Radio-Frequency Identification (RFID) is a technology commonly used for identification, status administration and management of different objects. It is important for people identification, as it is commonly deployed in the latest biometric passports. It operates in several frequency bands like Low frequency band from 125 kHz to 134 kHz, High frequency band with 13.56MHz working frequency, Ultra-high frequency band with 433 MHz working frequency and 860 – 960 MHz sub-band.
In Ultra-high frequency bands there are two types of RFID systems—Active and Passive.
Active RFID system operates on 433 MHz radio frequency and on 2.4GHz from Extremely High- Frequency Range. It supports range from 30 to 100+ meters. Passive RFID system operates on 860 – 960 MHz frequency and supports up to 25m range.
Commonly, a RFID system has three major components: RFID tag, RFID reader and RFID application software. RFID tags can be active (with microchip, antenna, sensors and power supply) or passive (without power supply). RFID reader is another hardware component that identifies a RFID tag and transmits its status to the RFID software application. RFID software applications (often mobile applications) monitor and administer RFID tags. They usually exchange information with RFID readers via different beacon technologies or Bluetooth.
RFID technology is very important for different IoT applications including smart homes and smart building, as it is used for cameras, GPS and intelligent sensors. According to the applied frequency ranges, some advantages and limitations of RFID systems are given in Table 1.
RFID system type
Advantages
Limitations
Applicability
Low frequency band
– Unique applicability compared to other RFID systems.
– Global standardization support.
– Very short range – 10cm.
– Limited memory of RFID devices.
– Low throughput.
– High production costs.
Animal tracking, access control, applications with high volumes of liquids and metals.
High frequency band
– Support for NFC global protocols and standards.
– Higher capacity of the memory,
– Short range – 30cm.
– Low throughput.
DVD kiosks, library books, personal ID cards, gaming chips, etc.
Active RFID systems
– Longer range.
– Lower infrastructure costs compared to Passive RFID.
– High memory capacity.
– Higher throughput.
– High Tag’s cost.
– Restrictions due to battery power supply.
– Complex software solutions.
– Susceptibility to interference from metal and liquids.
– Lack of global standardization support.
Vehicle tracking, auto manufacturing, mining, construction, asset tracking.
Passive RFID systems
– Long read range.
– Low Tag’s cost.
– Variety of tag sizes and shapes.
– Global standards support.
– High throughput.
– High infrastructure costs.
– Moderate memory capacity.
– Susceptibility to interference from metal and liquids.
RFID tags are implemented as an interface between the IoT ecosystem and the subscribers. This technology potential is significant because of its low cost and low power features.
Smart clothes are a representative example of RFID technology deployment in a smart home. Garments with embedded RFID tags could share information with smart home appliances, to help us improve life quality. Smart bins could help to sort clothing items into logical groups, while balancing the load size. Smart washing machines in smart homes or buildings could read the embedded RFID tags on smart clothes and set the optimal wash cycle in compliance with provided instructions.
Smart cleaning/laundry services provided in smart buildings can establish real-time communication with the building tenants, keeping them informed about the status of requested service.
RFID is also important for indoor location applications development and Angle of arrival (AOA) technology.
AOA technology implies the optimization of the mobile tag signals arrival angle from at least two adjacent sources, establishing a real-time location system with centimeters accuracy. In the context of localization systems and indoor applicability, this is a significant improvement.
RFID technology enables new consumer applications and services for smart homes and buildings like smart shelves, smart mirrors, self check-in or check-out, restricted area access control, etc.
Some important RFID technology advantages for smart home and building applications are low cost, low power consumption, great implementation potential, perspective for development of different user friendly software (mobile) applications, etc.
RFID technology limitations are susceptibility to interference caused by different objects or eavesdropping and DDoS attacks, lack of standardization support, signal collision, etc.
RFID Security
RFID technology is becoming increasingly popular for smart homes, smart buildings and other IoT use cases. RFID is considered to be the successor of the barcode technology.
The implementation of security mechanisms in RFID technology is based on confidentiality, integrity, and availability. Confidentiality is the information protection from unauthorized access. Integrity is related to data protection from modification and deletion by unauthorized parties. Availability represents the capability for data access when needed.
If any of these mechanisms is not operational, the security is broken. Particularly in smart homes and smart building use cases, it may result in unauthorized access to personal data, or even personal tracking. Like other wireless technologies, RFID is exposed to security threats and the most typical RFID security challenges are:
Interference susceptibility is caused by environmental factors such as radio noise and collision caused by metal and liquids. The interference affects the RF propagation and eventually leads to error in localization services, propagation, ranges, service availability etc.
Tag isolation is technically the simplest attack, and the most represented. It includes the jamming of tag communications and blocking data that has to be transferred to the reader.
Tag cloning includes eavesdropping, the extraction of the unique identifier (UID) and/or the RFID content and their insertion into another tag. Tag cloning is commonly used for unauthorized access to restricted areas or even for changing – decreasing the price of certain goods in supermarkets.
Relay/Amplification attacks consist in unauthorized amplification of the RFID signal by using a relay and extending the range of the RFID tag beyond the borders of its coverage zone.
Denial of Service (DoS) attacks include the scenario when a tag is flooded with a large amount of information from a malicious source and cannot process the operational signals sent by real tags. Other techniques are based on jamming – emitting radio noise at the RFID system operating frequency.
Remote tag destruction is realized by RFID zappers able to send energy remotely. This electro-magnetic field can be very high and capable of burning certain components of the tag. Remote tag destruction is possible if the kill password in some tags is misused – first by passive eavesdropping in order to open the kill password and then applying it intentionally to disable the tags.
Man-in-the-Middle (MitM) attacks, SQL injection, virus/malware and commands injections are possible by placing an active malicious device between a tag and the reader to intercept or alter the communications between both elements and endanger the readers functioning.
RFID skimming includes the deployment of unauthorized portable terminals, to make fraudulent charges on payment cards.
To provide a secure wireless network, described security challenges have to be taken into account when creating smart home or smart building systems based on RFID wireless technology.
The Wi-Fi represents wireless technology that includes the IEEE 802.11 family of standards (IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n, IEEE 802.11ac, etc.). Within 50m range, it operates in 2.4 GHz and 5GHz frequency bands,.
This technology was developed for wireless networking of computer devices and is commonly called WLAN (Wireless Local Area Network), where the communication is realized between wireless routers typically connected to the Internet and other wireless nodes within its range.
In correlation with performances of specific IEEE 802.11 standards, different data rates are enabled and their theoretical throughput is 11 Mbps (IEEE 802.11b), 54 Mbps (IEEE 802.11a and IEEE 802.11g), 100 Mbps (IEEE 802.11n) or 300 Mbps (IEEE 802.11ac). In the overcrowded 2.4 GHz frequency band, there are 14 channels dedicated for the Wi-Fi technology. In 5 GHz frequency band, RF channel distribution for Wi-Fi is correlated with national legislation and RF bands allocation plans. A new Wi-Fi HaLow (IEEE 802.11ah) standard is a technological successor of the current IEEE 802.11ac wireless protocol. It works at 900 MHz frequency band in the USA and significantly improves wireless coverage and energy efficiency as one of the most important features for smart homes, smart buildings and other IoT use cases.
Among other available choices, this technology is used in smart homes and smart buildings for use cases with high throughput audio/video streaming requests, centralized management applications, video monitoring and security systems, etc. Networking of multiple devices such as cameras, lights and switches, monitors, sensors and many others is enabled with this technology.
One of the major Wi-Fi benefits is its prevalence in almost all digital devices today and capability to provide high-capacity wireless links. From a security perspective, activation and implementation of supported encryption mechanisms provide acceptable protection, like Wi-Fi Protected Access (WPA) or WPA2. Wi-Fi technology enables generic IP compatibility, easy installation and operation procedures, possibility to add or remove the devices to or from a network with no particular management efforts and impacts to network functionality, efficient troubleshooting, etc. This technology can be implemented as a back-end network for offloading aggregated data from a central IoT hub to the cloud, which is a very important feature applicable to smart homes and smart buildings.
Some Wi-Fi drawbacks for smart home and smart building use cases are power consumption, higher infrastructure price, susceptibility to obstacles that limits the range, susceptibility to RF jamming—important for smart home or smart building security systems, available throughput is shared between connected devices, susceptibility to interference from the many devices that operate at the same frequency—including Wi-Fi and other wireless technologies devices like cordless phones, microwaves, etc.
Wi-Fi Security
The Wi-Fi Alliance enables the implementation of different security solutions across Wi-Fi networks through the Wi-Fi Protected Access (WPA) family of technologies. Simultaneously with Wi-Fi technology, deployable for personal and enterprise networks, security capabilities evolve too.
Today there are several available levels of security applicable to Wi-Fi networks implemented in WPA protocols, like WPA3 – Personal, WPA3 – Enterprise, WPA2, Open Wi-Fi and Wi-Fi enhanced open.
WPA3 security protocol
WPA3 is the latest generation of Wi-Fi security protocol. It is a successor of successful and widespread WPA2 protocol. WPA3 adds new security features to deliver more robust authentication, enable increased cryptographic strength for highly sensitive information exchange and support resiliency of mission critical networks. Once implemented, WPA3 protocol represents best security practices in Wi-Fi networks, while disabling obsolete security protocols and requiring usage of Protected Management Frames (PMF) at the same time. It includes additional features specifically to Personal or Enterprise networks and maintains interoperability with WPA2 protocol. WPA3 is currently an optional certification for Wi-Fi certified devices that will become mandatory in compliance with the market needs and growth.
WPA3-Personal protocol enabled better protections to individual users by providing more robust password-based authentication. This capability is enabled through Simultaneous Authentication of Equals (SAE), which replaces Pre-Shared Key (PSK) in WPA2-Personal protocol. Some of its advantages are natural password selection (allows easy to remember passwords), protection of data traffic even if a password is compromised after the data was transmitted and easy to use.
WPA3-Enterprise protocol is developed specifically for enterprises, governments and financial institutions, offering an optional mode that uses 192-bit minimum-strength security protocols and cryptographic tools for better protection of sensitive data. It is supported with authenticated encryption (256-bit Galois/Counter Mode Protocol – GCMP-256), key derivation and confirmation (384-bit Hashed Message Authentication Mode with Secure Hash Algorithm – HMAC-SHA384), key establishment and authentication (Elliptic Curve Diffie-Hellman – ECDH exchange and Elliptic Curve Digital Signature Algorithm – ECDSA, using a 384-bit elliptic curve) and robust management frame protection (256-bit Broadcast/Multicast Integrity Protocol with Galois Message Authentication Code – BIP-GMAC-256).
WPA2 security protocol
WPA2 protocol provides security and privacy to Wi-Fi networks since 2006. It is a well-known successor of an obsolete WPA security protocol. The major improvement in comparison with WPA is deployment of stronger AES encryption algorithms in WPA2 protocol.
During 2018, to meet security requirements in evolving networking environments, Wi-Fi Alliance augmented existing WPA2 protocol through configuration, authentication and encryption enhancement. By these enhancements, susceptibility to network misconfiguration is reduced and security of managed networks with centralized authentication services is supported.
Open Wi-Fi networks
In some use cases, open Wi-Fi networks are the only available option. It is very important to be aware of the risks that open networks present. To address these risks, Wi-Fi Alliance has developed a Wi-Fi Enhanced Open as a solution for users of open Wi-Fi networks. Compared to traditional open networks with no protection, Wi-Fi Enhanced Open certification provides unauthenticated data encryption to subscribers. It is based on Opportunistic Wireless Encryption (OWE) method defined in the Internet Engineering Task Force (IETF) RFC8110 specification and the Wi‑Fi Alliance Opportunistic Wireless Encryption Specification. Wi-Fi Enhanced Open enables data encryption that maintains the open networks ease of use and benefits network providers because of simple network maintenance and management.
The intensive evolution of security features in Wi-Fi technology makes it very deployable in the IoT domain and specifically to smart home and smart building use cases. Like other wireless technologies, it has some security challenges too. If we take into account the number of devices embedded with Wi-Fi chips, this becomes even more important. Some representative Wi-Fi security challenges are:
Jamming susceptibility – a Wi-Fi signal can be easily jammed today. In smart homes or smart building, this attracts additional attention. If a home security system is based on Wi-Fi technology, intruders could effectively block the Wi-Fi signal and disable the alarm system.
Because of the single point of failure (wireless router or Access Point), DoS attacks are potential risks for smart homes or smart building Wi-Fi networks. If the Access Point is out of service, there is no service availability and complete wireless network is malfunctioning.
Eavesdropping is performed by simply getting within range of a target Wi-Fi network, then listening and capturing data. This information can be used for a number of unauthorized activities including attempting to break existing security settings and analyzing non-secured traffic. It is almost impossible to reliably prevent this category of attacks because of the nature of a wireless network. It is always important to set the complex parameters in security mechanisms.
Evil Twins or Rogue Wi-Fi Hotspots are one of the most common ways for obtaining sensitive information from Wi-Fi networks. It represents a fake Wi-Fi access point that imitates the legitimate one. In this scenario, an SSID is state similar to original Access Point and any information disclosed while connected to Rogue Wi-Fi Hotspot could be misused.
Packet Sniffers – by using a packet sniffer, it is possible to identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts.
File-Sharing – if enabled on devices, it can be used for unauthorized access to a device connected to the Access Point or Wi-Fi hotspot and malware drop.
Malware and Ransomware susceptibility of public Wi-Fi hotspots that could be a part of smart building. Without the protection of AV software and web filters, malware can be silently downloaded.
A generic IP nature of Wi-Fi networks makes them a perfect surrounding for the testing of the new hackers’ tools and for improvements of the existing ones.
To maintain worldwide interoperability and secure communications between devices from different manufacturers, Wi-Fi alliance permanently improves the security solutions implemented in Wi-Fi technology, provides product certifications, forward and backward compatibility. This approach is very important for Wi-Fi support to different IoT use cases and particularly for smart homes and smart buildings evolution.
Bluetooth is short-range wireless communications technology based on the IEEE 802.15.1 protocol. It works in a crowded license free 2.4 GHz frequency band and shares this resource with many other technologies.
Bluetooth is the optimal solution for establishing small wireless networks called Piconets, by connecting two Bluetooth devices. One of these nodes is Master that can be connected via Bluetooth link to 7 other Bluetooth devices—Slave nodes in Personal Area Network (PAN). Typical data rates are 1-3 Mbps.
The newest versions of Bluetooth is known as Bluetooth Low Energy (BLE) or Bluetooth smart.
It is important to note that Bluetooth and BLE are not compatible technologies. For example, channel bandwidth in Bluetooth technology is 1MHz and in BLE is 2MHz, number of channels in Bluetooth is 79, while BLE supports 40 channels. They also differ in waveforms, transmission power, network organization etc. Bluetooth Versions 4.1/4.2/5.0 support both BLE and Bluetooth standards, but if the master device is a BLE device, the slave must also be a BLE device.
In the most recent Bluetooth Version 5.0 new wave-forms and coding techniques are implemented to achieve longer of 50m or more, less power consumption, lower latency, better robustness and support for a higher number of subscribers in a single Bluetooth network.
At its inception the Bluetooth technology was used for data streaming or file exchange between mobile phones, PCs, printers, headsets, joysticks, mice, keyboards, stereo audio or in the automotive industry.
These days BLE technology became an indispensable protocol used in mobile phones, PCs and other types of devices applicable in gaming, sports, wellness, industrial, medical, home and automation electronics.
It is an important wireless technology for smart homes and smart buildings, because of the achieved ranges, throughput (2 Mbps), reliability, security performances, low power transmission and low power consumption. BLE provides wireless connectivity that enables home automation via the control of lights—smart bulbs and outlets, smoke detectors, cameras and other security systems, thermostats, video door bells, smart digital locks, hubs and controllers, different assistant devices, universal remotes, gaming consoles, TVs, etc.
In smart buildings, this wireless technology enables automation of some complex systems, as presented in Figure 2, such as: Heating, Ventilation and Air Conditioning (HVAC), lighting, security and indoor positioning.
BLE technology deployed in smart buildings enables optimal space utilization, lowers operating and maintenance costs by condition monitoring via different sensors, contributes to energy savings, enhances the tenants, staff or visitor experiences, etc.
BLE is important for both residential and business buildings. It changes the outlook of the offices by formatting the smart meeting spaces or enabling the sensor-based occupancy mapping, improves workflow efficiency, reduces expenditures, increases revenues and employee satisfaction. In specific smart building types—smart healthcare facilities or smart hospitals, BLE is crucial for patient care and operational efficiency improvements.
In retail industry, coupled with beacon technology, it supports enhanced customer services like in-building or in-store navigation, personalized promotions and specific customer oriented content delivery.
Some BLE limitations for smart home and smart building use cases would be: suitability for short range controls only, interference with other wireless technologies (Wi-Fi, Zigbee, etc.) that are using license free 2.4GHz frequency range, optimal for short-burst wireless communication, lower throughput compared to some other wireless technologies, lack of generic IP connectivity etc.
BLE (Bluetooth) security
Several security modes are recognized in Bluetooth technology. Each version of Bluetooth standard supports some of them. These modes difer based on the point of security initiation in Bluetooth devices. Bluetooth devices must operate in one of four available modes:
Bluetooth security mode 1 – it is an insecure mode. It is easy to establish wireless connectivity in this mode, but the security is an issue. Bluetooth security mode 1 applicability is in short range devices and only supported up to Bluetooth v2.0 + EDR (Enhanced Data Rate) standard version.
Bluetooth security mode 2 – a centralized security manager is responsible for access to specific services and devices in this mode, by implementation of the authorization procedure. All Bluetooth devices can support this security mode. However, v2.1 + EDR devices support it only for backward compatibility.
Bluetooth security mode 3 – in this link level-enforced security mode, the Bluetooth device initiates security procedures before establishment of physical link. It uses authentication and encryption for all connections to and from the device. Bluetooth Security Mode 3 is only supported in Bluetooth devices with v2.0 + EDR or earlier versions.
Bluetooth security mode 4 – in this mode security procedures are initiated after link setup. Secure Simple Pairing uses Elliptic Curve Diffie Hellman (ECDH) techniques for key exchange and link key generation. This mode was introduced at Bluetooth v2.1 + EDR.
Authentication – verifies the identity of devices that are exchanging data, based on their Bluetooth address.
Confidentiality – ensures that only authorized devices can access and view transmitted data. It is important for preventing compromise of information, for example caused by eavesdropping.
Authorization – ensures that Bluetooth devices are authorized to use the service.
Message Integrity – verifies that a message sent is a message received, without any changes in between its source and destination.
Pairing/Bonding – creates and stores shared secret keys important for a trusted device pair establishment.
No security (without authentication and without encryption).
Unauthenticated pairing with encryption (AES-CMAC encryption or AES-128 -is implemented in this layer, during communications when the devices are unpaired).
Authenticated pairing with encryption.
Authenticated BLE secure connections pairing with encryption (each time after the pairing is initiated Elliptic Curve Diffie-Helman key agreement protocol is used for key exchange BLE secure connections).
BLE security mode 2 is supported with 2 layers:
Unauthenticated pairing with data signing.
Authenticated pairing with data signing.
Security manager protocol, built in the session layer of the OSI reference model, is responsible for pairing, signing between nodes, encryption, key administration, key management, security services management and all other security features in a BLE network.
Bluetooth has some security vulnerabilities, as does any other wireless technologies. Its implementation has to be planned taking into account possible security threats. Some representative security challenges of BLE (Bluetooth) technology are:
Passive eavesdropping and Man in the Middle (MITM) attacks or identity tracking apply to Bluetooth technology. The interception of radio waves between a smartphone and smart lock can be realized by a different kind of sniffers. Their price range today is 50-100 USD.
Bluejacking involves the sending of a vCard message via Bluetooth to other Bluetooth users within the short ranges – typically 10 meters. The risk is that the recipient will not realize what the message is and it is possible to open messages automatically, assuming that they are sent from someone known from the contact list.
Bluebugging is the Bluetooth security issue that allows unauthorized remote access to a phone and usage of its features. It may include placing calls and sending text messages. In the meantime, the owner does not realize that his phone has been taken over. Depending on the attacker’s creativity, denial of service (DoS) attacks and resource misappropriation are consequences of this security issue, too.
Car Whispering is a hacking technique that implies the usage of specific software to send and receive audio and other files to and from a Bluetooth enabled car stereo system, to invade privacy or listen conversation. It could be applied in the same manner to a Bluetooth enabled systems in smart homes or smart buildings.
Bluesnipping is a hacking technique capable to extend the range of unauthorized Bluetooth communication system monitoring and provide malicious coverage within a mile distance. It is realized with a specific hardware – a Bluesnipping gun that is made with a few hardware pieces like folding stock, Yagi antenna and Linux terminal.
These vulnerabilities can cause unauthorized access to sensitive information, unauthorized use of Bluetooth devices and other systems or networks to which the Bluetooth devices are connected.
In order to protect a network from security vulnerabilities, it is always useful to be careful with third-party applications and install applications only from trusted sources. Recommendation is to deploy a home network firewall that will protect and encrypt all incoming and outgoing data.
Zigbee is wireless PAN (Personal Area Network) technology developed to support automation, machine-to-machine communication, remote control and monitoring of IoT devices. It evolved from IEEE 802.15.4 wireless standard and supported by the ZigBee Alliance.
The Zigbee Alliance, as a non-profit association, develops open global Zigbee standard for use in the Internet of Things consumer, commercial and industrial applications. It includes companies like Amazon, Samsung, Huawei, Qualcomm, Toshiba, Silicon Labs, Philips etc. Today, Zigbee 3.0 is one of the most common wireless standards implemented in IoT devices and supported in popular products such as Samsung Smart Things and Philips Hue. Zigbee Alliance improves Zigbee standard, enables interoperability among the wide range of smart devices and provides end-users access to innovative products and services, that will work together seamlessly. This alliance is responsible for certification of Zigbee devices and maintaining a list of certified products.
Cross-band communication across 2.4GHz and sub-GHz bands with multi PHY support.
Global operation in the 2.4GHz frequency band according to IEEE 802.15.4 protocol.
Regional operation in the 915Mhz and 868Mhz frequency bands.
Sub-GHz channels transmission ranges up to 1km.
IP Compatibility.
Different manufacturers interoperability.
Power saving mechanisms for devices.
Some interesting Zigbee products are:
Speakers with a built-in Zigbee hub, as good foundation for a smart home. In addition, applications on phone or tablet can be used to add, group and manage Zigbee devices, customize routines and then activate them using voice commands.
SmartThings Hub will work with a growing range of lighting, heating and security products, smart TVs or other home appliances, including voice control.
Smart bulbs with Zigbee modules are always affordable and effective way into smart lighting.
Smart contact sensors can be stick on doors or windows to provide lights and notifications as soon as they are opened. Smart contact sensors are usually easy to mount and supported by easily replaceable long-life batteries.
Smart Zigbee plugs work in a Zigbee network. They can be connected directly to an Echo Plus, Hue bridge or SmartThings hub and control whatever device you plug into it, which makes them simple plug and play solution for electric heaters, coffee machines or standard lamps.
Zigbee protocol stack
The Zigbee protocol stack consists of four layers – Physical (PHY) layer, Medium access control (MAC) layer, Network (NWK) layer and Application (APL) layer – as shown in Figure 1. The Physical and MAC layers are determined by IEEE 802.15.4 standard. The Network and Application layers are governed by the Zigbee standard (https://research.kudelskisecurity.com/2017/11/01/zigbee-security-basics-part-1/).
Figure 1: Zigbee protocol stack
Physical (PHY) Layer operates in frequency bands 868/915 MHz and 2.4 GHz. It is responsible for packet generation and reception, data transparency, and power management.
