5G is Coming – IoT Security Remains an Unanswered Challenge
Why IoTs have created a security crisis and strained the communications infrastructure along the way.
Quick Hit Points:
- Mobile phone markets are completely saturated, yet the IoT market, in its infancy, still outnumbers mobile phones 2:1 (16 billion vs. 8 billion devices)
- IoTs are purpose-built devices with a lifespan of 8 to 20 years and barely adequate horsepower that are highly distributed around the world
- 4G networks were enablers for mobile apps, but are collapsing under the weight of IoT growth
- Though decentralized, 4G is not decentralized enough to support the IoTs that are overwhelming existing mobile networks
- At current rates, IoTs in just a single building can overwhelm a 4G tower intended for an entire coverage area
- 5G’s scale, capacity and performance is a game-changer with orders of magnitude more capacity and performance over any current option
- IPv6 solves the unique identity challenge created by exhausted IPv4 addressing with 342+ undecillion IPs
- 5G and IPv6 are enablers for IoT platforms to continue their surge – but this also creates a global security crisis
- Distributed and large scale IoTs decimate any current security model or tool
- Acreto is built from the ground up to address the distributed and large-scale IoT Security crisis – Learn more here.
5G is coming! 5G is coming! But in the 4G LTE era where access is lightning fast, what is driving the push for 5G?
4G networks is technology from the 2000’s with one primary intent — to enable mobile devices to take advantage of apps. In order for the apps, app stores, streaming and other services to be successful, mobile devices need to just plain work. This means they must work transparently, reliably and consistently for users to interface and interact with their apps and content. 4G solved the problem with 2G, which was data unusable, and 3G, that at best was used for email and some browsing in a pinch. To that extent, it has been a resounding success.
However, connected devices have seeped into everyday life in a low-key and transparent way. So much so that the prevailing industry mantra is that “IoTs are coming”. In reality, IoTs arrived long ago. Today, mobile phones are ubiquitous. So ubiquitous that the mobile phone market has all but saturated. However, IoTs that are perceived to be “coming” number twice (16 billion) that of mobile phones today (8 billion).
Just think about how many smart devices are in your personal life already. All the smart TVs, smart thermostats, smart door locks and video doorbells, and more. Today, some version of anything and everything comes with an IP address. Tomorrow, everything will just be assumed to have an IP address. IoTs are used for measurement, reporting, monitoring, content dissemination, cost management or performing a variety of functions. And in many instances, technologies are IoT enabled due to plain old peer pressure. Everybody else is connected and we have to keep up with the Kardashians.
Today, things that matter are connected – and there are a lot of things that matter. And we are well on our way on the trajectory for connected everything to be the standard.
The exponential growth of connected devices has strained our communications infrastructure beyond its breaking point. This has driven the complete exhaustion of IPv4 addresses, which has forced unwilling network operators to fast-track transition to IPv6. Moreover, network operators have realized that much like IPv4, the 4G LTE network is cracking under the burden of connected devices.
In reality, 4G just can’t keep up with the scale trajectory and performance demands of IoT technologies. One of the key factors for 4G is that it is not decentralized enough. As decentralized as 4G networks are, they are still too centralized for the continuing increase in the volume of IoTs.
There are three missing infrastructure elements that have to mature in order to fully support the scale, form and function of 21st century Internetwork of Everything.
- Scale – Comparatively, enterprise technologies are like a gorilla, emphasizing static tools, however, IoTs are like a swarm of bees. Completely manageable in small quantities, overwhelming in medium quantities and suffocating at full scale.
- Form – In comparison to autonomous and network-centric technologies, IoTs are distributed and operate on many different public and private networks with dependencies on remote third-party operated applications and management.
- Function – Today’s standards-based technologies can be used in a variety of roles. Inversely, connected technologies are often small and resource limited, single-function devices that perform micro-functions.
Connected devices, IoTs, cloud-enabled technologies or whichever other name they may be referred to as operate at a radically different scale, with radically different form and function characteristics. Ultimately, they demand a radically different technology infrastructure altogether.
The Internetwork of Everything requires each and every device, server, cloud, desktop and anything else that makes up the Internet – no matter how small – to have a unique identity. Today we primarily use the IPv4 addressing scheme. IPv4 has a maximum capacity of 4.2 billion addresses (4,294,967,296 to be exact). However, consider that we have over 8 billion mobile phones alone, and another 16 billion IoTs in use today, not to mention all the computers. The world has turned to tricks like Network Address Translation (NAT) in order to compensate, but these are just band-aids that are currently straining at the seams.
IPv6 has been around since 1994 and in contrast to IPv4’s 4 billion addresses, it sports 3.4 x 1038 addresses – or 340,282,366,920,938,463,463,374,607,431,768,211,456, to be exact. Its support for the next generation of IP addresses is adequate for the massive scale of IoTs – but, this also makes it more complex to configure. Many technologists have not had the “muscle memory” experience they have developed with IPv4. However, there are no IPv4 addresses left.
