“Generations of Security”
2018-10-24, 19:30–20:15, Saal 1
A comparative security study of Internet of Things technologies NB-IoT, 5G, LoRaWan, Sigfox and Zigbee for industrial use
Self-driving cars in your garage. Refrigerators which order your groceries in your home. It seems that the future has finally arrived. And it is empowered by applications and services on a scale that changes the way we communicate with our environment and society
The Internet of Things (IoT) carries tremendous potential to improve our reality but also challenges the capture, storage and analysis of data, something that will require to make smart technology choices in industry.
IoT is not only about the technology, it is about the application that enhances our lives and intrudes into our lives for the good and for the worse. Even with today’s Internet technology it is not easy to keep just two devices, your mobile phone and a computer, fully updated all the time with the latest version of operating system and application. Just imagine a situation when we are loaded with so many devices around us and being required to keep them free from security bugs.
IoT security is not only a challenge in your personal house and garage, it poses a threat in in every industrial company. The latest advances in connectivity, including machine-to-machine communication, create a flood of new communication technologies, which empower IoT devices sending and receiving data on the factory floor.
While those new communication technologies save costs and make new applications possible, they also impose an imperative choice on each industrial company. Which technologies to use? What is the price of those technologies? Are they secure? Are some IoT technologies saver than others? How do they affect our privacy? What technologies do exist?
Several IoT technologies have merged to enable the huge array of IoT industrial applications that are set to explode. While there are many differences not only encompassing security and privacy concerns between them, they are roughly divided into two separate groups: proprietary technologies operating in an unlicensed spectrum and those operating in a licensed spectrum.
Unlicensed short-range technologies like ZigBee and long-range technologies like LoRa have allowed anyone with an idea to create IoT apps for mass market deployments. But licensed technologies like narrowband IoT (NB-IoT), 5G, LoRaWan and Sigfox are also gaining traction with operators offering IoT services through their existing cellular networks.
NB-IoT is also referred to as Cat-M2. It is a generation 3 evolution from Cat-0. NB-IoT operates both within and outside the LTE bands. Its characteristics include a maximum system bandwidth of 180kHz,a downlink peak rat of almost 250kbit/s with a similar uplink peak rate, it is half duplex (not fully available), has one antenna, with a transmit power (UE) of 23dBm and modem complexity estimated to less than 15%. NB-IoT does not use gateways, therefore sensor data communication is straight to the main server. It will work well with devices that have very long battery life and cheaper wireless modules.
5G is the most recent cellular IoT and generation five mobile network hence the name 5G. Since it is not formally defined, it is a next generation technology. 5G technologies have characteristic that are very favorable and marketable to industries and manufacturers. Top of the list is high reliability and low latency which are essential for the support of critical applications. Ever-present secure connectivity is a requirement in industries that opt for automation. 5G technologies provides this through is high connection density and bandwidth. More of the characteristics offered to industries and manufacturers by 5G technologies are shorter lead times, lower costs and higher flexibility. Besides system automation in industries and by manufacturers, other 5G use case categories include field devices, industrial system control in addition to design and planning systems.
LoRaWAN (Long Range Wide-Area Network) is a MAC layer protocol, based on the LoRa technology. LoRa technology is a wireless modulation that works with application that are long-range, low power and have low-data-rate. LoRaWAN is best suited for networks that are battery operated and wireless. One of the planned used for LoRaWan is monitoring of industrial control systems.
Sigfox is a cellular system that used radio transmission for communication. It provides low cost, low data and low power communication. Due to its radio transmission characteristic, it works well with devices that are remotely connected. Its “ultra-narrow band” connects remote devices enabling good coverage. Considering the industrial users, there are many remote machine that need to communicate. This network offers machine-to-machine communication without the necessity of IP addresses which is very effective and secure since the internet is not present.
Zigbee technology is a wireless low-cost, low-data rate and low-power communication technology. It is a good contender for industrial control and home automation among others. The technology is built specifically for sensor and control network following the WPANs (wireless personal area networks) standards. One characteristic that stands out is its capability to operate under different mode which conserves battery power.
