comment on this article

Using the mobile telephone network to verify the security of IoT devices

As the Internet of Things (IoT) develops and becomes an everyday reality for more people, many parts of the technological framework for realising an IoT system are still yet to be proven in practice.

One part, however, is ready and waiting for all device manufacturers which wish to use it: the mobile telephone (cellular) network. It already offers a wireless solution to many of the communications challenges involved in implementing an IoT system.

Among the attractions of mobile telephone networks are three important characteristics:

* Data rate. Legacy 2G and 3G and the latest LTE network technologies offer a variety of maximum data rates to suit the requirements of different applications. LTE’s Category 0 device type, which is optimised for IoT and M2M applications, can support a maximum data rate of 50Mbit/s. This new category is addressing a key weakness in the network today: battery life and stand by time.

* Coverage. Mobile phone networks can offer almost universal national and international coverage. No other wireless access technology available today provides such widespread coverage

* Authentication. Any device accessing a mobile telephone network must carry a SIM identity and authentication key issued by the network operator. This requirement to embed a secure and unique user identity in every network device supports the concept of ‘Trusted Access’. Since it makes the channel between IoT devices secure, it removes the requirement to encrypt the data transferred between two trusted devices. Encryption is processor intensive and increases the cost and complexity of a device’s hardware and software dramatically.

Fig. 1: Each sensor in advanced automation equipment, such as the crop-spraying rig shown here, may in future have its own IP address

New development paradigm

Mobile telephone networks are an attractive choice of communications medium for IoT device manufacturers. But the IoT era will bring with it a new development paradigm. Many device types have never before been configured for operation on a public network. Some newly connected products – for instance, a lighting fixture in a commercial building – might have no other type of data connection. Others, such as production line equipment, might be connected via a private network using a locally limited network protocol, such as Profibus.

In the new IoT paradigm, these types of devices may have their own IP address and be linked, potentially, to billions of other devices on the public internet (see fig 1).

This creates a challenge for the equipment designer: how to model the behaviour of the device when connected to a network environment controlled by a mobile telephone service provider. Clearly, the testing device performance is one issue, but the quality of service itself (data throughput, latency, availability and so on) is dependent, in large part, on the network operator. Security, however, is a crucial new parameter to test when exposing a device for the first time to a public network.

Indeed, the IoT vision sees devices behaving automatically – for instance, vending machines may order their own inventory or high energy-consuming home appliances may be switched on and off by cloud-based software in response to real-time changes in energy tariffs. Many such interactions have revenue or charging implications. And this means they are vulnerable to attack.

Intrusion and attack

So how can the device OEM, adapting a previously standalone device for operation in the IoT, test its ability to withstand such intrusion and attack? Clearly, network operators are not going to allow the OEM to launch a test virus or configure some corrupt settings on a live network in order to monitor the response of a prototype.

There is, however, a safe way for OEMs to develop and test their devices’ security performance: a network simulator emulates the operation of a live mobile telephone network in the laboratory. In a completely isolated and safe environment, it enables the OEM to test the effect of any kind of network operation, including network-borne viruses and other attacks, on a device’s operation.

An instrument, such as the MD8475A from Anritsu (see fig 2), operates as a base station simulator, supporting the 3GPP protocols in use today, from legacy GSM up to the latest LTE-Advanced standards. Through a user-friendly interface (in the case of the MD8475A, this is called ‘Smart Studio’), the device designer can quickly implement hundreds of pre-built test routines. This gives a set of building blocks that the user can put together to create the network conditions to which a device will be exposed.

In addition, it provides an environment for the creation of abnormal network behaviour, such as the transmission of viruses targeting particular device types or operating systems. It can also generate specific scenarios: the Smart Studio software provides the capability to simulate network interactions with devices as dissimilar as a smart utility meter (a static device with infrequent network access events) and a vehicle tracking unit (highly mobile, frequent network access events).

As the IoT becomes populated with more and more devices, it will gain a critical mass of some technologies. The Android operating system, for instance, might emerge as the most popular platform for embedded devices and this would make an attractive target for internet based intrusion threats. As the MD8475A contains its own servers, or can be connected to an external server (on a private network or via the internet), this enables the developer to connect the device to the real IoT server and enables a complete ‘end to end’ test of devices and servers across a mobile phone network. As the mobile network is in a simulator, and not a commercial network, there are no associated call costs, data usage limitations, or other restrictions that come from a live network.

The MD8475A can also simulate a wide range of different network configurations, corresponding to worldwide different network configurations and operators, so the pre-testing can be done in a lab rather than needing to fly around the world and test in many different countries to ensure correct operation against all types of different network settings.

Fig. 2: A network simulator enables the device developer to test the behaviour of any terminal device in the safety of the laboratory

Development function

Embedded device developers have not previously needed to master the techniques of mobile network telephone testing, but the unavoidable security concerns surrounding the introduction of potentially vulnerable devices to the internet now make it necessary for the first time. Design engineers will find that equipping an embedded device with cellular connectivity is actually relatively easily accomplished: a cellular modem as a complete turn-key module is easily integrated into end-product designs. The new and more challenging task will be ensuring that their newly-connected device is protected from the dangers of the internet. As such a network simulator should be considered an essential tool to help them achieve this task successfully.

Author details:
Jonathan Borrill is Anritsu’s director of marketing, EMEA

Author
Jonathan Borrill

Related Downloads
109704/P34-35.pdf

Comment on this article


This material is protected by MA Business copyright See Terms and Conditions. One-off usage is permitted but bulk copying is not. For multiple copies contact the sales team.

What you think about this article:


Add your comments

Name
 
Email
 
Comments
 

Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

EMI/EMC filters

Astrodyne TDI, a manufacturer of power conversion and EMI/EMC solutions, has ...

Get to market faster

A quick look at using Vicor's PFM and AIM in VIA packaging for your AC to Point ...

Digital consciousness

​Would you consider uploading your brain to the cloud if it meant you could ...

Improving cancer care

Mirada Medical’s imaging technology is helping to accelerate cancer care by ...