By Robin Kent, Director of European operations at Adax
The development of the Internet of Things is heavily reliant on the telecoms industry.
Experts believe that network operators have the power to unlock the true capabilities of the phenomenon but speed is of the essence and the industry is frantically trying to keep up with end user demands and expectations.
The benefits of IoT have been clearly outlined, not just from a consumer point of view with driving connected cars and building connected homes, but a wide variety of different industries including healthcare, manufacturing, transportation, warehousing and retail.
We know that capacity and how operators can handle the mass deployment of low speed, low volume IoT networks is a key issue, and ultimately will determine whether the phenomenon is a success for years to come.
However, with this increased traffic comes the major issue of security.
Instead of reacting to threats to the core network, which IoT networks will run off, operators need to ensure they plan for the worse and have prevention measures in place for possible hijackers.
The repercussions of such a breach can have serious consequences for both the operator and end user.
The first step for operators is to ensure any connection from the IoT device to the core network over S1 and Gb interfaces is fully authenticated.
In order to do this, they must invest in and revisit the capabilities of their GTP and SCTP protocols, which will handle the hundreds of connections into the core network.
Authentication can be delivered by the RFC 4895 for the SCTP protocol without compromising performance or network monitoring visibility like IPsec/VPNs do.
This can prove vital as networks are subject to attacks with greater frequency and demonstrated disastrous outcomes.
Another prevention technique operators should be implementing is to provide data analytics and Deep Packet Inspection (DPI) services to identify threats in the data generated by IoT services.
Today’s interconnected networks are highly vulnerable to hijacking via insecure SIGTRAN links or rogue network nodes, and application vendors can unknowingly allow the network to be compromised, when presumably ‘secure VPNs’ invisibly transport threats within packets. This issue has to be addressed as a first step to ensure network performance and Quality of Service (QofS) is not compromised.
Another potential headache for mobile operators is that IoT has many additional security requirements because of the nature of the endpoint devices and the potential high level of service criticality.
In serving a high volume of devices, networks are exposed to signalling storms, and intentionally malicious Denial of Service attacks.
Such attacks can have a serious detrimental impact on devices, and the Quality of Experience the end user expects and demands.
In a bid to tackle such issues, operators should adhere to the GSMA’s IoT Security Guidelines for Network Operators.
The guidelines have been designed with the entire IoT ecosystem in mind, including device manufacturers, service providers, developers, and, where this topic of discussion is concerned, network operators.
The GSMA describes the most fundamental security mechanisms as; identification and authentication of entities involved in the IoT service; access control to the different entities that need to be connected to create the service; data protection to guarantee the security and privacy of the information carried by the network for the IoT service; and the processes and mechanisms to ensure availability of network resources and protect them against attack.
In terms of preventing signalling storms, the guide mentions how operators may, based on a security policy, “prevent certain devices from connecting to their network by changing the communication profile of the affected devices or by enacting security policies within the network’s packet core”.
The guide also states that network authentication algorithms should be implemented that meet the lifetime expectation of IoT service provider’s endpoint devices.
These are two key points that need to be addressed when implementing IoT networks.
To ensure the capabilities of IoT can be embraced and implemented, network operators must take the lead on security and apply their own measures.