Automobile Industry- Germany
IoT is changing the world as a whole and the automobile industry is not to be left out. Intelligent manufacturing solutions are being employed in the automobile industry and every day, these intelligent solutions are getting better. Intelligent solutions are taking lean manufacturing principles, which have always been used, to greater heights by improving and magnifying them. Visibility in real time is one of the defining powers to the industry brought about by big data technologies are intelligent automation technologies. Automobile manufacturer in Germany that have already embraced the change are BMW Audi. Other embracers include GE, Bosch, Siemens, China and FCA.
BMW car manufacturer has a repair centre in Munich Germany. The introduction of IoT to the centre has brought massive changes to the capacity of cars processed on a daily basis. Before IoT, the centre could only process 250 daily, now the capacity has risen to 600 cars daily. The problem before IoT was the process of location cars while inside the warehouse. The process was done manually. Installation of sensor in the warehouse made the process efficient, since each car in the warehouse has to have a tag for sensor locating. Considering the doubling of cars processed daily, customer satisfaction is given as well as increased revenue. The only issue of concern is security.
On a daily basis, security concerns with regards to IoT are growing significantly. This issues occurring in industrial organizations can be very catastrophic considering the heavy machinery being operated as well as dangerous systems being controlled. The Stuxnet worm is an example of such an attack. The attack destroyed Nantanz nuclear centrifuges which resulted to a decrease in enrichment efficiency. Considering the manufacturing process in automobile industry, where there is production, movement and packaging of parts, a security issue can lead to significant losses and possibly loss of life.
Risk 1: Denial of service
This is an issue that affects the QoS (Quality of service) and reliability. Mirai botnet is an example of distribute denial of service. The attack led to the internet being unavailable for several hours. Several devices that consumers use are not secure. Cameras are good tool for DDoS and they are readily available. Industries have to use cameras to monitor the functionally and movement of machinery. Considering the intelligent manufacturing employed in automobile industries, human effort is only employed to monitor the machinery at work, hence less human hands and more cameras. The Cameras are connected to the overall network that operates the machinery. In case of a DoS attack, everything in the network would be affected. It is essential for such industries to secure the cameras to limit denial of service.
Risk 2: Lack of visibility
Visibility ensures that the system administrators can see the control systems environment and all the devices that try to communicate with these systems. With effective IoT visibility, it is possible to block out communication of unauthorized devices to the control systems. Lack of visibility creates an endless opportunity for hackers and compromised devices into the system. This also bring up the necessity of device authentication for each industry network. Successful industrial IOT visibility has employed protection strategies that offer cybersecurity solutions providing agentless options while ensuring isolation and segmentation of internal networks. Visibility supports scalability.
Risk 3: Privacy
Industries have a lot of information that when in the wrong hands could compromise the performance of the industry. Automobile industries collect data form cars during test drives and use such information for making effective changes to their product. Such data includes emissions, fuel consumption, carparts lifetime among others. This information can make or destroy a product. In the recent past, Volkswagen had a scandal with cheating on emission tests. This was a case of mishandled data that compromised the company entirely. Securing the network from eavesdroppers and phishing can help prevent leakages of sensitive information.
Quality of service (QoS)
Quality of service translates to transmission that is of good quality, availability of service and minimal delay in service provision. This is reliability of a cellular technology. Reliability is one of the requirements in Industrial IoT characteristics together with safety, privacy, security and resilience. For some technologies, QoS is at an expense to cost.
Latency is an important feature in IoT. Latency is the measure of how much time a packet data takes to move from one device to the next. In IIoT and health IoT, sensors are relied upon to problem identification, they are a first red flag. In this case, low latency is a requirement for most network. Problems with latency could be a enhance security issues since the flagging of a problem would take longer than required.
