IoTs Enablers in 5G Era and its Security

IoTs Enablers in 5G Era and its Security

Abstract—Internet of things have emerged over the few years causing a significant impact and growth in technology. With the goal to revolutionize the living of people and their work while focusing on the interaction between end-to-end smart devices. Over a couple of years, technologies in communication have emerged with the advent of 5G cellular systems. Moreover, these IoT devices are vulnerable to attacks due to their less computing power, low storage and network capacity. In this paper, we will look into account about the 5G technologies for internet of things along with 5G enablers and the landscape of it. Furthermore, we demonstrate and review few major security concerns along with solutions for them while outlining basic security requirements for IoT devices.

Keywords—Low power wide area, low power Wi-Fi, Bluetooth low energy, authentication, Data privacy, Confidentiality

I.     Introduction

IoT refers to Internet of Things. The Internet is connected to any device (including cell phones, cars, home equipment and other wearable devices integrated in the sensor system) so that they can exchange information with each other over a network. The concept of Internet of things as a network goes back in 1980’s [10], from where it took momentum later on to become future of the internet [2]. Over a couple of decades, we have seen diversified technologies in communications emerging and reflecting upon different applications and their requirements as it satisfy the needs of both personal and commercial use. A few notable technologies labeled as enablers of IoT in 5G era, that have emerged in helping and developing internet of things include Low Energy Bluetooth, ZigBee [3], Low Power Wi-Fi, Low Power Wide Area [4] etc. On top of these, it is worth mentioning that these technologies are constantly evolving with new frameworks being proposed. On the other hand, with new technologies being proposed for the application and devices for IoTs, risk of security issues and safeguarding of data on these devices is of main concern [3]. Over the few years, number of effort has been put to confront with the security problems in IoT devices. A few of these approaches resolves the security concerns upon each layer. One of the main concerns is ensuring end-to-end security in IoT devices as the data travels over the networks which can be compromised by different attacks [4]. The paper is organized as follow, Section II reviews the landscape of IoTs along with enablers that helps in the development of IoT devices in 5G communication environment. Section III illustrates the general security challenges that need to be kept in mind when developing IoT devices. In section IV, we categorize the security issues into low level and intermediate level risks whereas section V presents solutions in overcoming these security issues.

II.    IoT Landscape

The IoT landscape now involves an intense variety of accessible connectivity alternatives that need to be harmonized first across various sectors and then correctly coupled to fulfill the IoT Technical Key Performance Indicators. Internet of Things technology is commonly used in intelligent homes, smart cities, transportation and cars where each element is attached via a network to another. Radio frequency identification technology and wireless sensor networks are among the first form of connectivity used for IoT devices. Because of great application and implementation scenarios, IoTs achieved a lot of momentum in both the commercial and consumer market. The momentum gained by the IoTs led the standard developing organizations to put effort into the development of IoT solutions. Among the first proprietary solution, consist if Z-Wave and wireless-HART, which delayed the growth IoTs in the start due to interoperability issues faced by the vendors. After the setback, the Standards Developing Organizations started developing generic technologies such as 3GPP, IEEE and IETF capable of connecting easily to previously constrained devices. Furthermore, IEEE802.15.4 along with the Bluetooth are some of the famous low power short-range solutions that enables the IoT to expand further. Moreover, the 3^rd Generation Partnership Project (3GPP) is contributing towards the support of M2M application that works on 4G networks with the aim of embedding it into the 5G network. Not a single among those technologies has become market leader, primarily due to technological shortfalls and uncertainties regarding business models. Now, as of the deployment of 5G is in its final phase to be available commercially for consumers the field of IoT has reached a turning point where promising emerging radio technologies contender to M2M such as, Low-Power Wide Area, Low-Power WiFi networks and many improvements for M2M cellular systems. The most common aim of developing an IoT device is its availability and reliability, which these aforementioned solutions can provide. This section will further discuss the IoT connectivity and simplifying the details of the recent and upcoming technologies that would have an impact in enhancing the IoT for the future.

A.    Bluetooth Low Energy

The Special Interest Group (SIG) of Bluetooth proposed BLE in the Bluetooth 4.0 specification in 2010 [4], which now has a version of 4.1. BLE is an intelligent Bluetooth low energy version, designed for communication in mainly short distances i.e. up to 50 m, and is primarily suitable for low-power applications such as entertainment, automotive and home automation as well. BLE works in the 2.4 GHz Industrial Scientific Medical Band (ISM), defining 40 channels and spreading 2 MHz BLE uses only 3 advertising channels for device discovery, connections and broadcast transmission in order to ultimately achieve low power use. They have been designated for center frequencies to limit disruption with channels 1, 6 and 11 of IEEE802.11 used by many countries. All other 37 data channels aim to exchange data between connected devices in both directions. A frequency hopping adaptive algorithm is used over data channels to reduce interference sensitivity and multi-path decay [2]. At present BLE supports only a single hop topology that is piconet, with an interface to communicate with several slave nodes and the broadcast group topology. BLE is intended as a key technology for certain short-range Internet applications such as medical care, intelligent energy and intelligent home applications [4]. Since its early birth its potential has been identified, as shown by its rapidly gaining interest in IETF, where the 6LoWPAN Working Group (today 6lo) developed a requirement to allow IPv6 packets to be transmitted via BLE.

