Home Blog Page 2

NSA and CISA Release Part II of Guidance on Securing 5G Cloud Infrastructures


The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently released the first of a four part series titled Security Guidance for 5G Cloud Infrastructures. This series of four action-oriented documents is intended to provide guidance on how to move toward zero trust in support of securing 5G. It’s been created as a joint industry and government effort with the support of several large contributors through the NSA’s Enduring Security Framework (ESF).

This second release in the series is titled Security Guidance for 5G Cloud Infrastructures – Part II: Securely Isolate Network Resources [PDF] with the focus on ensuring that there is secure isolation among customer resources with emphasis on securing the container stack that supports the running of virtual network functions.

The guidance focuses on “pods” isolated environments used to execute 5G network functions in a 5G container-centric or hybrid container/virtual network function design and deployment and it describes several aspects of Pod security including:

  • Strengthening Pod isolation, such as limiting permissions on deployed containers;
  • Cryptographically isolating critical Pods using trusted execution environments;
  • Using best practices to avoid resource contention & DOS attacks;
  • Implementing container image security through build processes, scanning, and
    enhancements to the trust environment; and
  • Implementing real-time threat detection through minimizing noise, curating baseline
    behavior, and alerting on anomalous activity.

For more information see the release on the CISA website: https://www.cisa.gov/uscert/ncas/current-activity/2021/11/19/nsa-and-cisa-release-guidance-securing-5g-cloud-infrastructures

The guidance is available here [PDF]: Security Guidance for 5G Cloud Infrastructures – Part II: Securely Isolate Network Resources

All the guidance papers and other useful information will be available at the CISA’s 5G Security and Resilience page or at the NSA’s Enduring Security Framework (ESF) page.

NSA and CISA Release Part I of Guidance on Securing 5G Cloud Infrastructures


The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently released the first of a four part series titled Security Guidance for 5G Cloud Infrastructures. This series of four action-oriented documents is intended to provide guidance on how to move toward zero trust in support of securing 5G. It’s been created as a joint industry and government effort with the support of several large contributors through the NSA’s Enduring Security Framework (ESF).

This first release in the series is titled Security Guidance for Cloud Infrastructures Part I: Prevent and Detect Lateral Movement [PDF] and is focused on detecting malicious cyber actor activity in 5G clouds and prevent actors from leveraging a single compromised cloud resource to compromise the entire network. It is recommended for service providers and system integrators who are involved in building and configuring 5G cloud infrastructures.

It should come as no surprise that the guidance for preventing and detecting lateral movement in 5G cloud environments revolves around the concept of zero trust. To learn more about zero trust, check out NIST SP 800-207 along with guidance from NSA and CISA.

The guidance for 5G cloud environments involves robust perimeter protections as well as secure internal controls coupled with sufficient logging, monitoring, and automation. Cloud environments present myriad entry points and vulnerable interfaces where malicious actors could attempt to compromise environments including software, APIs and networks.

  • Implement secure identity and access management
  • Keep 5G cloud software updated and free from known vulnerabilities
  • Securely configure 5G cloud networks
  • Lock down communications among isolated network functions
  • Monitor for adversary lateral movement
  • Use analytics to detect sophisticated adversarial presence

For more information see the release on the CISA website: https://www.cisa.gov/uscert/ncas/current-activity/2021/10/28/nsa-cisa-series-securing-5g-cloud-infrastructures

The guidance is available here [PDF]: Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement

All the guidance papers and other useful information will be available at the CISA’s 5G Security and Resilience page or at the NSA’s Enduring Security Framework (ESF) page.

A text message routing company suffers possibly a massive mobile network privacy breach

Syniverse is a critical part of the global telecom infrastructure. It connects 300+ cell phone networks globally and acts as an intermediary for billing records and text messages sent between cell phone networks.

In the Securities and Exchange Commission filing Syniverse published last week the company disclosed that in May 2021 it “…became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization.” It also revealed that the security breach first started in May 2016 giving the attacker five years of access.

Syniverse claims to process more than 740 billion text messages per year and the hack has a potential to impact millions of customers. The full extent has not been disclosed by the company yet.

For more information see Vice article: Company That Routes Billions of Text Messages Quietly Says It Was Hacked

CISA + NSA Publish Potential Threat Vectors to 5G Infrastructure


Cybersecurity Infrastructure Agency (CISA), National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) published a new 5G security related paper – “Potential Threat Vectors to 5G Infrastructure”.

The report outlines three major potential threat vectors to the 5G infrastructure: policy and standards, supply chain, and 5G systems architecture. Each are described together with a number of sub-vectors.

The report also stresses that not implementing optional security controls can be damaging because it could make networks more vulnerable to cyberattacks.

