We are pleased to share with you all an interesting article contributed by Thierry Van de Velde who is technology specialist in Mobile Internet networks, architecture and solutions.
Thierry Van de Velde Consulting Technology Specialist at Nokia, IP & Optical Networking |
|
In anticipation of the GSM Association’s upcoming Mobile World Congress (MWC17) I wanted to formulate a telecom engineer's response to what could become a very stereotypical discourse on the Internet of Things (IoT) within the GSMA, 3GPP, Mobile Network Operators, MVNOs and Network Vendors.
The cellular industry now recognizes that the vast majority (almost 90%) of IoT devices will not have any long range radio technology on board (https://www.ericsson.com/mobility-report/internet-of-things-forecast). However by 2022 among the 2.1 Bn objects having long range radio 70% will be cellular, namely an estimated 1.5 Bn. The remaining 600 million connected objects will use LoRa, Sigfox and other unlicensed (best-effort) LPWA technologies.
Revenue from chipsets, modules, SIM cards and subscriptions to Cellular Licensed IoT (NB-IoT, LTE-M, ...) will thus be under constant pressure of more cost-efficient alternatives : Bluetooth, HaLow, Zigbee and other low power short-range radio access technologies.
The 3GPP Evolved Packet Core (EPC) is accessible through non-3GPP access networks but this is limited to devices authenticating via SIM cards (EAP-SIM/AKA) and to certain services (Wi-Fi Calling) in case of untrusted access. The 3GPP and GSMA are facing insurmountable technical and political issues to expand their authentication schemes and services to non-SIM based devices.
Would it be under influence of the reduced cellular IoT forecasts that 3GPP postponed standards development for massive Machine Type Communications (mMTC) and critical Machine Type Communications (cMTC) in 5G, and refocused on enhanced Mobile Broadband (eMBB) in Release 15?
Laying the foundation for a true « ecosystem » for the IoT would require a Standards Definition Organization to step in and create a specification for the identification, authentication and discovery of connected objects, independently of their radio access technology. It would restore the ISP’s ability to bar access to infected, non-authentic or rogue devices causing DDoS attacks.
The amazing uptake of cellular communications over the past two decades can be attributed to the SIM card (containing the secret key Ki), the globally reachable authentication centers (AuC/HLR/HSS) and the ubiquity of the E.164 addressing scheme. Today’s banking apps, new social networks and government services are authenticating users by texting a password to our E.164 mobile number.
By comparison the Bluetooth Special Interest Group (SIG) specified a pairing procedure with optional authentication for Bluetooth nodes in the PAN. But it didn’t specify the public identity of these nodes. Therefore on top of Bluetooth the Apple iBeacon is for example announcing a Universally Unique Identifier (UUID as held in an Apple database); URIBeacon is announcing a URL; Google Eddystone’s beacon frame can announce one of each, or none.
On the (W)LAN Apple Bonjour devices auto-configure their IP address, select a locally significant host name (in the local. domain) and advertize/discover services via multicast DNS (mDNS). Wide Area Bonjour even allows for service discovery throughout the Internet (in an appropriately configured public DNS). Also on the (W)LAN Universal Plug and Play (UPnP) is an equivalent approach to IP addressing, discovery, description and control via an URL published by the device in an XML document. UPnP’s standards were transferred to the Open Connectivity Foundation (OCF) last year. In fact all these object identification and service discovery methods rely on the uniqueness of the underlying and globally administered MAC address (MAC-48, EUI-48 or EUI-64), which can easily be spoofed and often gets randomized (e.g. for privacy reasons).
There’s at present no global standard for the identification of connected objects. Any authentication would rely on a persistent private secret within the object, but most connected objects won’t have a SIM (or embedded UICC) through which such secret key could be brought into it (by an MNO or ISP).
Today’s MNOs and ISPs are legally responsible to reject access by unauthenticated mobile User Equipment and Residential Gateways, but not to screen the billions of objects which will be tethered to these UE/RG via Wi-Fi or Bluetooth.
The DDoS attacks originating from botnets on connected objects would suggest to migrate these objects from private IPv4 (with NAT on UE/RG) to IPv6, allowing the ISP to detect the attack and mitigate it without shredding the entire RG’s traffic. It would also allow differentiated treatment in terms of bandwidth, QoS class or permitted internet destinations for each of these connected objects. Still the connected objects would remain unauthenticated.