Medium Access Control (MAC) Layer responsibilities include controlling radio access via CSMA-CA mechanism, beacon transmission, synchronization, and reliable radio link establishment and maintenance. There are four types of MAC frames: data frames, beacon frames, acknowledgment frames, and MAC command frames. This layer’s security is based on the IEEE 802.15.4 standard, extended with CCM mode to provide encryption and integrity protection. CCM mode – Counter with CBC-MAC (Cipher Block Chaining -Message Authentication Code) is a mode of operation for cryptographic block cyphers. It is an authenticated encryption algorithm designed to provide both authentication and confidentiality, for block ciphers with a block length of 128 bits.
Network (NWK) Layer ensures correct operation of the IEEE 802.15.4-2003 MAC sub-layer and provides an appropriate service interface to the Application layer. It interfaces with application layer via:
Data entity – Network Layer Data Entity (NLDE) generates network level Packet Data Units (PDU), provides topology-specific routing and security.
Management entity – Network Layer Management Entity (NLME) configures a new device, starts a network, performs joining, rejoining and leaving a network functionality, provides addressing capabilities, neighbor discovery, route discovery, reception control and routing.
The NWK layer is responsible for the processing steps needed to securely transmit outgoing frames and securely receive incoming frames. The NWK layer’s frame-protection mechanism uses the Advanced Encryption Standard (AES) and CCM mode for authentication and confidentiality.
The Application layer (APL) consists of Zigbee Device Objects (ZDOs), Application support sub-layer (APS), and the Application Framework.
Zigbee Device Object (ZDO) is responsible for Zigbee End Devices, Zigbee Routers, and Zigbee Coordinators implementation. ZDO acts as an interface between the application objects, the device profile, and the applications. It assembles configuration information from the end APS to determine and implement device and service discovery, security management (key loading, key establishment, key transport and authentication), network management (network discovery, leaving/joining a network, resetting a network connection and creating a network), binding, node, and group management. Zigbee Device Object manages the security policies and the security configuration of a device. It defines three types of logical devices in a network (Coordinator, Router and End device), each having a specific role.
The Application Support Sublayer (APS) provides an interface between the NWK and APL layer. It provides services for the establishment and maintenance of security relationships. Services are provided via APS Data Entity (APSDE) and APS Management Entity (APMSE). APSDE is responsible for data transmission services between application entities, while APMSE provides security services, binding of devices and group management. The APS sublayer allows frame security to be based on link keys or the network key. It is also responsible for the processing steps needed to securely transmit outgoing frames, securely receive incoming frames, and securely establish and manage cryptographic keys.
Application Framework is the environment in which application objects are hosted. These are usually manufacturer defined application objects. It defines application clusters and profiles (agreements for messages, message formats, and processing actions that enable developers to create an interoperable, distributed application employing application entities that reside on separate devices).
Zigbee network logical devices
There are three types of logical devices in a Zigbee network. They are defined by the ZDO and illustrated in Figure 2.
Figure 2: Zigbee logical devices
Zigbee Coordinator is a device responsible for establishing, executing, and managing the overall Zigbee network. It is responsible for configuring the security level of the network and configuring the address of the Trust Center (the default value of this address is the Zigbee coordinator’s own address, otherwise the Zigbee coordinator may designate an alternate Trust Center). The Zigbee coordinator maintains a list of devices associated to the network. It provides support to orphan scan (devices need to verify they still have a valid Coordinator) and rejoin-processing to enable previously associated devices to rejoin the network.
There is only one coordinator per network and it can never be put to sleep. The Zigbee Coordinator is required to allow nodes to join or leave the network, as it contains the Trust Center. The Trust Center decides if a node will join a Zigbee network. Zigbee Trust Center is an application that runs on the device trusted by other devices within the network, to distribute keys for the purpose of network and end-to-end application configuration management. All members of the network recognize exactly one Trust Center in each secure network.
It is configured to operate in either standard or high security mode and may be used to help establish end-to-end application keys either by sending out link keys directly or by sending out master keys.
Standard mode is designed for residential applications. In this mode, the Trust Center maintains a list of devices, master keys, link keys and network keys with all the devices in the network. It maintains a standard network key and controls policies of network access. In this mode, each device that joins the network securely shall either have a global link key or a unique link key, depending upon the used application. It is required that Trust Center have prior knowledge of the link key value and the key type (global or unique), in order to securely join the device to the network.
High security mode is designed for high security commercial applications. Trust Center also manages the implementation of key establishment, using Symmetric-key Key Establishment (SKKE) protocol and entity authentication.
Zigbee Router is an intermediate node device responsible for routing packets between end devices or between an end device and the coordinator. Routers need the Trust Center’s permission to join the network if security is enabled on the network. At certain occasions, routers can allow other routers and end devices to join the network. They will also maintain a list of currently associated devices, facilitate support of orphan scan and rejoin processing. Since routers link multiple sections of a network, they cannot be put to sleep.
Zigbee End Device is usually a sensor node that monitors and collects required data. End devices are low powered or battery operated, unlike routers or coordinators. Hence, they can be put to sleep for a certain period of time to conserve energy when there is no activity to be monitored. End devices can neither route traffic nor permit other nodes to join the network.
Zigbee network topology
Zigbee networks support three types of personal area network (PAN) topologies – star, tree and mesh. The topology selection must be taken into account in the planning phase of the network and coordinated with the purpose of the network. The choice of topology is also influenced by power supply solutions of devices, their expected battery lifetime, network traffic intensity, latency requirements, the costs of network elements, etc.
Available Zigbee topologies are:
Star topology, as presented in Figure 3, has no routers and the coordinator (data collector) is responsible for routing the packets in the network, initiating and maintaining the devices in the network. End devices can communicate only via the coordinator. Star topology weakness is a single point of failure. Failure of the coordinator can shut-down the whole network. Furthermore, the star hub can become bottleneck with network bandwidth.
Tree topology is illustrated in Figure 4. The coordinator acts as the root node responsible for establishing the network and choosing certain key network parameters. A router can be a child to the coordinator or another router and is responsible for moving data and control messages through the network, using hierarchical routing strategy. An end device can be a child to a coordinator or a router and can communicate to another end device only via a router or a coordinator. Tree networks may deploy beacon-oriented communication as per the IEEE 802.15.4 standard. Tree topology weakness is that children nodes could become unreachable if their parent node shuts-down.
Mesh topology is presented in Figure 5. It allows full peer-to-peer communication. It has a single coordinator, multiple routers to extend the network, and optional end devices. The coordinator is responsible for establishing the network and choosing certain key network parameters. In this topology, routers cannot transmit beacons. The failure of a coordinator does not result in a single point of failure. Complexity and difficulty to setup and maintain are main mesh topology weaknesses.
Zigbee is considered to be a secure wireless communication protocol, with security architecture built in accordance with IEEE 802.15.4 standard. Security services provided by Zigbee include key establishment, key transportation and frame protection via symmetric cryptography. However, Zigbee security features are based on certain assumptions:
Zigbee assumes an “open trust” model. The protocol stack layers trust each other. The layer that originates a frame is responsible for its security.
The security services cryptographically protect the interfaces between different devices only.
Interfaces between different stack layers in the same device are arranged non-cryptographically.
The secret keys are not discovered during key-transport. An exception to this is during pre-configuration of a new device, in which a single key may be sent unprotected.
Availability of almost perfect random number generators.
Availability of tamper-resistant hardware.
Taking into account the above mentioned assumptions, in this chapter are discussed some important security features (different security models, key types and keys management) provided by the Zigbee standard.
Zigbee security models
There are two types of security models in Zigbee networks, as presented in Figure 6. They mainly differ according to the implemented mechanism, how new devices are admitted into the network and how they protect the messages in the network – Centralized security network and Distributed security network.
Centralized Security model is complex but more secure and involves the Trust Center (network coordinator). Only Zigbee Coordinators with Trust Center can establish centralized networks. Nodes join the network, receive the network key and establish unique link key with Trust Center. The Trust Center is responsible for:
Configuring and authenticating routers and end devices that join the network.
Generating network key to be used for encrypted communication across the network.
Periodically or as required, switching to a new network key, as a security protection method. If an attacker acquires a network key, it will have a limited lifetime.
Establishing a unique link key for each device, as they join the network.
Maintaining the overall security of the network.
Distributed security model is simple, but less secure. This model supports only routers and end devices. Routers find their role in formatting the distributed network and they are responsible for sign up of other routers and end devices. Routers publish network keys (used to encrypt messages) to newly joined routers and end-devices. All the nodes in the network use the same network key for encrypting messages. Also, all nodes are pre-configured with a link key (used to encrypt the network key) before entering the network, as there is no Coordinator and Trust Center.
Figure 6: Zigbee security models
Zigbee security keys
There are three types of 128-bit symmetric keys determined by the Zigbee standard:
Network key is used in broadcast communication. Each node requires the network key in order to communicate securely with other devices on the network. The Trust Center generates the network key and distributes it to all the devices on the network. A device on the network acquires a network key via key-transport (used to protect transported network keys) or pre-installation. There are two different types of network keys – standard (sent without encryption) and high-security (encrypted network key).
Link key is used in unicast communication. A device acquires link keys either via key-transport (key-load key is used to protect transported link keys), key-establishment (specific key-establishment procedure is initiated based on device security profile), or pre-installation (for example, during factory installation). This key provides APL level security in addition to NWK level security provided by the network key. Messages between the nodes are encrypted with both – network and link keys.
Zigbee defines two types of link keys – global and unique. Global link keys are established between the Trust Center and the device. Usually, link keys related to the Trust Center are pre-configured using an out-of-band method, for instance QR code in the packaging. Unique or application link keys are established between two devices in the network, without Trust Center. Both types of keys may be used in the network, but a device shall only have one type in use. The type of link key determines how the device handles various Trust Center messages (APS commands), including APS encryption.
Furthermore, each node may also have the following pre-configured link keys which would be used to derive a Trust Center link key:
A default global Trust Center link key defined by the Zigbee Alliance has a default value. It is used or supported by the device, if no other link key is specified by the application at the time of joining.
A distributed security global link key is a manufacturer specific key used for interaction between devices from the same manufacturer.
Install code is a preconfigured link key. All Zigbee devices can contain a unique install code, a random 128-bit number protected by a 16-bit cyclic redundancy check (CRC). The Trust Center may require that each new device use a unique Install code to join a centralized security network and the Install code must match a code previously entered into the Trust Center. Once the Install code is verified, the joining device and the Trust Center derive a unique 128-bit Trust Center Link Key from the Install code using the Matyas-Meyer-Oseas (MMO) hash function.
Touchlink preconfigured link key – is used for devices that will join a network using the Touchlink commissioning procedure.
Master key forms the basis for long-term security between two devices. Its function is to keep the link key exchange confidential between two nodes in the SKKE protocol. A device acquires a master key via key-transport, pre-installation or user-entered data such as PIN or password.
Key management
Zigbee supports different key management mechanisms:
Pre-installation – the manufacturer installs the key into the device. If there are several keys preinstalled in the device, the customer can select one of the installed keys by using a series of jumpers in the device.
Key establishment method of generating link keys based on the master key. Different security services of the Zigbee Network use a key derived from a one-way function (with link key as the input) to avoid security leaks due to unwanted interactions between the services. This key-establishment is based on the SKKE protocol. The devices involved in communication must be in possession of the master key, which may have been obtained through pre-installation, key transport or user-input.
Key transport – the network device makes a request to the Trust Centre for a key. This method is valid for requesting any of the three types of key in commercial mode, whereas in residential mode the Trust Centre holds only the network key. The key-load key is used by the Trust Center to protect the transport of the master key.
Additionally, in the centralized model, keys can be distributed using Certificate-Based Key Establishment protocol (CBKE). CBKE provides a mechanism to negotiate symmetric keys with the Trust Center based on a certificate stored in devices at manufacturing time and signed by a Certificate Authority (CA).
Zigbee Security Strengths
The Zigbee Alliance and its members are continuously improving security performances of Zigbee technology, to achieve optimal balance between deployment, exploitation and security requirements in wireless machine to machine communication.
To meet the security needs, Zigbee provides a standardized set of security specifications based on a 128-bit AES algorithm and compatible to wireless 802.15.4 standard. In Zigbee networks security is defined for the MAC, NWK and APL layers. Security mechanisms include key establishment and transport, device authorization and frame protection.
The MAC layer controls access to the shared medium and manages single-hop transmissions between neighboring devices. The Zigbee Alliance added a NWK layer security option to extend some security functionalities not available at the MAC layer (capability to reject expired data frames).
It is very important to choose an optimal place to apply security mechanisms. If the application needs strong security, then APL layer would be the choice. This approach protects against both internal and external attacks, but it requires more memory to implement.
Some representative security mechanisms, supported by Zigbee standard are:
Encryption with AES-CCM provides data confidentiality, authentication and integrity. Encryption and integrity protection prevents an eavesdropper from being able to interpret frame payload. Integrity protection adds a Message Integrity Code (MIC) to be transported along with the data to be protected. The MIC “signs” the data and allows the recipient to verify that the data has not been tampered. The MIC is also connected to the identity of the originator and thus provides origin authenticity.
Replay protection – each node in the Zigbee network contains a frame counter that is incremented at every packet transmission. Each node also monitors the previous frame counter values of devices that is connected to. If a node receives a packet from a neighboring node with the same or lower frame counter value than it had previously received, the packet is dropped. This mechanism enables replay protection by tracking packets and dropping them, if they were already received by the node. The only time the frame counter is reset to 0 is when the network key is updated.
Device authentication is procedure of confirming a new device, that joins the network as authentic. The new device must be able to receive a network key and set proper attributes within a given time frame to be considered authenticated. Device authentication is performed by the Trust Center. There are two Trust Center authentication modes available – residential and commercial. Residential mode is lightweight, but it doesn’t establish keys or scale with the size of the network. Commercial mode establishes and maintains keys and scales well, but requires memory resources.
In residential mode, if the new device already has the network key, it must wait to receive a dummy (all-zero) network key from the Trust Center as part of authentication procedure. At the moment of joining the network, the new device does not know the address of the Trust Center and uses the source address of received message from Trust Center to set this address. If the new device that joins the network does not have a network key, the Trust Center sends it.
In commercial mode the Trust Center never sends the network key to the new device over an unprotected link. However, the master key may be sent unsecured in commercial mode, if the new device does not have a shared master key with the Trust Center. After the new device receives the master key, the Trust Center and the new device start the key establishment protocol (SKKE). The new device has a limited time to establish a link key with the Trust Center. If the new device cannot complete the key establishment before the end of the timeout period, the new device must leave the network and retry the association and authentication procedure. When the new link key is confirmed, the Trust Center will send the network key to the new device over a secured connection.
Furthermore, Zigbee also supports device-unique authentication at joining the network – such as Touchlink commissioning, which is an easy to use proximity mechanism for commissioning a device into a network.
Secure over-the-air (OTA) firmware upgrades, presented in Figure 7, allow a manufacturer to add new features, fix defects in end device, and apply security patches as new threats are identified.
Once a device receives an encrypted data, during an OTA upgrade, it decrypts, validates the signature, and then updates the device. Furthermore, the validity of the active image is checked each time the device boots. If the image is invalid, procedure prevents it from updating and returns to using the last one.
Logical link-based encryption is the ability to create an application level secured link between a pair of devices in the network. This is managed by establishing a unique set of AES-128 encryption keys between a pair of devices.
Runtime key updates can be performed periodically or as required. The Trust Center is responsible for changing the network key. It generates a new network key and distributes it throughout the network by encrypting it with the old network key. All devices continue to retain the old network key for a short period of time after the update until every device on the network has switched to the new network key. Also, after receiving the new network key, the devices initialize their frame counter to zero.
Network interference protection – in low-cost Zigbee nodes, using a band-select filter is not an available option, due to cost or node size limitations to protect the network from interference. However, basic properties of IEEE 802.15.4 and Zigbee network, such as low RF transmission power, low duty cycle, and the CSMA/CA channel access mechanism help reduce a Zigbee wireless network influence on interference. There are two methods for improving the coexistence performance of Zigbee networks: collaborative and non-collaborative.
In collaborative methods, certain operations of the Zigbee network and the other network are correlated and managed together. To avoid packet collisions, every time one network is active, the other network stays passive. In this method, there must be a communication link between the Zigbee and the other network.
The non-collaborative methods are the procedures that any Zigbee network can follow to improve its coexistence performance, without any knowledge regarding the nearby interfering wireless devices. This method is based on detecting and estimating interferences and avoiding them whenever possible.
Some of the non-collaborative methods applicable to Zigbee wireless networking include:
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) – is a media access protocol, where node verifies absence of other traffic and checks if the channel is sensed to be “idle” before transmitting.
Spread spectrum technologies support improves the network robustness against interferers – such as Direct Sequence Spread Spectrum (DSSS).
Dynamic RF output power control adjusts the transmitted RF output power based on the channel condition and the distance of the receiving nodes.
Mesh networking and location-aware routing support network in finding alternative routes to the final destination and avoiding routers and nodes close to interference source.
Frequency channel selection is capability to change the frequency channel when the level of the interferer signal is unacceptable. Zigbee supports frequency agility – capability that allows the entire network to change channels in the presence of interference.
Adaptive packet length selection is correlated to radio propagation conditions. Reducing the size of the packet is normally considered a way of improving the error rates in poor propagation conditions. Smaller packets are generally more suitable for transmission and reception.
Zigbee Security Weaknesses
Zigbee has some security vulnerabilities, which makes it similar to other wireless technologies. Zigbee networks implementation has to be performed taking into account possible security threats. Security attacks and unauthorized usage are quite possible, as Zigbee technology is applicable to remote control and monitoring of sensitive resources, infrastructure or home security.
Replay and injection attacks goal is to trick Zigbee devices. In the first phase, some tools for Zigbee network discovery transmit beacon request frames and analyze responded information about the available nodes in the network. This entire process finds Zigbee devices working on dedicated working channels, sends and receives beacon request and response frames over that single channel. Next phase is capturing the packets, analyzing them and then replaying the same packets to cause a change in the behavior of the device, determined by the replayed packets. Hence, captured packets from Zigbee nodes are sent back in a replay attack scenario, to make it look as they came from the originating node. The network will treat the malicious traffic as regular. An example of Zigbee software pen-testing tool for replay attacks is presented in Figure 8.
There are several other attacks that accompany replay attack – just as an example is a malicious user that receives packets at one point in the network and then replays these packets in other areas to interfere with the overall network functionality (wormhole attack).
In residential mode, if the new device that joins the network does not have a network key, the Trust Center sends the network key over an unprotected link and makes the network vulnerable.
Misplace of some low-cost Zigbee devices with limited protection capabilities – without tamper-resistance (such as temperature sensors and light switches), introduce opportunity for an unauthorized person to enter the door with privileged information – keys, network identification, working channels etc.
For the purpose of achieving and maintaining device interoperability, Zigbee uses the same security level for all devices on a given network. It could lead certainly to some security risks. Hence, the responsibility is in developer hands to address these issues and include policies to detect and handle errors, loss of key synchronization, periodically update keys, etc.
OTA firmware upgrade is typically applied to sophisticated Zigbee networks to ensure better security and updates. Security protection during OTA procedures can be bypassed using a device that mimics the Zigbee node and selects the transmission that is exchanged between the network devices. These packages can later be analyzed or decrypted. Some combined hardware and software tools are capable to effectively intercept and analyze 802.15.4 packages. This kind of attack is very hard to discover.
At the MAC layer, if an attacker floods a channel with frames, network will be forced to deny any communication between devices. This is realistic scenario because Zigbee uses CSMA/CA mechanism (if it is running in non-beacon mode) and devices always check if a channel is busy before transmission, thereby resulting in an DDoS attack.
Reusing Initialization Vector (IV) value with the same key is a security vulnerability inherited by Zigbee from 802.15.4. It enables an attacker to recover two plaintexts using their cipher-texts. Recovering the two plaintexts is a simple XOR operation on the two cipher-texts, encrypted with the same keys and IV – same nonce value. This attack is known as the same-nonce attack.
Without integrity protection provided by Message Integrity Code, a rogue device could modify a transmitted frame and the modification may not be detected by the recipient.
Unauthenticated acknowledgement packets (ACK) could influence security in Zigbee networks. The 802.15.4 and Zigbee specification does not provide integrity and confidentiality protection for acknowledgment packets. Hence, an unauthenticated remote attacker can spoof acknowledgement packets. This threat is a direct consequence of man-in-the-middle attack.
A denial-of-service (DoS) attack causes a node to reject all received messages. In a Zigbee network, DoS can be achieved by altering routing tables to redirect all or some of the network traffic to a malicious device (sinkhole attack). It can be done by purposely sending messages to build artificial routing paths or to implement loops to the routing process of legitimate nodes. As a consequence, transmission of packets among devices is hampered.
In Zigbee specification, the frame counter is referenced as a security measure. It rejects frames that have been replayed. The counter will normally reset if a new key is created. The sequential freshness is used in this context to prevent malicious attacks. However, this protection has some weaknesses – as the frame counter uses incrementing values rather than random, an adversary can choose great values to avoid the rejection of specific frames. It is also easy to overflow the frame counters. An attacker might cause rejection of further frames and produce a DoS attack in the network, simply by transmitting a frame with the maximum possible value. This attack is possible in situations where MIC of the packet is not verified.
DoS attacks could be realized too, by using jamming techniques to trick the user for initiation of a factory reset and preventing the devices from communicating. It could be also realized by sending a “reset to factory default” command to the device and wait on the device to look for another Zigbee network to connect.
Touchlink procedure initiator has capability to send a factory-reset command to a target node in the network, allowing the target node to be removed from the current network and entered to another one. This procedure can be misused and malicious attack can be realized to exclude node(s) from the network. It can be serious threat for some protection and security systems.
Forward security requirement has to be addressed properly. Upon leaving the network, a node is still able to access the communication, since it still possesses the master and link keys. If we analyze an example of a corporation using Zigbee devices for opening doors or improving energy efficiency, it is not impossible that one or many of the devices are lost or stolen. For that reason, if the keys stored on the devices are not properly revoked, someone might take advantage of the situation and exploit this weakness. Therefore, this type of attacks together with network physical security should not be underestimated and must be taken seriously.
Conclusion
In order to meet the increased system requirements, the Zigbee Alliance is permanently engaged in security improvements (new algorithms and functions research and development, security protocols and hardware and software support requirements, networks and system organization and settings, regulatory topics and standards establishment). It can be said that the AES algorithm provides robust encryption to Zigbee standard. In addition, the overall system security depends on the encryption keys (their initialization, production, exchange) and specifically tailored network design, deployment, management and maintenance. As the conclusion, connectivity of Zigbee network can contribute to the quality of the modern life communications and fulfillment of consumers’ expectations from IoT world, only if established with security preferences.
I get accused of focusing too much on 5G as the only future IoT connectivity option. I do write a lot about how 5G will revolutionize our society, become the most critical of critical infrastructures and about security threats with 5G. I see 5G, with its low latency, high bandwidth, network slicing and ubiquitous coverage becoming the foundational capability for mission critical industrial, agricultural, financial, medical, education, energy and transportation, even military and emergency services IoT communication needs.
That’s not to say that 5G is the only IoT connectivity option. There are plenty of others.
IoT applications have some common requirements such as low energy consumption and cost effectiveness, but they also differ in their data rate, latency, range, reliability and other requirements. And, what I care most about, they vary in how they address security.
In the next few articles I will explore security features of some key IoT wireless technologies besides 5G.
Why LoRaWAN?
The most commonly used short-range radio technologies that operate at a personal or smart home range are Zigbee and Bluetooth.
Prior to 5G, long-range solutions based on cellular communications (2G, 3G, 4G) provided larger coverage, but they consumed excessive device energy and had too high latency for many use cases.
Therefore, IoT applications’ requirements have driven the emergence of a new wireless communication technologies termed Low Power Wide Area Network (LPWAN) designed to connect IoT devices with low power requirements, long range and low cost.
Some LPWAN technologies, such as e.g. NB-IoT, are cellular technologies operating in the licensed spectrum.
The Long-Range Wide-Area Network (LoRaWAN) and Sigfox are the two leading non-cellular LPWAN technologies that compete for large-scale IoT deployments.