The paper is available here: https://www.cisa.gov/sites/default/files/publications/potential-threat-vectors-5G-infrastructure_508_v2_0%20%281%29.pdf

Securing Society 5.0 – Overcoming the hidden threats in society’s greatest evolutionary leap

Securing Society 5.0 Introduction
Securing Society 5.0 Introduction

A term first coined by the Japanese government, “Society 5.0” describes “A human-centered society that balances economic advancement with the resolution of social problems by a system that highly integrates cyberspace and physical space.” The fifth evolution of the society, enabled by the fifth generation of cellular networking and cyber-physical systems, imagines technology, things and humans converging to address some of the biggest societal challenges. The concept encompasses Industry 4.0, Fourth Industrial Revolution, Smart-Everything World and other buzzwords of the moment.

In the society of the future the more the cyber and physical worlds are combined, the greater the benefits we will experience. However, the same is true of cyber threats. The more technology is incorporated into every corner of our social being, even our physical being, the greater the risk to our personal and collective safety.

The pandemic has accelerated our progress towards Society 5.0, albeit without corresponding advancements in cybersecurity and privacy. In the second book my son and I are writing we are highlighting the blind spots that might drag us down on our way to humanity’s next evolutionary step and offering potential ways to reconsider cybersecurity and privacy in Society 5.0. From the introduction to Securing Society 5.0 (Upcoming):

Securing Society 5.0


As we move into the third decade of the 21st century, humanity faces challenges of previously unimagined scale and complexity. The world grows smaller every day; all problems are to some extent shared global problems. We have been dramatically reminded of this fact by the recent Covid-19 pandemic, which started as a health emergency but soon evolved into a social and economic one, leaving no nation on earth untouched.

Many parts of the world economy ground to a halt. Despite record sums in fiscal stimulus and monetary interventions aimed at keeping companies open and citizens employed, the damage was sharp and extreme. Global unemployment rose by 33 million in 2020, a number which would have been far higher were it not for the job retention schemes that allowed companies to reduce working hours without closing jobs. Even these measures, though, could not stem the fallout in productivity, with working hours lost in 2020 equivalent to 255 million full-time jobs.

These overall figures do not, however, reveal how uneven the effect of Covid-19 has been across industries. Sectors like aviation, food and hospitality, arts and culture, and construction have been hit hardest, suffering far greater losses than higher-skilled service sectors, like information and communication, finance, and insurance, many of which have actually seen jobs growth.

The fundamental reason for this disparity in impact is quite a simple one: physical proximity. Those industries reliant on human contact, or at least humans working near each other, have been largely paralysed by regulations prohibiting physical interaction. Those industries in which companies and their workforces are able to operate remotely have typically incurred less damage. This does not, however, mean that organizations in those industries were prepared for remote working on the scale we have seen.

According to the World Economic Forum (WEF), until recently, working from home was a luxury for the relatively affluent. Only around 7% of U.S. workers had the option to regularly work from home, most of them “knowledge workers” such as executives, IT managers, financial analysts and accountants. The UK Office for National Statistics estimated the WFH contingent in the United Kingdom in 2019 was approximately 5%.

Though no authoritative figures have been compiled yet, the number of people currently teleworking around the world has multiplied dramatically. Whole organizations have moved online and connect via video conferencing.

In March 2020, Zoom was downloaded 2.13m times around the world in one day, up from 56,000 times a day two months earlier. The company’s share price doubled in the same time period.

Predictions of a future in which people communicate primarily online have been rendered inaccurate by decades. In one giant leap, we have landed in a virtual reality facilitated almost exclusively by digital applications. Yet, communication is only one face of a broader shift catalysed by the recent pandemic. A 2020 McKinsey Global Survey of 900 C-level executives, reveals that companies have accelerated the digitization of their customer and supply-chain interactions and of their internal operations by three to four years. The proportion of digital or digitally-enabled products they offer has leaped forward seven years in a few months.

Much has been said elsewhere about the way in which Covid-19 has accelerated the digital transformation of commercial, industrial, and civic enterprises, but in our consulting work during 2020-21, one of the most striking aspects of this change has been its extension beyond digital. Companies have not only been upgrading their internal processes to digital or developing digital-centric products, they have been assertively integrating cyber and physical technologies to increase competitiveness and remove human dependencies from their value chains.

Recognizing the increased risk of future operations being slowed, interrupted or halted altogether by the outbreak of new viruses, businesses in sectors like manufacturing have brought forward plans for automation and cyber-management of their factories. For these clients, the cloud-based confluence of 5G, AI and Big Data is making autonomous operations a reality: production installations overseen by humans, but driven by digitally-enabled machines.

These examples are the realization of buzzwords like Fourth Industrial Revolution, Industry 4.0, and smart environments, visions of the future that all have one thing in common: cyber-physical systems. Cyber-physical systems represent the convergence of physical, digital, and biological spheres, and they will soon be ubiquitous in all areas of life.

Even before Covid-19 began its spread across the globe, the number of devices expected to be connected to the Internet of Things (IoT) by 2023 was 43 billion. Now, with businesses pivoting to create more cyber-physical products and digital services for an online-resident population, those numbers are probably gross underestimations.

