By Robin Kent, director of European operations at Adax
The speed at which the telecoms industry is needing to keep up with rise of the Internet of Things (IoT) is quite alarming. Network operators are frantically trying to make sure everything is in place to satisfy the inevitable end user demands and expectations.
We’ve heard about the benefits IoT can bring for not just consumers looking to build their connected homes and drive connect cars, but a range of different industries including healthcare, manufacturing, and transportation and warehousing, and retail.
We know that capacity and how operators can handle the mass deployment of low speed, low volume IoT networks is a key issue, and will ultimately will determine whether the phenomenon is a success for years to come. However, with this increased traffic comes the major issue of security.
Instead of reacting to threats to the core network, which IoT networks will run off, operators need to ensure they plan for the worse and have prevention measures in place for possible hijackers. The repercussions of such a breach can have serious consequences for both the operator and end user.
The huge potential for market growth is one major attraction that IoT offers to operators, yet 86% of them admit they are not yet ready for the concept [Telecoms.com Intelligence Annual Industry Survey 2016]. In addition, according to Telecoms.com Intelligence IoT Outlook Report 2015, concerns regarding security are the biggest barrier to implementing IoT among operators, and just 10% said they are fully capable of launching secure IoT services. These are worrying statistics so it’s essential for operators to have peace of mind that their networks are secure.
First step, authentication
The first step for operators is to ensure any connection from the IoT device to the core network over S1 and Gb interfaces is fully authenticated. In order to do this, they must invest in and revisit the capabilities of their GPRS tunnelling protocol (GTP) and stream control transmission protocol (SCTP), which will handle the hundreds of connections into the core network. Authentication can be delivered by the RFC 4895 for the SCTP protocol without compromising performance or network monitoring visibility like IPsec/VPNs do. This can prove vital as networks are subject to attacks with greater frequency and demonstrated disastrous outcomes.
Another prevention technique operators should be implementing is to provide data analytics and deep packet inspection (DPI) services to identify threats in the data generated by IoT services. Today’s interconnected networks are highly vulnerable to hijacking via insecure SIGTRAN links or rogue network nodes, and application vendors can unknowingly allow the network to be compromised, when presumably ‘secure VPNs’ invisibly transport threats within packets. This issue has to be addressed as a first step to ensure network performance and quality of service (QoS) is not compromised.
Another potential headache for mobile operators is that IoT has many additional security requirements because of the nature of the endpoint devices and the potential high level of service criticality. In serving a high volume of devices, networks are exposed to signalling storms, and intentionally malicious denial of service (DOS) attacks. Such attacks can have a serious detrimental impact on devices, and the quality of experience the end user expects and demands.
In a bid to tackle such issues, operators should adhere to the GSMA’s IoT Security Guidelines for Network Operators. The guidelines have been designed with the entire IoT ecosystem in mind, including device manufacturers, service providers, developers, and, where this topic of discussion is concerned, network operators. The GSMA describes the most fundamental security mechanisms as; identification and authentication of entities involved in the IoT service; access control to the different entities that need to be connected to create the service; data protection to guarantee the security and privacy of the information carried by the network for the IoT service; and the processes and mechanisms to ensure availability of network resources and protect them against attack.
In terms of preventing signalling storms, the guide mentions how operators may, based on a security policy, ‘prevent certain devices from connecting to their network by changing the communication profile of the affected devices or by enacting security policies within the network’s packet core’. The guide also states that network authentication algorithms should be implemented that meet the lifetime expectation of IoT service provider’s endpoint devices. These are two key points that need to be addressed when implementing IoT networks.
Network operators should be taking it upon themselves to set their own security measures to ensure the potential capabilities of IoT can be recognised and embraced. The demand for such services is continuously growing so having the right tools and protocols, such as GTP and SCTP solutions, in place ahead of the expected rush will be vital.
Adax provides compact EPC solutions, SIGTRAN software, SS7 Signalling platforms, and DPI, IPsec Security, and GTP acceleration products for traditional legacy TDM networks to LTE and beyond.