by Robin Kent, Director of European Operations, Adax
Research suggests the Internet of Things industry will grow from $900 billion in 2014 to $4.3 trillion by 2024 . Vodafone has delved into the consumer side of IoT with the launch of its new “V by Vodafone” bundle, whereby consumers are charged for the number of connected devices they add to their monthly plan. However, with this growth comes the heightened risk of security breaches.
Operators need to be smart with their investment when it comes to IoT; security needs to be at the top of their agenda. More than 30 billion connected devices will be in use by 2025, of which cellular IoT—including 2G, 3G and 4G technologies — is forecast to account for about seven billion units. The repercussions of such a breach can have serious consequences for both the operator and end user, as any device hijack can be a potential entry point into the network for an attack.
A common breach is the “man-in-the-middle” concept, whereby a hacker is looking to interrupt and breach communications between two separate systems. The hacker can secretly intercept and send messages between two parties while they believe they are communicating directly with each other. The hacker can trick the recipient into thinking they are still getting a legitimate message. These attacks can leave the networks, and end users, in a position of extreme vulnerability with regards to IoT, due to the nature of the devices being hacked.
Another common threat posed to IoT networks is denial of service (DoS) attacks. There can be a host of reasons for the network being unavailable, but it usually refers to infrastructure that cannot cope due to capacity overload. In a Distributed Denial of Service (DDoS) attack, a large number of systems maliciously attack one target. Often customers also decide to switch to a competitor, as they fear security issues or simply can’t afford to have an unavailable service.
Access to the IoT devices for the applications should be through a secure environment that first authenticates and authorizes the user/application before allowing access to the core. Operators must ensure connections from the IoT device to the core network over S1 and Gb interfaces are fully authenticated. Operators must invest in and revisit the capabilities of their GTP and SCTP protocols, which will handle the connections into the core network. Authentication can be delivered by the RFC 4895 for the SCTP protocol without compromising performance or network monitoring visibility like IPsec/VPNs do. This can prove vital as networks are subject to attacks with greater frequency and demonstrated disastrous outcomes.
Alongside a highly reliable SCTP protocol, operators should implement a DTLS module. This helps detect and fix real-time connection failures, redundancy and fault tolerance for signaling applications and improved destination and peer path failure.
The IoT provides a wealth of business and marketing opportunities for operators. Security must be taken seriously to ensure it’s not a short-lived fad. Attacks on the networks can have detrimental impacts on both the operators, whose reputations can be diminished in seconds if vulnerabilities are publicized, and end users, whose devices and livelihoods are at risk. The industry must lay down the foundations and realize the tools and protocols needed to secure the future.