It is because of this exponentially expanding Internet of Things that 5G has been such a controversial topic over the last few years, feeding geopolitical conflict, trade wars and relentless debates in the telecoms industry and beyond. 5G has not even been rolled out in most of the world and nations have already come to regard it as a critical infrastructure. Why? Because it will enable a massive Internet of Things (mIoT), because it is a structure that will unlock the unimaginable potential of cyber-physical reality.

5G will transform lives of many in the UK and across the world by facilitating the Internet of Things,” says the UK Government.

The Government of Canada agrees: “The 5G networks are expected to play a much broader role in our lives by enabling wireless connectivity of an unprecedented variety of devices for an unimaginable number of services and applications.

Australia states, “5G provides responsive digital technology required to support innovations such as robotics and the Internet of Things (IoT),” while the Government of the United States declares:

“5G is a fundamental shift in wireless infrastructure. More like the invention of the Gutenberg press than the move from 3G to 4G, it will move the world into the information age. Everything from automated cars and aircraft to advanced logistics and manufacturing to true AI enhanced network combat. Most communication on the network will move from mobile devices to machine to machine (M2M) traffic.”

These statements are less about 5G itself, and more about what it enables, and they echo the sentiments of almost all sectors of commerce and industry: the future is cyber-physical.

Despite distinct but parallel paths of evolution, humankind and technology have reached a time of unprecedented assimilation in which we and our tools are less and less distinguishable from each other. As with all unions, there are tremendous gains to be won, but there are also challenges.

The benefits of cyber-physical systems (CPS) extend far beyond sexy consumer products like self-parking cars and homes that change lighting according to your tastes. Humankind faces numerous existential threats, and a global network of cyber-physical devices may hold some of the clues to overcoming these obstacles.

However, technology is no panacea. Humankind’s latest technological revolution has been breathtaking in its pace and impact, but it has not been matched by concomitant progress in society, ethics and neurobiology.

Humankind’s survival and future success do not rely on technology alone, but on its conscious, balanced, and secure incorporation into social, industrial and economic systems.

A term first coined in the Japanese government’s Fifth Science and Technology Basic Plan, “Society 5.0” envisages an amalgamation of cyber and physical spheres to deliver exponential synergy in society’s operations. It describes a time of greater prosperity for all, achieved through the liberation of cyber-physical intelligence to create a “super-smart” society. Social contracts will be rewritten, economic models will be redefined, new solutions to nagging societal problems will be achieved through strategic assimilation of robotics, AI, big data, 5G (and beyond), and as-yet-unseen emergent technologies.

For the purposes of this book, we have expanded the term “Society 5.0,” while retaining its essential spirit. We mean it to include the Fourth Industrial Revolution, Industry 4.0, the Internet of Things (IoT), the Internet of Everything (IoE), and the many alternative concepts that are regularly used to describe the connectivity-driven integration of technology and human daily life. These labels all describe specific systems or trends, while Society 5.0 is a broader term describing an integrated cyber-physical ecosystem, a “system of systems.”

There are already many interpretations of what such a future may look like, ranging from the cynical to the utopian. Our job in this book is not to contribute to that collective pool of imagination, but rather to illuminate some of the practical considerations often overlooked by “futurists” and “tech prophets.”

“Securing Society 5.0” addresses the largely unexamined threats of cyber-physical ubiquity. It begins with an exploration of the context and history of Society 5.0, including its anthropological roots and the multi-systems challenges that have called this vision into being. The book then examines the defining characteristics and assumptions of Society 5.0, as well as the major technologies that will influence its success. Part Four investigates the shifts we can expect to see in the nature of society itself as the boundaries between cyber and physical become increasingly blurred, before Part Five considers the hidden threats of a cyber-physical world, and what can be done to ameliorate them. The book concludes with an affirmation of the need for systemic evolution, as envisaged in Society 5.0, with directions for its safe delivery.

In writing this book, we hope to offer a sober view of technology’s potential to help humanity evolve in a healthy way, while drawing attention to the blind spots that may drag us down. We stand on the threshold of a golden age, but one that will only be realized if we understand that what worked for us in the past may not work in the future. What kept us safe yesterday will not keep us safe tomorrow.

Only by appreciating this fact will we be able to access the full potential of humanity’s next evolutionary step.

A Comparison of 5G Core Network Architectures

5G Cloud Architecture

The 5G Core network is a Service Based Architecture. It evolves the traditional appliance based 4G Core Network to support services. It offers more agility and flexibility.