There are specific use cases for which non-cellular LPWAN technologies will remain more suitable than 5G. For example, devices for which the battery lifetime of over ten years is important, might want to consider these non-5G communication technologies. In areas where 5G is not deployed or can’t reach (e.g. underground) LoRaWAN might be more suitable. In Smart Cities where density requirement might be even higher than the planned 5G one million devices per square km, LoRaWAN could provide a solution – addition of one gateway could support additional ten million devices. For private networks, 5G is not an easy deployment option. For mMTC applications in large-scale deployments, especially for non-time-critical sensor use cases without, or with low Quality of Service requirements, LoRaWAN will probably continue complementing 5G even after 5G is widely deployed.
While I expect 5G to become the catalyst for massive IoT (mIoT) development, pragmatic implementation approaches will have to combine 5G, NB-IoT, LoRaWAN and other technologies based on their strengths. Indeed, with many of my network operator clients we are working on securing a mix of cellular and non-cellular technologies planned to continue even after the arrival of 5G.
LoRaWAN Introduction
LoRaWAN provides long distance connectivity to IoT devices. It is designed for wireless battery-operated network, and it fills the gap between short-range low-power-consumption networks and long-range high-power-consumption networks. LoRaWAN is one of the dominant public specifications worldwide, with more than 500 vendors and 100+ LoRaWAN network operators having deployed LoRaWAN in more than 100 countries.
LoRa is the protocol at the physical and data link layer (LoRa PHY) – a proprietary radio modulation technology for wireless LAN. LoRa is a patented technology owned by Semtech.
LoRaWAN is developed on top of LoRa PHY as an open standard. It provides network, transport, session and presentation layer mechanisms and is managed and promoted by the LoRa Alliance.
LoRa physical layer RF modulation is based on a chirp spread spectrum modulation. It is the first low cost commercial implementation of this modulation which was previously used in military and space communication due to the long range that can be achieved. Chirp maintains the same low power characteristics as the frequency shifting keying (FSK) modulation used by many legacy wireless systems in the past, but significantly increases the range.
While the LoRa physical layer enables the long-range communication, it is the LoRaWAN communication protocol and network architecture that most influences the security, quality of service, battery lifetime and network capacity.
The lower frequencies which LoRaWAN uses are known as the unlicensed spectrum, more specifically the unlicensed radio spectrum in the Industrial, Scientific and Medical (ISM) bands. In Europe LoRaWAN uses the 867-869 MHz band, in the U.S. 902-928 MHz, while in China the 470-510 MHz band.
Different from Bluetooth, GSM, 3G, LTE or some other well-known wireless communication technologies, LoRaWAN provides the range of cellular networks and has the flexibility of Bluetooth or WiFi with the specifically designed devices to support very long battery life. Thinking about cybersecurity, design choices focused on energy consumption are already raising cybersecurity red flags for me. Complex encryption algorithms cannot be easily used in energy-constrained IoT devices. Advanced cryptography algorithms are not suited to IoT devices with limited energy and memory space because these algorithms often require a large storage space and strong computing capability. Every attempt to improve IoT security usually negatively impacts the energy management. Let’s see how LoRaWAN deals with this.
Typical LoRaWAN applications can be found in the IoT domain, with small sensors/devices that exchange information on a limited time interval and that are power supplied by batteries.
The most important LoRaWAN characteristics are:
long range (several miles in urban environments, dozens of miles in rural environments);
deep penetration (especially compared to 5G);
very long battery life (10+ years);
low cost modules;
low data rate (0.3 bps – 50 kbps);
unlicensed radio frequency spectrum;
native geolocation;
bidirectional communication; and
open standard.
LoRaWAN has some limitations as well, such as low network efficiency – i.e. large packet loss; or limited ability to control devices. So ideal use cases are simple sensors that don’t have to transmit frequently and in which occasional packet loss would not cause adverse impact. For example, smart meter readings that are updated every hour or so are an ideal example. With them it doesn’t matter if an occasional reading is missed, as long as some make it through.
Some other interesting LoRaWAN use cases are:
smart transit tracking and scheduling (e.g. smart bus signage in Montreal);
nationwide smart metering;
flood-monitoring;
IoTracker solution locating devices that can be lost or stolen (bicycle, wallet, etc.);
GeoWAN Cattle Tracking is used by Australian farmers;
xignal Mousetrap is a LoRaWan-connected mouse trap;
tracking pace of play on a golf course;
acoustic monitoring for proactive management of noise pollution;
lighting and humidity management for indoor botanical garden;
parking place occupancy sensor.
Instead of the more common IoT mesh topology (e.g. ZigBee), LoRaWAN uses a star-on-star topology illustrated in Figure 1. Gateways relay messages between network server and end-devices. LoRa RF modulation is used between end-devices and gateways. Between gateways and servers a standard IP connection is used. While the mesh architecture could increase the range and reliability, it also reduces battery lifetime as nodes receive and forward information from other nodes that is likely irrelevant for them. LoRaWAN long-range star-on-star architecture and three communication modes that can help further lower the power consumption comprise the best compromise to preserve battery lifetime while providing long-range connectivity.
Wireless LoRaWAN end-nodes (end-devices or client devices). Nodes are used to measure or to remotely control external physical systems and processes. They are typically low powered and communicate wirelessly with one or many gateways. The nodes are asynchronous and communicate only when they have data to send whether event-driven or scheduled. A Node is normally formed of a LoRa transceiver which is managed by a microcontroller. Nodes are separated in classes according to predefined characteristic behavior (A, B and C class) based on the trade-off between communication latency and battery lifetime.
Gateways which relay messages between end-devices and network server. In this architecture, the key attribute for LoRaWAN gateways required to achieve long-range and low-cost is the high capacity. Millions of devices should be able to connect to a single gateway. This is achieved by utilizing adaptive data rate and by using a multichannel multi-modem transceiver in the gateway so that simultaneous messages on multiple channels can be received.
Network server as a center of a star topology. Necessary intelligence is all centralized at the network server. It manages the network, manages the security, manages adaptive data rate, etc. (In the latest specification this architecture is expanded to support global roaming. It adds few roles for network servers and a join server complicating the above architecture somewhat and complicating the security analysis.)
One or more application servers.
LoRaWAN Security Overview
Security considerations have been built into the LoRaWAN from the first version of the specification released in June 2015.
LoRaWAN utilizes two layers of security: one for the network and one for the application. The network security ensures authenticity of the node in the network while the application layer of security ensures the network operator does not have access to the end user’s application data.
LoRaWAN uses symmetric-key cryptography to provide secure wireless communication. This means that a root key that is stored in a node must also be made available to the network in order to generate session keys. LoRaWAN utilizes two layers of security – one for the network and one for the application layer, as presented in Figure 2.
The security mechanisms are based on a symmetric root key shared between an end-device and the Network Server. From this key, two distinct per end-device session keys are computed: the application session key guarantees the data confidentiality between the end-device and the Application Server; and the network session key that guarantees the data integrity between the end-device and the Network Server.
Standardized AES encryption is used with the key exchange utilizing an IEEE EUI64 identifier. It combines the original AES encryption/decryption algorithm with several modes of operation, including a Cipher-based Message Authentication Code (CMAC) and a Counter Mode (CTR). The former is used to protect the integrity of messages, while the latter is employed for data encryption.
Before a node can exchange messages in the LoRaWAN network, activation procedure has to be finished. Two activation methods are available in LoRaWAN networks:
a) Over-the-Air Activation (OTAA) method – based on over the air Join Request and Join Accept messages handshake. Join Request messages are generated by the nodes where every node is deployed with a 64-bit DevEUI, a 64-bit AppEUI, and a 128-bit AppKey used for their identification to network server and cryptographical signature of the Join Request. If the server accepts the Join Request, it responds to the device with a Join Accept message.
The application and network servers calculate the node’s two 128-bit keys: the Application Session Key (AppSKey) and the Network Session Key (NwkSKey), respectively. These are calculated based on the values sent in the Join Request message from the node. Additionally, the application server generates its own unique randomly generated nonce value – AppNonce. The Join Accept reply includes the AppNonce, a NetID, end device address (DevAddr) along with configuration data for radio communication link, like RF delays (RxDelay) and determined channels (CFList). The device address (DevAddr) in the Join Accept reply is a 32-bit identifier which is unique within the network.
It is possible to use the device address to differentiate between end devices which have already joined the network. This allows the network and application servers to use correct encryption keys and to properly interpret the data.
When nodes are receiving messages back from the network, the data is encrypted with the AppKey. The node then uses the AppKey to decrypt the data and derives the AppSKey and the NwkSKey using the AppNonce value received in the Join Accept reply.
b) Activation by Personalization (ABP) method – differs from OTAA, as the unique DevAddr and both session keys (NwkSKey and AppSKey) are already deployed in the nodes. Since the nodes already have the information and keys they need, they can begin communicating with the network server without the join messages exchange.
Once a Node has joined a LoRaWAN network, either through OTAA or ABP activation method, in compliance with LoRaWAN Specification 1.1 all future messages will be encrypted and signed by using a combination of specific keys – NwkSKey and AppSKey:
Network Session Key (NwkSKey) – is network layer security mechanism. This unique end-device key is shared between node and the network server. Main tasks of Network Session Key are to provide message integrity for the communication and security for end-device to Network Server communication.
Application Session Key (AppSKey) – is responsible for end-to-end (application to application) ciphering of the payload. This is also an AES 128-bit key, unique per end-device. It is shared between End-device and Application Server. The Application Session Key’s role is to encrypt / decrypt application data messages and to provide security for application payloads.
These two session keys (NwkSKey and AppSKey) are unique per device. If the device is dynamically activated (OTAA), these keys are re-generated on every activation. If the device is statically activated (ABP), these keys stay the same, until they are changed manually.
LoRaWAN offers a simple process for end-to-end data confidentiality and integrity that should be interoperable among manufacturers and network providers. The implemented encryption mechanism ensures that the LoRaWAN network remains secure.
LoRaWAN Security Strengths
Security best practices refers to the roles and responsibilities of the entities in the LoRaWAN ecosystem and the security controls that are in place through the lifecycle of sensors, attempting to join LoRaWAN networks. Some representative examples of LoRaWAN security:
OTAA provisioning – for each session, keys/certificates are dynamically negotiated between a node and the Network and Application Servers. Some additional security improvements in devices are provided by periodical starting of network re-join procedure that would change session keys. Successful security attacks like spoofing, tampering etc. become complex in such an environment.
Dynamically activated devices (OTAA) use the application key (AppKey) to derive two session keys during the activation procedure. In the network, their value is set to default AppKey, which will be used to activate all devices. Recommendation is to have specific and customized AppKey value per each device. Another important fact is that, in complete security process, no keys are exchanged over the air, but only the missing parts of a calculation, from both sides. These capabilities are important as prevention against compromising the keys by intercepting traffic over the air.
With all the SIM card related vulnerabilities, such as e.g. recent SimJacker, it is a security strength that LoRaWAN is non-cellular and doesn’t require a SIM card.
Physical security of end-devices is an important task. In order to protect the network from physical attacks, especially from device capture attacks, tamper-resistant hardware should be used.
Secure element or secure hardware component built in a device that stores and keeps safe security credentials supports the overall security. This will make it more complex to extract the keys by reverse-engineering or scanning device memory.
If possible, it is very useful to have additional layer of encryption and authentication at the application layer.
Possibility of malicious capturing and storing messages exists in wireless networks. By security mechanism implementations in LoRaWAN network, it’s becoming complex to read messages because they’re encrypted by the AppSKey. In the Network layer, it is not possible to exchange messages without the NwkSKey, because of MIC (Message Integrity Code) check deployment. However, it is possible to retransmit messages. These so-called replay attacks can be detected and blocked by using frame counters. By node activation, frame counters (FCntUp and FCntDown) are both set to 0 value. Every time the device transmits an uplink message, the FCntUp is incremented and every time the network sends a downlink message, the FCntDown is incremented. The message exchanged between node and network is ignored if either the device or the network receives a message with a frame counter that is lower than the previous one. It is very important to save frame counters parameters to the permanent memory in a timely manner.
The acknowledgement of LoRaWAN data frames is optional, since it is wireless communication and some standard protocols like TCP are just not applicable. This means that message confirmation is performed only in case of acknowledgement requirement. An optional frame acknowledgement is ideal for LoRaWAN, since the over the air time (radio transmission time) for devices is limited and a certain amount of packet-loss might not influence overall information transfer. In order of validation, a MIC is added to each data frame. It is basically a signature calculated over the frame, using a Network Session-key. This means that each frame has a unique signature, even the same payload is transmitted multiple times because of the frame-counter increment for every transmission.
HTTPS and VPN technologies have been built-in to secure backend communication. The backend interfaces involve data control and signalization among network and application servers.
There are available LoRaWAN cloud services (like Simfony) that connect gateways to LoRaWan cloud infrastructure, using secure mobile data connections or the existing internet provider resources.
AppKey and AppSKey are not available for the network operator, so it is unable to decrypt the application payloads.
Together, these new specifications support and standardize firmware updates over the air (FUOTA), a capability unique to LoRaWAN among low power wide area networks (LPWANs). The ability to update devices remotely is critical for the IoT, where many sensors are in remote or difficult locations to reach but may require updating.
Together, the new specifications enable FUOTA, however, three separate specifications have been issued because each can be used independently. For example, remote multicast setup protocol can be used standalone to send messages to a group of end-devices; fragmentation can be used on its own to send a large file to a single end-device (unicast); and time synchronization also can be used as a standalone capability.
The multicast, the protocol has a means to securely deliver a cryptographic key to the group of end devices.
LoRaWAN Security Concerns
Like other wireless technologies, LoRaWAN has some security vulnerabilities. LoRaWAN networks deployment should be architected with an awareness of possible security threats.
LoRaWAN guarantees security for LoRa devices through symmetric-key cryptography. Despite the security features we just discussed, LoRa devices are susceptible to security attacks. For instance, LoRa modulation requires between 900 milliseconds and 1.2 seconds for each LoRa transmission.
This wide transmission window provides ample opportunities for attackers.
The secret key distribution is considered as a critical issue of AES like other symmetric encryption algorithm
Some of the most important security issues in LoRaWAN would be:
Encrypted messages have the same length as the key.
The session keys are derived from the long-term secret key – AppKey, as presented in Figure 5. Therefore, if AppKey is compromised, the past session keys can be recovered while the encrypted traffic can be decrypted.
Figure 3: AppKey and session keys derivation
Besides, once the session keys are compromised, security will be threatened, because it would be too complex to change the AES keys on all nodes – devices.
Because of available roaming according to LoRaWAN specification 1.1, several network servers support this feature – home, serving and forwarding network server. In addition, one join server and one application server are also required, which brings the following challenges:
Network management and orchestration becomes complex for the service provider.
There is a lack of session definition (e.g. an OTAA session). There is no unambiguous value of the session period for the higher protocol layers like it is defined in Physical Layer specification.
Susceptibility to bit-flipping attacks between network and application servers and to other kind of MITM attacks, as the unprotected frame payloads, are first transported from the serving network server to the home network server and then to the application server.
Handover-roaming can cause a fall-back of network server when the serving network server runs an older version of LoRaWAN (v1.0).
LoRaWAN Key Storage (AppKey, NwkSKey and AppSKey) is of crucial importance for security. There are several vulnerability points related to key life cycle management, session key generation, key storage and transport that need careful design and implementation. All device keys should be protected in proper way to mitigate threats of exposure. LoRaWAN Network Server Key Storage is a single point of failure for an entire system. Once this server or set of servers is/are compromised, the entire LoRaWAN system security is affected and attackers are free to intercept or spoof any message.
It is very important to implement properly the Exit procedure that is responsible for decommissioning of the nodes (end-devices) after their license ends or if they are compromised and wanted to be excluded from the network. Application-layer programming is responsible for the Exit procedure determination and implementation. It is apparent that mistakes connected to the Exit procedure might cause complications. For example, an exit procedure of an end-device should result with the permanent termination of all IDs, passwords, counters, and other parameters related to the specific end-device. Application-layer programmers are strongly advised to be very careful in the implementation of Exit procedures for decommissioning purposes.
Any kind of capture or physical attack on gateways or its failure would affect the communication between the nodes and the rest of the network.
Another gateways weakness lies in the identification and connection process. Every gateway sends beacons (it’s ID) to the server periodically. If the ID is opened and someone without authorization read it, the gateway can be “overruled” by a malicious gateway that simply sends this ID at a higher rate than the real one.
Furthermore, a beacon synchronization DoS attack is typical rouge gateway attack. In LoRaWAN, Class B beacons are not secured by any means, indicating that an attacker can set up a rouge gateway to send fake beacons. This could result in class B nodes to receive messages in windows out-of-sync with the rouge gateway and also increased collisions on transmitted packets.
Nodes or end user devices that are not under surveillance (for example at the customer premises) are more vulnerable to security threats. If unprotected, nodes can be exposed to device cloning, firmware replacement or parameter extraction and then lead to rogue end-device attacks. Rogue end-devices can be used to perform replay attacks. Packets being transmitted by the neighbors can be captured and replayed more frequently later on – network flooding attack. This might cause waste of network resources and decrease the availability of the gateway for the legitimate end-devices.
End-devices can also be exploited by the attackers. They can be used as jammers in the network to perform DoS attacks. This might cause the LoRaWAN network, to be unavailable for legitimate end-devices in certain area, while the rest of the network continues regular behavior and operation.
Some manufacturers have different approach – they retro-fit security elements. When a system has many dispersed components, this process is not optimal since it is sensitive, complex, demanding and often not suitable to be realized in secure, timely and cost-effective manner.
Quantum Weakness
LoRaWAN uses AES-128. It is one of the strongest and and most efficient algorithms in existence today. While some AES weaknesses have been uncovered by researchers, exploiting them is not practical. Yet. NIST claims that AES-128 should be secure at least up to 2030. ECRYPT-CSA sees it as secure until 2028 (See https://www.keylength.com).
However, AES-128 is not secure against quantum attacks. The best-known theoretical attack is Grover’s quantum search algorithm. In a post-quantum world only AES-256 is seen as being medium-term secure, while AES-128 is insecure.
This is more than just a theoretical discussion. One of the key selling points for LoRaWAN is the 10+ battery life for devices. Which means that many of today’s implementations are supposed to have operational life longer than the predicted commercial appearance of quantum computing. We have to think today about how quantum resilient our cryptographic choices are. Or at least how easy they are to upgrade.
Conclusion
Security challenges affect LoRaWAN like all other IoT technologies. In order to meet the increased security requirements in IoT networks, the LoRa Alliance is permanently engaged in standard development. In the same time, the overall security of the LoRaWAN network depends on the implementation of specific security solutions and deployment that need to be considered by the manufacturers, the carriers – network operators and their best practices. These two types of security issues are not specific exclusively to the LoRaWAN, but are equally applicable to any other wireless technology. LoRaWAN security issues must be analyzed from the very beginning of network design and should be assessed individually for each use case.
This prediction turned out to be over zealous, but Minsky and his colleagues believed it wholeheartedly. What, then, is different today? What makes the current dialogue about AI more relevant and believable? How do we know that this is not another case of humans over estimating the development of technology?
For one thing, AI is already here. In its narrower form, artificial intelligence already pervades industry and society. It is the ‘intelligence’ behind facial recognition, big data analysis or self-driving cars. Beyond narrow AI, however, is artificial general intelligence (AGI), the adaptable type of intelligence humans have. This is what scientists and commentators are usually referring to when they argue about the imminent arrival of AI.
The arguments are often about when and what – 1) when will AI happen, and 2) what will AI mean for humankind, 3) what are the risks of AI?
Answers to the first question vary wildly depending on who you listen to. Elon Musk, for example, once said,
“The pace of progress in artificial intelligence (I’m not referring to narrow AI) is incredibly fast. Unless you have direct exposure to groups like DeepMind, you have no idea how fast – it is growing at a pace close to exponential.”
Author and futurist Ray Kurzweil predicts that the technological singularity – the moment when AI becomes smarter than humans – is just decades away. Other AI experts disagree, claiming that true artificial intelligence before 2100 is impossible. Apart from academic and professional rhetoric, the debate around question one is important because the answer influences how long we have to get ready.
Ready for what? Well, that depends on your answer to question two – what will AI mean for humankind? In a broader sense, this question just leads to more questions – will we control intelligent machines or will they control us? Will intelligent machines replace us, coexist with us, or merge with us? What will it mean to be human in the age of artificial intelligence? For more on this discussion see my article Why AI is Neither the End of Civilization not the Beginning of Nirvana.
There are many people, including the likes of Elon Musk, Bill Gates and Stephen Hawking, who have voiced concerns about the answers to these questions. Their fears are mainly of the ‘Killer Robot’ variety – the concern that machines, once conscious, would be so much more intelligent than humans that we would lose power to them, with unpredictable consequences. This is the narrative that forms the backbone of popular culture dystopian fantasies, like those found in The Terminator, The Matrix, iRobot, Ex Machina, and Blade Runner. In fact, this theme goes all the way back to Samuel Butler’s 1872 novel, Erewhon. Others, like Kurzweil, welcome the imminent integration of organic and artificial intelligence as an evolutionary pathway for humankind.
Regardless of whether true AI is a few years or a few decades away, and regardless of whether AI includes inherent threats we are not yet aware of, most experts agree that it is important to begin preparing now for the age of AI. That means creating the oversight, regulation and guidance needed to allow AI to flourish safely. And that begins with understanding and mitigating the threats of the AI that is already at our fingertips. With so much narrow AI capability online, and waiting to come online with the emergence of 5G, understanding the risks and learning how to face them is vital.
A branch of computer science dealing with the simulation of intelligent behavior in computers.
The capability of a machine to imitate intelligent human behavior.
But those actively developing AI usually have a more pragmatic definition focused on specific objectives and uses. Amazon, for example, defines AI as “the field of computer science dedicated to solving cognitive problems commonly associated with human intelligence, such as learning, problem solving, and pattern recognition.”
This is more accurately a definition of machine learning (ML), a sub-domain of AI, and it describes most of the ways in which AI is being used today. Pattern recognition in large amounts of data can be used to identify faces from CCTV footage or identify specific medical anomalies. In the UK, for example, Google’s artificial intelligence company DeepMind are collaborating with the National Health Service. DeepMind’s AI software is being used to diagnose cancer and eye disease from patient scans. ML is also being used in other applications to spot early signs of conditions such as heart disease and Alzheimers.
AI’s big data-processing capability is also being used in the healthcare sector to analyse huge amounts of molecular information to find potential new drug candidates – a taxing and time-consuming process for humans.
In the shipping industry, the Port of Rotterdam is leading with progressive AI initiatives. New ML models have been developed to predict a vessel’s arrival time at the wharfside – a notoriously difficult task that requires consideration of multiple port and vessel processes. The application, Pronto, allows the port to better manage its resources and move freight faster through its facilities. Vessel waiting time has already been reduced by 20%. With further development, Port of Rotterdam hope Pronto’s self-learning capabilities will be extended to predict the arrival time of ships seven, or even 30, days away.
In smart buildings, AI is being used for predictive energy optimization, learning when to heat and cool a building to find the best balance between temperature conditions for its inhabitants and energy costs. Machine learning is also supporting fault detection and preventative maintenance by processing continuous streams of input and output data for building operations. In homes, AI is most popularly recognized in virtual assistants such as Alexa or Siri, though such services are becoming increasingly utilized in workspaces too.
Zooming out to smart cities, AI is already being used to optimize city traffic, parking and public transport. It is assisting with public safety and managing optimal flow of resources like energy and water.
AI, or ML, applications are being integrated at individual, group, industrial, social, national and international levels. They are increasingly embedded in the technology that we invite into our most private spaces, the technology that runs the mechanics of our work day, the technology that manages how we obtain access to food, water, energy and safety.
