IoT SAFE: Robust IoT security at scale

Any enterprise considering an IoT deployment is faced with three key challenges. The first is integrating a complex end-to-end solution, including the device, connectivity and application components; second is providing ease of deployment and use to support adoption; and third is ensuring security while the surface of attack grows exponentially with the number of connected devices.

Security is one of the most significant barriers to IoT deployment, together with funding, interoperability and the business model, and fraud is growing in this area. Industry leaders across the ecosystem agree that securing the IoT application is the only way to fully develop its business potential. The regulatory environment, too, is a factor, with new laws protecting consumers’ data and devices emerging at a rapid rate around the world. In this context, it is essential for organizations to ensure that their deployments are protected.

The IoT SAFE (IoT SIM Applet for Secure End-to-End Communication) GSMA initiative recommends that the industry should use the SIM as a hardware secure element or ‘Root of Trust’ to achieve end-to-end, chip-to-cloud security for IoT products and services – see illustration below.

It is widely accepted that the SIM is ideal for this purpose: it is one of the hardest of all identifiers to spoof, with advanced security and cryptographic features, is fully standardized, and has been deployed in tens of billions of devices for the past 30 years, so it can be used easily by any vendor and IoT device maker. This makes it superior to other, proprietary hardware secure elements implemented elsewhere within the device.

In this instance, the SIM card is used as a mini ‘crypto-safe’ inside the device to establish a secure TLS session with a corresponding application cloud or server. Alongside the SIM card, GSMA has also defined standardized APIs:

• For SIM applets, to enable device manufacturers to easily integrate the security elements of the SIM card within their middleware
• For the IoT security server – typically an over-the-air (OTA) platform ­– to manage SIM applets and to integrate with application servers, such as cloud platforms

Overall, IoT SAFE ensures highly reliable and standardized mutual authentication between devices and applications, as well as encryption of data and data integrity, all available via zero-touch provisioning, making large-scale global device deployments simple and secure.

“Security is built into the very core of the BICS’ SIM for Things platform”, says Luc Vidal-Madjar, Head of IoT and MVNE Solutions at BICS. “We believe that mobile connectivity is a central enabler of IoT security, sitting at the center of the technical chain of any IoT project. Secondly, all security must be via a zero-touch working model to allow for easy and secure management, troubleshooting, provisioning and deprovisioning of devices.

We have used IoT SAFE principles in our deployment for German Bionic, a pioneering provider of fully connected IoT exoskeletons for industrial workers at scale. A secure and stable connection to the cloud allows the exoskeletons to be provisioned and monitored over-the-air, while a digital twin of every device in the cloud delivers specific insights to improve workplace ergonomics and processes. Intelligent control systems adjust to individual operators and workflows, while machine-to-machine interfaces enable integration with other machines or devices across the factory floor and other locations. This deployment features multi-layer security with zero-touch principles in the following manner:

• Device control software is protected from alteration to keep operators and the customer facility safe

• Data is protected from loss, theft or tampering

• Unauthorized software cannot be transmitted or installed on the device”

Benefits of the IoT SAFE framework

The IoT SAFE framework offers a number of advantages:

• Leverages the inherent advantages that SIM cards offer in terms of ubiquity and security
• Offers standardized APIs that IoT device manufacturers can use to access SIM-based security services
• Removes device fragmentation issues for application developers, to offer simplicity to application and cloud providers
• Enables significant savings in operating costs due to zero-touch provisioning
• Minimizes the risk of attacks at the IoT Cloud access stage
• Allows for simple, secure management of IoT devices at every stage of the life cycle.

By partnering with the right IoT connectivity providers or IoT enablers that work with well-established security protocols under the IoT SAFE initiative, such as BICS, enterprises can utilize a global, robust and secure infrastructure already in place, complete with ever-improving industry standard security at every stage of connectivity. This will allow them to progress with a zero-touch deployment and integration of an end-to-end solution covering the device, connectivity and application components, while adhering to security regulations and ensuring they protect devices and customers while growing and scaling their connected services.

For more information on how BICS integrates security into every aspect of an IoT deployment, click here.