The IoT security in the 5G era
The Internet of Things (IoT) is one of the most talked-about technologies in the era of digital transformation. Some even call it the 3rd industrial revolution; it is the core technology behind smart homes, self-driving cars, and smart cities. Some of its first beneficiaries, the Automotive industry, healthcare, and logistics, have taken giant steps and led the manufacture of everyday “things” that connect with computers.
And it will be probably even bigger. According to Gartner, there’ll be around 26 billion devices on the IoT by 2020, a huge jump from the 2016’s 6 billion and IoT product and service suppliers will generate $300 billion+ in revenue.
Moreover, industry leaders argue that IoT applications in healthcare, autonomous vehicles and the intelligent enterprise are the hot topics this year.
IoT is hot, and connected devices and sensors, robotics, immersive reality, and artificial intelligence are taking over the physical world with a new level of technological sophistication. The consequence is that the IT infrastructures needed to support these systems become obsolete. And experts warn that businesses that assume otherwise are doing it at their own peril.
Also, infrastructure automation specialists warn against the blessing and the curse of the staggering rate that companies are deploying IoT sensors. This generates vast amounts of data when tracking things in real-time and companies will need to implement technology that can handle the constant stream of data in addition to looking at more effective ways to analyze that data.
Welcome to 5G
The first generation mobile network (1G) was all about voice. 2G was about voice and texting; 3G was about voice, texting, and data; 4G was a faster 3G, and 5G will be even faster; it will be fast enough to download a full-length HD movie in seconds.
With the arrival of 5G, it looks like the foundation for realizing the full potential of IoT is finally here. While 5G is set for commercial availability sometime around 2020, the industry is already working to develop new global standards and pre 5G products to benefit industries everywhere. Ericsson AB’s latest Mobility Report points out that there will be 550 million 5G subscriptions in 2022 and Asia Pacific will be the second-fastest-growing region with 10% of all subscriptions being 5G in 2022. But 5G is much more than just fast downloads; its unique combination of high-speed connectivity, very low latency, and ubiquitous coverage will support smart vehicles and transport infrastructure such as connected cars, trucks, and buses, where a split second delay could mean the difference between a smooth flow of traffic and a terrible car crash.
What about security?
As IoT continues to take over the world, many security challenges related to IoT deployment in the consumer and enterprise space are becoming evident. The more devices get connected to the internet, the more complex the IoT ecosystem becomes and as a consequence more sensitive information is put to risk.
According to estimates from Safelist, 35% of IT leaders lack confidence in the security of IoT devices. They are afraid that a cybercriminal could gain control of their devices, with dire consequences. And this concern is justified given the fact that 84% of organizations have already experienced an IoT-related security breach.
Although at this point no one can deny the fact that many industries will benefit from IoT proliferation, skepticism arises because there are still many loopholes and flaws in connecting everything to the internet.
Kaspersky Lab developers even went as far as labeling IoT as the Internet of Crappy Things, openly criticizing the concept of connecting everything possible to the internet. This may be an exaggeration, but it’s a fact that in spite of the many benefits, the IoT also raises many concerns regarding security and privacy. Here is a brief summary of top security concerns IoT developers need to address:
It’s in the very nature of IoT devices to collect vast volumes of data and processing and sharing this data is an integral part of the whole IoT ecosystem. However, most of this data is sensitive and needs protection through encryption.
Secure Socket Layer protocol or SSL can be used to protect your data whenever it gets exposed online. SSL software must not only be used to protect and encrypt the data, but also the wireless protocol side too. The wireless transfer is when the data is the most vulnerable, so it also needs encryption during the transfer. Sensitive data like locations must be protected from prying eyes and available to the concerned users. Thus using a wireless protocol with incorporated encryption is of the utmost importance
Even with the encryption up and running, the IoT network is still vulnerable to side-channel attacks. This kind of attacks focus on how the information is being presented, rather than the data itself.
Basically, the cybercriminal can use side-channel attacks to access the state of a cryptographic device and its contents. Electromagnetic emissions that come out of a device can be analyzed by attackers that non-invasively can extract sensitive information from it.
Since the inception of IoT, hardware developers have not been able to keep up with the IoT demands. Although IoT devices chipmakers like Intel and ARM have recently started reinforcing their processors for more security, they don’t seem able to find the appropriate solution for security gaps.
Coverage network of the IoT device is one of the most important features and one that is often overlooked by IoT experts. Manufacturers need to be very specific when setting up a range of metrics for your device or application. It is paramount to find that sweet spot where the range is maximized without reaching the breaking point.
These intrinsic security issues of IoT are not resolved by 5g because 5g comes with its own concerns.
5G needs robust security architectures and solutions since it will connect every aspect of life to communication networks. The basic challenges in 5G are:
• Flash network traffic: There will be a high number of end-user devices and new things (IoT);
• Security of radio interfaces: Radio interface encryption keys are sent over insecure channels;
• User plane integrity: There is no cryptographic integrity protection for the user data plane;
• Mandated security in the network: Service-driven constraints on the security architecture lead to the optional use of security measures;
• Roaming security: User-security parameters are not updated with roaming from one operator network to another, leading to security compromises with roaming;
• Denial of service (DoS) attacks on the infrastructure: There are visible network control elements and unencrypted control channels;
• Signaling storms: Distributed control systems require coordination, for example, non-access stratum (NAS) layer of Third Generation Partnership Project (3GPP) protocols;
• DoS attacks on end-user devices: There are no security measures for operating systems, applications, and configuration data on user devices.
5G will use mobile clouds, SDN, and NFV to meet the challenges of massive connectivity, flexibility and costs, but as we can see above, with all their benefits, these technologies also have inherent security challenges. The integration of IoT seems to raise the most security concerns, specifically in terms of privacy. New security solutions need to be sought out that use the development in, for example, artificial intelligence and context awareness to enable proactive network forensics and response.