As AI becomes more sophisticated and it helps businesses operate better, governments see more and individuals lead easier lives, it will be adopted with increasing speed. However, ecosystems will also evolve to facilitate faster growth of AI. The rollout of 5G in the coming years will inexorably alter the techno-human landscape.
For the first time, extreme technologies like autonomous vehicles, integrated virtual reality (VR) and augmented reality (AR) and fully smart cities will be possible. These will require 5G’s high-speed, low-latency capabilities, but they will also rely on AI’s ability to process massive volumes of data, thereby driving faster adoption of AI. As AI evolves, this processing power will also turn into decision-making power as humans increasingly trust machines to make decisions on their behalf.
But machines can make mistakes. They may perfectly process the data we feed them, but if we feed them poor data they will produce poor results. ‘Garbage in, garbage out’ says the old computer science adage. But as we hand over more and more influence to AI systems, the stakes rise.
There is real risk that we can put too much trust in the smart systems we are building. Once AI applications take on responsibility for processes with important private and social ramifications, like the assessment of your credit score, job suitability or criminals’ chance of reoffending, the consequences of error escalate.
Even if one believes that fears of AI takeover are alarmist, which they may not be, there is still cause for prudence. A knife is a neutral instrument. Depending on who holds it, it may be used to cause harm or do good. It could stab or it could prepare a meal. The knife represents an entire spectrum of latent potential waiting to be realized by its operator.
In the same way, AI will increasingly be defined by those who use it. Already, AI applications have been shown to reflect the prejudices of those who built them, with possibly significant consequences for the individual and society. It is important to note that these effects are the result of humans acting unconsciously. What then is the potential for humans using AI with conscious intent?
What are the risks of AI?
Unlike the common Hollywood representation of vengeful machines bent on eradicating humankind, we are unlikely to see superintelligent AI exhibit human emotions. There should be no reason, then, for AI to be particularly kind or particularly malicious. Any danger in AI will depend on the humans that develop or implement it.
The Future of Life Institute, which is focused on keeping technology – especially AI – beneficial, suggests there are two primary scenarios in which AI could be dangerous:
The AI is programmed to do something devastating.
The most common, and possibly most feared, example of this is found in autonomous weapons: weapons that operate independently of any controller in intelligent and co-ordinated ways. Though this will largely spell the end of human-to-human warfare, the risks to humanity at large are extreme. It doesn’t take much imagination to see what devastation could be wrought by armies of machines with no inherent conscience programmed to kill. We are already seeing the beginnings an AI arms race between major nations like China, USA and Russia. Russian leader Vladimir Putin summed up the spirit of this competition when he said:
“Artificial intelligence is the future, not only for Russia, but for all humankind. It comes with enormous opportunities, but also threats that are difficult to predict. Whoever becomes the leader in this sphere will become the ruler of the world.”
The AI is programmed to do something beneficial, but it develops a destructive method for achieving its goal.
This could happen when we set a goal for the AI, but the AI’s interpretation of that goal and how to get there does not fully align with ours. Unless specifically programmed to do so, AI will not necessarily avoid actions that are illegal or harmful in its pursuit of the goal it has been given.
Both scenarios pose significant potential threats. And the more integrated and autonomous our systems become, especially in the hyper-connected 5G-verse, the more difficult it becomes for cybersecurity professionals to manage these risks.
Because it demands so much manpower, cybersecurity has already benefited from AI and automation to improve threat prevention, detection and response. Preventing spam and identifying malware are already common examples.
However, AI is also being used – and will be used more and more – by cybercriminals to circumvent cyberdefenses and bypass security algorithms. AI-driven cyberattacks have the potential to be faster, wider spread and less costly to implement. They can be scaled up in ways that have not been possible in even the most well-coordinated hacking campaigns. These attacks evolve in real time, achieving high impact rates.
Same AI-exacerbated capabilities are already being used, not for illicit financial gains, but for political manipulation by nation states and aligned organizations.
Through adversarial learning, machine learning systems are fed inputs that are intentionally designed to fool the ML program and arrive at conclusions that serve would-be attackers. This is used to compromise spam filters, hide malware code, or trick biometric assessments into incorrectly identifying users. In 2018, Google Brain famously created an algorithm that tweaks images to get around image recognition in ML systems and human brains, tricking most machines and people into thinking a picture of a dog was a cat. This has potentially dire consequences when cybersecurity checks are run by machine learning applications.
The common security issue of backdoors also becomes far more difficult to police in an AI environment. When built from scratch into a machine learning network, backdoors represent corruptions of the algorithm that are initiated under certain predetermined conditions. This has been proven possible with visual recognition software, which makes it a prime target for those wishing to interfere with drones, autonomous vehicles or surveillance technologies.
The nature of AI itself also poses difficulties for cybersecurity. In the use of deep learning, a more complex subtype of machine learning, the AI system is fed large amounts of data without the initial modelling that accompanies standard machine learning. In teaching an ML system facial recognition, for example, the process will begin with images that model the characteristics needed for the machine to recognise facial patterns. In deep learning, the initial image stage is skipped – the system is just fed the data and identifies patterns on its own.
This can have incredible results. The Deep Patient program at Mount Sinai hospital in New York has proved remarkably good at predicting illnesses based on hospital records. This includes really difficult to diagnose conditions like schizophrenia.
The problem is, nobody really knows how. The complexity of deep learning algorithms is so great that even the engineers who designed the program are often unable to work out how it arrives at its conclusions, even though those conclusions may be excellent. This is known as AI’s ‘black box’. We are able to see the inputs and the outputs, but everything that goes on in-between is shrouded in mystery. How does one ensure the security of such a system? If the outputs of such a system are trusted but not understood, then it is possible for the processing algorithm to be corrupted to give different results, and nobody would know. In the example referenced earlier, the Port of Rotterdam has avoided a black box approach altogether by setting reliable parameters for its program’s predictions.
Though AI and its derivatives promise a new world of opportunity for our species, we need to tread carefully. As we move to place AI at the heart of facilitative technologies like 5G, as well as governments, corporations and our homes, it is more important than ever that we develop intelligent ways to manage artificial intelligence. Research so far has been limited to white hat hackers using ML to identify vulnerabilities and plan fixes. But at the speed AI is developing, it won’t be long before we see attacks on a mass scale. We need to prepare now.
Not even 30 years separate us from the end of the Cold War. Yet, we appear to be witnessing the emergence of a new one, a technology Cold War between the United States and China. This time, instead of a ‘red under the bed’, the US government has declared there is one at the back door. It accuses Chinese technology companies of deliberately building vulnerabilities into their tech, allowing the Chinese to access and control the 5G critical infrastructure, and through it the connected devices and machinery at will.
Headlines are dominated by the case against Huawei, and debate continues to rage about the legitimacy of the US’s claims. Are these well-founded or part of a more comprehensive assault on China’s growing global technology dominance? Regardless, the battle lines are drawn, and they intersect most prominently on the field of 5G.
This is not simply a new generation of network. In 5G we find the potential for new ways of being, new technologies and new industries. What recently existed exclusively in the realms of science fiction will, with 5G, be possible at scale. It offers a platform to integrate the many different facets of 21st Century life in imaginative and exciting ways.
Ironically, this promise of integration has triggered a lot of division. In some ways this is symbolic of the times we live in. On one hand the human population is more globalized and integrated than ever before, but on the other, people seem more polarized and contracted. Finding the balance between these forces is key. Enabling the realization of 5G’s full potential will require cooperation, but it will also require intelligent security.
There may be political value in having a nation paranoid that they are being watched by a foreign government, but such an intense focus on surveillance and privacy concerns could do more harm than good. It is a distracting message, drawing attention away from far more serious risks inherent in the 5G landscape.
As 5G is instated it will quickly become the bedrock for the operation of national critical infrastructures. In ways that were never possible with 3G or 4G, 5G will redefine transportation, medical services, agriculture, water and waste systems, energy, defense and many more vital sectors. It will quickly become the infrastructure upon which all other infrastructures depend – the most critical of critical infrastructures.
The gains will be incredible. We will see levels of efficiency unimagined before. We will see solidification of emergent technologies like autonomous vehicles and remote surgery. But as systems become more unified on 5G critical infrastructure, the risks morph and increase. Rather than the critical infrastructures it supports, 5G itself will become the primary target for cyber-attacks.
Though the focus might be off, there is truth in all the trade rhetoric around 5G. If we do not pay attention to security now, while the network is still in its infancy, the costs could be catastrophic.
5G critical infrastructure: More than smartphones. Much much more.
In south central Utah lies Fishlake National Forest, home to the largest living organism on the planet. Pando, or the ‘trembling giant’, is a colony of quaking aspen trees growing from one massive underground root system. Though each tree is independent, all are connected by the root bed upon which they rely for survival.
5G is poised to become the root system for national and international critical infrastructures. According to the US Department of Homeland Security (DHS), these are infrastructures ‘whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.’
Most consumer-centric press focuses on the sexy lights of the 5G universe: live streaming 8K video, real-time mobile gaming, AR and VR. But it is in connecting the sensors, processors and devices of critical sectors that 5th Generation networks will have the greatest impact. The relatively new concept of the Internet of Things (IoT) is already being upgraded to Massive IoT. This represents a move beyond the current matrix of connected devices to a world in which entire cities and countries are live with data-harnessing sensors and lightning-speed processors linked to the cloud.
It is a shift from the Internet of Things to the Internet of Everything, and it will be possible for the first time through 5G. The DHS names 16 critical sectors, most of which would be found in any country. Below are examples of how some of these infrastructures may be affected by the implementation of 5G and the establishment of Massive IoT.
Transportation
Autonomous transport will be achievable at scale for the first time. This will include high-speed trains, driverless cars and buses, even self-driving ships. With 5G’s real-time vehicle-to-vehicle (V2V) communications, every vehicle will know where every other vehicle is all the time, with adjustments possible within a tenth of a second leading to improved safety and reliability. Vehicle-to-infrastructure (V2I) communication will allow traffic flow and route management to be optimized.
Medical & Healthcare
Wireless technology has been around for some time in forms such as pacemakers or insulin pumps. Smart pill technology, or ‘ingestibles’, now provide intra-physical data on personal health. Ingestible robots can be used to deliver medicines or perform small procedures. Micro sensors and processors will allow non-invasive health management. Robotics combined with 5G’s ultra-low latency will permit doctors to perform surgery from the other side of the world.
Food & Agriculture
As the world population grows towards 9 billion in 2050, feeding everyone becomes a major concern. In rural areas, 5G technology could provide reliable, high bandwidth speeds to areas that typically lack coverage, enabling new precision agriculture capabilities that could double or triple yields. This may include self-driving tractors that leverage real-time connectivity to communicate and maintain optimal productivity, or perhaps a move away from large machinery altogether. Small autonomous devices could use 5G networks to access big data and AI capability to meet farming needs with novel proficiency.
Emergency Services
In environmental disasters, which look set to increase with global warming, 5G will enable the remote operation of drones to deliver equipment, medicine, food and water to disaster locations, regardless of geographical location. Even in less extreme scenarios, emergency services will be able to use drones and robots to gain visibility, optimize the safe deployment of resources, and minimize the risk of delays. Remote diagnosis at the scene of an accident or in a smart ambulance will be used by doctors to aid on-the-spot treatment. Beyond established technology like ShotSpotter, police services will be able to draw on drone and public surveillance data in real-time to identify criminals and coordinate timely responses.
Energy
As populations grow, urbanization increases and smart cities evolve, energy management becomes continuously more important. The Massive IoT will necessitate more efficient energy production and distribution – all of those sensors, devices and networks will need to run on something – but it will also provide some of the answers. A real-time smart grid will facilitate new capabilities of energy usage monitoring, energy distribution and energy management. Cities will be able to use AI and big data to make increasingly accurate forecasts that enable better infrastructure planning and development. Production will be optimized through remote monitoring of energy sites. Overall, energy wastage will be reduced and environmental impact minimized.
Defense
One of the underlying factors in the growing technology Cold War is war itself. 5G will transform modern warfare into a more efficient, less human-reliant and ultimately more deadly enterprise. Armies will be able to use 5G IoT and machine-to-machine communication to intiate attacks that intelligently coordinate soldiers, vehicles, weapons and autonomous drones. The constant stream of data from the battlefield will be processed through machine learning and AI to continuously improve and accelerate military campaigns. Though countries with such systems will feel that they have an advantage in finishing conflicts quickly and decisively, exactly which countries do we want to possess this technology? And, what if this technology were commandeered from the outside? What does it look like when a country’s military might is used against itself?
Though every critical infrastructure has similar examples of how 5G critical infrastructure will make a revolutionary difference, they are all joined by a common factor. In these sectors, IoT is no longer a collection of relatively benign devices like fitbits, smartphones, smart meters, and home appliances. Together, the deeply interconnected networks, sensors and devices of critical infrastructure have a cyber-physical footprint that impacts billions of people. There is simply no comparison in effect between a smart watch that stops reading your heartbeat and an autonomous ship that inexplicably runs aground in a major city port.
With 5G’s amplification of human potential comes an amplification of human risk. As the most critical of critical infrastructures, it will also need to be the safest.
What are the real risks of 5G critical infrastructure?
In the all the political smoke and mirrors around 5G it can be difficult to tease apart spin from reality. What are the real risks of upgrading critical infrastructures and public services to 5G critical infrastructure?
Fears of security threats, mostly among consumers, have been fueled by Washington’s allegations that Huawei and ZTE have deliberately incorporated backdoors into Chinese 5G tech. Though there may be some legitimate concerns in the adoption of Huawei technology, it is far from certain that these cannot be addressed. The more likely risk is an economic one. As warned in a recent US Department of Defense (DoD) report, ‘Historical shifts between wireless generations suggest that the first-mover country stands to gain billions in revenue accompanied by substantial job creation and leadership in technology innovation.’ Currently, the geopolitics of 5G are firmly in China’s favor. Suggestions of 5G devices being used by Chinese surveillance to watch the citizens of the world may be theoretically correct – many countries are capable of using devices to serve cyber-espionage, and many of them do.
But in a world of integrated 5G, privacy is far from the main concern.
5G critical infrastructure and mIoT – spreading the attack surface
5G can connect considerably more devices – up to one million per square kilometer – which means powerful increases on network processing, but also significantly more network end points. This spreads the potential attack surface for cyber criminals by creating more possible openings through which they may penetrate the network. Complexity itself becomes a vulnerability – the more connections there are in a system the more difficult it is to hold a clear and protective view of that system. The same applies to 5G infrastructure, such as base stations and related systems.
5G will also facilitate edge computing, which takes computing away from the ‘core’ of the network and places it at or near the source of the data. This is partly what makes 5G’s sub-5 ms latency possible, but it also means engineers will struggle to maintain the same level of security as when all primary processes are concentrated close to the computing core.
Network slicing, another highly-anticipated feature of 5G networks, will enable the creation of multiple virtual networks on top of a common shared physical infrastructure. This means pieces of the network can be attributed to specific domains or use cases, such as specific critical infrastructures, allowing more efficient and reliable network operation. But this will create new security challenges as each virtual network slice could demand unique security capabilities that need to be managed in a coordinated manner.
Conclusion
Critical infrastructures are unique in the depth and breadth of their influence. Often unseen and unthanked, these are the services that keep humans alive and societies functioning. And while the current narrative frames 5G security as a privacy and a counter-espionage issue, critical infrastructure sectors remind us that the true threats are not digital, they are cyber-kinetic. Yes, 5G will enable new use cases that aren’t available today, with huge potential benefits for the world at large. But 5G critical infrastructure will also create new opportunities for those who wish to interrupt or sabotage the peaceful operations of humankind.
Traditionally, the favorite targets for outside attacks have always been seen as the critical infrastructures we’ve mentioned above. But in an age where technology is the most critical of all of these infrastructures, a country could be brought to its knees – or worse – simply by taking out 5G. There may be a lot of hyperbole in the press at the moment, but when it comes to the security of nation-states it doesn’t get more serious than this.
There are several reasons emerging technology is a highly competitive industry, notwithstanding the race for intellectual property that can be licensed by burgeoning markets for revenue. A first-mover advantage is often a way to lock in relationships that can lead to long-term infrastructure commitments, integration support services, and service delivery platform development. As the adage goes, “Whoever owns the platform, owns the customer.” This race to be the first to establish technological platforms and lock-in their customers is increasingly becoming politicized. And 5G, the next generation of cellular mobile communications technology, is the best example of how geopolitics is getting involved in emerging tech decisions and how technology discussions are influencing geopolitics.
The potential economic gains from 5G development and deployment, the civilization’s likely future dependence on 5G, and 5G’s potential use for military applications make it a prime candidate for political influence. Indeed, we can already see many governments’ involvement in 5G standards development, the decisions about spectrum allocation and auctions, and regulations to protect these next-gen mobile data networks from cyber threats. Even the location of the 5G supply chain participants can be a point of contention in negotiations within the political realm. This, most recently, governments have begun scrutinizing the vendors who manufacture the 5G infrastructure and devices to establish who would be permitted to sell this technology within certain countries. Never before have we seen such extensive global government involvement in emerging technology platform decisions.
Recent events like the U.S. attempts to influence banning of Huawei gear in various countries, the growing policy debate about 5G, and the inflamed political rhetoric regarding 5G technological independence are somewhat reminiscent of the energy independence issue – a topic that, over the last few decades, has shaped trade and foreign policy, and, to an extent, international armed conflicts.
Is all this political attention on 5G warranted? How critical could 5G first-mover advantage be while 4G is still being rolled out in many parts of the world? Why is the technological independence and technological superiority in the next generation of mobile communications becoming a matter of extraordinary national concern? Why is a single technology starting to influence geopolitics? Why now?
5G Field Trials and Announced Trials. Source: cyberkinetic.com
Why now? – The Decade of 5G Roll-out Is Kicking off Now
Before addressing the “why”, we should understand that the 5G roll-out is not going to be a fast process. While wireless carriers around the world are currently on the verge of transitioning to 5G, the roll-out of 5G networks is expected to take at least 10 years to complete. This means that current and near-term country-level decisions regarding 5G partnerships will have consequences for companies and economies for decades to come.
According to the GSMA trade group, about 1.2 billion people – 460 million in China alone – will have access to 5G networks by 2025. The pace of network implementation will only increase after that. As a result, the specific pace of 5G deployment for each country will depend on a variety of factors, including:
Governments’ regulatory requirements;
The costs, availability, and scalability of 5G infrastructure in a given country;
The identification of compelling use cases and high-value applications for 5G networks;
Mobile network operator technical and business model preferences;
Infrastructure- and equipment-maker product timelines and roadmaps; and
The ability for various players to capture value in a complex technology ecosystem.
For some countries a full roll-out alone might take decades. Even those that at the leading edge of implementation are planning on working with 5G technologies for decades to come believing that hat the next few generations of communication technologies will be only minor improvements to 5G rather than another step change.
If such predictions are true, decisions regarding the 5G technology with potentially very long-term consequences have to made now regardless of what the status of current implementation is. And the stakes are high. Should a country fall behind in 5G implementation, or not secure their implementations adequately, it might negatively impact their ability to survive and thrive in its daily operations, trade, and military endeavors.
How can 5G Influence the Stability, Economy and Security of a Nation and Geopolitics between Nations
Due to the potentially significant impact 5G can have on civilization’s functioning, decisions related to 5G technology cannot be made solely in the realm of business, as its application and implementation also hold considerable political consequences. From a purely technological and business perspective, the ideal would be for tech companies to first-movers in the development and roll-out of 5G to make decisions. Yet, many governments, particularly in Europe and the U.S., have entered into a political debate surrounding the technology by highlighting concerns that can lead to delays in such business-related initiatives. As a result, 5G is becoming an increasingly hot-button political issue.
5G as a Catalyst for Innovation and Economic Growth
The ability to commercialize a technology first is highly correlated to the bulk of related revenues. This greenfield approach for early and successful deployments delivers long-term benefits to those first-placed companies, and, consequently, significant economic gain for their home countries.
A January 2019 report to the U.S. Congressional Leadership highlighted that 5G and its related applications attract both talent and capital. The report states that the deployment of 5G is likely to, “…support 22 million jobs by 2035,” and, “…could generate US$12.3 trillion in sales activity across multiple industries.” Additionally, a presentation submitted to the U.S. House of Representatives suggests that a 5G superhighway could further impact the country’s GDP by +3%, while GSMA calculates that China’s 5G mobile ecosystem will be equivalent to 5.5% of China’s overall GDP. A European Commission supported study also estimates that a €56.6 billion investment in 5G by 2020 could create 2.3 million jobs in Europe and economic benefits of €113.1 billion per year by 2025.
A unique aspect of 5G that sets it apart from earlier mobile network generations is that it not only boosts the mobile device experience but introduced network capabilities for new classes of connected devices and industrial applications, including Massive Internet of Things (mIoT) and Critical IoT, autonomous transportation, and smart cities. Each of these new applications can generate massive datasets over 5G that can, in turn, demand advanced analytics and further stimulate innovation. Industrial scale deployments of mIoT are also likely to enable other new vectors for innovation.
Thus, 5G’s potential for significant economic impact post-2020 makes it a topic of worldwide importance, especially in respect to how the ability to quickly and effectively implement the technology in a country might affect a country’s global socioeconomic standing. 5G application, or delay therein, could lead to shifts in the current socioeconomic power dynamics, and no country wants to be left behind.
5G as the Most Critical of Critical Infrastructures
The focus of previous generations of mobile data networks has been on consumer voice and data services. With the introduction of high-speed, low-latency, and low-power 5G applications, such as IoT, new types of machine-to-machine (M2M) communication will be possible. As society adopts 5G-enabled mIoT, the number of devices on the network are likely to explode. These devices could include traditional mobile and broadband connections, as well as many other types of connected devices ranging from advanced medical equipment and safety systems to autonomous and connected transport systems and power plants.
It is predicted that, in time, users will start adopting 5G to connect all infrastructure upon which civilization relies. When this occurs, the technology will rapidly become part of each country’s critical national infrastructure, as well as a core capability on which every other critical national infrastructure sector will depend on.
While the current debate is often framed as a privacy and a counter-espionage concern, more important risks related to 5G are cyber-kinetic in nature. The consequences of 5G being sabotaged, or being used to sabotage the critical infrastructure connected to it are significantly more serious than the posed privacy concerns, as such attacks might directly impact the physical well-being and lives of citizens or the environment.
Based on such assertions, it is clear that winning a war without a single shot may become a prospect for those who can take over the control of their adversary’s 5G networks. It is critical, therefore, that the importance of, and increased reliance on 5G over time becomes wholly understood and solidified. This is particularly true with the regard to envisioning the plausibility of a time in the not-so-distant future where the criticality and security of 5G will need to surpass other critical infrastructure sectors in order to ensure the safety and security of global citizens.
5G as an Enabler of the Future of Warfare
While cybersecurity and intelligence-gathering questions are the present focus of the 5G debate, some current and aspiring superpowers see the potential that 5G technologies bring to their respective military forces and are already moving some of their military communications to a wireless, mobile, and cloud-based systems built around 5G technology.
The ability to transmit more data, achieve better network responsiveness through lower network latency, and reduce energy consumption, as is possible over 5G networks, can enable mission-transforming machine-to-machine communications over 5G. Such communication can be incredibly useful for military-related endeavors. For example, sensors from multiple locations can be used to generate a unified picture of the battlefield. Small teams can be deployed with encrypted group communications while providing visibility to command and control. 5G-enabled access to the abundance of computation could enable Artificial Intelligence (AI) support for every aspect of a mission. Low motion-to-photon latency with 5G-enabled mobile/wireless virtual reality (VR), mixed reality (MR), and augmented reality (AR) that could make soldiers that much more effective. And even now, lethal autonomous weapon systems, such as “killer” drones, micro-drones, drone swarms and other types of autonomous military robots are already being tested.
However, while such military-related technological abilities are in consideration at present, they are unlikely to be early use cases of 5G technology. That is, 5G’s application for large scale military endeavors are not likely to occur until the jamming of 5G signals and the technology’s growing cybersecurity vulnerabilities are mitigated.