The major building blocks of this architecture include

  • Service-Based Interface: The Service Based Interfaces rely on HTTP/2
  • The 5G Network Functions: As explained by Ericssonis built using IT network principles and cloud native technology. In this new architecture each Network Function (NF) offers one or more services to other NFs via Application Programming Interfaces (API). Each Network Function (NF) is formed by a combination of small pieces of software code called as microservices.” The Network Functions are all “Virtual”.
  • Cloud Native Functionality: The 5G core is Cloud Native, i.e., it leverages microservices, containers, orchestration, CI/CD Pipelines, APIs, and service meshes etc.
  • Control & User Plane Separation (CUPS): This functionality is critical for 5G as it allows operators to separate the control plane that can sit in a centralized location and for the user plane to be placed closer to the application it is supporting.
  • Edge Computing: With CUPS (control and user plane separation) the data plane can be moved closer to Edge for lower latency requirements leading to Edge Computing.
  • Network Slicing: This functionality leverages virtualized functionality to logically connect different physical resources to support a specific service for different business needs.

This paper reviews the 5G Core Network architecture capabilities and current deployments of the major 5G vendors including:

5G MCN Vendor Share
Figure 1: MCN Vendor Share – 3Q19
  1. Ericsson
  2. Huawei
  3. Nokia
  4. ZTE
  5. Cisco

According to Dell’Oro, as of 2019, Ericsson and Huawei share the top two spots in MCN (Mobile Core Network) followed by ZTE and Nokia and then Cisco. This includes market share for both the legacy as well as the 5G Core that is triggered by 5G Standalone (SA) launces.

In 2020 Huawei and ZTE increased their dominance over Nokia and Ericsson as China aggressively launched 5G Standalone ahead of other countries. Overall Huawei is the leading Telecom Equipment vendor followed by Nokia and Ericsson.

Figure 2: Worldwide Telecom Equipment Revenue – 1Q20


The 5G core market is purported to grow at a whopping 72% CAGR to $9.5B by 2025. As per Dell’Oro this market is dominated by Ericsson, Huawei, Nokia with Samsung and ZTE as the challengers.  We review the 5G Core Network Architectures as proposed by different players divided into two categories:

  • Traditional Equipment Vendors: Nokia, Ericsson, Cisco, Huawei, ZTE
  • Disruptive Players: Samsung, Mavenir, Casa systems, Affirmed Networks.

Core Network Architecture Evolution from 4G to 5G

The Core Network Architecture evolution depends on the mobile operator choices. 3GPP has specified different options, shown in the following figure from GSMA. The options are grouped as SA (Standalone) vs NSA (non-Standalone). SA refers when only one radio access technology is used vs NSA refers to the option when both LTE and 5G radio access technologies are used simultaneously:

  • Option 1: The tradition enodeB (eNB) connected to an EPC
  • Option 2: 5G Standalone (SA): 5G NR nodeB (gNB) connected to the 5GC
  • Option 3: A non-Standalone (NSA) eNB is connected to a 4G Core, and gNB is connected to the enodeB – it comes in three variants: Option 3, 3a and 3x with different connectivity options between the gNB and eNB
  • Option 4: A non-Standalone (NSA) deployment, where both LTE and 5G NR radio access technologies are deployed and controlled through only 5GC. The eNB is routed to the 5GC via the gNB. Has options 4, 4a
  • Option 5: A standalone (SA) deployment; an evolved eNB connected to 5GC
  • Option 7: An NSA 5GNR nodeB (gNB) is the master, connected to the 5G Core and eNB as the slave
5G deployment options
Figure 3: 3GPP defined options for 5G deployment

The question arises on why migrate to a 5G core? The following reasons provide the rationale for the migration:

5G Core is Cloud Native

The 5G Core is being built with a cloud Native Architecture with microservices and that can be reused for supporting other Network Functions. The Cloud Native Architecture will be built on CI/CD pipelines. Such an architecture will speed up development and operational efficiency by deploying a DevOps approach

5G Core enables Network Slicing

Network slicing is enabled by the cloud native architecture. Multiple logical functions can be defined on the same physical architecture. It enables a mobile operator to support new services and business models for a variety of services like Massive IoT, Industrial IoT and Evolved Mobile Broadband. The 5G use cases enabled by a 5GC include augmented reality, factory automation, mission critical communications.

5G Core supports Edge Computing

The scenarios for Edge Computing including local breakout of traffic. As is explained in the reference, “the reduction in latency, increase in service reliability and traffic and services isolation will contribute to an overall enhancement in the end-user experience. The list of capabilities goes on, but here are a few others:

  • Service exposure and traffic steering functionalities provide additional tools for service differentiation
  • Enhanced QoS model; more flexible than in 4G will allow multiple services (QoS flows) per PDU Session
  • Security is improved with enhanced key handling and a unified authentication model
  • Service differentiation per geographical e.g., control access to FWA services or other localized services

5G Core Comparison

As a part of this paper we compare the support of the 5G vendors

Vendor Cloud Native Readiness Network Slices Readiness Edge Computing  4G to 5G Migration Customers
Ericsson Zero Touch, Cl/CD – KDDI 5G use cases Deployment Strategies Supports Migration KDDI Japan

127 Customers

Huawei Containerized Architecture Deterministic Networking 5G MEC Solution Supports Migration 90 Customers
Nokia Cloud Native Functionality 5G Network Slices Ready 5G Multiaccess Edge Universal Core 195 Customers
Samsung Cloud Native 5G Core United but Divided Samsung and IBM team up 5G SA Architecture Less than 10
ZTE Cloud Native 5G Core simplified Network Slicing Multiaccess Edge 5G Common Core 55 Customers
Cisco Cloud Native Packet Core 5G Network Slicing 5G Edge Computing Packet Core Only 40 Customers


In the following section we further discuss aspect of the of 5G Core network.

