IoT security can not be an afterthought or an add-on. Security must be built in from the beginning. As digitalization advances, we support you in addressing all aspects of security and privacy.
When it comes to IoT, security requirements are unique. Connecting devices is different from connecting individual people and personal computers. To verify its identity, an IoT device can’t simply enter a password as a person would. Similarly, the systems that run our PCs are regularly updated, but IoT has to work all time.
A reliable infrastructure, preferably based on 3GPP, is needed, especially for mission-critical applications. The IoT expands rapidly, and security must be end-to-end.
Factors that drive the need for IoT security
Data based decisions need reliable data
Vital decisions related to business, safety and health are increasingly based on data. To make the right decisions, data must be accurate and secure.
Different devices require different solutions
Devices come in different in shapes and forms. Some devices are capability constrained with very limited capabilities and for such devices traditional security methods are not possible to use.
End-to-end ecosystems security
In IoT, success depends on collaborative ecosystems of device manufacturers network providers, platform providers, app developers and end-users. Ensuring end-to-end security of the ecosystem is crucial.
The Ericsson pillars for IoT security
IoT security management must be approached in new ways, moving from reactive and manual to proactive and automated. IoT security is a complex area and these are four aspects to be considered.
Building trust in IoT
As the number of connected devices grow, identifying each device becomes increasingly important, and complex. Device identification is done on the connectivity or application level. SIM cards, and the evolution to embedded SIM’s (eSIMs), provide good protection of the device connectivity identity. For device identification on application level, the LwM2M standard defines three different types (Pre-shared Keys PSK, Public Key Infrastructure PKI Certificates and Raw Public Keys RPK) . Identity and Access Management (IAM) systems verify the identity of a device and what data it has access to.
In an IoT where many decisions are data-driven, it is crucial to ensure that each device is behaving as it should, and its data has not been manipulated. Blockchain technologies are useful for data integrity, generating a non-reversible signature for data, and verifying that the current version of a data asset has not been altered. When breaches are detected in near-real time, risks are reduced. Data also needs to be protected in transit, and 3GPP networks support security controls to preserve data integrity, confidentiality and availability to guarantee the security and privacy of the information.
Network availability and reliability are important security objectives for IoT systems. With ICT infrastructure under constant attack, traffic separation and protection technologies reduce the risk of costly downtime and denial-of-service (DoS). Traffic separation methods, including the 5G network slicing concept, will provide isolation of network, application and security functions, allowing operators to offer different security levels for different network slices. The Transport Layer Security (TLS) and Internet Protocol Security (IpSec) protocols encrypt data to ensure traffic protection.
Privacy and confidentiality
Respecting the right to personal data protection is increasingly difficult, as personal information can be drawn from analyzing IoT device data. The pressure to protect and anonymize data increases with the enactment of Europe’s GDPR. Non-compliance could have serious consequences for the bottom line of any company operating in the EU. Pseudonymization of data and Blockchain to ensure data integrity, and personal privacy for you and your customers.