Why Is One Company – Huawei – at the Center of Political Concerns?
Huawei headquarters in Shenzhen, Guangdong, China
5G for mobile devices relies on the evolving capabilities of current 4G technologies. However, as we have seen throughout the presentation of political concerns surrounding the technology, preparing for new use cases and applications of 5G must take on a next-gen network (NGN) approach that is more heavily influenced by political concerns.
This NGN approach means that the base stations and related systems (i.e. all 5G infrastructure) form the key battlegrounds. Currently, three core infrastructure providers exist for 5G: Sweden’s Ericsson, China’s Huawei, and Finland’s Nokia. While all three have shown 5G capabilities that conform to international standards, China’s Huawei remains the only one able to produce the most complete commercially-available solution to network carriers today. It has already built up such a strong lead that it is practically irreplaceable for many carriers that want to be among the first to offer the new services.
As BT’s Chief Architect recently stated: “…there is currently only one provider of 5G gear and that’s Huawei.” So, without partnering with Huawei, the 5G deployment gap for companies and countries will become even larger. Partnering with Ericsson or Nokia might have been a viable alternative at first, but it requires markets to wait for standalone 5G deployments; a clear competitive disadvantage in the telco world when compared to immediacy available through Huawei.
From a mobile network operator perspective, another unique advantage of working with Huawei is that the company, more than its competitors, is willing to innovate, iterate, and customize per carrier.
Many telcos around the world are also already chock-full of older, but still necessary, Huawei equipment, which might not be compatible with Huawei’s competitors’ 5G gear. Should a company then opt for non-Huawei 5G implementation, they face far greater expenses. So, it’s a big “ask” from telcos not to work with Huawei … at least for the moment.
Yet, that’s exactly what the U.S. and its allies are increasingly asking from their telcos through their vocal opposition to Huawei’s advanced market position. Leading the cries of countries’ claims of risks to critical national infrastructure through the use of Huawei-supplied 5G gear are fears of the enabling of intelligence-gathering opportunities and/or the introduction of sabotage vulnerabilities through the supplier’s “backdoors”. To support such claims, the U.S. government highlights Article 7 of China’s National Intelligence Law, passed in 2017, that states that organizations and citizens must, “support, co-operate with and collaborate in national intelligence work” as the key evidence to the Huawei risk.
And intelligence-related risks are not a new concern either. A 2012 Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE shows that the Chinese telecom duo have remained a topic of interest within U.S. politicians for many years. The U.S. and other countries have also already placed restrictions on procurement of Chinese network equipment for core government and commercial data networks. The introduction of 5G has further increased such security concerns, and Huawei (and its parent nation), as the frontrunner, bears the brunt of the backlash.
How Real Is the Chinese Economic, Political and Military Threat?
While Western governments used to think of 5G as an important but incremental evolution of existing telecommunications services, China has positioned 5G as the central element of its economic and military power for the 21st century. The Chinese Belt and Road Initiative (BRI), the country’s US$1 trillion global infrastructure development and investment strategy, goes hand-in-hand with technology enterprises, such as the deployment of 5G telecommunications infrastructure within countries associated with the Initiative. The BRI also means the replacement of the U.S.-controlled Global Positioning System (GPS) with the Beidou precision navigation and timing system; the development of Global Energy Interconnection – a massive global electricity grid powered by renewable sources; and strategic investment in AI and IoT. Add to this the increased deployment of forward air and naval installations for China’s armed forces in countries like Djibouti, Sri Lanka and Pakistan, and the Chinese plan to rise to global “superpowerdom” starts to take shape.
The pursuit of 5G in China was set in motion by its government in 2015 with its state-led Internet+ plan. This initial plan was followed by the 13th Five Year Plan in 2016. These initiatives went beyond individual business interests by aligning government, university research, and Chinese industries with a singular 5G objective.
China has outsmarted and outplayed the U.S. by focusing on the development of advanced technologies over raw military power. No wonder, then, that the U.S. is panicking. In January 2018, the National Security Council (NSC) produced the presentation Secure 5G: The Eisenhower National Highway System for the Information Age that includes a dire warning: In the race to 5G, the U.S. is losing to China – if that doesn’t change, China will win politically, economically, and militarily.
Huawei’s Politically-backed and China’s Technologically-backed Advantage
The focus of China in the fundamental development, advancement, and promotion of 5G tech has clearly established this country’s advantage over players like those in the U.S. and Europe. Indeed, both China as a country, and its leading 5G tech company, Huawei, enjoy various advantages that reflect the country’s 5G commitment and investment in innovation. In past decades, China was portrayed as an intellectual property (IP) thief. It quickly emulated or copied ideas from outside the country to become a “fast follower”. However, in recent years, it has transformed into an innovation powerhouse. Western-educated Chinese scientists have returned to their homeland in numbers, and there is now centrally-funded innovation. Further advantages can be seen in how:
Market analysts suggest that there are several times more AI start-ups funded in Shenzhen alone (China’s original Economic Zone near the border of Hong Kong) compared to the U.S.’s Silicon Valley;
China has invested over US$500 billion in smart grid development compared to ~US$12 billion in the U.S.; and
IoT and 5G are driven by the Chinese government as strategic imperatives.
China also has a unique cultural approach to solving challenges by using its large population and workforce to achieve change. For example:
Huawei has 10,000 PhDs on staff;
The adoption of IoT and 5G use cases is faster than in other nations also due to a large initial user base in China;
Citizens are used to surveillance, resulting in no (significant) new privacy concerns; and
The rapid growth of China’s middle class, and tech-savvy younger generations entering the workforce, has led to a greater population who are willing to adopt new technology like mobile app payments in place of paper currency or credit cards for transactions.
Through the BRI initiative and Chinese financial globalization (or, as some China skeptics call it – “financial imperialism”), Huawei’s 5G is poised to expand throughout Asia, the Middle East, Africa, and Latin America. It is also likely that, through their currently advanced technical capabilities, Huawei will even capture a significant market share even in the West.
From the perspective of the U.S. the Chinese threat is as real as it gets. Even without “backdoors”, risks to U.S. global technological, economic, and even military supremacy are significant, as China and Huawei continue capturing more of the market share.
How is the U.S. Fighting China’s 5G Threat?
In order to understand how the U.S. is fighting the technological encroachment from China, and why the 5G commercial conflict is a sign of changing times, we need to see the background of the situation. In the last decade or so, the U.S. has increasingly seen China as an adversary in world politics. Unlike the European Union, which shares democratic and liberal values with the U.S., China appears more alien and, thus, in some sense more dangerous to the U.S.’s interests and ideas on how the world should be run. From Obama’s pivot, to sanctions and Trump’s trade war that is far from being a Trump-only supported policy, the U.S. has found itself in increasing contention with China. Whilst the situation is very far from any physical conflict, the two have been competing politically, geographically, and commercially for years.
Right now, the main way in which the U.S. is fighting China’s encroachment is by attempting to maintain the current standards and norms of international diplomacy and business that are similar to its own ideals of democracy and capitalism. This means that various conflicts have arisen within the World Trade Organization (WTO) when shifts away from such norms are perceived. Furthermore, manoeuvrings within various international organisations that were initially established by Western ideals and nations, including the World Bank and the UN, have occurred. This has had mixed effectiveness, as China has, to some extent, successfully responded by creating its own alternative institutions, such as the Asian Infrastructure Investment Bank and the aforementioned BRI initiative that seeks to further connect Asia with Europe and tempt Europe towards greater neutrality.
We see a lot of these U.S. defensive trends coming to fruition within the 5G arena. Essentially, Huawei and China have become fully-empowered infrastructure-tier technological platform competitors. Whilst, in prior situations, such technological advancements would have been exclusively Western inventions (consider such technological developments as computers, GPS, Windows, Android, and so on), in the case of 5G, China is ahead this time. Now that the competitive edge is in the hands of China, the U.S. feels the need to employ political as opposed to commercial capabilities in order to ensure that China does not gain more ground on what has traditionally been a U.S./European function in the world economy.
The primary outworking of the U.S.’s “norms maintenance” strategy has been its gambit to have Huawei banned in as many markets as possible, based on claims of “backdoor” risks associated with the company and its technology. Indeed, the U.S. is a firm promoter of the idea that Huawei 5G equipment, systems products, and services are sensitive to “backdoor” vulnerabilities. From the recent Mobile World Congress (MWC) in Barcelona and official and unofficial communications, to global government- and public statements, the U.S. has been trying to convince as many countries as possible to ban Huawei’s 5G systems outright. This strategy has come with mixed success, as can be seen in various countries’ responses presented in a later section of this article.
Flaws in the U.S.’s Counter-strategy
In some ways, now that there are potentially serious socioeconomic consequences to ignoring Chinese alternative technologies, we see that even European countries are acting with greater neutrality than before. This means that rather than there being a united Western fight against China’s advancement, many western countries are aiming for more balanced approaches between China’s offerings and the U.S.’s calls for bans.
It is also interesting to note that the U.S. has not fully pursued its typical international regulatory tactics in shutting down Huawei or China, especially in light of China’s association with cyber-espionage. Indeed, the Chinese government and many firms within the country have been linked to a number of large-scale cyber-espionage and cyber-warfare cases. Based on history, we would expect the U.S. to be far more heavy-handed in its calls for bans, as it has been in other cases. Yet, we must remember that the U.S. has also been found guilty of the same behavior, including some very rare but high-profile revelations of likely industrial espionage against European companies. For example, the Snowden revelations of “backdoors” in U.S. companies’ software/hardware have been conveniently ignored in most U.S.-led discussions related to China and 5G technology. It could be suggested, then, that the U.S. has not enforced such stringent demands for international regulatory frameworks as, should such changes occur, they, along with China and Russia, may be found to be the greatest offenders of cyber-espionage. It is, therefore, highly unlikely that the U.S. would wish to push too hard for frameworks that may prove their own undoing.
Another point is that the U.S. doesn’t seem to take the “backdoor” question too seriously in terms of its own internal national cybersecurity recommendations for 5G. For example, the aforementioned Secure 5G: The Eisenhower National Highway System for the Information Age report makes no mention of “backdoors”. The report does accuse China and Huawei of using distorted pricing, preferential financing, diplomatic support, suspected payments to local officials, and other means to dominate the global market for telecommunications infrastructure, but it does not mention surveillance, espionage, or sabotage potential. Either this is because the U.S. is firm in its belief that its top-class intelligence services and companies can recognize the “backdoors”, or it does not believe Huawei would risk incriminating itself by compromising its technology in this way. Whatever the reason, it does mean that, perhaps, this whole “backdoor” issue is more of a red-herring that the U.S. is utilizing to turn what is essentially a geopolitical issue with Huawei’s 5G into a legitimate commercial reason for promoting mercantilist economic policies regarding this critical technology.
How Real Is the “Backdoor” Risk?
The concern of “backdoors” that can compromise, or be used to compromise, 5G safety and security has already been highlighted as one of the main areas that detractors voice in this politically-charged debate. It has also been asserted that it might not be as great a risk as some wish us to believe.
In order to discuss the potential “backdoor” risk, let’s look at what Huawei as the lead vendor can do in order to create/hide vulnerabilities in their 5G equipment. Due to the critical role the 5G base station plays in 5G functionality, this station is the key equipment piece that might be compromised by Huawei. The security vulnerabilities could be potentially hidden in the physical components like the electrical semiconductors of the circuit boards, or within the software that configures, manages and communicates the operations of the system. Theoretically, any of these subsystems could contain “backdoors”.
What is less theoretical is the fact that Huawei has been under intense scrutiny for quite a few years by Western intelligence and security agencies. So far, there have been no findings of “backdoors” in the company’s 5G technology. For example, the U.K.’s Huawei Cyber Security Evaluation Centre (HCSEC), chaired by the U.K.’s National Cybersecurity Centre (NCSC), has, in eight years, yet to find any evidence of “backdoors” within Huawei’s 5G tech. However, the HCSEC has found, and given recommendations regarding, issues in engineering practices at Huawei that do not fulfill international best practice recommendations, and which might be causes for security issues in and of themselves.
5G Vulnerability Related to AI
Another potential vulnerability or “backdoor” risk in 5G is its integration of AI systems. 5G networks are much more complex than past network systems, such as 4G, and require the use of AI to manage them effectively. As a result, should AIs associated with the management of 5G fail, or be sabotaged, it could leave entire 5G networks vulnerable.
The reasons for the technology’s complexity are that, firstly, 5G radio technology is much more variable due to more complex antenna configurations and more complicated connectivity means, such as beamforming. Secondly, whilst previous systems focused solely on high-quality voice and data experiences, 5G supports many more and varied use-cases including ultra-low latency and machine communications. These use-cases all have different requirements to each other. Thirdly, 5G networks need to be more dynamic and require additional network resources to scale up or down in real time on an individual level. Thus, at least in theory, 5G performance will be able to vary depending on location, device, time, application, and other factors.
Given these exacting requirements of 5G systems, they will invariably need to utilize AI systems in order to manage their complexities effectively. Simple models can no longer fulfill these requirements. The principal concerns with such AI utilization are:
How AIs will deal with inputs in extreme cases;
Their consistency; and
The typical “black box” concern of not being able to fully and transparently see the reasoning for the AIs’ processes.
This last concern, related to AI transparency, is of particular importance, as a lack of transparency could mean that hidden “backdoors” are created or exposed without anyone knowing or being able to counteract them timeously. However, for such “backdoors” to come about would be extremely complicated. It should be noted, though, that machine-learning AIs are still a new field of technology and it is difficult to ascertain the risks accurately at this stage.
5G Complexity, General Vulnerability, and “Backdoors”
5G systems are, and will continue to be (at least for the foreseeable future), invariably complex and expensive. On the one hand, their benefits are vast, and countries will want to set them up as soon as possible. On the other hand, due to their complexity and the varied uses of these network systems, this also means that 5G will inevitably have many vulnerable areas. In fact, the “backdoors” that could be placed into these systems by vendors is, relatively speaking, only a tiny component of the overall risks and vulnerabilities associated with these complex technological platforms.
In a complex technological ecosystem, such as 5G, subversive hardware or software, i.e. “backdoors”, could be introduced by anyone at any time. Prudent approach would simply accept that such possibility exists and deal with it as with any other security vulnerability. 5G technologies, regardless of the risk of potential Huawei “backdoors”, need to be secured. Implying that somehow without Huawei in the mix 5G would be more secure is dangerously misleading.
Consequence of Bifurcating the 5G Market Because of 5G Geopolitics
From the information presented so far, it is clear that China is the forerunner in 5G development, but that the U.S. and its allies hold potentially viable concerns related to its encroachment. Countries wishing to benefit from 5G will face tough choices as to which camp to adopt. It is also likely that the U.S. and its allies will apply pressure to governments at this decision-making juncture to not rely upon China for 5G.
How might China respond to such pressure? Developing countries that lack infrastructure and financing options (such as many of those currently taking part in China’s BRI) may find the Chinese offer too hard to resist. If China can assemble its own application ecosystem, its offering, particularly to developing countries, will become a “solution sale” as opposed to the more traditional supply agreement presented by the U.S./non-China camp. With this kind of strategy, the Chinese 5G suppliers could hold the ability to implement 5G in all corners of the developing world and disadvantage U.S.-led efforts.
With two major 5G camps, there are several possible outcomes that might impact 5G market adoption and scale over time. For example:
There might be a fragmenting of the 5G ecosystem into two spheres of influence, namely the U.S. and China. Such fragmentation could lead to further deployment delays and could complicate the ability for the 5G supply chain to achieve its full commercial manufacturing scale;
A 5G network free of Chinese influence is possible; however, such a network will likely prolong deployment in some countries as multi-sourcing in the supply chain will. be marginalized. This could have the further side-effect of increasing China’s 5G first-mover deployment advantage;
Interoperability issues could arise between China and non-China suppliers.
Devices may not have operator certifications to operate on networks outside their supply chain;
Interoperability issues are already common in 4G deployments due to typically, country-specific spectrum band guidelines. Using industry-ratified standards for 5G can be expected to reduce this risk. Reaching those agreements, however, might become a challenge with a split market;
Introducing non-standard requirements, such as country-specific security protocols for devices, would be the exception to industry standards conformance.
With such concerns at play, it will be necessary for countries to deliberately and thoughtfully consider all their options.
Countries Weighing in on the China/Huawei Debate and the Geopolitics of 5G
Currently, Australia, New Zealand, and the U.S. have all banned Huawei 5G infrastructure from domestic mobile network deployment options. Australia has also extended the 5G ban to include China’s ZTE.
Canada, a strong U.S. ally and member of the Five Eyes intelligence alliance, continues to test Huawei’s products to understand the security risks the company’s technology might pose.
Germany is tightening its security rules rather than outright banning any 5G supplier. According to the German Chancellor, Angela Merkel, who spoke at a March 2019 conference in Berlin, “[Germany’s] approach is not to simply exclude one company or one actor, but rather we have requirements of the competitors for this 5G technology.” In line with this approach, a spectrum auction for 5G is underway in the country, with both mobile operators and industries, such as carmakers, expecting faster data speeds for new applications and services.
In 2018, the U.K. service provider, BT, removed Huawei’s equipment from the core of its EE 4G networks. In March 2019, U.K. government’s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board published its fifth annual report. The report doesn’t offer any evidence of Huawei gear having backdoors that would allow Chinese government to spy or disrupt communications, but it does raise a number of concerns about Huawei’s cybersecurity practices that could lead to its gear being exploited by any malicious actor.
While these are some of the prime Western responses to China’s 5G, it will be interesting to see how other countries approach the 5G debate, and into which camp the majority will land. For now, the politicization of 5G is still a real issue, and unlikely to be settled in the near future.
The Bottom Line on Geopolitics of 5G
Some say that it is never a good idea to mix business and politics. Business operates through the lens of metrics and quantitative analysis. Politics is led by emotion, pride in a country, and qualitative elements.
Through the business lens, and particularly within technology markets, measurements of success include time-to-market, delivering better customer value, and distinct competitive advantage. If one company deploys a product or service first, its business plan may include an estimate of how long it will take for competitors to close the gap.
The roll out of 5G is already underway and Huawei has a clear time-to-market lead for infrastructure equipment and software when compared to competitors like Ericsson and Nokia. The question to be asked, then, should be associated with how long it will take to close the current time-to-market gap, and what agreements are likely to be lost during this timeframe.
Through the political lens, economic protectionism is a viable policy. By creating fear, uncertainty, and doubt, some governments hope to appeal to human nature. In such cases as the 5G debate, when faced with a decision and an unclear path forward, it is acceptable to delay decision-making. This strategy may be an effective way to close the gap related to implementation, but it can also negatively impact innovation, the workforce, and other values. As established earlier, the socioeconomic advantages that 5G could bring to the world are massive and delaying its onset could hold dire consequences for countries that fail to keep up with the changing tide.
It is vital, therefore, that national security concerns about China are addressed timeously – either by banning every component manufactured in China by any supplier, or through implementing smarter efforts in testing, monitoring, and hardening of 5G communications and cyber-physical systems connected through 5G networks.
If 5G really starts delivering on its promise of driving the 4th Industrial Revolution, every government and every industry should be worried about being left behind. They should therefore, learn how to respond to competitive threats and cultivate innovation, and to create long-lasting value. Let the geopolitics surrounding 5G be that lesson.
Mobile World Congress 2019 (MWC19): The Latest from Barcelona Related to Geopolitics of 5G
In line with the ongoing and growing division between U.S.-led calls for opposing actions to China and China’s continued growth in the 5G realm, the MWC19 saw its fair share of opposing views.
The U.S. administration sent a large delegation of senior officials from the State, Defense, and Commerce Departments, as well as the chairman of the Federal Communications Commission, to make its case against Huawei at the Congress. Conversely, Huawei, a main sponsor of the annual Barcelona trade fair, used its keynote presentation and executive presence to voice its position on the matter.
Asked about Washington’s campaign during a MWC roundtable with media on Sunday, Huawei’s rotating chairman, Guo Ping, said he “…still can’t understand why such a national power wants to attack a company with advanced technologies.”
“We have never and we are not and we will never allow backdoors in our equipment and we will never allow anyone from any country to do that in our equipment.”
“Huawei needs to abide by Chinese laws and also by the laws outside China if we operate in those countries. Huawei will never, and dare not, and cannot violate any rules and regulations in the countries where we operate.”
Guo further noted that technical experts, not politicians, should decide 5G security standards, and that Huawei hoped each country would decide based on “…national interests (and) not just listen to someone else’s order”.
Hyped as the technology that will transform the world, 5G is moving past the buzzword stage with first implementations coming to life in 2019. Nations are racing to 5G with such fervor that it now became one of the hottest hot-button geopolitical issues.
With latency as low as 1 ms and speeds of up to 4 Gbps, as well as a wider range of frequency bands and enhanced capacity, 5G will be able to accommodate innovative use cases and much greater numbers of connected devices, driving overall growth for Internet of Things (IoT).
In addition to the speed and capacity improvements, a key enabling technology that will allow operators and the society to reap the full potential of powerful new 5G connectivity is network slicing — a novel architecture which enables the creation of multiple virtual networks on top of a common shared physical infrastructure. A huge variety of use cases is envisaged for 5G and it’s the network slicing that will allow granular levels of quality of service for specific use cases to make addressing such variety commercially feasible.
Let’s step back a bit.
So far, cellular networks have been optimized for mobile phones. That was by far the largest use case. However, with the arrival of 5G, the expectation is that cellular phones will become only one of a variety of devices with different characteristics and needs, all connected through 5G.
In September 2015 the Radio-communications division of the International Telecommunications Union (ITU-R), the industry’s standard-setting body, published Recommendation ITU-R M.2083-0 [1] in which it defines the framework and overall objectives of the future development of international mobile telecommunications for 2020 and beyond. In it, ITU-R defined following three usage scenarios for 5G:
enhanced Mobile Broadband (eMBB): provides higher speeds for applications such as web browsing, streaming and video conferencing;
Ultra-reliable and Low-latency communications (URLLC): enables mission-critical applications, industrial automation, new medical applications, and autonomous driving that require very short network traversal time; and
massive Machine Type Communications (mMTC): extends LTE (Long Term Evolution) IoT (Internet of Things) capabilities to support a huge number of devices with enhanced coverage and long battery life.
These use cases will all have different network requirements in terms of latency, mobility, power consumption, security, policy control, reliability, etc. For example:
5G Use Case
Example
Requirements
eMBB
UHD video, gaming
High capacity, video caching
mMTC or massive IoT (mIoT)
Large networks of sensors for smart cities, agriculture, etc.)
Large number of connections – over 1 million per km2. Mostly immobile devices
URLLC or mission-critical IoT
Autonomous transportation, smart manufacturing, smart grid, public safety, etc.
Low latency (ITS 5ms, motion control 1 ms), high reliability
Building different physical networks to serve different types of use cases would, of course, not make any commercial sense.
3GPP (3rd Generation Partnership Project) — the international group that governs cellular standards, including 5G — has prescribed network slicing as the approach for the above mentioned scenarios. It is elaborated in 3GPP’s technical specification TS 28.801 [2]. According to the specification network slicing is about transforming the network/system from a static “one size fits all” paradigm, to a new paradigm where logical networks/partitions are created, with appropriate isolation, resources and optimized topology to serve a particular purpose or service category. It means utilizing advanced systems in order to create virtual distinctions between different uses of the ‘same’ 5G network in order to better serve the requirements of those uses and maximize network efficiency.
In other words, network slicing allows operators to “slice” one physical network into multiple, virtual, end-to-end (E2E) networks across device, access, transport and core networks. Each slice logically isolated with fault and security issues contained withing a slice. Each slice with dedicated resources, such as network bandwidth or Quality of Service (QoS), configured for different types of services with different characteristics and requirements.