5G Core Network by Ericsson

Ericsson Dual-Mode Cloud Core Solution support EPC and 5GC functionality on a single platform.

Ericsson Dual-Mode Cloud Core Solution
Figure 4: Ericsson Dual-Mode Cloud Core Solution
Advantage of 5G Core and 5G NR SA
Figure 5: Advantage of 5G Core and 5G NR SA according to Ericsson

Major Customers who have launched Ericsson 5G Core

The following customers have launched an Ericsson 5G Core as of the writing of this article:

  • Rogers Canada
  • Singtel Singapore
  • China Mobile.
  • China Telecom.
  • BT network in the UK,
  • Telefónica Deutschland
  • SmarTone Hong Kong

Ericsson claims the world’s first in 5G Core and NR SA and as per GlobalData, is a leader in 5G Core. “The solution has gained significant market momentum, which currently includes 64+ 5G contracts, 33+ live Non-Standalone (NSA) deployments, and 100+ Standalone (SA) trials in the planning or execution stages.”

5G Core Network by Huawei

Huawei has highlighted the importance of 5G Deterministic Network to provide a differentiated and deterministic experience to customers. “Deterministic Networking” builds on Network Slicing and Mobile Edge Computing.

Huawei 5G Core with Deterministic Network
Figure 6: Huawei 5G Core with Deterministic Network

Huawei’s commercial 5G Core launches include

Huawei talks about 5G deterministic networking (5GDN) that enables5G use cases including 5GDN+smart devices, 5GDN+machine vision, 5GDN+AR man-machine collaboration, and 5GDN+AI+smart transportation/energy.

Huawei 5GDN Sample
Figure 7: Huawei 5GDN Sample

These use cases are possible because 5G DN SLAs guarantee reliability, service availability, etc. In the Industrial Internet with stricter requirements, IEEE and IETF have defined the TSN standards to study deterministic communication development in industrial automation, vehicle management, and other fields.

Huawei 5G DN SLAs
Figure 8: Huawei 5G DN SLAs

5G Core Network by Nokia

Nokia’s Core Network Architectural View also depicts the migration to 5G SA architecture

Nokia Universal Adaptive Core
Figure 9: Nokia Universal Adaptive Core

Nokia 5G Commercial Launches / Deals include

As Nokia explains, “5G is not just a technology upgrade. To unleash its potential requires a rethink of how the network is designed and managed” and “Nokia Universal Adaptive Core is:

  • Done right: it is cloud-native and infrastructure-agnostic by design. Deploy it on any cloud – private or public, centralized or distributed, with an optimized performance footprint for any deployment model.
  • Done now: it simplifies the complexity with the latest technology to boost the top line and lower costs. Open and programmable, it creates an innovation engine for a strategic business advantage – today.
  • Made real: it meets stringent reliability & quality requirements, because it is created and delivered by Nokia with its broad portfolio and global experience, including hundreds of core deployments (Cloud Packet Core, VoLTE, SDM, Policy, Charging, Signaling, etc.)
Nokia Universal Adaptive Core
Figure 10: Nokia Universal Adaptive Core

5G Core from ZTE

ZTE has been aggressively testing 5G SA with Orange, launched with 5G SA MTN Uganda. ZTE has a 5G E2E Slicing architecture and has been working Industrial Automation Opportunities with 5G technology.

ZTE 5G E2E Slicing
Figure 11: ZTE 5G E2E Slicing

ZTE has rolled out 5G SA core for China Mobile. Three China Mobile Operators will rollout 1M+ gNBs in 2021.

ZTE offers a vision of what a successful 5G Core deployment looks like in this graphic that includes connected house, connected things, connected city, connected people, connected health, connected transportation:

ZTE 5G core vision
Figure 12: ZTE 5G core vision

At Mobile World Congress in 2019,  ZTE presented the “Enhanced 5G Core, Enabling 2B New Business”.

