Navigating risks in a 5G enabled IoT Channel

Read Article

By IC Bala Prasad Peddigari, IEEE Senior Member, Growth and Transformation Innovation Leader, TCS

The high-speed communication that comes with 5G has undoubtedly opened a host of opportunities for the future of tech. According to a recent Ericsson Mobility Report, massive IoT will contribute to 51% of cellular IoT connections and 5G subscriptions are expected to reach 4.4 billion by 2027. These findings promise to deliver reliable and secure high data rates. However, each device that is connected in the 5G enabled IoT ecosystem, opens a surface for the channels that allow the sensing, collecting, and processing vast amount of information at high speed. This process accumulates a huge amount of data that is highly prone to many security challenges because of the interconnectivity between the billions of devices participating in the IoT landscape – and inevitably making them vulnerable to attacks.

Furthermore, the integration of edge cloud in the context of 5G enabled IoT has opened many new use-cases, where multiple tenants can leverage the local compute power of edge devices, edge gateway and edge data centers. This triggers many data security threats, and it requires taking measures to protect attack surfaces from advanced persistent threats, web application vulnerabilities, API security, and lateral propagation.

As the density of devices is over a million per square kilometer, the attack surface has multiple channels that can be exploited and result in threats to data passing through the wire. Common attacks like Supply Chain Attacks, Network attacks, and BotNets can be mutated and replicated with ease across the channels. Other attacks include:
• Man in the middle: The first attacker expropriates the transmitted messages and then attempts to update or delete the messages before forwarding them to the receiver
• Impersonation attack: The attacker effectively determines the identity of the actual communication party and generates a message on behalf of the ‘‘genuine communicating party’’ to send to the recipient.
• Bidding Down: This is a cryptographic attack to abandon the higher quality order of operation when compared to the lower quality…