As we’ve explored in our previous blog post, security is essential for the rapid adoption of IoT. However, since IoT as whole, and its security in specific, are relatively new, they lack a clear and accepted definition. Some include the security of every connected device, be it a car or a piece of machinery to fall under the category of “IoT Security”. Others refer to the more traditional definition of “pure”, Cellular based IoT deployments, that consists of large quantities of relatively inexpensive devices deployed “in the field” and communicate with the cloud directly (or to a lesser degree, through dedicated gateways).
We will refer to these types of IoT devices and networks (i.e. cellular-based IoT ) in this blog post.
Security IoT devices and networks is a novel challenge. It is radically different to IT security in the sense that IoT is very diverse (the technologies these devices use to communicate with the cloud include U-LPWA unlicensed low power wide area networks, such as Sigfox and LoRa) as well as cellular licensed LPWAN technologies such as LTE-M, NB-IoT and 5G).
In addition, most of these devices are manufactured and deployed without security in mind, and their low cost and design do not allow for the installation of “traditional” security technologies such as AV, firewall on the device itself.
However, as large scale attacks from recent years have demonstrated, large quantities of devices in the field could be easily recruited into large-scale botnet and used in massive cyber-attacks that, in turn, could have a devastating impact on the cellular network.
“Securing these IoT devices, across different applications and cellular protocols, is essential in ensuring the streamline adoption and deployment of cellular-based IoT networks.”
From an operational perspective is it imperative to discover the first signs of anomalous activity, resulting from various types of malfunctions and/or misconfigurations, before any damage to business operations and key services can take place.
This is important not only to ensure that the malfunctioning devices can be handled (for example by software updates, device configuration or even disconnection), but that these devices would not impact the overall network performance and the operation of other ‘normal-working’ devices.
One evident such example can be found in NB-IoT networks. NB-IoT networks are expected to include up to 50,000 connections per cell with each device transmitting up to 100kbps. Having just several malfunctioning devices, which significantly exceed this transmission threshold, might lead to a drop in the entire cell performance thus impacting the operation of many other ‘normal-working’ devices.
Cellular-based direct communication networks face a variety of cyber security attacks methods, taking place at different layers. Such attacks include ‘passive’ attacks, in which attacker steals data by eavesdropping or traffic analysis, as well as more impactful ‘active’ attacks that include integrity damage and falsification of information.
Key ‘active’ attack methods include the likes of node replication and node capturing attacks carried out using a variety of approaches such as device forgery and the modification of the device/application firmware or source code.
However, node replication/capturing threats constitute an even larger risk to the network operator brand, its network performance and provided services. As there are potentially dozens of thousands of nodes in a single sector/cell (especially in NB-IoT / LPWA networks), attacker could initiate a Denial of Service (DoS) attack, using controlled nodes to damage network performance and in extreme cases even taking down the entire network.
Such damages can also be the result of common network-level attacks (‘transmission-layer’), such as replay attacks in which valid data is repeatedly transmitted, or communication hijacking / man in the middle attacks in which a malicious party is able to control all communication between the cloud and the node, adding/removing/changing transmitted messages.
Most of the cyber security threats to IoT networks can be effectively mitigated and even prevented using the proposed solution; AI-based anomaly detection service utilizing coresets.
AI-based coresets is a powerful technique which enables the use of smaller sets of data instead of larger ones without compromising the quality of the output. This approach is based on highly efficient set of algorithms that reduce the data input on one hand, and execute anomaly detection routines on the reduced dataset (coreset), on the other hand. This technology can be applied to fixed big datasets, distributed data or to streaming data, which is highly relevant feature when we aim at network traffic anomaly detection.
We will talk more about Coreset technology in our next Blog post.