ZTE Common Core
Figure 13: ZTE Common Core

Cisco 5G Core

Cisco has a presence in the 4G packet core with its acquisition of Starent in 2009. It continues to build on that acquisition for piece of the 5G Core business. Cisco has a very strong IP networking and security portfolio that it adds on to its existing offering to position itself as a key 5G security player. The following figure talks about the 5G Core Cloud Native Core with Network Slicing, and Mobile Edge Computing  and the importance of an end-to-end security layer for a 5G Network. The security aspects covered include:

  • the connectivity layer,
  • DNS protection layer,
  • Application security,
  • NGFW and DDoS protection,
  • segmentation and isolation
  • malware protection
Cisco 5G Core
Figure 14: Cisco 5G Core

Cisco 5G Core Customers

Disruptive Players

As per GlobalData [Link updated Feb 2022] the disruptors in the mobile core space are Affirmed Unity Cloud (acquired by Microsoft), Samsung 5G Core, Casa Systems Axyom 5G Core and Mavenir 5G Core. A quick overview as per GlobalData:

GlobalData 5G Mobile Core Disruptors
Figure 15: GlobalData 5G Mobile Core Disruptors

Affirmed Unity Cloud

Affirmed Unity Cloud is being deployed by: Inventec, CHT, AT&T, DNA, Milicom and Netmore, showing early customer momentum. Microsoft’s acquisition can be positive from a funding perspective but could dilute its laser focus on mobile core solutions. Affirmed, as part of Microsoft’s Cloud business unit, may be challenged to maintain a cloud-neutral stance regarding third party clouds.

5G Core by Samsung

Samsung has demonstrated market momentum and operational experience – via penetration in Korean telco operators deploying early 5G standalone (SA) networks. Samsung is well positioned in O-RAN to deliver end-to-end solutions, based on open RAN standards. Samsung’s open-source PaaS plus its Samsung Cloud Orchestrator (SCO) provides an effective automation platform. Samsung’s limitations include limited marketing presence outside of the Korean telco market. It may take some time to transition from trials to significant deployments. Samsung has a whitepaper on the 5G Cloud Native Core on a 5G Migration Strategy.

5G Core by Samsung
Figure 16: 5G Core by Samsung

The white paper also reviews the 4G to 5G migration options.

Samsung 5G Core - 4G to 5G migration options
Figure 17: Samsung 5G Core – 4G to 5G migration options

Samsung whitepaper lays out the evolution path towards 5G NSA + SA + WiFi in the years to come.

Samsung 5G Core - Evolution path towards 5G NSA + SA + WiFi
Figure 18: Samsung 5G Core – Evolution path towards 5G NSA + SA + WiFi

Samsung’s Cloud Native 5G Core is planned for Korea Telecom and being trialed in Czech Republic with Deutsch Telecom.

Mavenir 5G Core

Mavenir strengths include that it is integrated with ONAP and ETSI based MANO solutions which appeals to operators for management and orchestration. Mavenir is highly visible in the Open RAN Policy Coalition to bring open and interoperable solutions to the RAN and has established engagements with operators such as Dish Networks and Vodafone IDea, providing it with a basis to deploy its 5GC and ORAN solutions. Mavenir utilizes cloud-native technologies to interwork with legacy protocols. Mavenir’s limitation is that it has not named operators who are using its 5G core in trials or commercial deployments.

From a LightReading articleMavenir has enjoyed significant mobile core network wins in Europe, India and Japan. Top operators, including Turkcell, Telefónica and Deutsche Telekom, alongside upstarts like Rakuten Mobile in Japan and Dish Network in the US, have purchased the company’s offerings”.

Casa 5G Core

Casa has not publicly announced 5G engagements with service providers, It notes engagement PoCs and trials.

Gartner’s Magic Quadrant for 5G Infrastructure Providers

Gartner recently updated its magic quadrant for 5G Vendors that shows the competitive landscape end-to-end. The capabilities of the 5G infrastructure include:

  • Radio access network equipment, radio units (RU), base band units (BBU) for 5G new radio and 4G LTE:
  • Passive antennas, RU, AAU, vBBU, BBU, DU, CU, vDU, vCU, small cell

Core network equipment, including 5G next-generation core and evolved packet core (EPC):

Gartner Magic Quadrant for 5G Infrastructure Providers
Figure 19: Gartner Magic Quadrant for 5G Infrastructure Providers


This paper compares the major 5G Core Network vendors, the features and their customers. The paper describers the leaders including Huawei, Ericsson followed by Nokia, ZTE and Cisco. Then we compare some of the disruptors on the 5G Core Network including Affirmed, Mavenir etc.

In 2021 there will a major move towards 5G SA to realize the special 5G use case that possible with a legacy 4G core which will cause an increase in investment. These vendors are poised to be the winners in this race.

Cybersecurity for 5G: ENISA Releases Report on Security Controls in 3GPP

Security in 5G Specifications - Controls in 3GPP

The European Union Agency for Cybersecurity (ENISA) released its Security in 5G Specifications Report about key security controls in the Third Generation Partnership Project (3GPP), the main body developing technical specifications for fifth generation of mobile telecommunications (5G) networks. As vendors, system integrators and operators build, deploy and manage 5G networks, the ENISA publication underlines the need for cybersecurity and for the national regulatory authorities in charge of cybersecurity policy development and implementation to have a good understanding of these controls.