Bluetooth 4.2 has added an IP Support Profile (IPSP) only offering IPv6 connectivity – a brave step. We are all eagerly expecting to see the first Bluetooth 5 devices (https://www.bluetooth.com/news/pressreleases/2016/12/07/bluetooth-5-now-available). In fact IEEE 802.11ah (Halow - low-power Wi-Fi) should have deprecated the support of IPv4. The LoRa Alliance may consider introducing IP on their devices (Motes) - how would we even upgrade their firmware without IP?
The opportunity and global demand will remain for a globally unique and trusted identity in the memory of each connected object - in the Data Terminal Equipment (DTE, computer) rather than in each of its access-technology dependent Data Communication Equipments (DCE : modem, NIC, Wi-Fi STA, …).
An interesting property would be that the unique identity (private key) could be generated in isolation. But the number of valid identities should remain a controllable number, to avoid the attack consisting of generating an exaggerated number of valid unique identities swamping the network.
In cryptocurrency systems each coin can be generated (“mined”) in isolation and in return the network demands proof of work (PoW) : each coin must fulfill a difficulty condition. In the case of Bitcoin mining a Nonce must be found such the signature of the transaction block (including the previous block’s hash and a timestamp) is numerically small, for a new Bitcoin to be generated by the first transaction of that block.
In the IoT we wouldn’t want to impose additional computing power (PoW) beyond what the connected object would already spend by communicating over a ciphered access link (i.e. AES-256 for LoRa or Wi-Fi access, AES-128 for Bluetooth).
What we would demand instead is proof of past communication (“Popcom”). Initiators/clients regularly communicating with responders/servers should for each message have a chance to find an extended private identity. For example in an IPSec ESP SA if the Integrity Check Vector (ICV) of an upstream packet is satisfying a difficulty condition the initiator should store that magic packet’s unencrypted payload next to the seed private identity (used to establish the IKE SA). Objects with extended identities should obtain a better degree of service : higher bandwidth, higher precedence, access to new services etc. They could replay their magic packets or find even better ones satisfying more stringent difficulty conditions. While clients participating in user plane attacks are barred by firewalls they should be wasting chances to find a (better) extended identity.
In a PoW system double spend (modifying past transaction blocks) is prevented by time-stamping each block and having the majority of honest nodes calculating/adding/advertising new blocks faster than what dishonest nodes can achieve. In a Popcom network the private seed identity may be time-stamped, zone-stamped or supplier-stamped. Responders/servers may restrict access from private identities within a time period, network zone or from a given manufacturer. Using the same private identity (copying it for use) in independent networks or in other manufacturers' objects can be prevented.
Within a single zone the value of Popcom is preserved when independent subsequent responders/servers (not necessarily located in the same geography) apply the same difficulty conditions (e.g. leading zeroes in the pairwise master keys) as the initial responder or server. Rather than establishing roaming agreements or distributed ledgers.
Responders/servers/operators providing telecom services would be rewarded by a share of the proceeds of the sale of valuable identities (fulfilling very stringent difficulty conditions) on stock exchanges. Transactions can be stored in a global distributed ledger (time-stamped as in the case of cryptocurrency).
Popcom can be introduced at any layer in the OSI stack, in any protocol already demanding ciphering. As the vast majority of internet traffic is already encrypted by TLS it may make sense to introduce Popcom in the TLS layer (L4) rather than in the air interface protocol (L2 : IEEE 802) or in IPSec (L3).
It is this fundamental reflection which the telecom industry shall now enter into, an introspective, innovative and exploratory journey into the heart of the telecom business. Too often we see ISPs, MNOs and their vendors seeking added value in unknown adjacent areas without fully realizing their extent. Device management includes the remote administration of the connected object’s communication settings but isn’t the customer also entitled to expect firmware upgrades, OS upgrades, software installs, security management etc.?
Aren’t “ecosystems” with chipset/module/object manufacturers, “smart” cities, “digital” business model transformers etc. diluting our revenue and focus while we should be developing a cloudified core network accommodating all radio access technologies, preferably concurrently?
Representing an object by a locally significant hostname and advertizing its services in a subnet are known technologies now, shouldn’t we endorse all of them? Shouldn’t a family’s connected objects and smartphones be connected to a virtual network (virtual Residential Gateway) within which multicast DNS is no longer barred?
I have been on this journey for over a year now, and with Nokia we filed two patent applications in the new domain of persistent unique object identities (EP 16290189 and EP 16290250). Feel free to contact me and share your thoughts. |
||