Problem solve Get help with specific problems with your technologies, process and projects.

Strengthening CIoT security with secure cellular network gateways

Smart homes… smart cars… smart lightbulbs… It’s safe to say that the internet of things era is well underway after years of hype and hope. And with all the optimistic predictions about nearly unlimited business opportunities throughout the ecosystem, it seems that everyone is rushing to cash in with new technologies and use cases.

Dumb and dumber?

To date, most of the focus has been on adding sensors and assigning IP addresses to all manner of “things” to create “smart” devices. However, some things, for example, a gas pressure sensor, need to send small amounts of data and are too small, lack an external power source or simply in the interest of cost-efficiency cannot justify the business model for IP connectivity. Such things can communicate using non-IP protocols. A significant amount of IoT value creation will come from such devices. So, is it possible to connect millions of unsophisticated devices without compromising security?

Power to the (IoT) cell!

Cellular IoT (CIoT) networks can be built using several technologies, including CAT-M1, LTE, Extended Coverage GSM or Narrowband IoT. Different technologies are suited to various IoT use cases, so it’s likely that many operators will build their CIoT networks to support more than one technology for maximum functionality. These networks will connect billions of small devices and other things, many of which are expected to send and receive very little data while consuming minimal power.

To achieve these small data transfers as efficiently as possible, 3GPP, referred to as Non-IP Data Delivery (NIDD) can transmit unstructured data without using an IP stack. This involves the forwarding of data to a Service Capability Exposure Function (SCEF), acting as a sort of network gateway within the 3GPP architecture, which then makes the data available via IP-based APIs. 3GPP standards have done a great job optimizing the architecture to extend device battery life, reduce network complexity and improve network performance. Mobile operators require extra safeguards to protect IoT devices — and their networks — from poorly written applications and serious security threats originating from hijacked dumb things.

Many unsophisticated IoT devices will be very simple in terms of processing and lack intelligence to detect and overcome threats. The intelligence to detect threats and protect connected devices needs to reside in the network. Moreover, the operator’s CIoT network also requires intelligence to protect the network and devices from poorly performing application servers. For example, an application undergoing a distributed denial-of-service attack will become unresponsive and may trigger connected devices to stay inactive for longer or to connect more often, thus draining the device battery as well as wreaking havoc on network utilization.

A gateway to tomorrow

In order to fulfill the essential SCEF functionality required for NIDD transmissions without sacrificing security or performance, network operators can use a gateway to connect the CIoT network with cloud-hosted applications. This could be a strategic network component that allows operators to seamlessly and securely interface with cloud-based application frameworks, protecting the network and subscriber devices from cyberattacks and other threats originating from untrusted internet environments. In addition to security, a smart gateway can provide other functions like network abstraction, enhance connectivity to multiple cloud platforms and extend SCEF functionality to other APIs such as MQTT or JSON.

With the addition of a gateway, operators can create intelligent CIoT networks, with the following key functions:

  • Analytics to identify abnormal behaviors in device communication, prompting threat investigations
  • Backup and disaster recovery features
  • Terminate MO messages and send acknowledgement to the device while buffering the message for delivery to the application server
  • Buffer and batch MT messages from the application server for device delivery, helping to minimize device wakeups and active connection state
  • Cache device dynamic data, enabling applications to receive device state information served from the network without pinging the device

From dumb to smart

As IoT-based communications is message oriented, the use of a smart gateway with a telco-grade distributed database could provide the scale, maturity and flexibility needed to handle billions of devices in a distributed fashion. To fully realize the return on their IoT investments and protect their networks, operators will require smart network gateways to transform all the billions of dumb IoT things to superior and secure connections on the network.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.