By 2024, we’re going to have more than 22 billion connected devices in the world. It’s a vast opportunity but it also brings vast risk. How do you keep billions of devices secure? How about the networks they run on? How do you make sure the data from all those devices isn’t compromised?
IoT security cannot be an afterthought or an add-on. Security must be built in from the beginning.
When it comes to IoT, security requirements are unique. Connecting devices is different from connecting individual people and personal computers. To verify its identity, an IoT device can’t simply enter a password as a person would. Similarly, the systems that run our PCs are regularly updated, but IoT has to work all time.
A reliable infrastructure is a must, and this is especially true for mission-critical applications. 3GPP technologies provide this reliability. The IoT expands rapidly, and security must be end-to-end.
Factors that drive the need for IoT security
Data based decisions need reliable data
Vital decisions related to business, safety and health are increasingly based on data. To make the right decisions, data must be accurate and secure.
Different devices require different solutions
Devices come in different in shapes and forms. Some devices are capability constrained with very limited capabilities and for such devices traditional security methods are not possible to use.
End-to-end ecosystems security
In IoT, success depends on collaborative ecosystems of device manufacturers network providers, platform providers, app developers and end-users. Ensuring end-to-end security of the ecosystem is crucial.
Security management for IoT
IoT security management must be approached in new ways, moving from reactive and manual to proactive and automated. The sheer volume of devices that will get connected calls for security automation, and enhanced security analytics capabilities. Learn more
Building trust in IoT
As the number of connected devices grow, identifying each device becomes increasingly important, and complex. Device identification is done on the connectivity or application level. SIM cards, and the evolution to embedded SIM's (eSIMs), provide good protection of the device connectivity identity. For device identification on application level, there are different types of identification such as Pre-shared Keys (PSK), Public Key Infrastructure (PKI) Certificates and Raw Public Keys (RPK) . Identity and Access Management (IAM) systems verify the identity of a device and what data it has access to.
In an IoT where many decisions are data-driven, it is crucial to ensure that each device is behaving as it should, and its data has not been manipulated. Blockchain technologies can be are useful for data integrity, generating a non-reversible signature for data, and verifying that the current version of a data asset has not been altered. When breaches are detected in near-real time, risks are reduced. Data also needs to be protected in transit, and 3GPP networks support security controls to preserve data integrity, confidentiality and availability to guarantee the security and privacy of the information.
Network availability and reliability are important security objectives for IoT systems. With ICT infrastructure under constant attack, traffic separation and protection technologies reduce the risk of costly downtime and denial-of-service (DoS). Traffic separation methods, including the 5G network slicing concept, will provide isolation of network, application and security functions, allowing service providers to offer different security levels for different network slices. The Transport Layer Security (TLS) and Internet Protocol Security (IPSec) protocols encrypt data to ensure traffic protection.
Privacy and confidentiality
Respecting the right to personal data protection is increasingly difficult, as personal information can be drawn from analyzing IoT device data. The pressure to protect and anonymize data increases with the enactment of Europe's GDPR. Non-compliance could have serious consequences for the bottom line of any company operating in the EU.