Internet of things security multilayered method for end to end data communications over cellular networks

Internet of Things Security - Multilayered
Method For End to End Data Communications
Over Cellular Networks
Prepared By:
Akash A R

OUTLINE
INTRODUCTION
ARCHTECTURAL SYSTEM DESCRIPTION
THE INTERLOCKING FUNCTIONAL ELEMENTS
 CONCLUSION

INTRODUCTION
 With the explosive growth of Internet of Things (IoT) solutions comes the greater
concern over security issues associated with the plurality of devices being
connected
 Poorly architected cellular connectivity can open the solution to potential security
issues
 A highly secured architectural solution requires a multilayered security approach
encompassing the overall architectural design for connectivity
 The multilayered methodology provides a secure wireless connection utilizing
packetized data to establish a robust connection between the IoT device and the
backend host for bidirectional communications

ARCHITECTURAL SYSTEM DESCRIPTION
 The IoT cellular device is connected to the local serving cell tower via an
encrypted radio access network
 The local tower is securely connected to the home carrier’s mobility data
center.
 The destination host is connected via a point to point encrypted link.
 The architecture provides desired security without incurring increased data
payload for security encryption

THE INTERLOCKING FUNCTIONAL ELEMENTS(1/8)
 Each security functional element available in the architecture is briefly described
here
A. SIM-BASED AUTHENTICATION AND KEY AGREEMENT
 The first critical element of the secure architecture is the subscriber
identifier module (SIM)
 The connectivity to the SIM is only through
the cellular radio module preventing the
onboard microprocessor from directly
accessing the SIM.
 Any communications with the SIM is
performed solely by the radio stack layer
built into the radio module.
 The authentication and key agreement
mechanism utilizes a secret key K which is
known only to the SIM and the Internet of
Things home carrier

B. RADIO ACCESS NETWORK ENCRYPTION
 The radio link layer between the IoT device radio module and the cellular tower is
128-bit encrypted, utilizing the key from the previous section, as part of the
standard GSM protocol for 3G and above transmissions
C. CUSTOM ACCESS POINT NAME (APN)
 The secure IoT architecture makes use of a custom APN assigned to each of
the enterprise customers deploying IoT devices.
 This custom APN is unique to the enterprise which has provisioning and
management capabilities of IoT devices.
 The custom APN allows such enterprise to give an IoT device permission to
access that Enterprise’s custom APN for the data transport.

D. PRIVATE NON-ROUTABLE TCP/IP ADDRESSING
 The non-routable IP address is preserved in the packet along the path between
the IoT radio module and the GPRS Support Node(GGSN) avoiding any type of
conversion into a public routable IP address.
 Because of the nature of the overarching architecture, the private IP addressing
schema does not route to the public Internet.
 The non-routable nature of the IP addressing that is preserved end-to-end
 Even if a malicious packet were to make its way into this secure pipe or one of
the IP packets were to “escape” the pipe, they would be immediately dropped
by the first router hop due to their non-routable IP address

E. NON-SPLIT TUNNEL ROUTING SCHEMA
 Poorly architected solutions often provision an APN to split the data
packet tunnel
 In other words, while the private data packets are directly sent to the
enterprise customers, the public destined packets are directly routed
from the mobility data center off to the public Internet.
 This breaks security methodology because now an IoT device has a
path to the public Internet that is not under the control of the
enterprise customer.

F. POINT TO POINT DATA TRANSPORT BETWEEN CELLULAR CARRIER AND HOST
 The point-to-point connection between the mobility data center and the destination
host may take the form of an IPsec VPN tunnel
 By combining the two functional elements provided by the custom APN and IPsec
VPN tunnel, it is possible to establish a closed secure pipe
G. NO DIRECT DEVICE TO DEVICE COMMUINICATION
 Direct communication of IoT decices through the carrier’s data center would not
leave a record or footprint in the customer’s router or backend host system.
 In other words, the devices may be chatting back and forth without the enterprise
customer having record of or seeing the M2M device traffic
 Unable to probe the traffic for malicious behavior.

H. DESTINATION HOST ROUTER MONITORING
 All data packets to and from the IoT device passes through the enterprise
customer’s router
 Deep packet inspection at the customer’s router can detect in real-time that
abnormal data behavior is occurring from the IoT devices, which may indicate
fraudulent or malicious activity
 By delivering every packet through the customer enterprise router, the
customer’s host data center has a holistic view of all traffic coming from and
going to the IoT devices
 This can forensically detect if fraudulent behavior is or has occurred.

I. SIM TOOLKIT IMEI VALIDATION AND ALERTING
 The SIM being a secure storage location either has received a copy of its allowed
connected device’s IMEI or discovers it upon first power up.
 This allowable IMEI(s) are held in nonvolatile memory within the SIM and upon
subsequent power ups the SIM makes the same request of the radio module it is
attached to and compares the delivered IMEI to the stored IMEI within the SIM.
 If the two match, then the SIM assumes that it is in the equipment that it was intended
to be in as the equipment serial number matches the securely held permissioned serial
number of the hardware.
 If the SIM detects a different IMEI, it can assume that malicious behavior has occurred
and that someone has removed the physical SIM from the trusted device

 The device manufacturer creates a secure hashing algorithm within the device processor’s firmware
that is keyed from a hardware serial number that renders a unique 4digit number
 At time of assembly, the SIM associated with the device is programed into the locked state with the
unique 4 digit code as the unlock key.
 At power up or reset, the SIM requests the unlock code via the radio interface to the device
processor.
 The firmware runs the hashing algorithm to produce the 4 digit unlock code and passes to the
SIM.If the code matches the SIM’s then the SIM is enabled for operation.
 If the pin does not match after 3 attempts, the SIM is rendered unusable or blocked.
 This prevents a SIM from being removed from an IoT device and inserted into a consumer phone.
K. PIN LOCKING OF SIM
J. SIM TOOLKIT IMEI ALERTING
 The SIM alerts the host mobility data center that a mismatch has occurred upon power
up and the carrier can then take immediate steps to disable the SIM or prevent dataflow
from occurring until the issue is investigated

CONCLUSION
 This paper has set forth a multi-tiered solution for securely establishing end-to-end
TCP/IP based Internet of Things communications over cellular-based networks.
 This methodology consists of standards based interlocking functional elements
deployed in a securely architected carrier network providing a secure end to end
communications channel for Internet of Things devices and applications.

Internet of things security multilayered method for end to end data communications over cellular networks

More Related Content

Similar to Internet of things security multilayered method for end to end data communications over cellular networks (20)

Recently uploaded (20)

Internet of things security multilayered method for end to end data communications over cellular networks