The Internet of Things is in a boom stage. Earlier this year at the Consumer Electronics Show, IoT ruled - connected home appliances, toys, security systems and the list goes on! And more recently, at Mobile World Congress in Barcelona, the overwhelming message was anything that can be connected, will be.
The very nature of IoT means we can be connected to what we care about - personal or business - no matter where we are in the world, no matter what we are doing. This has obvious benefits when you think of being able to unlock your house remotely to let in a neighbor while you’re away on holiday; or perhaps you want to keep track of your pets or loved ones when out and about. Business wise, connectivity to the IoT enables you to monitor usage, cost and performance of your important assets globally, helping to lower margins, improve time to market and customer experience.
Aside from the many and varied benefits mass connectivity has, there is also one major risk theme that’s continually becoming more of a focus: security.
Online security has been a hot topic since the dawn of the internet and the more we come to understand connectivity, the more of a concern it becomes. In the following blog we will look at some of the risk factors associated with connected devices and what systems you should have in place when initiating a connected M2M deployment.
The business of IoT security
Security is imperative. For businesses and hardware vendors, the introduction of new devices and technology - and the increase in global deployments - bring a whole myriad of new security issues that need to be considered and factored in when deploying M2M devices globally.
Firstly, it’s important to consider a physical security plan that prevents unauthorized access to devices in remote locations. Moreover, a robust remote-access security protocol is needed that allows:
- SIM functionality to be locked to specific devices
- Connectivity to be remotely disable in the event that the physical security is breached.
Sending and receiving messages through remotely deployed devices is in itself is a security risk. Connecting devices and enabling this communication using public-access networks, such as cellular and WiFi, opens up those messages for interception. Encrypting messages is a step in the right direction but using public-networks to send sensitive data demands more. We recommend building private networks and APN’s into security protocols to ensure the security of important, private data.
Additionally, the sheer number of connected devices proves to be its own barrier to implementing a secure, efficient M2M program. Currently there are approximately six billion connected devices, this number is set to increase to more than 20 billion by 2020. The complexity of managing these devices and the masses of data communicated between them can be daunting; hence the need for a secure management system. Furthermore, the security/authentication protocols for such a system need to be multi-level. Hacking such a management system could mean compromising the entire deployment and all sensitive data stored within.
The amount of devices also makes monitoring each device for security issues difficult; therefore we recommend a set of policies and protocols within firewalls, that can automatically detect intrusions or hacking attempts.
The following is an overview of the security features we recommend be employed as a minimum prior to any deployment.
An International Mobile Station Equipment Identity is the unique ID number found on most mobile devices. An IMEI lock protocol will enable the configuration of a SIMs functionality to a specific IMEI in real time to prevent the SIM being removed and used in any other device.
Secure data transfer
To ensure the data communicated between devices is transported with the highest security, use a private APN, accessed via a VPN. An Access Point Name is the gateway between the mobile network the device connects to (e.g. 3G, 4G etc.) and the Internet. Making this a private gateway will ensure each device is isolated from other mobile users. A Virtual Private Network is a private network that runs across the internet. Using this to access a private APN will ensure that all data transferred from device s will be isolated from the wider public-network Internet.
Network based Firewall
This is a form of firewall that is applied at the point when the traffic/data sent from an endpoint enters the network.
Typically, small M2M devices have limited processing power so are not able to run firewalls. In this sense, the key advantage of a Network based Firewall is that it takes the heavy work of packet filtering away from the device, ensuring malicious traffic is never transmitted to the device or even able to enter the network.
It allows for personalized configuration regarding how data is communicated and transported via networks; enabling businesses to monitor and block certain content or functionalities. It can also detect intrusions or hacking attempts that do not align with pre-configured policies.
While it is a responsibility of enterprises to ensure they are using secure systems to transport business and consumer data, it’s also a responsibility of the hardware manufacturers to equip connected devices with security at the production level. Simply ensuring connectivity cannot physically be tampered with by - for example - using an embedded SIM for GSM IoT connectivity goes a long way in securing a device's data.
It’s also important to ensure that the security systems in place for your devices' and connectivity platform are kept up to date, preferably automatically as updates are available. In this sense, using a SaaS platform can ensure the latest management and security functionalities are automatically implemented.
At EMnify we specialize in providing connectivity and service management for connected devices through an IaaS and SaaS platform. We also provide embedded SIMs to OEMs, helping to ensure devices are physically better protected from tampering.
If you have any questions about security for your devices and connectivity platform/data transfer, don’t hesitate to contact us. Our team is always happy to help and offer advice.
Until next time, stay connected!
Your EMnify team.