When it involves connectivity options for IoT solutions, WiFi, LoRa and Cellular connectivity are typically the foremost discussed options. Though it undoubtedly depends on the utilization case, traditional day-to-day WiFi is typically dismissed first–at least for any use cases aside from consumer applications just like the smart home. Though ideal for streaming video, for instance , everyday WiFi is extremely impractical for love or money call at the so-called customer field. That said, there’s more to WiFi than what we use a day during a private or consumer setting.
Though they each have their pros and cons, WiFi, LoRa, and Cellular connectivity are all susceptible to security risks and potentially serious consequences following a breach. no matter connectivity choice, focused attention should tend to considering robust IoT security measures regardless of the IoT solution.
An analysis of various short- and long-range wireless options supported their transmission characteristics when deploying an IoT solution at a customer site has provided us with several conclusions about connectivity. One conclusion is that the general advantage of a cellular connection. But beyond the overall benefits, what are the precise security benefits of cellular IoT connectivity compared to other connectivity options?
IoT Connectivity Options
Below we’ll review three of the most-used IoT connectivity options–WiFi, LoRa, and Cellular–and compare them from a security perspective. Specifically, we’ll compare the subsequent four setups:
Shared WiFi: when deploying the device at a foreign site, it are often integrated into the customer’s WiFi network
Dedicated WiFi: where WiFi routers are deployed alongside the device(s)
LoRa Network: we’ll consider shared LoRaWAN networks (like Loriot or the items Network) where the Gateway, Network, Join and LoRaWAN application server is obtainable by a provider, also as dedicated LoRaWAN networks where these components are deployed by the customer
Cellular Connectivity: enables devices to be used at the sting, offering longer battery life and reliable connectivity
Comparison supported Four security measures
To begin, a fast snapshot below of how these four set-ups compare on four common security features:
Botnet Attack From a Compromised Device
There were 800 percent more Mirai attacks within half of 2019 compared to the primary half 2018. The Mirai malware has infected many IoT devices, creating a botnet that started distributed denial of service attacks on their victims. Worth noting (and perhaps unsurprising supported the above comparison chart) is that these IoT devices were mainly connected to the general public internet or over shared WiFi and were ready to reach any destination.
When choosing dedicated WiFi hardware, businesses should select routers with integrated firewalls which will be wont to limit the amount of IP addresses that the devices can reach, thus making it impossible for the device to attack another target or be commanded from a hacker’s center.
LoRa devices can’t be directly reached and communicate with the web because they are doing not utilize the web protocol. LoRa devices can only ask LoRaWAN applications to which they need been registered – and therefore the management is completed on the LoRa network server.
While there are reports of the danger of LoRa devices having the ability to execute DDoS attacks against other LoRaWAN devices or servers, these cases are thanks to poor implementation or addressed in future LoRaWAN specifications.
By employing a cellular network firewall, IoT businesses can make sure that a tool can only send data to its application target; thus, blocking all malicious traffic already on the network level.
Remote Device Access
Another vulnerability that the Mirai malware took advantage of is that the unsecured remote device access of IoT devices on the general public internet. Remote access is usually necessary to try to remote reconfigurations, retrieve data from the device, and permit troubleshooting for support personnel. LoRaWAN doesn’t have an idea for remote access and is therefore not judged on this feature.
Using standard WiFi routers, the IoT device gets a personal address and isn’t visible from the general public internet.
Remote device access is activated using port forwarding (and with DynamicDNS just in case of dynamic IPs)–which Mirai has been using to infect even WiFi IoT devices within the private WiFi network.
With advanced WiFi infrastructure that permits the setup of a virtual private network (VPN), remote device access are often secured – as only authenticated devices with the proper VPN credentials will get access to the network. While this works with single, local deployments – managing multiple VPNs at different customer locations with equivalent private networks is challenging.
Cellular connectivity with private static IP addresses enables simple remote access via one virtual private network across all customer locations. The devices aren’t visible from the web and may be accessed by a VPN connection to the mobile network operator gateway.
Remote firmware updates are a critical part of keeping device security up so far. Security vulnerabilities can originate from customer-owned device firmware bugs, also as from 3rd party libraries. Updating the device are often challenging; the remote update process must be guarded against attackers while also guaranteeing a simple roll-back just in case of error.
Due to the downlink limitation of 10 messages per day, LoRa can only be used for updating very simple devices and even then, the update process can take days to weeks to finish. Initially, updates were only possible device by device, but multicast support for remote updates over LoRa has since been specified.
There is a good range of solutions available for remotely updating firmware over Wi-Fi and cellular. Cloud platform providers like AWS, Azure, and Google offer remote device management services, but they’re also are other providers like Balena or AV System.
A central part of any security design is the ability to watch for abnormalities. For all wireless connectivity technologies, the change of traffic log parameters can help to detect device tampering and is a safeguard against human error.
LoRaWan data is centrally managed within the appliance and network server – not only making payload data (e.g. the temperature measurement) available, but also important connectivity information like signal strength and packet loss.
Standard WiFi routers have a basic set of traffic logs that provide limited visibility. To effectively monitor abnormalities, the WiFi router not only must support detailed traffic information but also to centrally monitor and manage multiple customer sites.
With a cellular connectivity solution, detailed connectivity information, like network signaling events and data volume, is available for all devices in real-time within the web-portal. This data also can be streamed to cloud platforms (AWS, Azure, Google Cloud) or third-party platforms (DataDog, DevicePilot) that already provide abnormality monitoring as a service.
As shown above, installing IoT devices using the customer’s WiFi infrastructure comes with several security risks. For this reason, it’s advised to use one network for IoT devices and a separate network for normal operations, so as to safeguard both device types from one another. This way, IoT devices can’t impact normal devices, and outdated personal computers on shared LAN, for instance, can’t function entry points for IoT devices.
LoRaWAN has very tight security concepts – coupling device to a network and every application. it’s best fitted to low bandwidth applications, including in hard to succeed in locations, like temperature sensors during a manufacturing setting. Often the LoRa gateways are connected via cellular connectivity to the general public internet so data are often processed during a central place.
Dedicated WiFi infrastructure and cellular connectivity are the most-used wireless technologies for industrial IoT. By employing a firewall, remote access, firmware updates, and monitoring, IoT businesses can enjoy a comprehensive security feature already on the network level.
For deployments at multiple customer sites and for mobile use cases, cellular connectivity not only provides seamless coverage but also makes it easier for an IoT service provider to manage the various installations. These are just two of the various advantages of cellular connectivity over other options. Additional advantages are:
- Network coverage is out there almost everywhere
- The device works immediately at the customer site
- No additional infrastructure and integration are required
- Low power technologies for pro-longed battery life (LTE-M/NB-IoT)
- Supports low and high transmission bandwidth in up- and downlink
The above advantages are quickly rendered useless within the event of poor security though. So, whatever connectivity option you opt is true for your IoT solution–make sure you’re taking the recommended steps to robustly secure it.
source: iot for all