The concept as defined by 3GPP will redefine how telecommunications sector conducts its business. The partitioning or slicing with appropriate resources and optimization is expected to broaden the horizon of telecommunications in many vertical segments such as automotive, energy, finance, health, manufacturing, utilities, etc. to the extent we have not seen so far. By being able to individually service particular needs of specific industries, telcos could transform from a “dumb” connectivity provider to a critical partner in digitization efforts for a variety of industries.
Network slicing requires an end-to-end approach (defined in the next section) to ensure that performance requirements of various services are met with certainty through the same infrastructure while maintaining harmonization among telecom and non-telecom players. And at the end, the expectation is that the dynamic sharing of the same infrastructure by different tenants will reduce the total cost of ownership and increase profit margins for the stakeholders.
Technical Aspects
Network slicing is an end-to-end logical instance of a network having tailored network slices (partitions) for individual services. The customization is enabled through a combination of SDN (software defined networking), NFV (network function virtualization), automation, service provisioning and orchestration. SDN separates the control plane (routing) and user plane (forwarding) to optimize the performance of the network while NFV aims to virtualize all physical network resources. The orchestration at the end allows end-to-end management of a slice during its lifecycle [3-5].
Each network slice may consist of multiple network elements from the access to the core as well as application servers (end-to-end). Each slice may have its own protocols, quality of service and security settings. For example, a separate slice could be defined for each eMBB, URLLC and mMTC services on the same infrastructure. The eMBB slice will require higher bandwidth than URLLC and mMTC and thus more radio resources. URLLC is highly sensitive to latency requiring short round trip time for applications such as self-driving, remote surgery. The mMTC slice on the other hand requires the least bandwidth but requires a large capacity to cater for millions of devices [6].
Therefore, network slicing requires an end-to-end design that necessitates direct involvement of many industries beyond telecommunications. The network slicing issues cannot be resolved by a single SDO (standard development organization) such as 3GPP or industry group such as 5GAA (5G Automotive Association). Hence, they need to work together in finding the right solutions. For example, 3GPP and 5GAA are working together to develop solutions for future mobility and transportation services. Similarly, GSMA (GSM Association) and NGMN (Next Generation Mobile Networks) are defining business drivers, concepts, and high-level requirements in collaboration with operators. There are many other organizations and groups that are involved in these processes. Details of many of them could be found in GSMA “Network Slicing – Use Cases Requirements” whitepaper [7].
Use Cases
5G along with Network Slicing can be used in a number of vertical industries. The list in its entirety would be too long. Let’s look into just few uses cases.
Energy
The energy sector has some very specific requirements that can be met more efficiently with 5G than with preceding generations. One such instance is high speed and reliable communications that are needed between power grid substations and control center. This could be met by a network slice that is well equipped to provide ultra-reliable low latency communications. Similarly, power usage information for millions of devices (i.e. mMTC) could be made available more efficiently by using smart metering slice.
Healthcare
The healthcare use cases are varied. Communications at hospitals / clinics, assisted living in rehabs / care homes, simple personal health monitors and remote surgery are just some of the varied cases where network slicing could be utilized.
At this stage, most of the requirements for the health and wellness are not stringent except during life threatening emergencies and remote surgery operations. For these two circumstances, applicability of network slicing need to be further analyzed.
Augmented / Virtual Reality (AR/VR)
AR/VR perhaps may not be considered vertical industry in itself as it applies to many industries. AR as the term suggests augments or alters one’s ongoing perception of a real-world environment by means of computer generated views applied to single or multiple sensory modes including auditory, visual and haptic. VR on the other hand is a technology that completely replaces the user’s real-world environment with a simulated one.
To achieve audio-video interaction in AR/VR environments , 5G network slices need to support required motion-to-photon, motion-to-sound, mouth-to-ear delay, latency, etc. thresholds. These are stringent challenges which are much tougher than required for existing voice, video and data services.
Public Safety
5G with network slicing could optimize numerous public safety functions where they could get more granular levels of quality of service depending on the application. First responders, for instance, could prioritize specific use cases within those applications – for example, firefighters fighting a blaze could temporarily prioritize voice communication as well as data collection from sensors on firefighters’ gear or within a smart building over other less critical local IoT applications.
Automotive
C-V2X (Cellular vehicle to everything) is one of the prominent use cases of 5G and likely for network slicing. It is an umbrella term for 3GPP defined V2X services [8-9], which was initially promoted for LTE-based V2X. Specifications for C-V2X for 5G are still under development and as part of 3GPP Release 16 expected to be completed at the end of 2019.
3GPP along with 5GAA formed in 2016 are working directly with telecom and automotive industries on gathering relevant use cases and requirements. Infotainment, telematics, road safety features, and remote steering are some of the use cases that fit in this category.
To support these use cases, C-V2X will require 5G systems to provide URLLC between vehicles, between vehicles and network, and seamless service continuity even when the vehicle moving at high speed. 5G and network slicing will have geographical limitations (at least in the initially years) and thus realistic requirements should be set forth.
Beside many other elements, the success of network slicing and related use cases require the use of artificial intelligence and machine learning. The required speed and granularity demand that 5G network slicing must be effectively managed, making today’s manual and simplistic automation less practical.
Business Case
A lot has been said and done, however the industry is still struggling to make solid business cases for 5G and network slicing. This can be eased out by making slicing a part of the investment case for 5G and developing a long term roadmap. The cost of deploying network slicing depending on the application / use-case may vary, but bottom line is that it has to be minimal in comparison to an overall investment case for 5G.
Network Slicing tends to divert from the current one size fits all policy where all the applications are served primarily in a best effort mode through a single network. Evolving from today’ single network style to perhaps dedicated network (for customers willing to pay a premium) for eMBB, URLLC and mMTC and to fully sliced model requires deeper analysis as well as a new mindset.
As pointed out by Bell Labs Consulting in its white paper [10] more connections can be enabled either by dedicated networks or network slices. The study further shows that as the number of connections grow so does the cost for both scenarios. However, dedicated networks incur substantially higher CAPEX (capital expenditure) and OPEX (operating expenditure) than the network slicing model. The primary reason – the infrastructure to the most part is not shared among the different connections in the dedicated networks model. The future networks may very well be comprised of hundreds of customer segments with tailored QoS (quality of service) and security requirements and thus in these circumstances dedicated networks’ model simply becomes unrealistic.
The OPEX is the largest component in the TCO (total cost of ownership) for today’s networks and is similarly expected to be for future sliced-based networks. The practice of running OE (operational excellence) programs is quite common where the two areas of focus are automation and reduction in manpower. These practices will be improved with network slicing. But to make these programs more successful we will require increasing amounts of automation in order to minimize and replace manpower. A similar conclusion was reached in the study which determined that OPEX is the largest component of ownership costs of today’s networks. The study showed that the components of OPEX which cost the most were the ones that required the most human intervention, such as performance and fault management. Network slicing’s high usage of AI and increased automation will thus mean that there will be a reduction in manpower requirements. This will lead to restructuring and layoffs in the industry.
On a positive note, network slicing will increase profits. In particular, the efficiency gains may mean that in some estimates a one percent increase in customers that require tailored connections may result in a three percentage point increase in revenue [10].
Regulatory Aspects
From a bird’s eye view, network slicing is not expected to cause any shifts in the current regulatory regime. The principles and practices of net neutrality, illegal content, quality of service, and cross-border data transfers are not expected to change.
One angle that may be worthwhile to look into is today’s flat taxation regime on mobile broadband (data). With network slicing, the data is segmented and thus different taxation schemes can be applied to different consumer segments, though with much difficulty. For example, URLLC segments may be taxed higher than eMBB due to level of criticality. If that is considered and applied, it will ease the burden on the poorest populations. We know that mobile broadband costs represent over a third of the average annual income of low-income populations in many developing countries [3, 11].
Challenges
Network slicing brings a number of technical challenges, as well as business and organizational challenges [12-13]. 5G is a matter of months away, and yet serious challenges exist when it comes to making a business case, standardizing, management of network slices, partnering with industry verticals, and others. If 5G is to flourish, these challenges will need to be resolved fast.
The above mentioned transformation of telcos from a “dumb” connectivity provider to a digitization partner for various verticals, enabled by network slicing and multi-access edge computing, is the best way for telcos to increase their profitability. That, however, will require from telcos to undertake an unprecedented organizational change transforming almost every aspect of their operations – from go-to-market and sales approaches that would become akin to professional services’ or system integrators’ approaches, to rapid adoption of automation and AI for network management. Many will fail in this quest. As a result, the telecommunications landscape will likely look very different in ten years.
More specific to network slicing are the challenges due to slicing taking place on a shared infrastructure. This prompts challenges in terms of QoS, handovers between networks, latency, spectrum, roaming, and security, just to name a few critical elements. Thus implementation has two key challenges, namely isolation and resource management. Without proper isolation, slices may not be able to perform adequately, however if slices are assigned dedicated resources these may lead to over-provisioning and therefore reduction of financial benefits of network slicing. Resource management mechanisms are needed to strike a balance for the implementation of dedicated and shared resources. Furthermore:
Spectrum is a costly, scarce and shared resource. Take for instance, that for a critical surgery an operator has to allocate end to end resources and maintaining best in class in latency, security and QoS for a long period of time. This sort of dedicated service is costly.
Roaming is another element that needs attention. Customers expect same level of service no matter where they are, at all the times. However, during roaming it will be difficult to meet the demands particularly if the standards are not established. 3GPP has a study item on this particular topic that it will address in its Release 16 [14]. Rel-16 is expected to be completed in June 2020.
Security becomes critical and challenging particularly when slice crosses the border of telecom world. Different infrastructures will have different security levels and policies since those are managed and administered by both telecom and non-telecom players.
Business models requires development on per slice / service basis to meet the dynamic demands and traffic variations. These need to become diverse and flexible to match the services.
Potential bottleneck issues might not be technical or regulatory. The level of change for telcos and the industry verticals wishing to benefit from 5G, as well as the amounts involved, is such that it will likely generate issues related to bureaucratic red tape, business ethics, even geopolitics. This will be particularly problematic when it comes to involving critical infrastructure vertical markets, and others that might be to a significant extent controlled by governments. In some developing countries, add corruption to the list of key issues.
The industry is already at the crossroads, because on one hand the technology is making speedy headway while on the other there will be a smaller workforce required due to automation and artificial intelligence. Network slicing has the perfect ingredients to further deteriorate the situation.
Conclusion
Network slicing for 5G era is still shaping up, with many concerns and issues still remaining unsolved. It’s a new, complex, paradigm shifting technology, but the one without which it would be hard to justify the massive global investment in 5G infrastructure. Network slicing requires further due diligence; new business models have to be developed that drive innovative partnerships between telecom and non-telecom players; business cases have to adjusted; standardization of services and handovers across various industry players have to be renegotiated in the much more detail than ever before; demanding SLAs (service level agreements) need to be agreed between operators and vertical markets; etc. All that needs to happen now for 5G to flourish.
Don’t let the “5G” in the title confuse you. This post is not only about the telcos’ core networks, but about the 5G security and privacy issues in our (very) near, and very different future that 5G will enable. In the 5G-enabled massive Internet of Things (mIoT) world we’re about to find ourselves in, we are expected to have 1000 devices connected for every person… These devices will be the components of the ‘5G operating system’ for our smart cities, our industry 4.0, our smart homes, smart transportation, smart healthcare, and much more. To enable this future, we will need to have a complex symphony of computing going on across devices themselves, “fog” computing, enterprise and telco data centers, public clouds – all playing a role in every one of the majority of use cases, all being dynamically spun up and down and accessed through virtualized networks. And the orchestrators of this complex symphony will be none other than complex AI systems. This brave new world is already here, and it poses unique cybersecurity challenges that will render our past cybersecurity paradigms obsolete.
5G is the next step in the evolution of mobile communication. More than just a quantitative evolution similar to previous generations, 5G will provide completely new capabilities for a myriad of new use cases on a large variety of devices across many new industries. Our future civilization will run on 5G. 5G networks will change the market landscape, influence stakeholders’ relations, and process much of the world’s business in real time; think medical procedures, financial transactions, remote industrial automation, military operations or delivery of local emergency services. It comes as no surprise, then, that 5G is expected to become the most critical infrastructure.
5G networks are expected to serve about 7 trillion of heterogeneous connected things. Compared to previous generation of mobile communication, 5G infrastructure we are building now must achieve this scale while providing:
1000 times higher wireless area capacity and more varied service capabilities;
Creating a secure, reliable and dependable Internet with a “zero perceived” downtime for services provision;
Up to 100 times higher user data rate;
Up to 10 times longer battery life for massive IoT devices;
Up to 5 times reduced end-to-end latency; and
Address diverse requirements such as higher speeds for enhanced Mobile Broadband (eMBB), Ultra-reliable and Low-latency communications (URLLC), and large density of connections and long battery life for massive Machine Type Communications (mMTC).
The one-network-fits-all concept must answer these demanding and ambitious objectives. This is why 5G is also a technical revolution. 5G build out is much more challenging, abrupt, innovative, and meaningful than previous versions. 5G includes major changes to all parts of the network, such as core and management systems, as well as all protocol layers ranging from radio to applications. It brings about a convergence of numerous heterogeneous technologies and new technical solutions. As a result, cybersecurity is affected everywhere.
Some expected 5G technical attributes are:
Millimeter-Wave communications with new waveforms – same in UL (Uplink) and DL (Downlink);
Massive MIMO (Massive Multiple In Multiple Out) with beam-forming and beam management is available due to frequency range – wavelength, size of antenna and spacing characteristics;
Network slicing – provides a way for service providers to enable Network as a Service (NaaS) to specific subscriber groups, giving them the flexibility to manage their own devices and services according specific needs;
Very high throughput (1-20 Gbps) – eMBB (Enhanced Mobile Broadband) supports 3D video transmissions with 4K or 8K resolution screens, online gaming etc;
Ultra-low latency (<1ms) – important for mission critical services such as augmented and virtual reality, telemedicine and healthcare, intelligent transportation and industry automation;
Massive connectivity for vehicles, mobile subscribers, enterprises, IoT etc;
High availability and dense coverage capable of providing unlimited connectivity for billions of different subscribers; and
Low energy consumption with up to 10-year battery life for M2M (Machine to Machine) communications.
To deliver these capabilities, 5G is equipped with a new air interface that supports heterogeneous access networks and handles variable bandwidths. Packet core network upgrades are also implemented, where traditional and mobile services share an infrastructure for service delivery and operational efficiency.
5G security challenges in architecture
Some of the most important 5G architectural changes are in:
the physical structure of the network (to provide low latency and localization);
networking functions virtualization (components are placed across distributed edge and centralized core clouds); and
implementation of flexible software-based architecture technologies such as SDN (Software Defined Networks), SDA (Software Defined Access) and SDR (Software Defined Radio).
5G architecture requires implementing some new networking concepts and adapting some existing ones. Architectural evolution is recognized primarily as adaptation to cloud / “fog” operations and network virtualization.
One of the key ways this adaptation is facilitated is by Control Plane and User Plane separation (CUPS). It isn’t a new concept in the wireless world but it has become the integral part of the 5G standard because of the technology’s ability to distribute the network code elements throughout the network, leading to greater function utilization.
5G, therefore, will be able to connect considerably more devices – up to one million per square kilometer – which means powerful increases on network processing, but also significantly more network end points. This spreads the potential attack surface for cyber criminals by creating more possible openings through which they may penetrate the network. Complexity itself becomes a vulnerability – the more connections there are in a system the more difficult it is to hold a clear and protective view of that system. The same applies to 5G infrastructure, such as base stations and related systems. To make things worse, connections from your organizations’ IoT estate might go through a number of providers.
And so would computing. 5G will facilitate edge computing, which takes computing away from the ‘core’ of the network and places it at or near the source of the data. Mobile Edge Computing (MEC) reuses the CUPS architecture to allow the user plane functions and applications to be placed closer to the network edge. This is partly what makes 5G’s sub-5 ms latency possible. Compute would likely be orchestrated across devices themselves, enterprise’s data centers, “fog” or close-to-edge computing, device vendors’ data centers, public cloud, etc. all owned and managed by different providers. All this means that engineers will struggle to maintain the same level of security as when all primary processes are concentrated close to the computing core that they control. If perimeter security is not dead already, it will be with the arrival of 5G and mIoT.
Cloud Radio Access Network (CRAN), an innovative cloud-based architecture for radio access networks, uses a form of control and user plane separation. The result is split access architecture. Some access network functionality is performed virtually in a “central” edge cloud location, while other processing is done in a remote “physical” location. This enables a front haul and back haul split in the transport network. CRAN has significant advantages over previous architectures in terms of lower power consumption, reduced base station numbers, and costs. As a wireless network it faces all common wireless network security threats such as spectrum sensing data falsification, primary user emulation, and others. Being a novel network architecture it is also facing new security threats and trust problems that the industry hasn’t dealt with before. 5G adoption is making it everyone’s problem as well.
The CRAN architecture combined with network slicing offers the potential for more flexible 5G use cases.
Network slicing, another highly-anticipated feature of 5G networks, will enable the creation of multiple virtual networks on top of a common shared physical infrastructure. Network slicing is expected to be a fundamental architectural component of the 5G network, fulfilling the majority of 5G use cases. Pieces of the network can be attributed to specific domains or use cases, such as specific critical infrastructures, allowing more efficient and reliable network operation. But this will create new security challenges as each virtual network slice could demand unique security capabilities that need to be managed in a coordinated manner. At the minimum, the expectation will be that network slices will be highly isolated in order to prevent malicious attacks and the spread of vulnerabilities or faults to other intra-slice and inter-slice components.
If you are struggling today with understanding the risks of your mission-critical virtual machines being “escaped from”, imagine the complexity of proving the same for a network slice – a fully virtual slice of networking and computing that could cut across from a public cloud, through core, transport and access networks, all the way to your edge devices, and which is mostly outside of your control.
Artificial intelligence (AI) in the form of machine learning and deep learning has significantly improved internet and security protection. AI has potential for 5G telecom carriers too. It will allow them to optimize their investment and reduce costs by driving accurate 5G network planning, producing capacity expansion forecasts, accessing coverage auto-optimization, enabling dynamic cloud network resource scheduling, and delivering 5G smart network slicing. Over the coming years, AI will help carriers transform from the current management model based on human capabilities to a self-driven automatic management model. With this evolution they will truly achieve smart transition in network operation and maintenance.
This presents new challenges that neither telecom nor cybersecurity professionals have ever dealt with, such as AI “black boxes”, the inability to test AI for intentional backdoors, or adversarial learning, which is remote reprogramming of the neural network algorithms.
In 5G, the security landscape becomes more complex, with network architecture more flexible, logically divided and connected to the Internet. At the same time, applications, cloud, data center, network and endpoints all should be treated as a secure integrated system.
Securing data center and cloud components becomes critical as mobile network components are virtualized and potentially deployed on an NFVI (Network Function Virtualization Infrastructure).
Since cloud computing systems facilitate the sharing of resources among users, it becomes possible for any such user to spread malicious traffic that compromises the performance of the system, to consume more resources, or to gain unauthorized access to the resources of another user. Similarly, in cloud networks where different entities run their own control logic to achieve requested functionality, interactions can cause conflicts in network configurations.
Mobile Cloud Computing (MCC) migrates the concepts of cloud computing into 5G ecosystems. This creates a number of security vulnerabilities mostly attributed to the architectural and infrastructural modifications in 5G.
Some other representative security challenges of 5G architecture are:
User equipment threats – malwares, sensor susceptibility, TFTP (Trivial File Transfer Protocol) MitM (Man in the Middle) attacks, bots DDoS (Distributed Denial of Service), firmware hacks and device tempering.
Air interface threats – MitM attack and jamming.
Typical RAN threats – MEC server vulnerability and rogue nodes.
Packet core and OAM (Operation, Administration, and Maintenance) threats – virtualization, network slice security, API (Application Programming Interface) vulnerabilities, IoT core integration, roaming partner vulnerabilities, DDoS and DoS attacks, and improper access control.
SGI (Service Gateway Interface)/N6 and external roaming threats – IoT core integration, VAS (Value Added Services) integration, Application server vulnerabilities, Application vulnerabilities, API vulnerabilities.
Additionally, 5G subscribers are recognized in different use cases such as M2M, Industry automation, IoT etc. These devices use different radio access technologies and are equipped with different security features. Such devices are susceptible to MitM attacks, firmware and OS (Operating System) hacks, snooping and sniffing attacks, botnet type attacks, etc.
5G security and encryption
Encryption is affecting 5G security too. And other way around. In an increasingly digital world, encryption has become the primary mechanism for securing information.
However, while encryption techniques were developed to enable enterprise security over the Internet, they are now being co-opted in service of cyber-attacks. Gartner predicts that encryption will be used in more than half of new malware campaigns in 2019 and more than 70 percent in 2020.
The security of mobile, cloud and web applications depends on proven and optimally implemented encryption mechanisms, including their keys and certificates. But, threat actors are updated with the latest encryption mechanisms as well.
Network visibility becomes more complex. Where encryption is used, the network operator’s ability to analyze the traffic and conclude if it is malicious is limited. Security solutions need to provide estimates about protected and unprotected traffic by encryption, while simultaneously estimating what traffic is contaminated and what is not. With deep packet analysis not being viable any more due to the encryption, as well as the volume and speed of data, other technical solutions such as intra-flow metadata (Encrypted Traffic Analytics) should be explored.
Quantum computing may take root within the next decade, but the growth of 5G infrastructure is far more imminent and certain with an expected service life way past the expected arrival of quantum computing. Which means that the risks of quantum decryption need to be addressed now. Quantum technology is expected to be capable of breaking 99% of the encryption used by today’s enterprises, including data stored on a digital Blockchain. This means that governments and ICT stakeholders will need to upgrade to quantum-resistant cryptography soon, before quantum computers become available. SK Telecom, South Korea’s largest mobile operator has already developed Quantum Key Distribution (QKD) technology for its 5G network.
5G and Privacy Issues
Protection of personal privacy is a critical aspect of 5G security. Challenges include access to location information, or leakage of personal voice, health, and lifestyle data.
Location Privacy
As the use of positioning technologies has become more widespread, mobile applications using Location-Based Services (LBSs) have contributed more and more to mobile big data. This has raised important privacy security issues. Users usually need to submit some personal information to the trusted LBS server to obtain the service data, and traditional procedures assume that this information is discarded immediately after use. However, the data may be cached and reused in the future, exposing it to increased threats. Privacy requirements need to be elevated, and breaches prevented by stopping certain queries from being sent directly to the server.
WiFi localization based on fingerprint is considered to be a promising technology for indoor localization. However, mapping the recorded fingerprint to the service provider’s database could be used to divulge a subscriber’s location.
Threats such as semantic information attacks, timing attacks, and boundary attacks mainly target the location privacy of subscribers. At the 5G physical layer, location privacy can be affected by inappropriate choice of available access point algorithms.
Data Privacy
Generally, subscribers allow service providers to access their data without awareness of the privacy risks of sharing their data or an understanding of how their data will be used. They are often left with no choice but to trust that private data are being handled properly by the service provider, and are not redirected to unauthorized destinations. However, if users were more aware of and more knowledgeable about privacy risks, they would be able to make wiser choices about where and how they share their information.
Even personalized privacy policies can include sensitive information desirable to privacy attackers.
Most smartphone applications require details of subscriber’s personal information before installation. The application developers or companies rarely mention how data are stored and how they are going to be used. International Mobile Subscriber Identity (IMSI) catching attacks can be used to uncover the identity of a subscriber. Such attacks can also be initiated by setting up a fake base station, which the user’s device recognizes as the preferred choice with which to share the subscriber’s IMSI.
Moreover, 5G networks have different actors such as Virtual Mobile Network Operators (VMNO), Communication Service Providers (CSPs) and network infrastructure providers. All of these entities have different priorities for security and privacy. Synchronizing these disparate privacy policies will be one of the chief challenges of 5G privacy.
