Smart cities' first 5G security challenge: Identity management
Editor's Note: The following is a guest post from Yeshwant Chauhan, vice president of strategic accounts at Gemalto.
Cities around the world are implementing all kinds of new technologies in their quests to make their operations smarter and safer:
- New York has installed sensors that detect gunshots and alert police.
- Oslo, Paris and Hong Kong have large moss-filled statues that absorb air pollution and are connected to the Internet to let operators know if something malfunctions.
- Detroit has internet-connected traffic signals that ensure emergency vehicles get green lights and send alerts to connected cars when there’s a problem ahead.
- Boston has a mobile app that lets people easily report potholes, blocked drains, burned out street lights and other problems.
While these projects and other cities’ approaches to being smart vary greatly, there is one common thread to all of them: connected devices, also referred to as the internet of things (IoT). And connected devices require a network that connects them.
On the verge of wide deployment over the next couple years, 5G connectivity is expected to be the underlying technology connecting everything from traffic signals to air quality sensors to police patrol cars. Thousands upon thousands of devices will be connected to the network. In fact, Gartner predicts there will be 20 billion connected things by 2020. That creates a lot of exciting opportunities, but it also creates new security threats because every one of those things could be vulnerable to hackers without the proper security in place.
In order for municipal officials and residents to adopt these new smart city applications, they first have to be confident in their security. There are three essential pillars to securing IoT data: securing the devices where data is collected, securing the cloud where it is sent and securing lifecycle management of the various components.
At the device level, tamper-resistant SIMs require strong authentication tokens that encrypt data and securely identify devices on global mobile networks. Hardware security modules (HSMs) safeguard the networks and applications by acting as a centralized root of trust. Trusted key managers authenticate IoT devices and secure data exchanges on cellular — and non-cellular — networks, preventing unauthorized devices from being added to the network.
After being a huge concern in the early years of cloud computing, cloud security has gotten much stronger in recent years. Data encryption and identity and access management along with cloud-based licensing and entitlement help cloud providers take full advantage of the benefits while ensuring intellectual property is safe.
You can’t simply install these safeguards when setting up an IoT system and walk away. Unlike smartphones that are renewed and replaced every few years, these IoT devices could be in the field for 10-15 years. Managing the lifecycle of security components within devices and across the cloud is an often overlooked but critical element for long-term security. Any time you add new devices, remove old ones, integrate devices with a new cloud ecosystem or download software, you have to manage identities, keys and tokens.
Identity and access management must be built into the system from the beginning. These solutions allow organizations to meet the evolving needs around cloud applications and mobile devices by enabling secure access to online resources, and they are critical for all three of the pillars discussed above.
Strong authentication is the key to identity management, and there are a variety of authentication options for cloud, virtual environments and IoT devices. 4G systems already had strong cryptographic security standards, such as requiring mutual authentication between a device and network. 5G builds on those while giving mobile operators flexibility to choose authentication methods such as token cards or pre-shared keys.
In an IoT world, the relationship between a device and a user is drastically different from the relationship between, say, a smartphone and its owner. There is much more at stake, particularly when we start talking about traffic signals and police cars that could be high-value targets for bad guys. The benefits of these smart city applications are huge for everything from health and safety to convenience, but without adequate security measures, the benefits will quickly become threats.