With Ericsson predicting that the amount of IoT devices connected to cellular networks will reach 3.5 billion by 2023, it’s clear that MNOs should be preparing for major new commercial opportunities. Moreover, there is often little question that the emergence of the new generation 5G network is going to be an enormous asset during this respect, helping to enable the explosive growth within the number of devices connected both to people and every other. MNOs have a key role to play for the event of IoT devices with cellular connectivity, especially with regards to security.
What are the IoT security challenges that MNOs will get to address?
DB: We are seeing the emergence of ever more security-sensitive services like telematics for vehicles within the automotive sector, like automatic driving systems, driving assistance systems, GPS navigation, vehicular emergency warning systems, wireless safety communications, and health monitoring in healthcare. Security may be a must for these services! consistent with a Forrester report (Forrester, January 9th, 2019), the quantity of IoT attacks is rising by overflow 200% once a year. At an equivalent time, Irdeto’s 2019 Global Connected Industries survey indicated that 80% of IoT devices used or manufactured by large enterprises have experienced a cyberattack within the past 12 months.
Establishing trust and confidence within the IoT may be a top priority for all stakeholders looking to profit from the new age of connectivity. Essentially, the safety framework must fulfill three key requirements. First, mutual authentication between the IoT device and therefore the cloud. Then, integrity and confidentiality of security-sensitive data both at rest and in motion, and last but not least, scalability of security.
JFG: There are a variety of open source and proprietary IoT OS already available within the market. Given the variability of applications, hardware, and connectivity, encompassed with the IoT, it’s likely that the market will still sustain multiple OSes for the foreseeable future. during this respect, any IoT security implementation which depends on the sort of OS wouldn’t be ready to scale and is therefore not sustainable. this is often a key security challenge that MNOs got to address.
Do we need new technologies to deal with this IoT security fragmentation?
DB: Not quite! actually, there’s an existing technology/framework, which is already proven within the field and is ideally fitted to the IoT. This includes secure elements at large and, more specifically, eSIM/SIM within the case of cellular connectivity for the IoT. Indeed, the secure elements can deliver scalable ‘security-by-design’ for the IoT, while eSIM/SIM can deliver scalable IoT security for cellular networks.
JFG: The approach is to leverage on those hardware tamper-proof elements, also referred to as the basis of Trust, to store sensitive data like keys and security services and to determine a standard. Moreover, the secure elements are standard technology and are ideally suited to integrate the new specifications for IoT security from GSMA’s latest specifications: GSMA IoT SAFE (IoT on-SIM Applet For Secure End-2-End Communication). These specifications provide an interoperable and scalable security framework for the IoT. We are the primary to implement the GSMA standard specifications for the IoT. this is often an unprecedented advance in terms of scalable IoT security for all security-sensitive use cases.
How does IoT SAFE work?
JFG: As soon because the IoT device is switched on, it’s automatically and securely provisioned with its IoT applications (the secure provisioning is performed by the IoT SAFE Security server). From now, all exchanges between the IoT device are secure and trusted. The server can trust the IoT device and vice-versa and every one the exchanges made are secure. All this happens during a matter of seconds. this suggests that devices already within the field are often activated with any service provider. this is often an excellent opportunity for Mobile Network Operators who want to supply secure IoT services to leverage on their experience of managing billions of secure elements already within the field through OTA (Over the Air) platforms.
DB: All players within the IoT ecosystem can enjoy this. especially, device makers offer devices with embedded scalable security, no matter the OS and chip fragmentation, and repair providers can develop secure services in an interoperable framework. There’s no need for the latter to implement custom security that’s hooked into the OS and therefore the chip.