In previous network generations, mobile operators had direct access and control of all system components. However, 5G mobile operators do not have full control of the system, as it is logically and physically dislocated. User and data privacy are seriously challenged in shared environments, where the same infrastructure is available to different stakeholders. Moreover, there are no physical boundaries of a 5G network, because cloud-based data storage and NFV features are implemented.
Sensitive Information
Social networks attract a lot of users, and social network data contain users’ sensitive information, such as social relationships, social habits and personal data. This data is stored in different forms. For example, since images contain rich and colorful content, image search has been deployed in a wide variety of applications. In the era of big data, many small organizations choose to outsource image search to public clouds to reduce costs. This creates increased opportunity for privacy breaches. Many images contain sensitive information, such as personal identity, locations or healthcare information – storing these with appropriate protection is a major concern.
The integration of Internet of Things (IoT) and cloud computing is becoming a key driver of digital transformation in the healthcare industry. The emergence of cloud-assisted e-healthcare systems enables patients to supply their personal health information (PHI) to high quality and efficient medical services. While this paradigm shift has brought new opportunities and many benefits to healthcare organizations, it has also raised a number of security and privacy issues.
There are also regulatory aspects of security which affect 5G architecture. For example, in order to comply with the GDPR, any company in Europe which collects, stores and processes personal data has a number of obligations. Failure to comply with the GDPR can have significant consequences. Only a secure and threat-centric approach to 5G architecture can ensure conformity to GDPR.
Effective 5G security cannot be achieved through a one-size-fits-all approach. Different 5G system entities will have different security needs – understanding this will be foundational to building secure network operations.
5G Security Conclusion
Yes, 5G will enable new use cases that aren’t available today, with huge potential benefits for the world at large. But it will also create new opportunities for those who wish to exploit this new technology. As potentially the most critical of critical infrastructures, it will also need to be the safest and most secure. Understanding how enormously different 5G cybersecurity challenges are from the traditional ones is the first step.
More than half of the world’s population lives in cities. The UN estimates that by 2050 that proportion will be 68% – more than 6 billion people living in high-density conditions. This raises significant challenges. What is the best way to ensure that human needs are met in a fair and equitable way? How will we face challenges like resource strain, waste and pollution management, traffic congestion and connectivity?
In response to these wicked problems, cities are increasingly relying on smart technologies to foster greater efficiency and sustainable growth. These interventions do not, however, come without their own complications. Just like any digital tool, smart systems are vulnerable to cyber-kinetic attacks, but what makes them unique is their high degree of integration. Because these systems are by their nature embedded in many aspects of work and daily life, interfering with them has the potential to cause widespread disruption, even chaos. Furthermore, the massive volume of data that our interactions with smart systems generate create serious threats to individuals’ privacy if not adequately protected.
THE EFFECTIVE INTEGRATION OF PHYSICAL, DIGITAL AND HUMAN SYSTEMS IN THE BUILT ENVIRONMENT TO DELIVER SUSTAINABLE, PROSPEROUS AND INCLUSIVE FUTURE FOR ITS CITIZENS
This is an excellent definition as it highlights how smart cities represent the marriage of physical and digital in the creation of cyber-physical systems (CPSs). Such systems use sensors to gather data about the physical world, which is then digitally analyzed to determine how best to optimize the physical output of those systems.
CPSs are increasingly used to better manage the basic services in our cities: traffic management, transportation systems, energy distribution, water distribution, public safety, pollution control, waste disposal, wastewater treatment and more. On a more granular level, homes and workplaces are also becoming more and more digital, while it has become commonplace for public spaces in cities to be hot zones within which individuals can stay connected. All of this activity produces data. Lots and lots of data. It’s no exaggeration to say that smart cities are built on data in the same way that traditional cities were built on bricks and mortar.
Consider how many times a day you contribute to this reservoir of data. Perhaps you drive to work and use a navigation assistant to find the least congested route, feeding into and drawing from real-time traffic mapping that is constantly improving the suggestions it offers commuters. If you take some form of mass transit, you can receive real-time updates on arrival times at various pick-up points, as the system works behind the scenes to optimize speed and efficiency. In the future, your options may also include being picked up by an autonomous vehicle that uses real-time traffic information to take the most efficient route to your destination.
The water used to brew your favorite morning coffee and the electricity used to bake your breakfast doughnut are monitored and distributed by smart systems, as are the payment gateways and transactional networks that allow you to pay by simply scanning your phone. In the future, though, even that inconvenience will be eliminated. Some businesses are already experimenting with setups in which you present your phone to a scanner as you walk in the door, grab the items you want and walk out with them. An advanced tracking system monitors what items you take out the door and charges them automatically to your account without having to present them to a cashier.
When you get to the office, that too is smart-enabled. Beyond the obvious digital capabilities, such as the security systems allowing you in the door, there are probably lighting and temperature control systems that adjust intelligently to the room’s occupants.
While you’re at work, your power company detects that you are away and reduces power to domestic appliances that aren’t being used. You’re not even aware of this, though, because the power company, having data on your behavior patterns, restores your power to the level you require for your evening before you arrive home.
These are superficial examples of what truly smart cities are capable of. Many cities – not to mention countries – are aggressively pursuing an increasing amount of digital connectivity for everything that goes into their physical environments.
The development of smart cities
With urban populations swelling faster than infrastructure can grow, and with the resulting challenges growing almost as fast, the race is on to transform existing cities into smart cities. The market for smart city technology is expected to reach $1.5 trillion by 2020.
Singapore’s “Smart Nation” project is a leading-edge example, which, as a former Singapore resident, I have had the personal pleasure of working with. The city is using new digital technologies to enhance transportation systems, health, home and business, building interconnectedness in all aspects of citizens’ lives.
With the challenge of managing the world’s largest national population, China has been aggressive in this area, developing 103 smart cities, districts and towns over the past five years. These smart cities seek to bring pollution, traffic congestion and widespread energy consumption under control through greater use of connected technologies.
It’s perhaps no coincidence that India, the second largest nation on earth, has also taken a progressive approach to urban development, targeting 90 cities to engage smart capabilities as part of its “Smart City Mission.” Theirs is a pragmatic approach, tackling development in a layered fashion, but the outcomes still represent a sea change for millions of people.
In North America the U.S. Department of Transportation’s “Smart City Challenge,” encouraged US cities to solve major transportation issues using digital technologies. This is healthy competition designed to stimulate innovation that can be replicated across the country. Fostering smart solutions is expected to reduce increasingly complex urban transportation issues and improve efficiencies.
On the far end of the scale, Bill Gates has bypassed this approach altogether. Rather than taking existing cities and making them smart, he is building one from scratch on 25,000 acres of land he has purchased in Arizona.
Smart systems behind smart cities
Here are some examples of city systems that can be enhanced by digitization.
Transportation
Solving problems like congestion, pollution and safety are critical to the smooth operation of city transport, which is a complicated mix of public and private operations. With real-time data about mass transit schedules and delays, public transport is able to move to new levels of efficiency and commuter wellbeing.
Private transport experiences similar benefits, utilizing user and automobile data, street sensors, even drones and satellites, to relieve congestion, adapt traffic light schedules and direct drivers towards optimal routes.
Montreal uses AI, satellites, drones, and sensors mounted on vehicles to improve traffic flow. NVIDIA Metropolis combines internet-enabled video cameras and AI to provide improve traffic flow. They also offer smart parking services. Drivers who drive IoT cars can get real-time information on available parking spots and their costs, even if cost varies according to parking demand.
Buildings
Our homes and our workplaces – the physical spaces where we spend most of our lives – are increasingly moving into the Internet of Things (IoT). This grants us unprecedented control over these environments and how they best serve us. For the first time offices can become more than containers for work; by optimizing the sensorial and ergonomic potential of these spaces we are using smart technology to improve human wellbeing. The key, of course, is enormous amounts of data.
Deloitte Netherlands’ office building known as “The Edge” is one of the most energy-efficient buildings in the world. Its lighting system is optimized to reduce energy usage and it has solar panels and underground geothermal energy storage. In addition, it uses rainwater for wastewater systems. All this is tied to a vast array of sensors that collect environmental data and optimize building management. Cleaning and maintenance, therefore, are responsive, not inefficiently routine. The system tracks the location of every person on the premises at any time. It also offers employees the convenience of applying their personal preferences to all devices with which they interact – even down to the coffee machines.
At home we are integrating more and more IoT devices into our daily lives. These help us change the atmospheric conditions of a room or background music with a simple voice command. They help us vacuum the floor. They even allow us to monitor and manage our home when we’re not there. And these are not toys of the rich and famous. Rapid evolution of IoT technology is making such devices increasingly affordable and, therefore, ubiquitous.
Energy
As social and environmental awareness more heavily influence public and commercial interests, the term ‘smart energy’ is expanding beyond the ‘traditional’ definition of more efficient energy delivery. It also refers to balancing growing energy needs against environmental concerns and incorporating more clean energy. Here technology has a powerful role to play for the greater good. Smart grids use smart meters to coordinate supply schedules and deliver energy cheaper and more efficiently. The smart grid can even assess consumers’ energy usage patterns and turn off appliances that are unlikely to be used. In an era of massive supply-side pressure on energy consumption, this intelligence has major ramifications for the way we live, and will continue to live in the future.
Siemens is currently working with Rotterdam and Dutch energy providers to create a smart grid that connects 20,000 homes and companies. The system, due for completion in 2020, will use data generated by consumers to identify energy usage trends and then use those trends to optimize energy supply.
Water
Think of the great cities of the world. You’ll struggle to find one not located next to a river, ocean or large body of water. The history of human settlement and water are closely entwined, and management of this precious resource remains one of the most important tasks in city oversight. As cities grow to tens of millions, the complexity of water distribution grows too. Its flow must be understood to optimize it.
Smart water systems analyze usage patterns to predict future water needs. But they also do more than merely distribute water. Their sensors also automatically assess water quality and detect maintenance needs throughout the system, improving public health and social wellbeing.
Public safety
The more humans there are crowded into a limited space the greater the possibility of things going wrong. It’s a trite observation but it points to one of the key roles smart technology is playing in modern metropolises. Smart street lights that adapt to weather conditions and report their own maintenance needs, traffic and surveillance cameras that detect gunshots and monitor city streets in real time – these are silent sentinels that improve public safety.
With more than half of the world’s 7.5 billion people living in and around cities, the amount of waste generated is staggering. Management of this waste is one the least sexy but most critical areas in which smart solutions can play a positive role.
Advanced data analytics, such as those in IBM’s intelligent waste management platform, help optimize collection, transportation and waste recovery. Internet-enabled containers, like those created by Veolia, report their volume of garbage and odor so that collection can be done on an as-needed basis. In receiving this information, waste trucks can collect only the containers that need collection, significantly reducing the financial and environmental cost of trucks on the road.
Pollution control
Air pollution is a public health crisis. According to data from the World Health Organization, 7 million people die prematurely each year as a result of the effects of air pollution. The remedy to this universal problem varies from place to place according to the unique needs of that location, but cities are united in their need to pay attention to air quality. This domain will benefit greatly from smart technology as detection and response systems evolve.
A current example is found in Chicago, where a massive “Array of Things” program was initiated in 2016. Sensors were installed at key locations throughout the city to monitor pollution and climate conditions and provide relevant data to researchers as they seek to improve Chicago’s air quality.
Threats to these systems
The smart systems described above give a basic sense of the potential benefits that ‘smartification’ can offer the cities of tomorrow, but the real possibilities are virtually limitless. It’s not all good, though. By their nature, smart systems are deeply connected, incorporating millions of sensors and devices – each a distinct node on the network. This represents an inherent security threat: anyone who is able to illegally access and assume command of these systems is able to do damage of a scale unimagined in the times of independent, analog systems. Some examples include:
Traffic control systems
As early as 2006, Los Angeles traffic control systems were commandeered by disgruntled employees who wreaked havoc for days before they were identified. In 2014, security expert Cesar Cerrudo demonstrated how the lack of encryption in many widely used traffic control systems could enable an attacker to disrupt lights and snarl traffic. In crowded cities traffic congestion is a major issue, but it’s easy to see how hacking the system could lead beyond traffic jams to loss of life in traffic accidents.
Though an increasing number of newer smart systems have the necessary encryption, older systems do not, and they are almost impossible to replace without major street reconstruction.
Mass transit systems
The 2008 hijacking of the Lodz, Poland, tram system shows evidence of vulnerabilities in mass transit systems, too. And while the 2016 ransomware attack on the San Francisco municipal rail system didn’t significantly inconvenience riders or cause injury, it, too, demonstrates that municipal transit systems are being targeted. Additionally, introducing false information on the systems could cause unnecessary congestion and delays as people base their actions on that false information. You can read more about mass transit and railway risks here.
Power grids
As the recent major blackout in Venezuela shows, the loss of a power grid can have devastating, even fatal, consequences. Though in this case there is no clear evidence of tampering, the effects of the blackout were reminiscent of the 2015 BlackEnergy attack on the Ukrainian power grid, in which more than 80,000 consumers were left without power. Vulnerability demonstrations show how this type of attack is highly plausible, while actual attacks on power plants suggest that this is already a consideration for cyberattackers.
Water distribution systems
Attacks on power grids impact water supply, but direct cyber-kinetic attacks on water distribution systems are also a realistic threat for smart cities. Such strikes threaten human lives and are already a reality, though fortunately with minimal damage so far. Most chilling are reports of a 2016 hack of an unidentified water treatment plant, where mass casualties were averted only because the hacktivists who attacked it did not immediately realize what toxic chemicals they were in a position to unleash on the plant’s consumers.
Other threats
With so many centralized service management systems needed to run a city, hackers with villainous intentions have multiple possible targets. From hospitals hit by ransomware attacks, to GPS spoofing of location-based services, to traffic management systems and wireless smart street lighting systems left exposed by encryption problems, cities are vulnerable to crippling hits on essential services. The potential consequences range from dire to deadly.
The promises – and dangers of 5G
According to the Global Commission on Economy & Climate, smart cities may save the world as much as $22 trillion by 2050. As discussed above, the promised benefits of smart cities are far-reaching and manifesting them will include the generation of many new technologies that will positively impact transportation, healthcare, building management, city governance and education. At the moment these developments are in their infancy – the true shift is expected with the arrival of 5G. This new wave of connectivity represents a total departure from the 4G and 3G networks that have preceded it. It will deliver blistering fast data speeds (up to 20 times faster than 4G LTE) and absurdly low latency (1 millisecond or less), but its role in smart cities extends beyond these astonishing capabilities. Able to support up to 1 million devices per square kilometer, 5G will deliver the platform required to truly operate a smart city ecosystem.
But this is not all good news. With 5G’s elevated connectivity come 5G elevated security threats. A massive rise in the number of connected devices combined with an increase in edge computing distributions will expand security threats and broaden the attack surface available to cyber criminals. As we have discussed above, the more integrated systems are – as is the nature of a smart city – the greater the potential consequences of a cyber-kinetic attack.
Threats to individuals’ privacy
Beyond the physical threat of cyber-kinetic attacks, one of the biggest concerns with smart cities is privacy. Every individual in the system generates an enormous and continuous stream of data that can be used against him/her if it is accessed by the wrong person. And with so many system vulnerabilities, the possibility of that happening is not insignificant. For example, with Montreal’s system of sensors installed on cars, a hacker able to link a vehicle to a person would have all he needs to track that individual through their unique data trail. This information, linked with all the other aggregated data on that person’s movements and activities gives a criminal material to blackmail that individual, or run a range of man-in-the-middle attacks.
Privacy concerns also haunt the smart buildings we work in. A building like Deloitte’s ‘The Edge’ may know your personal preferences but such advantages come at a hidden cost: the building’s data builds a very detailed personal profile of you that could be used against you were it to fall into the wrong hands.
Fortunately, Deloitte has been very conscientious about protecting their employees’ privacy, but as similar systems roll out into other buildings, employees’ vulnerability would be massive if those buildings’ owners turned out to be less diligent.
Our own homes are similarly vulnerable to covert intrusions. If you’ve ever thought that talk of people hijacking the camera or microphone on your IoT device to spy on you is paranoid, think again. Such an intervention is relatively easy for hackers to achieve; they can even access seemingly innocuous devices like smart vacuum cleaners to gain surveillance entry to your home. Your domestic energy usage can also be used to glean information about your personal behaviour; detailed analysis of subtle fluctuations in your power consumption can reveal which television shows you watch.
Even more personal, wearable devices create massive information logs about an individual’s lifestyle and health. Many companies are already accessing the wearables information of their employees, but unauthorized access to your health and movement data ranges from undesirable to dangerous.
When one understands that it is even possible to re-identify individuals through the data they produce via smart waste management systems, one realizes that anonymity is increasingly difficult to secure in the IoT age. Attackers are able to discover individuals’ identity by using data available across multiple sources, even if they have secured their identity in one area. For example, the Harvard University Privacy Lab demonstrated it to be easy to re-identify individuals by combining news items about hospitalizations with publicly available datasets.
Then there is a technique called a “statistical disclosure attack” that can aggregate anonymized data from multiple systems and detect patterns that enable an attacker to re-identify an individual. UK researchers are studying how this technique could increase the risk of data exposure in large clinical data warehouses, like those that would likely exist in a smart city.
It’s not just cyber criminals who are trying to benefit from your data, it’s also people who are trying to sell you products. Marketers are using facial recognition technologies to analyze shoppers, their engagement with displays, even their identities, then applying the information available to them from Big Data to provide customers with more individualized shopping experiences. These marketers can use your behavior patterns and all other data on your life to influence you. In other words, the massive amounts of data available about you are being matched with your face to try to get you to buy more.
The Dutch train company NS is already facing scrutiny over privacy issues over their development of smart billboards that they use on mass transit vehicles. Cameras in the billboards are connected to software that analyzes people’s faces to determine the person’s sex and age and push relevant ads at them.
With such significant volumes of data available on a person, marketers have almost omniscient powers. In an interesting but disturbing anecdote, a retailer targeted a teenage girl with products for pregnant women. The girl’s father complained to the retailer about this advertising blitz of inappropriate products. Not much later, though, the father learned that his daughter was indeed pregnant. The girl had not shopped for such products, but the data the retailer had on her enabled them to accurately predict her condition.
Privacy is shrinking, and in smart cities this is set to be even more extreme as every step of our daily life will contribute to a detailed data map of who we are and what we do. And when one connects this with the knowledge of how open smart systems are to attack, there is no way of knowing who is watching.
Takeaways
With so many critical services enmeshed with smart cities, the attack surface is enormous and extremely vulnerable. The more technology is involved, the greater the vulnerability to infrastructure and city services. Securing systems is essential, particularly as we prepare to move into a 5G world.
The IoT written into the fabric of smart cities is flooded with devices that have had little to no thought put into security, their manufacturers being too eager to get their product to market. Their short-term win, however, is everyone’s loss as unsecure devices leave the whole system shockingly vulnerable to attack.
It is critical that smart cities are reassessed and reconditioned for security and privacy concerns. If not, the technology that is set to positively redefine how urban dwellers cohabit will be the same technology that causes cyber-kinetic meltdown. This is not the same as an attack on a corporate or intelligence agency target – where smart cities are involved the targets may be essential services that keep people alive. As thinking shifts increasingly towards 5G rollout and the opportunities it will present, now is the time to view systems security with same passion and commitment.
Since the dawn of the 21st Century, the ways in which people and organizations that use the Internet experience, perceive and act in the world is radically changing. We interact with physical objects and systems well beyond our sight and comprehension. Our cars, homes, factories and public transportation are controlled increasingly by computer chips and sensors. This interconnectedness already exceeds much of last century’s science fiction imaginings, but is poised to accelerate even more dramatically with the advent of 5G.
Popular telecom carrier driven expectations about the speed and capacity of 5G consumer mobile service tend to obscure the broader reality that 5G network infrastructure will also connect billions of sensors, devices, vehicles, machinery and other things besides smartphones. People will be connected to things too, not just their favorite apps, and things will be connected to each other for purposes far more critical than entertainment. Wireless and landline networks will become more fully integrated, and the Internet of Things (IoT) will become the Internet of everything.
Beyond the hype around ‘shiny objects’ like gigabit speeds, lightning fast movie downloads mobile gaming, AR and VR, 5G is foundational general purpose information technology promising high capacity, high throughput and low latency connectivity for a vast array of diverse functions and applications. 5G will be capable of handling mission critical agricultural, industrial, commercial, financial, medical, education, energy and transportation communications almost instantaneously. That’s not to mention key government functions including military operations and local public emergency services. In short, 5G is likely to impact every industry, enterprise, NGO and government known to humankind.
5G near real-time connectivity and network slicing technology will foster disruptive innovation in every sector across all regions of the world. Already various IoTs are developing in parallel: industrial, commercial, residential and civic IoTs, the latter associated with ‘smart cities.’ The European Patent Office reported a 54% surge in patent applications related to ‘smart connected objects’ from 2013-2016, — before any 5G networks were available, according an article published for the recent World Economic Forum in Davos. The stock of Corning recently spiked upward on reports of strong growth in demand for fiber cabling in 5G network build-outs.
A short history of ubiquitous wireless communications
In the mid-1980s the first generation of mobile technology — cellular phones — were clunky, very expensive and boasted ‘gravelly’ voice-only service with coverage limited to major metros and calls dropped frequently. Digital voice flip phones of the 1990s brought significant quality improvement. In the new millennium, 3G brought the Internet and texting to mobile phones, and then the 4G LTE networks of the past 8 years supported streaming audio and video applications on smartphones. 4G led to an explosion in social media usage and the rise of the ‘gig economy’ in which ride hailing and other services are available instantly via countless new platforms.
5G connectivity is emerging as the enabler of something bigger: the fourth industrial revolution. Its global network infrastructure may well become the most critical infrastructure ever. In most of the industrialized world, where telecom networks are privately owned and operated, only utilities like electricity and water along with roads, bridges, railways and airports have been traditionally considered ‘critical infrastructure.’
That’s about to change in the next decade, even though 5G enabled smartphones are not available yet and mobile operators/carriers and regulators are still working out deployment issues like spectrum use. Dozens of equipment vendors are working on building 5G network infrastructure and 5G compatible phones and other devices. These companies include: Corning, Qualcomm, Intel, Ciena, Ericsson, Nokia, Huawei, ZTE, and Samsung.
What 5G can do
5G connectivity will allow all the various IoTs described above to be augmented with real time machine learning and artificial intelligence (AI). It will provide the low latency and split-second responsiveness required for remote robotic surgery and for more safely managing transportation including aerial drones, high speed trains and autonomous public and private vehicles in city traffic. As such, this new IT infrastructure will be more critical to humanity than the Internet ever was previously.
Further, the next generation of Internet connectivity will carry millions of transactions in global financial markets and commerce. If and when it is fully implemented, 5G will lead to massive efficiency and productivity gains because it will empower real time supply chain and fleet asset tracking and management, wireless manufacturing processes that eliminate inefficient tangles of wires and cables in factories and plants, robotics and automation. These tectonic shifts in processes will displace human workers, while creating other new jobs, some known, some as yet unidentified, especially in STEM fields. It’s difficult to overstate the importance of re-skilling global workforces in anticipation of this next wave of labor disruption.
A new technical capability called ‘network slicing’ will allow multiple data streams to run in parallel over shared network infrastructure. Enterprises will be able to order up and customize ‘slices’ of network capacity on an as needed basis to support a broad range of diverse services and functions running simultaneously. Network equipment vendors Ericsson, Huawei and ZTE have been working closely with mobile operators on this technology. 5G New Radio architecture will enable modification of network configurations on the fly to support a multiplicity of devices, — as many as 1 million per square kilometer.
Timetable for 5G infrastructure build-out and service offerings
Huge upfront capital costs and a tangle of regulatory and public policy issues pose the biggest obstacles to swift deployment and adoption of 5G. Annual spending on 5G infrastructure worldwide is forecast by some experts to peak at over $14B in 2021. Rules and laws governing security, privacy, data monetization and content management will need to be worked out and/or harmonized internationally. New regulatory and liability frameworks must be developed and implemented. All major stakeholders are currently engaged in intense discussions about the revolutionary implications for their economies and societies because commercial viability of 5G connectivity is now firmly visible on the horizon.
