Posted in Recent

Session Coverage: Applying Zero Trust to Cellular IoT.

   Published Date: March 23, 2021
Zariot's Session At Cyber Security and Cloud Expo

Session by Stuart Mitchell, Chief Evangelist & Head of Product – ZARIOT.
Cyber Security & Cloud Expo – Wednesday 17 March 2021.

Mobile devices, flexible working policies, the global pandemic has forced us to work in a different way. The new office now could be at home, in a coffee shop or anywhere, because of that security needs to evolve.

For traditional office we can work on the principle of the Castle Wall i.e. protect the perimeter to protect anything inside. That model isn’t appropriate anymore. We need to think about security in another way and tailor security to individual assets needs and values. Tailor the protection of individual assets e.g. connected cars, smart meters, pets and environment monitoring devices.

Zero Trust: “Evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources”

Source: NIST: National Institute of Standards and Technology in the US

In the perimeter security model or Castle-Wall once you breach the wall all resources inside the wall are compromised. In the zero trust model we draw the perimeter on each individual person or asset. So that each breach can be contained.
This happens by defining roles of trust. If it’s not trusted it’s blocked by default.

  • Connected cars is used globally, 24/7 and occasionally will go back to base for servicing
  • Smart meter can be in the field for many years fixed location
  • Tracked shipment travels around a specific region, within a periodic time frame

Examine a typical Cellular IoT deployment, with wide range of devices, like ATM or connected cameras each is equipped with a SIM card that SIM enables it to connect to a mobile operator, directly or indirectly using roaming.
There will be a SIM card provider (could be the same provider or a third party provider like ZARIOT)
Will send the public Internet to send the data collected from the devices at the end to either public or private cloud for storage and processing.

There’s a need for remote access to configure and maintain devices.

This model enables a lot of possible attacks:

  1. Devices themselves could be attacked
  2. SIMs within the devices could be attacked through lost or theft
  3. Internet based cyber security threats
Stuart Mitchell – Chief Evangelist & Head of Product – ZARIOT – explains different attack vectors

Regular security hygiene is recommended:
Strong passwords, firmware updates, embedded SIMs to avoid lost or theft, locking SIMs to those devices so that they wouldn’t be used elsewhere. Restrict data consumption to regular partners through usage limitation. Deploy a VPN to protect internet connections.

Mobile operator ecosystem are fundamentally secure but they have a vulnerability in their signaling connection

Stuart Mitchell – Chief Evangelist and Head of Product ZARIOT

What’s cellular signaling?
Billions of control messages within, and between mobile operator networks.

Image by ZARIOT

Why are networks vulnerable ?

  • Roaming requires permissions from home network, add signaling connects
  • Signaling provides access to key network elements:
    HLR/HSS => Subscriber database
    GGSN/PGW => Internet gateway
  • Signaling networks were closed… until they weren’t
  • SIGTRAN (signalling over the Internet) made access even easier

Signaling based threats:

  • SIM Denial of Service attack
  • Change subscriber profile
  • SMS interception
  • SIM location information
  • Access to other subscriber info

Two high profile signaling attacks that happened last year:

Source: https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/

Source: https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks

To mitigate those threats mobile operators need to deploy a signaling firewall. Not all operators have a one in place.

Firewalls should over protection on all the five signaling protocols:

  • http/2
  • SIP
  • GTP-C
  • Diameter
  • SS7

Should be managed tested and regularly updated to be effective

Mobile operators are vulnerable

Signaling threats are happening

Not all SIMs are created equal

Stuart mitchell – Chief Evangelist & Head of Product – ZARIOT.

Customers should select a provider with full signaling protection on their IoT SIMs

Remote access:
Remote access is essential for diagnostics and updates but How could it be offered securely?

By default SIM cards use changing IP addresses using DHCP which is inherently more secure
but fixed address are required.

Commonly IoT SIMs are available with fixed IP addresses, this is a huge risk and opens devices to brute force attacks. As a result, some vendors offer IP-VPN SIMs with fixed virtual IPs, very complex to operate.

Customers need to seek SIMs with secure fixed online access. Something that ZARIOT is currently working on.

Summary

  • Corporate IT security is evolving to Zero Trust
  • Zero Trust is equally appropriate to IoT deployments
  • Consider attack vectors
  • Define and implement your Zero Trust principles
  • Don’t forget #10 on the NCSC list, select Zero Trust services

For more information:
ZARIOT.com

Author: John Cho

Technology writer who writes about trends and new technologies since 1999. Special interest of mine are IOT, Cellular Security and Blockchain.