IoT Connectivity that’s secure by design
Standards are important when it comes to IoT connectivity and security. Secure by design means that security features have been built in at every level
The starting point of our cellular IoT connectivity are the established GSM industry standards. built on previous generations and have been thoroughly tested by the 700 members of the GSMA priort to being approved. That leaves very little room for surprises or 'we didn't think of that’.
The starting point of Telia LPWA and LPWA+ cellular IoT connectivity are the established LTE and GSM industry standards. And standards are important when it comes to security. In these standards - both are built on previous generations and have been thoroughly tested by the 700 members of the GSMA priort to being approved. That leaves very little room for surprises or 'we didn't think of that'.
Secure by design means that security features have been built in at every level. Here's an overview.
Dedicated spectrum
The starting point is fairly obvious. Because cellular LPWA connectivity is done within spectrum bands that are dedicated to that connectivity, licensed by regulators and managed by operators; interference from other radio technologies is kept to a minimum and control over connectivity is maximised.
SIM-plicity
Next, let's not forget the humble SIM card (although with the variations for embedded installation or outdoor temperature extremes, that are available today they're not so humble any more). But in essence a SIM stands for Subscriber Identity Module and contains highly secure integrated circuits, to authenticate the devices accessing their networks and services. It's the same security that mobile operators use to protect their subscribers' security.
Secure communication channels - VPN + APN
Next, data is encrypted and kept within the secure cellular network whenever possible. When it's not, dedicated communication channels such as Virtual Private Networks (VPNs) can be used can to ensure that no data traverses a public network, such as the Internet. This can be combined with secure, private, access point names(APNs) dedicated to a specific customer to isolate their data communications from other traffic.
Managed communications
IoT applications normally only communicate with a specific set of servers. This makes it possible to limit communication to a defined array of devices communicating and a defined array of servers. By preventing devices from communicating with any other destination, potential threats are locked out.
Data over nas (donas)
Getting deeper now and the acronyms are starting to flow. Data over NAS (DoNAS) means putting user data into signalling messages. It sends data via the MME (mobility management entity) by putting it into NAS (non-access stratum) signalling. DoNAS can be used to transport IP and non-IP traffic. Essentially, it's the same mechanism used for network signalling.
Non-IP data delivery (NIDD)
Non-IP data delivery is what it sounds like. It's used together with DoNAS to send data to the network without using IP. NIDD can transport data using a Point-to-Point (PtP) Serving Gateway interface (SGi) tunnel to the application server. Alternately, it use the service capability exposure function (SCEF) to securely expose service and network capabilities through network application programming interfaces (APIs).
Still with us? Want to learn more? Read the GSMA white paper on Cellular LPWA security
Contact us
Got a question? A challenge to solve or opportunity to explore?
Drop us a line and let's talk
Cookie notification
Cookies allow us to optimize your use of our website. We also use third-parties cookies for advertising and analytics. Please read our Cookie Policy for more information.