B.    Zigbee

Zigbee is among the wireless mess network, which is used in Wireless Sensors Networks for monitoring and control having low power and low cost to deploy. This technology is based upon the IEEE802.15.4-2006 Medium Access Control and Physical standard specifications [3]. From a physical layer perspective, current draws are determined by the hardware implementation and the energy required transmitting a given bit of information. On the other hand, it is realized that only many of the IoT devices exchange a few bits.

C.    Low Power WiFi

In its first edition in 1997, the IEEE802.11 standard, better known as Wi-Fi, was published and intended without IoT in mind. Indeed, its ultimate goal was to provide a restricted amount of machines (called stations) situated indoors at a brief distance from each other with elevated throughput. Moreover, in these days due to the large energy utilization Wi-Fi has not been implemented in instances of M2M-IoT compared to other norms. In comparison with the Bluetooth having lower propagation range offers minimal power consumption whereas the ZigBee as discussed above has a large range with lesser data rate. Energy limitation is among the major concerns in application of IoT use cases which certainly impacts the battery life of a device. To overcome the issue of high energy consumption the IEEE802.11 community has put more focus on optimization of hardware that resulted in better energy related solutions. On the other hand, even with the solution for low and efficient consumption, Wi-Fi still lacks in mobility and support for roaming. In regards to this a good quality of service is not guaranteed which is due to high interference when sharing the 2.4 GHz band along with ZigBee and other band devices. The use of sub1 GHz license-exempt bands having better propagation properties as compared to the traditional Wi-Fi bands have been proposed by the IEEE 802 Lan/Man Standards Committee (LMSC) to overcome interference issues. Furthermore, a task group known a Low-Power Wi-Fi was formed by LMSC in 2010 which aimed of increasing the area of application of Wi-Fi networks to meet the IoT requirements. An access point in many of the IoT devices and applications has to cover many of the sensors that are responsible for the transmission of packets from time to time. The limitation of the number of stations that can be combined with the same AP is one of the principal challenges to the adoption of the former IEE802.11. We overcome the limitation by adopting iEEE802.11ah standard, introducing a hierarchical method that defines groups of stations and further allows to support greater number of devices [3].

D.   Low Power Wide Area

The LPWA technology is newly developed specifically for low-end IoT applications that require low-cost devices, long lifetime of batteries and small amounts of data, a field that traditional cellular M2M devices have not been optimized for. The word LPWA, brought to the industry by Machina Research, means high-level wide area networks with small prices and small power [4]. It operates in a non-licensed range and is currently available in a variety of proprietary solutions, mainly for M2M networking. The main characteristics of LPWA can be summed up as Wide area coverage, longer battery life, low bandwidth communication and low cost communication. The latter limit the LPWA application range to a number of M2M cases, which are characterized by low data rates and unusual transmissions [3]. LPWA does present some downsides despite its attractive and exciting characteristics, primarily because of the use of non-licensed range to communicate with long distances. In that portion of the license-exempt range, efficient radiated energy (ERP) is strongly controlled with regard to permissible transmitting forces (after signal increase), service periods and entry processes. As bases and mobile antennas have completely distinct profit capacities, up- and downlink connection capacities are skewed and the uplink has a link budget of up to 19 dB. While the European legislation permits an improved downlink capacity of 13 dB, there continues a distinction of at least 6 dB, thus not ensuring a genuinely symmetrical connection. Furthermore, simple operations, such as sending a recognition, cannot be carried out without any problems as in 3GPP techniques. Therefore, this technology can only support a restricted number of IoT applications. Moreover, due to an impeding spectrum congestion, LPWA cannot meet the scalability demands of large IoT projects [3]. Cisco IBSG forecasts that 50 billion internet linked phones will be available until the year 2020 and among those will be utilizing some other radio technologies which shares the spectrum with LPWA including Lp-Wi-Fi, ZigBee, and IEEE 802.11 g. The LPWA unit, with small receiver sensitivity for long range communication, perceives all such transmission to be interference. Above all, LPWA is anticipated to be a main enabler for fast IoT deployments and restricted IoT applications.

