By Yogendra Shah, Senior Principal Engineer, InterDigital
IoT is one of three major use cases driving the development of 5G and it brings untold complexity and inherent risk that threatens to undermine the opportunity even before it gets started.
5G networks are expected to connect tens of billions of IoT devices, and, as opposed to the “mere thousands” of different mobile phones connecting to wireless networks, in the IoT there will be millions of different types of devices with varying characteristics for a multitude of applications. These devices are expected to communicate autonomously with each other and their users over the cloud, all while bringing new service opportunities to mobile network operators (MNOs) who will implement the new 5G standards in their networks to make IoT a reality.
While IoT’s utopia is well rehearsed, the practical implementation is not. MNOs are used to regular and timely feedback from subscribers who experience or identify security vulnerabilities, indicated by, say, abnormal application or device behavior, or service degradation. In intentionally autonomous systems that have very little human interaction, such vulnerabilities on an IoT device or system may go unnoticed for days or weeks, surreptitiously causing havoc in the background. Their autonomy can exert direct control over the behavior of powerful connected systems and have a critical impact on our environment, ultimately impacting human safety. In short, the wide diversity of devices, applications and architecture complexity introduce a massive risk when there’s no certainty over the security of the services being introduced to IoT ecosystems.
Wherefore art thou, security?
The deployment of effective security strategies will have a profound impact on how the IoT market grows. IoT systems are particularly vulnerable to attack as a result of the many players providing devices and components. As devices, applications and architectures are developed and deployed, the absence of standards and a common architecture around which to implement IoT security solutions raises a particular challenge.
Take for instance, the example of a smart city involving utilities, transportation and healthcare service providers. Within it are: different network points – roadside units or lamp posts on the streets, critical communications nodes within hospitals, or autonomous driving communications units onboard cars; applications – active health monitoring and control systems on patients, traffic management, and devices – transportation telematics and energy meters. Together, they encompass a wide array of devices, architectural models and IoT applications, representing an enormous diversity challenge and an imperative to harmonise security roles across different service providers.
So where to begin? While many espouse end-point security solutions, many IoT sensors and devices are inherently constrained by their physical size and processing capabilities that pose a challenge to support the needed security functions. And such is the diversity of IoT applications resident in networks that these too have very little common architecture on which to place end-point solutions.
Instead, loT scenarios that involve multiple applications require a distributed and federated security architecture that sits between the network, application layers and devices.
Eight of the world's leading ICT standards bodies, four global fora and SDOs, almost 200 companies from all industrial sectors, have come together in the oneM2M consortium to create common industry standards for the IoT, including those around security.
Adopting a standards approach
Conceived and developed as an open standard, oneM2M has defined a comprehensive IoT service layer solution to enable scalable and economic IoT applications. oneM2M’s platform architecture consolidates the essential components of any IoT application into an open-standard, three-layer model to ensure a consistent and modular framework for IoT application developers and users. These layers are devices and applications; middleware, and networks.
Conventional IoT architectures see siloed applications and devices communicating with the networks via dedicated middleware. oneM2M brings these disparate applications together under one framework to enable interaction and a rich set of applications and services. While great diversity exists in the devices, applications and network layers, the capabilities in the oneM2M “service layer” middleware, such as device management and security, could be considered common. Thus, to tackle the security challenges in IoT, the oneM2M architecture incorporates middleware represented as a “common service entity”. This middleware resides within each server or device platform and provides a standardized interface which reduces the interoperability burden on the application layer. Its plug-in capabilities include security management modules, providing a security service to application developers, and relieving them from the intricacies of implementing security in their applications.
oneM2M provides considerable flexibility for the implementation of service layer security features, but by virtue of its open standards approach, also ensures that developers can count on a competitive ecosystem of security solutions providers.
Setting the standard While a great deal of effort has been invested in the development of the 5G standards themselves, it is incumbent on the broader telecoms ecosystem to adopt standards, such as the oneM2M standard, that address security across the multitude of different applications and services possible with the IoT. These aren’t just developed to protect the end users; they’re also essential to ensure the long-term growth of the IoT and to reap the tremendous benefits of such a service, in a safe and secure manner.