While the U.S. may be currently lagging behind China and South Korea in deployment of 5G, the global race is on. South Korea is proceeding more slowly after initially ramping up 5G for the 2018 Winter Olympics, but anticipates getting service to 90% of its population by 2026.
Mobile technologies and services as a share of global GDP are expected to grow from $3.3 trillion in 2016 to $4.2 trillion by next year. 5G networks are far more dense than prior iterations, requiring 5x as many towers as cell phone networks do, although in many cases, lamp posts, bus stop shelters and other existing structures may be used.
Europe is the world’s most highly penetrated mobile market. Orange has been conducting tests of 5G in France and Belgium. AT&T and Verizon’s announcements of 5G service for 2018 involved only consumer residential offerings in a few cities that is not even authentic 5G, but the real deal is just around the corner.
There’s a bit of the “chicken and egg” dilemma typical of new networked technologies in play here. It’s difficult to justify extensive network build out before smartphone makers and customers have upgraded to 5G phones. At the same time, how does one justify investment in devices before the essential infrastructure is upgraded? Qualcomm, Samsung and others are developing the chips for 5G devices, but global technical standards have not been upgraded yet either.
Downside 5G risks and threats abound
Privacy and security risks to the physical world from all this supercharged cyber activity are set to grow exponentially. I have worked with over 20 of the top 100 telecom companies as well as with critical infrastructure protection organizations in a dozen countries on identifying those security and privacy risks and creating novel approaches to mitigating them.
The U.S. Department of Homeland Security created a task force in the summer of 2018 to conduct a strategic risk and threat assessment of 5G with a goal of protecting global supply chains. That assessment process will reach well beyond the immediate ‘hot button’ focus on specific Chinese equipment suppliers. Spotlighting the need to protect global supply chains, Christopher Krebs, director of DHS’s Cybersecurity and Infrastructure Agency (CISA) emphasizes the importance of establishing a framework for trust in secure vendors.
In meetings between U.S. and European cybersecurity officials in late February, the Europeans, while receptive to legitimate concerns about Huawei, were skeptical of claims those threats cannot be managed, though one line of computer code in a 5G network driven by millions of lines of code could compromise everything.
Critical 5G infrastructure could be disrupted or manipulated but by any hostile nation state or terrorist group. The skeptics think Americans are really more concerned with trade threats from China than security risks. They tend to value using a diversity of equipment suppliers. The British are in the midst of reviewing their approach to 5G security.
As a window into the enormity of cyber threats impinging on the business world, one vulnerability already being exploited is that Bitcoin miners are now hacking into corporate IT systems not to steal data, but to rob them of their ‘compute’ or computational capacity, — something cryptocurrencies need in bulk for processing transactions using blockchain technology. 5G would enable such attacks and a multiplicity of others to proceed far more swiftly before they can be detected.
In terms of threats to societies, weaponization of disinformation on social media platforms is rendered all the more potent by instant spreading of “deep fake” video content that will be enabled by 5G connectivity. One small step all governments can take is to require security clearances and raise technical standards as a condition of granting licenses for 5G spectrum use, but of course, such measures will be useless against rogue nation states.
Competition and standards
Meanwhile, the world’s most powerful nations and big global tech companies are all vying for a competitive edge in the move to 5G. The global standards setting process for 5G involves “engineers from rival inventing companies, rival product makers, rival network operators, all from different countries and continents, discussing, testing, striving to perfect tens of thousands of different technical solutions… They judge each technical solution using a merit-based consensus-building approach.” These ongoing deliberations are fraught with geopolitical and commercial challenges layered onto core technical questions.
Representatives from most equipment vendor and services companies convened at the Mobile World Congress in Barcelona in late February, and many of them also at #OFC2019 in San Diego the first week in March. The IEEE is also working on standards for 5G network equipment.
Global socioeconomic impact from 5G
Some observers conclude that a 5G revolution will change the world more profoundly than either 3G or 4G did and I agree. It may rival the invention of electricity as a socio-economic game changer. Verizon CEO Hans Vestberg has said, “I think that 5G has the potential become one of the most transformative technologies that we’ve seen in a long time.”
Mobile technology has already allowed developing nations and societies in Africa, southeast Asia and South America to leapfrog into the 21st century digital economy without first building reliable landline telephone networks. 5G is likely to have an even greater leveling effect if it reaches into these geographies. In the U.S., Verizon is offering 5G as a first broadband service to remote rural residents and small businesses not connected by cable or fiber.
On the other hand, 5G could actually widen the digital divide in parts of the industrialized world and developing nations because the essential infrastructure requires such heavy capital investment and a reliable supply of energy as well. Both towers and power can be very expensive.
Conclusion
If 5G connectivity extends to even most of the industrialized world, it will be truly transformative to the global economy and societies. However, the sobering security vulnerabilities of IIoT and massive IoT systems must be dealt with urgently now if they are to be effectively mitigated.
It will require enormous amounts of hard work and creativity to anticipate and thwart attacks on utilities and transportation systems for example, by bad actors adept at using the most critical infrastructure ever: 5G connectivity for harming our physical critical infrastructures.
Smart used to be something we called people or pets. It wasn’t a term one would use to describe one’s hairbrush. That is changing, of course, in an era of accelerating digital transformation. Now we have smart homes, smart cities, smart grids, smart refrigerators and, yes, even smart hairbrushes. What’s not so smart, though, is the way the cybersecurity and cyber-kinetic security risks of these systems are often overlooked, and with new horizon technologies like 5G, these problems are set to grow exponentially.
Cyber-physical systems and the smartification of our world
Cyber-connected objects have become ubiquitous. They are so prevalent that we are already beginning to take their existence for granted, even though this was the stuff of science fiction only a few years ago. We’re all familiar with the ‘sexy’ examples of smart connectivity: cars that park themselves and warn you of other vehicles in close proximity as you drive on the highway; homes that change atmospheric conditions, lighting and music to your preferences as soon as they recognize your voice; apps that let you monitor home and vehicle security from the other side of the world; and refrigerators that let you know when you need to stock up on milk.
However, the real impact stretches far beyond lifestyle accessories. Distribution of essential services like power and water is made more efficient by smartification. Sensors detect imminent failures before they happen and dispatch repair personnel to the location to fix the problem before consumers are inconvenienced. Traffic control systems monitor traffic patterns and adjust traffic light timing to optimize traffic flow. Entire cities are able to operate more smoothly and respond to changing needs in real time.
All of this is facilitated by cyber-physical systems (CSPs) — technologies such as the internet of things (IoT) and industrial control systems (ICS), which are capable of sensing and positively influencing the physical world. In commercial terms, this shows up as factories with ‘intelligent’ machines that optimize maintenance and production cycles, or large-scale farming operations that use connected devices to maintain an optimal balance of soil moisture and nutrients.
It is probably unsurprising that the advanced diagnostic equipment found in hospitals is connected via CSPs. But when cyber-enabled devices are planted in human bodies – that’s when things start to feel more like a scene from an Arthur C Clarke novel. Cyber-enabled pacemakers, heart monitors, defibrillators and insulin pumps enable doctors to remotely monitor patients’ conditions and make adjustments as necessary. That makes each of those patients part of a smart cyber-physical system!
Cyber-kinetic attacks: The unintended consequence of smart technologies
Despite the amazing benefits they afford, CSPs like the IoT also invite significant cyber-kinetic risk: cyber-connectedness opens the door to cyber-kinetic attacks. Such campaigns use the interfaces of the digital world to make an impact in the physical one, and in this sense, IoT and ICS technologies are very similar. Their networking capabilities make acts of chaos possible in a way that never existed 20 years ago. Cyber-kinetic attacks hijack ICS or IoT devices and use them to control the physical elements of our world in ways that can hurt people or damage the environment.
The attacks described above are real – only the inexperience of the attackers and the quick work of responders prevented catastrophic damage. But there are many more examples.
A 2016 attack on apartment buildings in Finland left residents without heat or water in the middle of Scandinavian winter. A teen in search of entertainment hijacked the city’s tram system and began randomly rerouting trams – a game to him but a potentially fatal event to the dozens that were injured when trams inevitably collided. When a waste management contractor felt he had been unfairly treated in a dismissal by town authorities, he manipulated the sewage system to discharge more than 260,000 liters of raw waste across town for months before he was caught. Environmental damage and risk to public health were widespread.
As we move towards implementation of 5G technology these numbers are set to increase. With latency approaching zero, 5G networks promise a new era in connectivity and seamless real-time engagement between IoT devices. For the first time, grids of driverless cars and other autonomous objects will become a reality, opening up a whole new level of possible cybercrime. In this context, the number of vulnerabilities in IoT and ICS devices is deeply concerning, but the lack of protection around them is even more worrisome.
Less-than-smart security practices and the cyber-kinetic risks they cause
Poor protection of cyber-physical systems is sometimes due to laziness or budget restraints, but the most pervasive reason is a poor understanding of the laws of networking. Most people prioritize easy of connection over security, relying on the thinking that hackers are only concerned with high-profile targets like major corporations and national intelligence services. ‘Why would they target us?’ seems to be the general view. But this perspective is naive and outdated – a dangerous combination when it underpins a decision to install only basic protection. To rely on the statistical improbability of a given IoT device being targeted – ‘security by obscurity’ – is to play Russian roulette.
In a full-scale cyberattack, however, nobody is safe. Ransomware attacks, one of the fastest-growing forms of cyberattacks, seek any system that has vulnerabilities, not just predetermined targets. This makes the common argument of “who would want to target us?” not only irrelevant but irresponsible. Because systems today are so networked, any system with vulnerabilities accelerates the spread of the attack by opening its connections up to risk as well. Proper defenses protect you and those you are connected to.
The unique security challenges of IoT
Cyberattacks today are different from those conceived before the IoT. Traditionally, hackers are thought to break into a system to extract information, but someone attacking IoT devices generally wants to manipulate what they do. That means cybersecurity of IoT and IIoT has to expand beyond the protection of data to the protection of all the physical repercussions that could be triggered by a cyber incursion. This is a complex task that requires the consideration of multiple attack vectors. In response, IoT security needs to be interdisciplinary and connect traditional engineering domains, wireless communications, systems engineering and cybersecurity.
IoT also demands new security testing processes. Penetration testing, designed to find system failure points, is useless with systems controlling critical physical processes that cannot afford interruption. Thus, security protocols and testing processes must be rethought and redesigned to meet the new reality and related cyber-kinetic risks.
Recognizing growing threats
Traditional social and economic systems are breaking apart, breeding more and more disaffected youths who are primed to learn hacking skills on the dark web. Terrorist organizations are increasingly moving to cyberspace to engage their enemies. Social justice warriors are relying on cyberskills to level the playing fields against major corporations and government institutions. Organized cybercrime groups are shifting their attention to IoT (and CPS’s in general) for ransomware campaigns. In short, the number of hackers is growing and, though nations are building armies of trained cyber warfare specialists, they are largely on the backfoot. In a world in which billions of devices are connected to the IoT and cyber-kinetic risks are growing how does one cover every eventuality?
When my research team assesses critical infrastructure systems in various countries for vulnerabilities, we rarely find one that hasn’t already been breached. We almost always remove some form of malware or backdoor that would let the hackers who placed them there return whenever they want to trigger them. This is always a sobering experience.
While the ‘we won’t be attacked because we don’t think we’ll be attacked’ approach has worked for many vulnerable CPS’s so far, it is a dead-end strategy. Ensuring that IoT is properly secured is critical.
Where do we go from here?
Regression to a cyberless world is unthinkable, but so is a world where everyone is connected but no one is safe. Cyber-kinetic attacks are a reality and their numbers are growing, as are the complexities of the systems that require protection. If this world is to be a genuinely ‘smart’ one we must get serious about securing IoT technologies – from the start of the IoT development, not as an afterthought.
Security professionals must address the new cyber-kinetic risks that IoT creates. Traditional security protocols and testing processes must be rethought and revised to catch up to current and emergent technologies like 5G. Only by securing the growing world of IoT can our smart technologies truly be as smart as they need to be.
Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
Railway systems have long been critical. Mass transit systems move hundreds of thousands of people throughout urban areas each work day. Freight systems move an estimated 40 tons of freight for every person in the U.S. every year. Imagine the chaos if they were disrupted.
These systems have always been challenging to secure. Even urban mass transit systems contain hundreds of miles of track, with thousands of control mechanisms along their routes. And interstate or international systems that move freight and natural resources to where they are needed are even more widely distributed.
For centuries, these systems were strictly mechanical, with whatever electronic controls they used strictly proprietary. Railway operators now, though, increasingly use open-source, commercial off-the-shelf (COTS) control systems. That multiplies the challenge of securing systems from those who wish to disrupt lives or the flow of products and services. Railway systems are highly vulnerable to cyber-kinetic attacks.
Extensive vulnerabilities
I speak from experience. I recently led a team in assessing security for a large rail provider. The results were shocking: we found more than 20 cyber and IEMI ways that attackers could use to instigate kinetic impacts that would cause application of emergency brakes, derailment or crashes.
Other researchers have had similar findings. Their assessments found shockingly poor practices widespread in railway industry security, such as:
Continuing to use software for which manufacturers no longer provide security patches
Using hard-coded passwords for remote systems
Failing to isolate engineering systems from passenger entertainment systems that could provide hackers with access to critical systems
These are only a few vulnerabilities. And they do not go unnoticed by potential attackers.
Many potential attackers
A 2015 “Project HoneyTrain” experiment sought to determine the scope of threats against railway systems. A simulated railway infrastructure was set up to look like a real rail system to online attackers – even down to CCTV feeds, control interfaces and schedules and statuses of trains.
This system contained many of the poor security protections common to real rail systems. The researchers then analyzed traffic these systems received to see how attackers would respond.
In only six weeks, they recorded 2,745,267 attacks. In approximately 10% of them, attackers gained limited control of systems, although none gained control to the point where they could have caused serious damage if the system had been real. But once attackers breached systems, they returned repeatedly to try to penetrate deeper. This experiment shows that knowledgeable attackers actively seek railway targets – and likely find vulnerabilities they could exploit to eventually cause serious damage.
Rail systems are a prime target for terrorists, such as those who conducted the 2004 Madrid railway bombings in which 191 people were killed and more than 1,800 wounded. Al Qaeda has even published instructions online to teach sympathizers ways to derail trains, and which rail lines to target.
Ransomware attacks have made railway systems targets for criminals, too. Extortion attempts on the San Francisco Muni system in 2016 and Deutsche Bahn German railway system in 2017 demonstrated potential for big payouts.
Project Honeytrain demonstrated that attackers see railway systems as desirable targets. And reports from real rail systems demonstrate that those systems are increasingly being targeted.
Security challenges
Digitized systems are new territory with which industry leaders have never dealt. Past mechanical control systems enjoyed a low rate of being compromised. Many analysts are concerned that overconfidence in the industry’s past record with mechanical systems will blind leaders to the increased risks as digital, remote control systems replace mechanical, localized ones. The risk is especially high with COTS systems that are often inadequately secured.
In addition to the standard security vulnerabilities that cyber-physical systems experience, those in railway systems have more. Controls in railway systems require the attention of both safety and security specialists, but each discipline approaches equipment in markedly different ways. This opens the possibility that one group may take actions that inadvertently impairs the efforts of the other.
The shift from mechanical controls to digital also drastically shrinks replacement windows for system components from decades to years, or even months. That greatly increases the amount of attention those components require.
Furthermore, in contrast to safety protocols, attention to systems doesn’t stop where the rail operator’s property ends. With rail lines comprising the property and equipment of multiple operators and potentially crossing multiple jurisdictions, connections between a multitude of stakeholders must be secured, as well as the property and equipment of the individual operator.
Governmental and rail services’ response
Governments are aware of the vulnerabilities that rail systems face and are actively trying to address them. They are developing new standards to help rail services make security a priority as they transition into increasingly digitized systems.
Many rail services, too, are taking up this challenge. The UK’s rail industry body has committed to making cybersecurity an integral part of the industry’s culture and making the UK industry a model for the rest of the world. Individual U.S. rail services are focusing on improving threat monitoring practices or converging IT and OT security staffs into one body for better communication and cooperation.
Recommendations
Here are just a few of best practices to enhance security of railway systems:
Breaking down the silos between IT and OT (operational technology) domains is vital to cybersecurity, and consequently safety, of railway systems. This is often the hardest task as it means empowering leaders, changing the organizational structure, and changing the long-established culture.
Increase the materiality of railway systems cyber risks and ensure that cybersecurity decisions are made at the highest level of the organization and play a role in all organizational strategies.
Build security into the design of every system, ideally on multiple levels; when systems are procured, ensure that their security is strong. In currently popular railway digitization projects ensure that all of your myriad of suppliers and systems integrators are being held accountable for the cybersecurity of their part. But also make sure that there is someone accountable for the overall cybersecurity across all projects and technologies.
Perform risk assessments, penetration testing and red teaming; don’t let a malicious attack be your cybersecurity’s first test.
Practice your crisis, incident, and emergency responses to cyber-kinetic attacks or incidents.
Isolate critical systems from passenger-facing systems, so that easy-to-access passenger systems cannot be used as gateways into critical ones. Segment all your networks following the same principles.
Develop procedures to identify and mitigate risks in your supply chain.
Develop procedures to ensure that patching of known security vulnerabilities is conducted in a timely manner.
Stay informed of threat intelligence so it can fully inform security strategies.
Takeaways
Securing rail systems is not a simple task. This is especially true as they transition to COTS control systems that are accessible remotely via wireless or internet connections.
Many railway operators are taking this threat seriously. Danger exists, though, that systems’ sparse history of attacks will lull operators into a false sense of security that could lead to tragic consequences.
Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption.
Originally published on CSOonline on June 13, 2018.
The human brain is programmed to keep us safe and secure. Yes, we are separated from the rest of the animal kingdom by our advanced capacities of sense-making and decision-making, but at the core of our grey matter remains some primitive but powerful tech tasked with keeping us alive. If your amygdala senses danger, it makes a split second decision and triggers the fight-or-flight response, flooding your body with hormones like adrenaline that prepare you for battle. This overrides the cortex – the sophisticated part of the brain we rely on for problem-solving and strategic thinking – making it hard to do anything but react to the moment.
This ancient response has evolved very little over the past 50 000 years. What has changed, however, is what triggers it. The dangers for which the fight or flight response was intended – wild animals and marauding tribes, for example – are no longer relevant. Instead we have financial stress, traffic, a difficult boss or relationship troubles. The amygdala does not distinguish between these threats and a pride of lions hunting you in the savanna – they are perceived as equally dangerous – which is why people can become physically stressed by thoughts in their head. This system is always online, and it is good at ensuring our physical security.
But what about our Internet of Things (IoT) security?
Because most people regard the ‘real world’ and the ‘digital world’ as distinct and separate realms, they do not have the same fear of a cyber-kinetic attack as a physical attack. It simply doesn’t trigger the same response in the brain, so we tend to ignore it. But there is no longer a distinction between the digital and the real.
We live on the brink of an era in which cyber-kinetic vulnerabilities of IoT technologies will become a bigger danger to our physical safety than the weather or traditional violent crimes. The threat is real, and our imminent transition into a 5G world raises the stakes even further.
Unlike physical security we have not been honed by millennia of evolution to deal with IoT risks. Yet, the challenges are complex and as extensive as the network is. They are also dynamic, constantly shifting as cybercriminals employ new strategies for overcoming always-evolving defenses.
As the IoT grows beyond consumer-centric devices and smart homes, the risks increase. Threats become physical and include hacked control systems in self-driving cars, attacks on smart grids and corruption of critical medical devices like pacemakers and insulin pumps.
In response, IoT security has to become contextual and adaptive; capable of changing to support rapidly morphing threat and business use cases; and has to cut across traditional silos of cybersecurity, health and safety, engineering and others. It’s a daunting task for any organization, so where do they begin?
An obvious first step is the adoption of an IoT security framework. This guides a company in properly securing its devices or network and serves as a tool or a checklist for what layers of the Internet of Things it needs to pay attention to. This is not a magic bullet, it is a collection of steps and best practices for securing the IoT.
The issue is this: While several industry leaders have developed IoT security frameworks and standards, none of these frameworks have earned broad adoption. There is also an inherent resistance to use of such frameworks as innovation-driven businesses repeatedly prioritize delivery to market over integration of IoT security practices.
As a result, governments need to be more involved in IoT security. At least until the industry more broadly accepts that IoT security, if done right, can become a competitive advantage and even speed up innovation.
Both consumers and organizations want (and need!) IoT security frameworks
For consumers, the motivation is clear: Nobody likes the idea of hackers accessing their smartphones or laptops, remotely activating their webcams, or using their devices to launch a distributed denial-of-service attack to shut down sites like Spotify and Twitter. However, the fact that consumers don’t take the IoT security of their less sexy devices (eg printers, cameras, DVRs) as seriously is an indication of how little the average person understands the extent of the risk, or how to evaluate the security of their devices.
Governments must take the lead on IoT security frameworks in order to help consumers gain a basic understanding of what a device needs in order to be secure. If even IT professionals face a steep learning curve, imagine the everyday consumer’s challenges assessing a device’s security.
The motivation for organizations is more complex. Many businesses are fundamentally opposed to government regulation of IoT, with critics arguing that it threatens to halt innovation. Yet, companies remain anxious. In a regulatory vacuum it is often unclear where accountability lies. Organizational leaders understandably wonder: What are my company’s responsibilities? What is our exposure? Where are our liabilities?
Without government stricture businesses continue to measure their IoT policy according to consumer demands. But will this be a strong enough motivator as we move into 5G connection? This technological evolution will require a new generation of devices – a perfect opportunity for manufacturers and developers to embed stronger security at creation. 5G networks will also need to bake in secure connectivity – such as end-to-end encryption – from the outset. But without customers demanding these features, will businesses implement them to the extent necessary for maximum security?
Organizations know IoT security is something they should think about, but to innovate quickly they’ve put IoT security on the backburner. They’re aware that their responsibilities will increase in the future, but without those responsibilities existing in law, when will they become a priority? History suggests that businesses will probably only commit the necessary resources once a huge IoT breach takes place and consumers insist on better standards. Currently such a breach spells disaster for digital systems, but in a 5G-connected world it could have a catastrophic impact in the physical world too, leading to injury and possibly death.
Without IoT security frameworks, consumers aren’t certain what they should demand from their IoT devices. If governments took the lead in developing a framework that led to some form of accreditation, consumers could look for a “seal of approval” that certified a device’s security. This would create the market-driven incentive companies might need to secure their devices at a respectable standard.
What should be done
Firstly, legislators need to adopt a unified approach to IoT regulation, amalgamating the disparate IoT security frameworks that currently focus on subsets of IoT security topics. Frameworks that could be brought together include:
Secondly, such a unified framework needs to be operational as well as conceptual. Frameworks are presently strong on guidance about how to think about securing IoT, but weak on specific steps that need to be taken. For instance, the Strategic Principles for Securing the Internet of Things document released by the Department of Homeland Security in 2016 is only 17 pages long. For a framework to become a basis for accreditation, it has to contain detailed requirements.
Finally, a primary IoT framework would need to be dynamic – responding and evolving with the industry and its learnings. This requires a structural process for continuous and rapid improvement of the framework in order to match industry developments.
The need for such an initiative has never been greater. Many see 5G as the bedrock of a Utopian digital future, but within its many tremendous opportunities lurk unknowable threats. As 5G gains a foothold worldwide, it will facilitate a high-speed, low latency Internet of Things, and foster new waves of edge-based computing. Though this is exciting, it also represents a sudden, exponential growth of the attack surface available to would be cybercriminals. With a regulator-mandated IoT security framework in place covering the many facets of IoT security, we’ll have something that private individuals and organizations can rely on to drive trustworthy connectivity and responsible innovation.
