The IoT is set for a period of extraordinary growth, with a predicted 3.5 billion cellular IoT connections by 2023 (Ericsson Mobility Report, June 2018). To reach this figure, there is a clear opportunity for everyone involved in the IoT ecosystem to leverage widely deployed and field proven networks. Moreover, the emergence of new generation 5G networks will be a huge asset in this respect, helping to enable an explosive increase in the number of devices connected to people and each other.
The five main stakeholders in the cellular IoT ecosystem
- Mobile network / Telecoms operators - preparing for major new commercial opportunities by providing the connectivity that embraces not only billions of people, but also billions of device
- Service providers - developing applications for clouds and devices
- IoT cloud providers - hosting and managing IoT applications and credentials
- IoT device makers / OEMs - building IoT devices
- Chipset makers - producing the components that are at the heart of IoT devices
Within the IoT ecosystem, devices collect, process and send data to the cloud, where various IoT applications are executed. But while the emergence of billions more IoT devices creates a wealth of new opportunities for stakeholders, it also presents profound security challenges.
Reflecting this, in January 2019 Forrester reported a 217% annual increase in the volume of attacks on the IoT. Similarly, Irdeto's 2019 Global Connected Cybersecurity Survey notes that 80% of IoT devices used or manufactured by large enterprises have experienced a cyberattack in the past 12 months.
To address these threats, the IoT cloud service must have absolute trust in the data received from IoT devices. This is only possible by ensuring that both the device and the server are mutually authenticated (i.e. the device knows it is sending its data to the right server, and the server knows it is a genuine device which requests data to be sent).
However, the IoT is set to be characterized by fragmentation in terms of the OS and chips employed. An array of open source and proprietary IoT OS is already on the market and, given the rich and varied mix of applications, hardware and connectivity encompassed by the IoT, it is likely that the market will continue to sustain multiple OS and chips for the foreseeable future. As a result, proprietary IoT security solutions will not be able to scale or be duplicated.
The critical challenge is therefore how the device middleware can leverage the security services embedded in Secure Elements in a scalable manner. This is the problem that the GSMA IoT SAFE (IoT on-SIM Applet For Secure End-2-End Communication) initiative solves: specifying an API so the device middleware can use the credentials and security services in the Secure Element (SIM, eSIM, eSE) ina standardized manner. In short, utilizing Secure Elements to secure IoT applications by design.