The emergence of the Internet of Things (IoT) enables mobile devices, sensors, machines and vehicles to connect to each other and to the Internet. New types of service providers are being created rapidly to offer innovative services and solutions, which involve chip, sensor and device manufacturers, application developers, communication (mobile and fixed) providers, and Internet, Public and Private Cloud service providers, etc. In this new ecosystem, each element from an end-to-end perspective faces a variety of security and privacy challenges as well as the risk of all sort of attacks from Internet. To ensure that end-to-end security can be maintained, each stakeholder needs to address the risks and challenges in the design stage in conjunction with other related stakeholders under an end-to-end security framework. Since almost all IoT services are required to leverage a communication network (e.g. mobile networks), the GSM Association (GSMA) which represents the telecommunication industry, has created a set of security guidelines to help achieve the end-to-end security that benefits the whole ecosystem.
The structure of the GSMA security guideline document set is shown below.
Network Operators, IoT Service Providers and other partners in the IoT ecosystem are advised to read GSMA document CLP.14 “IoT Security Guidelines for Network Operators” which provides top-level security guidelines for Network Operators who intend to provide services to IoT Service Providers to ensure system security and data privacy.
The guideline for each of the components is based on the following generic IoT Model.
The iBasis IoT service architecture is comprised of APIs, IoT data services, and Communication Network components according to the generic IoT model above. Therefore, our security framework addresses the security challenges reflected in CLP.11, CLP.12, and CLP.14. The following summarizes iBasis’ IoT security approach and extra security services offered to customers for their end IoT devices.
- Each IoT device is connected through the iBasis secure IPX network Infrastructure which is GSMA security compliant
- Each service element facing the Internet is protected by a firewall and a Distributed Denial of Service (DDoS) protection system
- VPN to Private Cloud or Enterprise Premise is available
Data and Application:
- API with mutual-authentication and encryption
- Data Anomaly Detection for each accessed IoT device and Policy-Based
- On-demand data access control per IoT device to limited IP destinations
- On-demand location based access control per IoT device
- Device ID change Alert and policy based actions per customer
- Threat and behavioral analysis pertaining to customer defined IoT devices
- eSIM based end-to-end encryption with API Tool for App Integration
*If you are attending Mobile World Congressin Barcelona or the IoTTechExpo in London, feel free to reach out and schedule a time to meet a member of the iBasis team during either show. Simply send an email to firstname.lastname@example.org!