Narrowband internet of things (NB-IoT) is a low power wide area network (LPWAN) radio technology standard developed by the 3rd-Generation Partner Project (3GPP) to enable a wide range of cellular devices and services.
NB-IoT focuses on low cost, long battery life and high connection density. NB-IoT uses a subset of the long-term evolution (LTE) standard but limits the bandwidth to a single narrowband of 200kHz. In March 2019, the Global mobile Suppliers Association (GSA) announced that over 100 operators have deployed/launched either NB-IoT or long-term evolution for machines (LTE-M) networks.
NB-IoT Security Risks
The NB-IoT network design enables efficient connectivity of mass numbers of connected user equipment (UE), reducing the network overhead associated with every connection request. The new design encapsulates the required data payload (as telemetry data) into the signaling link connection, reducing the need of opening a dedicated bearer (i.e., GTP tunnel) for every single small amount of metering information sent from the network.
The network devices connected over the NB-IoT network are manufactured at a very low cost and can run up to 10 years on a pre-installed battery. The NB-IoT devices serve as sensors or remote telemetry units and are controlled by external services — IoT platforms — that schedule their activity and manage their life cycle through operational control and remote software updates. A single UE on NB-IoT has a very low network footprint and is not a major security risk on its own.
The risks hidden in NB-IoT devices come from their scale. There is a strong potential for orchestrating denial-of-service (DoS) attacks by harnessing a cluster of devices to send unplanned communication toward designated victims. Such communication can not only cause service interruption on the victims’ servers but also can impact the service provider network and result in service degradation due to a signaling load preventing other non-infected devices from sending their telemetry data or failing to respond to their control requests.
NB-IoT Risks and the IoT Service Economy
The IoT services offered by a service provider are challenged by a very low income per connection compared with regular service plans. We can see examples of IoT connectivity sold at $1 per month, whereby the price point aims to address a market potential of 3.5 billion cellular IoT connections by 2025, including 1.9 billion licensed LPWA connections.
With such an aggressive price per connection, service providers require careful selection of technologies that will impact the operating costs per connection. Although security is an important factor in the overall capital investment, the challenging economy of IoT network connectivity prices is also a huge consideration.
Protecting Against NB-IoT Risk
When service providers approach the task of planning a solution to help protect against NB-IoT risks in the network, they face several design questions:
- Should they track individual device operational metrics just to understand when a single device changes its regular behavior?
- How do they define, and should they define, what is “regular” device behavior? How do they measure the behavior of an individual device compared to a group of devices?
- Can they incorporate such massive data processing tasks in the low-compute footprint (and cost structure) that business economics dictates?
- Can they avoid detecting legitimate communication as malicious traffic?
- Can they eliminate the additional staff work required to maintain and operate such a solution?
The above challenges can be realized with the following solution requirements:
- A system based on self-learning of the behavior of NB-IoT devices
- A solution that reuses existing telemetry streams
- A software-based, low footprint, distributed solution that allows cost-effective, network-wide deployments
- A solution based on automated flows in response to security event detection
- Integration with the existing service provider’s network infrastructure security such as DoS protection and web application firewalls (WAFs)
Even with the best day-one network authentication in place and rigorous IoT-type approval processes managed by the carrier, there will always be unavoidable risks. So much so that such large-scale and varied IoT device communities will become a security liability and a cause of major service interruptions — not only to the compromised IoT devices and services owners, but also to the rest of the customers using the same network resources.
In the competitive economy of mobile carriers, such risks should be avoided before detrimental effects reach beyond the network’s performance and health and result in other negative business consequences.
Solutions for such IoT risks can be designed and deployed as an overlay solution on top of existing network infrastructure without considerable effort, which will ultimately help the service provider realize new revenue streams while providing peace of mind for its enterprise customers.
Read “Creating a Secure Climate for your Customers” today.
Mr. Eyal Yaron is the Director of Security Innovations at Radware where he is responsible for defining the company’s offerings toward 5G Networks. Mr. Yaron has more than 25 years’ experience in product management, network architecture and IT solution in various companies including Allot Communication, Amdocs, Comverse, TTI Telecom and more. After a successful career helping Tier-1 Mobile Carriers and Telecom service providers to create innovative services, Eyal helps mobile networks security professionals to design infrastructure security solutions aligned with 5G networks, protecting from Denial of Service and IoT threats.