Because of this, technologists are pushing to implement IPv6 on all their networks. All the major players have already fully implemented IPv6.
Anecdotally, IPv6 is said to have as many IP addresses as we have grains of sand on the earth, which should serve us well in supporting the massive expansion of IoTs to near 50 billion in the next few years.
5G, as its name implies, is the 5th Generation of mobile networks. It has several advantages over previous generations of mobile network tech including scale, performance, and availability as well as demands on its constituent devices.
Believe it or not, the highly decentralized 4G/LTE networks are not decentralized enough to support IoT and connected device platforms. It all comes down to density. The sheer number of IoTs are driving a level of density that can best be described by an “IoTs per square foot” model compared to today’s devices per base station cell area.
Making some broad, yet reasonable, assumptions, the average 4G/LTE cell tower today supports an area from a few miles up to 10 square miles. Each cell tower is supporting several thousand connections at up to one gigabit per second of data throughput. The number of mobile phones and IoTs in any cell area is starting to outpace the maximum connection or bandwidth capacity of the towers. At this rate it won’t be long until portions of the infrastructure are fully saturated.
Another factor that needs to be addressed is frequency spectrums. Currently, most mobile networks operate within the 700Mhz (Megahertz) to sub 3.0Ghz (Gigahertz) frequency spectrum. This sub 3.0Ghz spectrum is also becoming saturated, and will soon not be able to support the spectrum needed to support the volume of connected devices.
This though, is where 5G networks really shine. 5G operates using a greater number of cell towers with smaller coverage areas each with the capability to support a greater number of devices. 5G also operates at much higher frequency ranges – from 3Ghz to 30Ghz. The additional range buys much more capacity for existing carriers as well as providing more operating room for additional more nuanced carrier networks. More carriers means more competition driving lower prices and more specialized service providers supporting specialty technologies.
There is also more capacity and intelligence built into 5G. It uses cognitive techniques to distinguish between mobile and static devices to determine the best methods for content delivery to each network subscriber. 5G offers robust performance that meets or beats network bandwidth only available via fiber optic networks today. 5G has been tested in a lab up to an astonishing 1Tbps (Terabit per second) while still maintaining a real-world practical performance of 10 to 50Gbps.
5G’s scale, capacity and performance is a game-changer.
Aside from adequately scalable addressing and communications infrastructure, securing all of these distributed and diverse platforms that use them is another challenge that has to be overcome. Realistically, the combination of 1) unique identity for every individual technology that IPv6 provides, 2) the enhanced communications capacities and capabilities of 5G along with 3) the support for many to many communications that the combination of IPv6 and 5G offer, makes security not just important, but an imperative necessity.
Today’s security models are not adequate for the new generation of infrastructure. The challenge is that a whole new security model is necessary to support the IPv6 / 5G new generation of communications.
On-device security is not viable because the sheer volume and large variety of unique and purpose-built technologies that need to be secured create an uncontrollable hyper-fragmented jumble of security tools. This creates a patchwork quilt of security tools that organizations have to acquire, implement, integrate, operationalize, manage, troubleshoot and refresh. A complete non-starter!
Network security tools just don’t support mobile and distributed technologies — the very thing that 5G enables. This is like trying to fit a square peg in the security round hole.
Then there are the cloud-based IoT security companies. Securing distributed platforms from the cloud is very viable, except that almost all IoT security cloud plays are what is referred to as “You’re Screwed” technologies. They are notification oriented technologies that collect logs from devices and analyze them to determine malicious behavior. Once malicious behavior is detected, they notify administrators who have to manually respond to each incident. This approach is reactive and not sustainable at scale.
The Future of IPv6, 5G and IoT Security
IPv6, 5G Networks and IoT Security are the critical trio that have to work cohesively and effectively at scale to serve as the enablement platforms for a more prolific use of Internet-of-Things. A shortcoming in any one of these areas translates to shortcomings in the overall solution. Today, IPv6 is well established and though not ubiquitous, it’s close, and there is clarity on how to get it there. 5G is very much well on its way and the telcos have already started their 5G rollouts. Security still remains an unanswered challenge.
We recognize the weakness in today’s available security options and we have developed a platform from the ground up to work hand-in-hand with IPv6 and 5G networks to empower and enable the Internet-of-Everything. Learn more about our platform here.
Here is the American Registry of Internet Numbers’ (ARIN) notification to network providers of IPv4 address exhaustion.
Here is another letter on how to deal with IP address depletion from the Number Resource Organization (NRO).
Originally this article was published here.
This article was written by Babak Pasdar, the CEO of Acreto. He is an ethical hacker and a globally-recognized expert in CyberSecurity, the Cloud and Blockchain technologies. He has a reputation for developing innovative approaches and methodologies for the industry’s most complex security problems.