This new ENISA report is directly driven by the objectives set in the EU toolbox for 5G security – mainly technical measure ‘TM02’. This technical measure calls on the relevant authorities in EU Member States to ensure and evaluate the implementation of security measures in existing 5G standards (3GPP specifically) by operators and their suppliers.

The aim of the report is to help national and regulatory authorities to better understand the standardisation environment pertaining to 5G security, 3GPP security specifications and key security controls that operators must implement to secure 5G networks.

More specifically, the report provides:

  • A high-level overview of the specification and standardisation landscape for the security of 5G networks, and of the main activities by various standardisation organisations and industrial groups in the area of 5G;
  • An explanation of the technical specifications developed by 3GPP for the security of 5G networks, with a focus on optional security features;
  • Summary of key findings and good security practices.

The ENISA report also covers security considerations beyond standards and specifications, such as testing and assurance, product development, network design, configuration and deployment, and operation and management.

The reports is available here: https://www.enisa.europa.eu/publications/security-in-5g-specifications

NIST publishes draft 5G Cybersecurity Practice Guide

NIST 5G Cybersecurity Draft

National Cybersecurity Center of Excellence (NCCoE) of the U.S. National Institute of Standards and Technology (NIST) just published a preliminary draft of Special Publication SP 1800-33A, “5G Cybersecurity,” – Volume A: Executive Summary.

This practice guide can benefit organizations operating or using 5G networks, as well as network operators and equipment vendors, and may be of particular interest to the telecommunications and public safety communities.

The public comment period is open through March 4, 2021

The guide is available here: https://www.nist.gov/news-events/news/2021/02/5g-cybersecurity-preliminary-draft-nist-cybersecurity-practice-guide-sp

EDIT (26 April 2022): The SP 1800-33A draft guide mentioned here was moved to Legacy Files and is now available here [PDF]: https://www.nccoe.nist.gov/sites/default/files/legacy-files/nist-5G-sp1800-33a-preliminary-draft.pdf

NTIA Announces National Strategy to Secure 5G Implementation Plan

National Strategy to Secure 5G Implementation Plan

The National Telecommunications and Information Administration (NTIA) released National Strategy to Secure 5G Implementation Plan, a governmentwide plan to lead the world in the development and deployment of secure and resilient fifth generation (5G) wireless communications infrastructure.

The implementation plan lists specific actions the federal government will take as well as lead agencies responsible for implementing each effort. The implementation plan also lists a number of potential new research and development (R&D) efforts and priorities that agencies may undertake relating to 5G. Despite the plan being released in the final days
of the Trump Administration, it is expected that 5G will continue to be a technology priority of the Biden Administration.

The plan is available here: https://www.ntia.gov/5g-implementation-plan

The Open RAN Lexicon You Need

oran lexicon

The telecoms and digital technologies sectors are notoriously jargonised. Eavesdrop on any conversation at an industry conference (remember those?) and you’d be treated to a parade of acronyms, initialisms and technical terms that would sound like ancient Greek to an outsider.

However, with new technologies being developed and deployed at an accelerated rate, staying on top of terminology can be challenging for even seasoned professionals. This is nowhere as apparent as in the evolving debate around Open RAN and its applications. Open RAN and its variations became the next “big thing” in wireless and I thought I’d try and help clarify some of the related terms that often get confused.

People often mean different things when they talk about Open RAN. Some are referring to network specifications, others are describing a philosophy. Add to this mix the different industry Open RAN groups, a multiplicity of spellings (often within the same article) and creative hashtags that populate social media, and it’s easy to see how conversations on this topic quickly become confused.

What follows is a lexicon of Open RAN-related terms and definitions that will hopefully help you cut through the noise. But first, some background:


The radio access network (RAN) is a critical part of network infrastructure. It is also one of the most expensive. Traditional RAN setups are hardware heavy and require major CapEx to build the foundation of a wireless network.

But the costs are not only significant in capital investment. RAN operating expenses are also high, unnecessarily so according to a growing number of network operators and suppliers. Theoretically, a radio access network built by a particular vendor to 3GPP standards should be interoperable with devices or components produced by any other vendor satisfying the same specifications.

In practice, though, vendors usually construct RAN setups with proprietary software and interfaces built on top of hardware developed by the same vendor. For the telecoms operator, the long-term cost of this inflexibility can be punitive. Many find themselves locked-in to unfavourable vendor contracts with little to no control over the upgrades and security of their RAN components.

The movement towards Open RAN has grown primarily in response to the gated nature of legacy RAN deployment and management. The cause is driven by operators hungry for the cost benefits of greater competition and prospective suppliers currently unable to break into a market dominated by a handful of monolithic vendors.

Open RAN

Open RAN refers to a disaggregated approach to deploying and managing radio access network functions, by using open interfaces between network elements. This aims to increase interoperability through vendor-neutral hardware and software-driven technology developed according to community-agreed standards.

Perhaps because Open RAN encourages a less restrictive and more accessible approach it is often conflated with open source, but they are not the same thing.

