They expected it to cost them 13.4% of their total revenue.

A dire need for IoT security standards

The industry is in dire need of global security standards but the IoT market remains too fragmented for those to emerge. In consumer as well as in industrial IoT, there exist several competing platform providers, many of which are incompatible, impeding devices’ interconnection.

In this context, no general standards or architectural principles have been adopted as a reference for IoT security.

The two pillars of IoT security

Transatel has a long history of developing and managing secure connectivity solutions. Our 17 years’ experience suggests that two pillars should be at the heart of future global IoT security standards.

Security in the IoT starts with strong ‘things’ identities, rooted in hardware. With strong identity, things can be authenticated when they communicate with each other, with services, or users. And hardware is the best protection for such identities. In the Public Key Infrastructure (PKI), which is already widely used as a standard security technology, the main challenge consists in protecting the secrecy of the private key. To achieve this, software protection is not enough, a secure hardware element is needed.

Luckily, if your device is using cellular connectivity, then it so happens that you already have a secure element: the SIM card. Offering secure end-to-end communication capabilities (known as SIM OTA), a SIM is the perfect security toolbox.

The second recommended approach in an IoT security strategy is to ensure data security on the transport layer, through a secure private network. Cellular networks offer such security because devices and users are given a dedicated APN (Access Point Name) to access the network.

With its SIM 901, Transatel leverages on these two pillars. Contrary to traditional mobile network operators, Transatel grants access to its own SIMs so that they can be used as secure elements by IoT service providers. Thanks to its network-agnostic nature and virtualised core network, Transatel’s SIM 901 lets you benefit from the same APN worldwide. In a word, SIM 901 is the next unified, single and global solution for IoT security.

The author of this blog is Jacques Bonifay, CEO, Transatel

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Nozomi Networks and Tripwire announce strategic partnership

Posted on: September 17, 2021

Nozomi Networks Inc., the provider of OT and IoT security, and Tripwire, a global provider of security and compliance solutions for enterprises and industrial organisations, announced they have partnered to help organisations lower cyber risk with consistent security controls that span their IT, OT and IoT environments.

Read more

RightIndem deploys enterprise-grade conversational AI to simplify customer claims process

Posted on: September 17, 2021

RightIndem, an global insurance technology company, has worked with Bristol-based Amdaris to simplify its customer onboarding process via developing enterprise-grade conversational Artificial Intelligence experiences.

Read more