III.   IoT Security Challenges

IoT devices have become the target of security risks because of the fact that they have potential to distribute and spread the risks in greater number then the rest of the internet [10]. A traditional IoT application includes diverse equipment with integrated sensors connected via the network. IoT devices are unique and distinguished mainly by low energy, limited memory and restricted computing capacities. To adopt a secure IoT implementation, quite a few methodologies should be kept in mind.

A.    Data Privacy, confidentiality and integrity

To guarantee confidentiality of information, a correct encryption mechanism is needed as the data travels over a network through several hops. As the devices, services and the network are integrated, the actual data stored on the device might be exposed to privacy violation if the nodes are compromised in the network. IoT devices vulnerable to attacks can help an attacker to compromise data integrity and can modify already stored data for mischievous purpose.

B.    Authentication and authorization

Authentication between two parties that communicate with each other is needed to ensure IoT communication and above that devices must be authenticated for privileged access to services. The variety of IoT authentication mechanisms is primarily due to the various underlying, heterogeneous architectures and environments that support IoT equipment. Furthermore, this status present a challenge to define the worldwide IoT authentication standard protocol. On the other hand, the authorization mechanisms ensure that the access to systems or information is provided to the authorized ones. A sustainable deployment of authentication and authorization gives us a secure environment for communication between IoT devices.

C.    Service availability

A denial of service attack can obstruct the availability of services in IoT devices. In a distributed denial of service attack an attacker targets different layer of IoT devices by launching different attacks such as replay attack to stop the availability of a system to its legitimate users.

D.   Single point of failure

A steady growth in IoT-based networks may reveal a big amount of single-point failures, which in turn may deteriorate the services provided by IoT. The construction of a manipulative setting for a wide variety of IoT systems and alternative mechanisms for implementing a defect-tolerant network is necessary.

IV.   Categorizing security issues

The IoT paradigm includes a broad range of systems and machinery from tiny integrated processing chips to huge, high-end servers, so that potential security problems can be resolved at various rates. We can distribute the security concerns into two different levels

• Low level security issues
• Intermediate level security issues

A.    Low level security issues

The physical and datalink layers are mainly concerned with the low level security issues such as Sleep deprivation attack and Jamming attack.

1)   Sleep deprivation attack

IoT devices have energy constraints which suggest us that they are susceptible to sleep deprivation attack causing the sensor nodes to stay awake [11]. Once the attack is successful it can result in battery deficiency when a greater number of tasks are set to be executed.

2)   Jamming attack

The jamming attacks on wireless devices in IoT by sending radio frequency signals without a particular protocol [4]. This disruption of the radio signals majorly impacts the operations of the network communication problems between the nodes and eventually causing the system to malfunction. Moreover, the insecure initialization and configuration of the IoT devices at the physical layer results in violating privacy and disruption of the services provided by the system [5].

B.    Intermediate level security issues

Intermediate safety problems are primarily related to the communication, routing and session management of IoT network and transport layers.

1)   RPL routing attack

The IPv6 Low Power and Loss Network (RPL) Routing Protocol is susceptible to several assaults by compromised network nodes which could result in eavesdropping and depletion of resources [4]. Furthermore, the sinkhole is used to perform malignant activity on the network [4]. When a sinkhole attack is launched a routing request is addressed by the attacker node which results in routing the packets through the attacker node.

2)   Transport level security

The goal of the transport layer is to provide mechanism of secure communication that results in data from the sender node to the receiver node is transferred in a reliable manner [4]. Comprehensive and detailed authentication mechanisms are required to satisfy the transfer of data in encrypted for along with keeping the secrecy and privacy at all costs [12].

3)   Insecure neighbour discovery

In the development of an IoT architecture it is a requirement that each device in the network should be identified as a unique. The message communication for identification must be safe to ensure that the data transmitted to the device reach the specified destination during the end-to-end communication. In the neighbor discovery mechanism, few steps are performed which includes resolution of the addresses and discovery of router [6]. Moreover, the implication of identifying neighbor packets with improper mechanism could lead to denial of service.

V.    IoT security solutions

IoT’s safety vulnerabilities include application / interface vulnerabilities, network elements, software, firmware and physical devices, which exist at multiple concentrations. Users in an IoT paradigm communicate with these parts through protocols that can also be dismantled. Countermeasures are needed at each protocol level to deal with the specific threats. Furthermore, varied protocols which supports in the deployment makes the countermeasures difficult to implement. This section provides an examination of the significant safety alternatives suggested in the literature. The research carried out so far in improving iot security has suggested these proposed security procedures.

