A smartphone user’s guide to data security for cellular IoT

Sending personal, private data through smartphone apps has reached the point where it’s so ubiquitous and reliable that most users don’t even think about it anymore.  Every day, it seems that I use my phone to make purchases or check bank and credit card accounts, which means every day, I rely on the apps on my phone to securely transmit very private banking information back and forth over the Internet.  Thankfully, most browsers and apps employ best-practice encryption code to make the transmission of personal data secure. So how do we apply these data security practices to IoT?

When we turn our attention to IoT devices, we want to have the same confidence that the data we send and receive is secure and can be trusted and that any commands we send to devices are received intact and unmodified.  

However, the low power nature of many IoT devices presents a set of challenges:  

• we don’t have rich operating systems similar to what smartphones run to provide the strong encryption support that apps leverage 
• low-cost IoT devices typically don’t have the processing power to perform strong encryption 
• we don’t want to increase the device costs for the memory required to run strong encryption 
• we don’t want to increase the power consumption and battery usage of our device 

But we still want that absolute level of confidence and trust. 

Thankfully there is a solution that can deliver the confidence in cellular data that we need.  Whereas smartphone apps leverage end-to-end encryption, cellular IoT devices can instead use the security features of Pelion IoT Connectivity as part of a series of data security solutions to achieve the same level of data confidence throughout the transmission chain.  

When data leaves a cellular device, it is encoded as per the GSMA standards to ensure eavesdropping can’t occur during the radio transmission to the nearest cell tower.  In the days of analog phones, it was possible to listen in on calls by tuning a receiver to the appropriate channel.  But, with digitization and the random encoding of data, that’s no longer a problem. 

The next hop for data is through the cellular service provider’s core network equipment until it reaches an Internet egress point.  The physical path for data is via private connections with connections routed using the fastest and logically shortest routes possible. 

The final stage is for the data is to be routed across the Internet to the destination server.  This stage is critical; without additional security precautions, this hop is performed in the clear, and it is at this point that data can be attacked by monitoring, re-routing, and modifying.  In the journey of our data from device to cloud, this step constitutes the most significant risk.  Without an on-device encryption solution you’d be forgiven for thinking that it wouldn’t be possible to fully trust the data received from low-cost cellular IoT devices fully.  Still, we have a solution with Pelion IoT Connectivity. 

Pelion IoT Connectivity ensures that data from devices using our SIMs is routed through the core cellular networks and through to the Internet via dedicated, private egress points.  Managing and monitoring this flow of data as it transitions from the cellular core systems to the internet gives us two essentials tools that we can use to secure the communications and so that you can trust your data: 

1. We implement VPN solutions that operate on the data path from our egress points to the destination servers across the Internet.  This additional security ensures data is protected while routed from the closed, private network operator’s systems to the data centers or cloud computing instances that process IoT data.   

2. We monitor data as it flows through the network operator’s core network, enabling us to look for abnormal behavior.  This capability allows us to flag if your managed cellular IoT devices have started communicating with new, unexpected internet servers, or if the data transfer has suddenly changed in size, or if the device has fallen off the network.  And we perform these analytics at scale, globally, and irrespective of the local mobile network operator providing your device’s cellular service.  Therefore, you can manage your fleet of devices uniformly and from a single platform wherever they are in the world. 

With security solutions covering the three stages of the data path between cellular devices and destination servers, you can have confidence in Pelion’s ability to instill the required level of trust in your IoT data.  

For those seeking even higher security levels, over-and-above protecting data transmissions during the cellular journey, then you can also bring in Pelion Device Management functions such as per-packet data encryption, and managed and validated software update tools to ensure your devices are running the latest software and security patches.  Additionally, Pelion delivers tools that monitor your devices’ operational health, detecting real-time operational issues before they become a problem.