Battery life varies form one network to the next. Examples such as LoRaWAN and Zigbee, devices can sleep when the applications are not in use. For some like NB-IoT, this is not the case. The networks that do not let applications sleep use additional battery energy. Battery life is a vulnerability to security since an attacker can launch an attack that drains the battery.
Coverage and Range
This two features go hand in hand. Between NB-IoT, LoRaWAN and Sigfox, NB-IoT has the lowest range and coverage. But with the inclusion of 5G and Zigbee, the two are lower than NB-IoT.
Networks should be able to accommodate an increase in the number and the density of devices connected. The considerations to put in place with effective performance of this feature is time and space. Successful visibility as identified earlier, allows for effective scalability without the possibility of a security breach.
There are various aspects in cost that can be considered in this case. There is the cost of deployment and networks, license cost and the device costs. For all the networks listed, Sigfox and LoRaWAN are cost effective in comparison to NB-IoT. This is true although 5G is high in cost in comparison of all the technologies.
5G for Manufacturing and Industrial Automation Technology. (2018). Retrieved from https://www.ericsson.com/en/networks/trending/insights-and-reports/5g-for-manufacturing
9 Ways Car Manufacturing Plants Can Improve Production with IoT - Industrial Intelligence. (2018). Retrieved from https://www.industrialintelligence.net/9-ways-car-manufacturing-plants-can-improve-production-iot/
Agarwal, T. (2015). What is ZigBee Technology, Architecture and its Applications?. Retrieved from https://www.elprocus.com/what-is-zigbee-technology-architecture-and-its-applications/
Chen, M., Miao, Y. Hao, Y. and Hwang K. (2017). Narrow Band Internet of Things. IEEEAccess. DOI 10.1109/ACCESS.2017.2751586
Elahi, A., & Gschwender, A. (2009). 2.1 ZigBee Network Characteristics | Introduction to the ZigBee Wireless Sensor and Control Network | InformIT. Retrieved from http://www.informit.com/articles/article.aspx?p=1409785&seqNum=2
Franklin Health Ltd. (2018). LPWA Technology Security Comparison [Ebook] (pp. 1-20). Retrieved from http://file:///C:/Users/user/Documents/lpwasecuritywhitepaper1_0_1.pdf
Hanna, S., Kumar, S. and Weber D. (2018). ICC Endpoint Security Best Practices. Indusrial Internet Consortium.
Holloway, M. (2015). Stuxnet Worm Attack on Iranian Nuclear Facilities. Retrieved from http://large.stanford.edu/courses/2015/ph241/holloway1/
Industrial Internet of Things Safety and Security Digital Protocol Network. Center for the Fourth Industiral Revolution. http://www3.weforum.org/docs/IIoTSafetySecurity_DigitalProtocol_Draft_V1.9.pdf
Lanzenberger, D (2017). Formal Analysis of 5G Protocols. Swiss Federal Institute of Technology Zurich.
Mekki, K., Bajic, E., Chaxel, F. and Meyer, F. (2017). A Comparative Study of LPWAN Technologies for Large-scale IoT Deployment. The Korean Instituete of Communication Information Science. https://doi.org/10.1016/j.icte.2017.12.005
Murison, M. (2016). BMW sets the trend for warehouse IoT. Retrieved from https://internetofbusiness.com/bmw-iot-munich-warehouse/
Signh, S. (2016). IoT Security-Issues, Challenges and Solutions - Internet Of Things Wiki. Retrieved from http://internetofthingswiki.com/iot-security-issues-challenges-and-solutions/937/
Sinha, S. R., Wei, Y. and Hwang, S. (2017). rvey on LPWA technology: LoRa and NB-IoT. The Korean Institute of Communications and Information Science. ICT Express 3 (2017), 14-21
What is SIGFOX | SIGFOX M2M IoT Network | Radio-Electronics.Com. (2018). Retrieved from http://www.radio-electronics.com/info/wireless/sigfox/basics-tutorial.php
Yang, X. (2017). LoRaWAN: Vulnerability Analysis and Practical Exploitation. Delft University of Technology.