When we talk about Internet of Things (IoT), security is one of the issues that most worries users. The new IoT networks, such as NarrowBand IoT (IoT) and LTE-M, have made possible to access more economically and for a long time to the Internet without maintenance due to the low power consumption. But there is a market concern about how to deal with the security of the data that these devices report. In this article, we’ll focus on the security in the communications of devices that use the network NB-IoT and communicate with a server in the cloud.
Before delving into the NB-IoT network, it is necessary to take into account three basic pillars of IoT security that will allow us to have a panoramic view of the topic:
- The first, the authentication. With it, we guarantee that the device that sends data to the cloud is authorized and no one has replaced it with another. Likewise, we guarantee to the device that the cloud with which it is exchanging information is also true and nobody is substituting it or appropriating of the data illicitly.
- With encryption, we guarantee that a communications observer cannot understand the messages and only the cloud with the decryption keys can retrieve the messages.
- And withnon-manipulation, we guarantee that no one has altered the message that the IoT device sends to the cloud.
The NB-IoT net and its security
Within a NB-IoT network the data travels encrypted and therefore in a secure way. The problem with the information appears once the data leaves the NB-IoT network and is sent over the Internet, from the servers of the network operator to the final cloud server where the client has installed its reception center and data processing.
Typically, the NB-IoT uses UDP protocol. It is a very simple protocol and is ideal for NB-IoT because of its low consumption, because it does not need to establish a connection in order to send data. When a flat UDP packet travels over the Internet, all of its data is visible to third parties.
If we want to use one of the main features of NB-IoT: to have the lowest possible consumption of all LPWAN networks, we have to go through the UDP protocol and this is unsafe by nature. But can we still have low power consumption using UDP and ensure security in communications? The answer is yes.
Methods for managing safety in NB-IoT
There are different methods for managing security in a NB-IoT communications network, between devices and the cloud server where information is reported.
- APN or operator plataform: Some operators offer for NB-IoT the possibility of mounting an intermediate server that collects the data from the NB-IoT network without going through the Internet. The customer’s final platform is typically connected via a secure VPN connection to the operator’s platform, and this makes the entire path from the device to the customer’s cloud server secure.
In favor: High security level | Rapid solution development.
Against: It implies costs for the customer | Little flexibility to operator changes.
- UDP protocol securing: In this case, data travels end-to-end encrypted by the same technology, and the cloud server is responsible for authenticating and decoding the data.
In favor: High security level | Independent of the network operator.
Against: Solution development time.
- Do not apply security: It is the easiest possibility, but is not recommended. This option could be shuffled only in performance tests, as real and volume projects could receive multiple attacks without any ability to cope.
In favor: Simplicity | Easy to develop.
Against: The data is compromised | Susceptible to attacks of all kinds.
As NB-IoT devices developers, we are fully aware of the importance of applying security to devices. Therefore, not applying security is not an option in our projects.
Need more information on security and IoT devices? Our CTO, Oriol Patau, gives us the keys to understand how IoT devices can be secured: