10.4.1 Security Aspects of Smartcards

The SE based on UICC is still highly useful, whether it is of traditional form factor or embedded into the device permanently. These tamper‐resistant HW solutions remain a good base for providing at least TLS4 security level while it is much more challenging to achieve the same level with the SW‐based security solutions. Along with the development of the eSE concept and respective subscription management, the final trends towards 5G are still to be seen. It may be possible that due to the fast development of the IoT environment, 5G may rely increasingly on solutions apart from the ‘traditional’ SIM/UICC concept.

10.4.2 Mobile Device Considerations

Some time ago, the logical base for the connectivity of the IoT/M2M devices was considered to be GSM. However, its role in the consumer voice service is reducing along with the deployment of 3G and 4G networks, yet it is still widely spread being able to serve devices such as those embedded into utilities and cars. At the same time, advanced systems such as LTE were seen as unnecessarily complicated to serve the IoT domain. The trend indicates that LTE can in fact be a very useful base for all kinds of IoT services. A concrete proof of this trend in the inclusion of the M2M category (Cat M), which is designed to support very low data rates (up to 1 Mb/s) compared to other categories which are in tens or hundreds of Mb/s. Furthermore, the 3GPP specifications divide the M2M categories into Cat M1 (which was originally the Cat‐M) and Cat M2 (which was called previously Narrow Band‐IoT, i.e. NB‐IoT) in order to further emphasise the low bit‐rate and narrowband characteristics of many IoT devices. The reason for this ‘mind‐set change’ is that LTE/LTE‐A is becoming the default standard at the global level which ensures rapid deployment and large coverage areas. As LTE/LTE‐A provides better spectral efficiency, dynamic scalability and thus more capacity than any of the previous generations, it is able to support IoT devices such as wearables very efficiently.

These are some of the reasons why the 3GPP LTE‐A Release 12 and 13 with an increasing number of definitions for M2M device support are relevant solutions for the IoT environment. The Cat‐M1 and Cat‐M2 re especially adjusted for Machine‐Type Communications (MTC). Cat M1 provides the peak data rate of 1 Mb/s which is considered s a suitable base for IoT/M2M devices that typically do not require more demanding data rates. Cat M2 specifies even narrower bandwidth and reduced complexity in order to reduce device cost and power consumption. This development in the standardization field could accelerate the lowering of importance of previous mobile generations and possibly shut down complete networks that were deployed prior to LTE/LTE‐A quicker than anticipated, along with new ideas of re‐farming the 2G and 3G frequencies for MTC. This development may start taking effect as of 2017 when Release 12 and 13 capable networks will be deployed.

Meanwhile, the chipset vendors are preparing the device base to better tackle the M2M environment, by providing Category 1 chips that allow data rates of up to 10 Mb/s. Even if this category provides more rapid connections than the cost‐efficient and low‐power M2M devices actually would require, it still better optimizes the device complexity compared to the other typically offered Categories 3 and 4 for smart devices.

While waiting for the Category M1/M2 chipsets, many of the current and near‐future IoT devices will benefit from the Category 1 chipsets, e.g., wearable devices such as smart watches/health equipment, and other devices that benefit from very low‐power consumption with low‐capacity and small‐sized batteries, or remotely located devices such as utility meters which need to work autonomously with the same power source for a very long time.

10.4.3 IoT Device Considerations

Ref. [7] summarizes some of the key aspects for IoT device security. The main message for the industry is that the IoT devices need to include in‐built security solutions instead of relying solely on the protection mechanisms of the network infrastructure. There is a big temptation in device manufacturing to leave the security level at its minimum, the reason being that many of the devices will be extremely low cost and simple – and unfortunately for the manufacturers as well as for the end‐users, inclusion of advanced security solutions may increase the total cost of the device considerably.

Ref. [7] also divides the cyber‐security threats against the IoT devices into application and system levels. The application level includes a huge amount of non‐intentional as well as deliberately created security threats. As an example of the latter, there have been cases with backdoors left in the devices which have been revealed later – leaving many of the devices vulnerable tor cyber‐attacks as it might be very challenging to update, e.g., routers after they have been deployed in locations that no one might be directly responsible for.

Ref. [7] further discusses that while application layer attacks are prominent in embedded devices, attacks against system layer services are also found. The system‐level breaches during 2015 include, e.g., a largely reported security breach against Jeep, which was demoed for remote control ‘hijacking’ [8], and the Heartbleed vulnerability revelation [9] which showed the weakness of OpenSSL cryptographic libraries that are widely used in embedded devices. The Heartbleed bug can be used as a reference to potential IoT device vulnerabilities as such a wide community has been relying on it. It is a fundamental security threat as it allows anyone on the Internet to read the memory of the systems protected by vulnerable versions of the OpenSSL software. As a result of this vulnerability, the secret keys for identifying service providers and to encrypt the traffic, names and passwords of users and the actual content are compromised. As a consequence, knowledgeable attackers can exploit the vulnerability to eavesdrop on communications, and to access server and user data and copy it.

As IoT devices grow in number, it is essential to ensure a sufficiently high QoS as well as fluent user experience – along with a sufficiently good security level, including event‐based fraud detection in real time. This requires strong end‐to‐end cryptography solutions that ensure end‐users’ privacy and identity as well as content protection.

Ref. [11] presents some potential solutions for tackling potential security breaches of IoT devices. One of the most feasible and highly logical solutions is the inclusion of the SE into the IoT device, in one or another form (traditional SIM/UICC card, eSE or external HW such as micro‐SD). The benefit of the SE/eSE is the device agnostic, horizontal approach. Furthermore, SE/eSE provides robust, proven security mechanisms and management that rely on international standards. The SE/eSE is thus a future proofed concept that provides feasible end‐to‐end security. It can also support multiple applications while the trusted parties manage the identities.

Ref. [12] has concluded that the role of the eSE will be essential in the forthcoming years along with the increasing number of IoT devices. The reference notes, though, that the traditional SIM cards limit the number of retail outlets and sales. As a result of this, sales of cellular connected consumer electronics devices have not been developed internationally, and Wi‐Fi connectivity has taken over cellular connectivity for that reason. Nevertheless, the reference also notes that the role of the eUICC in consumer electronics devices is crucial in changing this. The consumer electronics domain is expected to become a strong adapter of eSIM specifications from which GSMA has great potential as the preferred solution for new connected products, providing interoperable profile management during the lifecycle of IoT devices as well as consumer devices.

Totally new services are expected in the commercial market, which optimizes IoT communications, as well as converging existing technologies. A main building block for the highly dynamic utilization of the devices, in both M2M and consumer realms, is the renewed subscription management as described throughout this book. Also new adaptations related to optimal communications, such as advanced offloading methods, are seen as the Google Fi initiative indicates [14]. It is a programme that delivers a fluent and seamless wireless experience for end‐users in close partnership with leading carriers and HW makers by optimizing the communications via selected cellular networks and Wi‐Fi hotspots.

10.4.4 Sensor Networks and Big Data

Big Data refers to an extensive amount of data or complex data that ‘traditional’ data‐processing applications are not capable of handling. Not only the amount of data itself but issues arise in harvesting and post‐processing it when storing, analysing, correcting, searching, sharing, transferring and presenting the data. Interestingly, Ref. [20] states that there is such an excess of data that it often stays stored without further analysis.

A significant contributor of Big Data is expected to be the distributed Wireless Sensor Networks (WSNs). Even if the data generated in such an environment is not extensive per device, the accumulated data produced by all the sensors within a dense WSN may represent a considerable share of Big Data. An ongoing area of research is, thus, the energy‐efficient methods and techniques in the field of Big Data gathering in the densely distributed sensor network [16]. There are significant business opportunities involved, although the proper handling of privacy is equally important.

One of the drivers in the development of Big Data technologies has been the huge increase of data inflows to central processing points, and the increasing demand for outputs from those processing points, i.e., server‐based technologies. This trend continues as new equipment creates increasing amounts of data, including all kinds of devices such as accelerometers, cameras and GPS [17]. To tackle this overwhelming amount of data, new thinking and solutions are needed, such as stream processing. Also, optimized ways are required such as simpler deployment tools, programming interfaces and libraries in order to process and mine data sources.

As Ref. [18] notes, Big Data through cloud computing is a feasible way to offload a significant share of computation and data from data centrers and terminal devices as it provides flexibility and scalability, as well as economic savings. Nevertheless, cloud computing may not be the optimal application because it requires real‐time response time and mobility support. For the WSN, the operational areas need to be close to the physical world whereas the cloud makes it possible to manage part of data storage and computation at the edge of the network. This is another interesting area for the research community – to develop solutions for Big Data in the ubiquitous WSN environment including related computation, storage, data analysis, mining and distributed algorithms while ensuring adequate QoS and system integrity.

The technical advances in the generation of Big Data via current and innovative sensor technologies, as well as collecting and analysing the data, may also bring concerns for the privacy of individuals and the security of the data. As an example, Ref. [19] reports on a Google demonstration on wireless environmental sensors, emphasizing that these sensors may expose the potential for the use and misuse of relentless data collection. This setup consisted of some hundreds of wireless devices for detecting noise levels, humidity and temperature. The WSN was based on ZiGBee connectivity. The network produced data in 4000 continuous streams to the cloud platform as an entry point for the data, which was posteriorly processed using the Google Compute Engine, analysed using Google BigQuery and presented using an interactive Web application. The demo indicated the means for managing Big Data, and the benefits of a developed system based on the cloud. Nevertheless, Ref. [19] reminds us that if the sensors were replaced by cameras and motion sensors, the setup may become more intrusive.

As Ref. [21] states, there are social benefits in Big Data analytics, for example, in scientific and medical research. Properly handled, the data can contribute to new innovations which may lead to enhanced quality of life. Nevertheless, it is important to handle with care the direct measurement of the environment and the collection of Big Data and its post‐processing. Thus, proper technologies and regulation are needed to ensure that the data is stored securely and handled accordingly in order not to jeopardize privacy rights. One example of the preparation for the next waves can be seen in Ref. [21] of the ICO which notes the interest in data protection and privacy risks posed by Big Data, and raises the need for understanding what data protection issues it raises with suggestions on how to comply with the Data Protection Act (DPA).

10.5.1 Standardization

5G represents the idea of a much more efficient system beyond 4G, as the 4G concept is defined by the ITU’s IMT‐Advanced requirements. The aim of the global 5G standard is to increase the data rate and speed up the response time. The overall concept of 5G is already generating large interest even if the actual form of it is still not clear. The focus of the discussions is on enabling a seamlessly connected society as of 2020. The idea of 5G is, via convergence systems and technologies, to bring together people, things, data, apps, transport systems, cities – in other words, everything that can be connected. 5G thus may function as an integral platform to ensure the smooth development of IoT and act as an enabler for smart networked communications.

The ITU‐R has established a programme to develop 5G via the IMT for 2020 and beyond, i.e., ‘IMT‐2020’, which is the next evolution step after the IMT‐2000 of 3G and IMT‐Advanced of 4G requirement descriptions of the ITU. This programme sets the stage for international 5G research activities, and the aim of the ITU‐R is to finalize the vision of a 5G mobile broadband society which, in turn, is an instrumental base for the ITU frequency allocation discussions at the WRC. The WRC is an essential forum for the decisions on how best to reorganize the current frequency bands for the most efficient international use of the forthcoming 5G networks.

Most concretely, the ITU‐R WP5D working group is actively driving for the information sharing related to the advances and requirements of 5G, including the vision and technical trends, requirements, RF sharing and compatibility, support for applications and deployments, and most importantly, the IMT specifications.

One of the active standardization bodies driving for 5G is the 3GPP, which is committed to submit candidate technology to the IMT‐2020 process of the ITU‐R. The initial technical submission is planned for ITU‐R WP5D meeting #32 in June 2019, and the detailed specification submission is planned for ITU‐R WP5D meeting #36 in October 2020 [15]. To align the technical specification work accordingly, the 3GPP has decided to submit the candidate proposal based on the specifications frozen by December 2019. As for the 3GPP specifications, 5G has an impact on several technology areas from which the radio interface is the most clearly visible as the aim would be to increase the theoretical 4G (and thus LTE‐A) data rates considerably while the response time would dramatically reduce. Thus, the Radio Access Network Technical Specification Group (3GPP RAN TSG) is committed to identifying the requirements for the IMT‐2020 as well as the scope and the 3GPP requirements for the new radio interface, working in a parallel fashion to enhance the ongoing LTE evolution belonging to the 4G phase which is the LTE‐A of the 3GPP, complying with the IMT‐Advanced requirements of the ITU.

10.5.2 Concept

5G refers to the 5th generation wireless systems. They belong to the next major phase of mobile telecommunications standards beyond the current 4G networks that will comply with the forthcoming IMT‐2020 requirements of the ITU‐R. The idea of 5G is to provide much faster data rates with less delays compared to the current systems up to 4G and thus to facilitate the adaptation of more advanced services in the wireless environment.

The industry seems to agree that 5G is a combination of novelty, yet to be developed and standardized solutions and existing systems including commercially available mobile generations, as well as other feasible wireless access technologies that together contribute to considerably increased data rates (at least 10‐fold compared to the current LTE‐A), lower latency (practically zero) and support of increased capacity demands (thousands of simultaneously connected consumer and M2M devices). As a result of the key enablers of 5G, some of the expected highly enhanced use cases include the support of tactile Internet and augmented (virtual) reality which provides completely new, fluent and highly attractive user experiences.

At present, there are many ideas about the more concrete form of 5G. Some major operators are driving the technology in practice via concrete demos and trials with the aim of contributing to the standardization and thus speeding up the system definitions. While these activities are beneficial for the overall development of 5G, they represent proprietary solutions until the international standardization ensures the jointly agreed 5G definitions which in turn facilitates global 5G interoperability.

5G is the result of a long development in the mobile communications area, the roots going back to the 1980s when 1G mobile communication networks began to be a reality. Since then, the new generations up to 4G have been based on earlier experiences and learning, giving the developers a base for designing enhanced security and technologies for the access, transport, signalling and overall performance of the systems. Regardless of the highly performing 4G that is still under deployment, the telecommunications industry has identified a great need for considerably faster end‐user data rates as a result of the never‐ending demands of the evolving multimedia. 5G would be capable of coping with extremely challenging capacity requirements to provide fluent user experiences that are suitable for practically all needs, up to the most advanced virtual reality applications. At the same time, the exponentially enhancing and growing IoT requires new security measures, including potential security breach monitoring and prevention.

5G will be an enabler for responding to the ever growing needs of the consumers in the advanced multimedia utilization, as well as tackling the vast needs of the exponentially growing IoT environment. Along with the new M2M/IoT applications and services, it can be expected that there will be role‐changing technologies developed and new ideas to rely on, support and complement the existing ones. 5G is one of the most logical bases for managing this environment together with the existing systems in the markets.

As for the security assurance of the new 5G era, there can be impacts expected in the ‘traditional’ forms of the SIM/UICC and subscription types as the environment will be much more dynamic, with constantly changing devices which may be using a single user’s subscription data and credentials. The ongoing efforts in developing interoperable subscription management solutions that respond in near real time for changing the subscriptions upon need illustrate a building block for this always connected, high‐speed data society. It is still to be seen how the consumer and M2M devices will look like physically in the 5G era, but it can be taken for granted that there will be much more variety compared to previous mobile network generations, including multiple wearable devices per user, and highly advanced controlling and monitoring equipment taking part in our daily life in the connected society. Along with these completely new types of machines, the role of removable subscription identity modules such as the SIM/UICC will change; the much smaller personal devices require much smaller form factors from such elements meaning that the number of eSEs will grow. At the same time, techniques to tackle the constantly changing subscriptions need to be developed further as well as security solutions – both HW‐based and SW‐based. The feasibility of the cloud‐based security solutions such as tokenization and HCE, and the further development of the device‐based technologies such as TEE, will be highly relevant in the 5G era.

10.5.3 Industry and Investigation Initiatives

There are various MNOs and network equipment providers involved with practical field tests, and several investigative programmes have been established to study the feasibility and performance of new system ideas. As some examples, Verizon has established a 5G Technology Forum, and the EU coordinates 5G research programmes under various teams. More information about the latest EU‐funded 5G research plans can be found in Ref. [13].

10.5.4 Role of 5G in IoT

Even if 5G is still undergoing brainstorming until the ITU officially dictates the respective requirements and selects the suitable technologies from the candidate systems, it is clear that 5G systems are aimed at tackling the vastly growing and developing IOT domain. Many novelty and future solutions can be expected, such as integrated wearable devices, household appliances, industry solutions, robotics, self‐driving cars and other solutions that benefit from the 5G networks that can be assumed to be able to support growing amounts of simultaneously signalling, ‘always‐connected’ devices.

The ongoing work on developing the next big step in mobile communications, i.e., 5G, includes IoT aspects as an integral part. Even if some of the most important key goals of 5G are to provide many‐fold data rates compared to the 4G systems with close to zero delays, utilizing advanced technologies such as multi‐antenna systems [6], they only represent one part of the complete picture. Another equally important aspect of the forthcoming 5G is the ability to manage huge amounts of IoT devices – which can be thousands under a single radio cell – which means that the overall data rate budget would be divided between these typically relatively low bit rate machines.

In addition to the ‘traditional’ type of IoT devices such as wearable watches with integrated mobile communications systems, car communications systems and utility meters, there are also emerging technology areas such as self‐driving cars and drones that require high reliability for their functionality as well as secure communications [4]. More information about IoT development can be found, e.g., in Refs. [1–3,5].