New-Tech Europe | March 2019
plans, security is most often an afterthought—a situation that the researcher warns is creating unacceptable risk. Work with the 3GPP Juniper is tackling that risk and helping advance the state of security by working closely with the 3GPP and other companies drafting the BEST protocol. As part of that work, we’re developing a BEST gateway capability (known as an HPLMN4 Security Endpoint, or HSE) as a proof of concept and for interoperability testing. BEST capitalizes on the cellular network’s pre-shared key (PSK) for authentication. From this PSK, the network derives integrity protection and encryption keys that run between an IoT device and an HSE gateway in the operator’s core. Using the cellular PSK along with an Embedded SIM (E-SIM) card simplifies the provisioning and improves effiency by making use of the mutual authentication that already exists in the network. This setup saves battery power because you don’t need to run authentication and encryption algorithms on IoT devices directly; the task is offloaded to the cellular network instead. As a result, mobile operators can deliver highly scalable, secure celluar connectivity for carrying IoT traffic. And once BEST has been tested and built into commercial products and services next year, you’ll be able to help your enterprise customers deploy massive IoT securely at a much lower cost than is possible today. Delivering Value-Added Security Services BEST technology also gives you the opportunity to offer new value- added IoT security services and to
better compete against unlicensed- band IoT network alternatives, such as LoRaWAN and Sigfox. LoRaWAN and Sigfox came to market much earlier and have made significant traction, though as unlicensed options, they can be perceived as less secure. More importantly, BEST is a part of 3GPP. So, unlike its unlicensed competitors, it will benefit from the massive installed base of cellular technology and its ecosystem of network operators, infrastructure vendors, and software developers. With BEST, you can boost your cellular network value proposition with secure IoT connectivity and differentiate your service offerings. And with BEST-based managed IoT security services, you’ll help your enterprise customers secure their battery-constrained IoT devices with simplicity and lower cost. Enterprises that opt to use a cellular BEST-based service, for example, avoid buying and managing security gateways themselves to terminate encryption throughout their networks. BEST further improves the business case for many IoT deployments in that end users won’t have to visit remote areas as frequently to replace sensor batteries. Operator Deployment Options You can deploy BEST to offer “end- to-end” security (between the device and an enterprise application server) to your enterprise customers. You can also deploy “end-to-middle” security (between the device and an HSE gateway in your home network) for your own use to mitigate risks. For example, IoT transmissions often traverse the licensed mobile networks of multiple operators, which have roaming partnership agreements. Most service providers would consider the visited partner
network less trustworthy than their own home network. So they don’t want to depend on the visited network to provide confidentiality or integrity. One way of addressing this concern is to use BEST for end-to-middle security, which establishes a secure channel between the IoT device or user equipment and the HSE gateway in your home network. This way, you avoid trusting intermediate communications links and therefore mitigate risks. You can deploy end-to-middle security for integrity protection, confidentiality protection (encryption), or both. Some service providers may choose not to implement the end-to-middle encryption for confidentiality protection, however, if they want to provide local law enforcement agencies in other parts of the world with lawful intercept capabilities. Differentiate Services While Lowering Risk BEST technology is intended to work with your licensed cellular network that supports Narrowband- IoT (NB-IoT) or LTE-M technology. You can take advantage of BEST to differentiate your service offerings, create additional revenue streams, and mitigate risk. By offering managed IoT security as a value- added service with BEST, you’ll also ease the IoT power-versus-security conundrum for enterprises. Learn more about BEST and IoT security in the resources for this article. For a briefing on BEST, contact your Juniper account representative.
New-Tech Magazine Europe l 23
Made with FlippingBook flipbook maker