Blog postEJBCA EnterpriseInfrastructureIoT & IIoT securityTelecom

5G opens up options for new IoT application areas and security becomes fundamental for longterm trust

PrimeKey Tech Sales on 5G Security

With the introduction of 5G mobile networks, completely new applications can be built utilizing the enhanced features available. With 5G mobile networks, the Internet of Things (IoT) really starts to take off. IoT is the new application area where society and the industry will benefit from how products are produced and managed throughout the whole lifecycle. Security needs to be scaled up to support up to millions of devices that could be  managing critical infrastructure. So, security and trust in the device and in the data it produces become central due to the fact that if you can’t trust your IoT device ID or the integrity of the data it produces, the whole IoT application area will be a failure.

Starting already with 2G (GSM) mobile networks and GPRS (General Packet Radio Service), IoT devices were connected to a mobile network. There are multiple applications where the devices are not moving but installed at a specific geographical place and the data collection feature of the mobile network is used. In order to trust the remote device, authentication must be strong. Also, there must be no hesitation if the collected values are correct, especially when the data is a base for billing a subscriber. An example of this kind of application is an electricity meter connected to the mobile network for remote data collection. One problem with the GSM connected IoT devices is the high energy consumption. In practice the GSM connected IoT devices need to be connected to the mains power supply making data collections from electricity meters a perfect application. In LTE-M there is a dedicated Power Saving Mode (PSM) making use of battery powering possible. With the introduction of 4G mobile networks, LTE, dedicated IoT networks were introduced. One variant is called LTE-M where the letter “M” is short for “Minus”. What is meant is that the specific mobile phone mobility features of the 4G network are reduced to a minimum in favor of other characteristics.  The enhanced features of LTE-M benefits IoT applications. But several other features in LTE-M were also optimized for IoT devices like increased range of radio signals, Over the Air (OTA) software upgrades of IoT devices, deep indoor coverage (compared to ordinary LTE for mobiles), good enough throughput (< 4 Mbps) etc. LTE-M uses the ordinary LTE radio base stations so geographical coverage is extremely good (compared to non-mobile IoT networks like Sigfox). The single feature “national coverage” is often a critical feature if an IoT application should become a marketing success. Independent of the IoT device is a lawn mower, electrical car charge point, smoke detector or electric wheelchair the predictable coverage and reliable communication rules out most other features that non-mobile IoT networks might have. This includes the cost for the IoT device itself because a cheap IoT device which becomes unconnected is a useless IoT device!  

Securing your IoT devices using SIM cards

A strong advantage to using mobile networks for IoT is the security features built into the Subscriber Identity Module, SIM, card. Mobile operators have learned how to handle millions of subscribers using SIM cards in mobile phones. Prepared with encryption keys by the operator and sent out to the owner for use in the mobile device the basis for secure authentication, integrity and confidentiality is laid. Today mobile phone users are used to physical SIM cards, but standards have evolved resulting in Embedded SIM cards (eSIM) and Integrated SIM cards (iSIM). Those newer form factors for SIM cards makes them perfect for IoT devices because the physical handling of SIM cards is removed. The preparation of eSIM and iSIM can be handled via communication connections. The traditional physical SIM card has many limitations when used for the IoT market. The SIM card can only be prepared for a single mobile operator and must physically be replaced with another SIM card for a new operator. If the IoT device is crossing borders this becomes a blocking factor for a worldwide market. There is also a solution where the SIM card is replaced totally with software, a so-called soft SIM. From a security perspective this is a much more vulnerable solution compared to the hardware implementation used in eSIM which can act as a Trusted Computer Platform (TCP). One vendor who has realized the potential in the eSIM market is Korewireless, see Korewirelss eSIM technology. Developed by the mobile industry, IoT SAFE (IoT SIM Applet For Secure End-2-End Communication, see GSMA SAFE specification, enables IoT device manufacturers and IoT service providers to leverage the SIM as a robust, scalable and standardized hardware Root of Trust to protect IoT data communications. IoT SAFE provides a common mechanism to secure IoT data communications using a highly trusted SIM, rather than using proprietary and potentially less trusted hardware or software based secure elements implemented elsewhere within the device. A flexible PKI system from PrimeKey can become a vital component of a secure SIM card rollout.  

New possibilities with 5G

With the introduction of 5G mobile networks the evolution of dedicated IoT mobile networks continues, but at a faster speed compared to previous generations of mobile networks. By utilizing a number of new paradigms in 5G some completely new areas open up for a wider range of IoT applications. New 5G paradigms include:

  • A new architecture of the 5G Core network with a service-based architecture instead of a node based. The service-based architecture makes it possible to distribute logical functions all the way out to for example a customer’s private mobile network. This makes it possible to process customer data at the edge of the mobile network so collected data and results are kept locally at the customer.
  • The possibility to use a logically sliced mobile (backhaul) network makes it possible to logically and dynamically allocate bandwidth to dedicated IoT data. This guarantees IoT data will reach the destination in due time independent of other traffic like video streaming.
  • A new design of the radio network utilizing new spectrum like millimeter radio waves resulting in dramatic higher bandwidth.
  • The split architecture between mobile control data and user data in combination with virtualization makes it possible to run data processing on Commercial Off the Shelf (COTS) hardware thus reducing costs significantly.
  • The Zero Trust principle gives as a result that there are no secure network zones any longer. Every communication connection should be properly authenticated, integrity protected and eventually encrypted to achieve confidentiality. This makes the use of certificates and PKI systems mandatory!

The combined result of the new paradigms above opens up completely new application areas like:

  • URLLC, Ultra Reliable Low Latency Communication. This will make it possible to connect machines and manage those in real time. Examples are automated production, guided self-driving vehicles especially in restricted areas like harbors, mines, guidance of drones etc
  • mMTC, massive Machine Type Communication. This will make it possible to collect IoT data from millions of different sensors resulting in smart cities, smart cars, smart electricity grid, smart utilizing of power etc.
  • Mobile/Multi-access Edge Computing, MEC. This is local processing of collected data at the mobile edge, in practice a customer local computer processing collected IoT data in real time. This possibility in itself opens up new application areas like real time video analyzing from a production line, augmented reality for service personnel, artificial intelligence processing of collected data etc.

Conclusion

Independent of the mobile network generation used, the security aspects of IoT remain the same. The remote IoT device must be capable of authenticating itself in a secure way, the transmitted data must be integrity protected so no manipulation can be done during transit and if the data transmitted is sensitive the data should be encrypted so confidentiality can be achieved. The new features of 5G in combination with the embedded SIM, eSIM, enables new possibilities for the IoT market. The ability to produce a single Stock Keeping Unit, SKU, simplifies for IoT device producers and customers. As the eSIM can act as a Trusted Computer Platform the security aspect is satisfied. A flexible PKI system from PrimeKey generating certificates and credentials stored on the eSIM or a separate secure element in the IoT device used in mobile systems is a well proven way to achieve all the security goals. With a sound security foundation using PrimeKey PKI, the customer can concentrate on the logical application. This is the area where the customer himself is the expert!

Register for our webinar "5G, edge & security for the connected factory" to learn more. Sign up  

primekey-expert

Author

Peter Heidenberg

Peter Heidenberg has the role of pre-sales engineer at PrimeKey, focusing on end-to-end solutions from both a technical point of view as well as a commercial point of view. Peter is based in Sweden at PrimeKey's headquarters. He has over 20 years of experience working in Telecom, where his focus was on transmission & transport, and has for the last four years been focusing on IT security/PKI.

peter.heidenberg@primekey.com