The interference causing message collisions or channel flooding is a jamming attack for the wireless sensor networks. To detect an attack an approach is used to measure the signal strength which can further be used to identify signals containing noise [7]. Furthermore, to deal with sleep deprivation attack a cluster based approach can be used where we can divide cluster into different sectors. This will help us in reduced consumption of energy when we avoid communication based on long distance. Authentication techniques are essential for the information as well as for the entity. An identity method framework management system has been proposed to achieve authentication [8]. It suggest us to allocate an identity manager that will ensure authentication of the received data and will forward the data to the manager in charge of the service to allocate the services to be performed. Furthermore, to protect data travelling on the network is of extreme importance as man in the middle attack could monitor and alter the communication as desired. To overcome the issue of ensuring privacy of the data, a PKI-Lite protocol helps us to achieve the goal. This protocol suggest us to encrypt the nodes that are travelling from sender to receive and then using a key to decrypt the message. Moreover, the proposed methodology also suggest us that the data we are sending should be transferred to an offspring node which further transmit the key to the receiver when the nodes arrive at the receiving end [9].

VI.   conclusion

Internet of things in 5G era are among the main elements that will define and revolutionize the future of the technology and internet. On contrast to that, IoT devices are somewhat not capable enough in defending themselves due to limited resources of hardware and software design. In this paper, we reviewed some of the few enablers that can help strengthen the deployment of internet of things devices by offering low consumption of energy, minimal cost and support to number of devices. We have also reviewed some main security concerns in IoT devices. We distributed these security concerns into low level and intermediate level. We have further discussed some of the mechanisms to overcome these security issues so that the IoT devices can provide reliable and efficient service.

References

[1]      J. Pontin, “ETC: Bill Joy’s Six Webs”, MIT Technology Review, 2019. [Online]. Available: https://www.technologyreview.com/s/404694/etc-bill-joys-six-webs. [Accessed: 26- Sep- 2019].

[2]      M. Palattella et al., “Internet of Things in the 5G Era: Enablers, Architecture, and Business Models”, IEEE Journal on Selected Areas in Communications, vol. 34, no. 3, pp. 510-527, 2016. Available: 10.1109/jsac.2016.2525418.

[3]      M. Khan and K. Salah, “IoT security: Review, blockchain solutions, and open challenges”, Future Generation Computer Systems, vol. 82, pp. 395-411, 2018. Available: 10.1016/j.future.2017.11.022 [Accessed 26 September 2019].

[4]      G. Akpakwu, B. Silva, G. Hancke and A. Abu-Mahfouz, “A Survey on 5G Networks for the Internet of Things: Communication Technologies and Challenges”, IEEE Access, vol. 6, pp. 3619-3647, 2018. Available: 10.1109/access.2017.2779844 [Accessed 26 September 2019].

[5]      S. Chae, W. Choi, J. Lee and T. Quek, “Enhanced Secrecy in Stochastic Wireless Networks: Artificial Noise With Secrecy Protected Zone”, IEEE Transactions on Information Forensics and Security, vol. 9, no. 10, pp. 1617-1628, 2014. Available: 10.1109/tifs.2014.2341453.

[6]      R. Riaz, K. Kim and H. Ahmed, “Security analysis survey and framework design for IP connected LoWPANs”, 2009 International Symposium on Autonomous Decentralized Systems, 2009. Available: 10.1109/isads.2009.5207373 [Accessed 26 September 2019].

[7]      S. Horrow and A. Sardana, “Identity management framework for cloud based internet of things”, Proceedings of the First International Conference on Security of Internet of Things – SecurIT ’12, 2012. Available: 10.1145/2490428.2490456 [Accessed 26 September 2019].

[8]      Zhihua Li et al., “Research on PKI-like Protocol for the Internet of Things”, 2013 Fifth International Conference on Measuring Technology and Mechatronics Automation, 2013. Available: 10.1109/icmtma.2013.227 [Accessed 26 September 2019].

[9]      H. Suo, J. Wan, C. Zou and J. Liu, “Security in the Internet of Things: A Review”, 2012 International Conference on Computer Science and Electronics Engineering, 2012. Available: 10.1109/iccsee.2012.373 [Accessed 26 September 2019].

[10]   M. Weiser, “The Computer for the 21st Century”, Scientific American, vol. 265, no. 3, pp. 94-104, 1991. Available: 10.1038/scientificamerican0991-94.

[11]   T. Bhattasali, R. Chaki and S. Sanyal, “Sleep Deprivation Attack Detection in Wireless Sensor Network”, International Journal of Computer Applications, vol. 40, no. 15, pp. 19-25, 2012. Available: 10.5120/5056-7374.

[12]   G. Peretti, V. Lakkundi and M. Zorzi, “BlinkToSCoAP: An end-to-end security framework for the Internet of Things”, 2019. .