Some people also use Open RAN more generally, as an umbrella term to describe a collection of technologies, including vRAN and C-RAN (see below), that support the disaggregation of RAN elements.


OpenRAN (one word) is seen regularly online and is employed in one of three ways:

  1. Used interchangeably with the term Open RAN
  2. Used in social media posts, often with a hashtag: #OpenRAN to refer to any Open RAN-related technology
  3. Used to describe the OpenRAN Telecom Infra Project tasked with defining and building 2G, 3G, 4G and 5G RAN solutions based on general-purpose, vendor-neutral hardware and software-defined technology


Refers to the O-RAN Alliance, an industry group working to develop new standards for open and intelligent RAN, provide open software development for the RAN, and support member organisations in testing and integrating O-RAN implementations.

The global O-RAN Alliance was born from a merger of the C-RAN Alliance and xRAN, and brings together more than 160 mobile operators, vendors, and research and academic institutions.

According to the group, O-RAN focuses on technical aspects of the RAN and stays neutral in any political, governmental or other areas of any country or region. O-RAN does not get involved in any policy-related topics.

In addition to the O-RAN Alliance and the above-mentioned Facebook-backed Telecom Infra Project (TIP) other Open RAN-related industry groups have started forming and influencing the development and deployment of open, disaggregated, and standards-based RAN approaches. One interesting to mention is the newly-formed Open RAN Policy Coalition that promotes policies to advance the adoption of open and interoperable RAN solutions


Often used as shorthand for the Open RAN movement in general.

On social media, however, #oRAN or #ORAN may refer to either the Open RAN movement or the O-RAN Alliance.


In Virtual RAN (vRAN) the RAN functions of the baseband unit (BBU) are virtualised on a commercial-off-the-shelf (COTS) server. Theoretically, this allows different components of the baseband and radio software and hardware to be supplied by different vendors.

However, in practice, the interfaces between the BBU at the bottom of the cell tower and the remote radio unit (RRU) at the top of the tower often remain proprietary, meaning that an RRU from one vendor can require software from the same vendor to run on the COTS-based BBU. As a result, vRAN can still lead to vendor lock-in.

So, even though vRAN is a more open and flexible architecture and the virtualisation of network functions is a key principle of Open RAN, virtual RAN does not equal Open RAN.

In Open RAN, the proprietary interfaces between the baseband unit and the remote radio unit are replaced with open interfaces. So, any vendor’s software can work on any open RRU.


Cloud RAN or Centralised RAN. Staring about 10 years ago, this was an important first step towards disaggregating the radio access network. C-RAN sees the baseband unit relocated from the radio site to a data center where it is combined with other BBUs to form a pool of centralized resources that function as a cloud.

C-RAN relies on a fibre-based fronthaul – the connection layer between a BBU and RRU (or multiple RRUs) – and, as a result, has traditionally been limited to high-density or urban areas.

C-RAN has many benefits over legacy RAN and, like vRAN, has contributions to make to Open RAN, but it is not open in the Open RAN sense and is still susceptible to vendor lock-in.

Open RAN May Be the Future of 5G, but Can We Keep It Secure?

Open RAN Security

It’s been a year of contradictions for the telecommunications industry.

Like most sectors, it has been heavily impacted by the consequences of the Covid-19 pandemic, with a slowdown in global 5G roll-outs being a notable result. Geopolitical conflicts have continued to muddy the market, with governments playing a more active role than ever in setting telecoms-centred policy.

At the same time, however, the air is thick with promise and opportunity. Over the last nine months, entire organizations have transitioned to remote working and high-bandwidth video communication. Corporations have accelerated digital transformation initiatives. Online shopping has soared. The appetite for autonomous manufacturing and other aspects of Industry 4.0 has grown.

The telecoms industry has proven resilient and cemented its status as critical national infrastructure. This recognition has raised the already-elevated stakes for governments who see mobile networks as key to national security. And it has made even more urgent the debate about the fastest and safest way to evolve the telecoms ecosystem.

Over the last few years, much of the focus has been on the emergence of 5G, but as this process has evolved a fierce debate has developed around the best way for network operators to implement 5G while remaining sustainable and relevant in a rapidly shifting landscape. Open RAN has been central to these disputes, receiving massive attention from vendors, operators, and policymakers.

This is understandable, the potential benefits of open radio access networks certainly are alluring. But, as with 5G itself, the security of open RAN configurations will need to be considered carefully if we are to harness the technology’s full potential.

Virtual or open?

Virtualized radio access networks (vRAN) and open RAN are both hot topics in the mobile industry for different, but complementary, reasons. Though the two approaches often work in unison, they serve different purposes.

vRAN has its origins in network functions virtualization (NFV) which shifts network architecture from hardware-based to software-based. Similarly, in virtualized radio access networks software is decoupled from hardware and radio access network functions are run on commercial off-the-shelf (COTS) servers.

In both cases, service providers are principally trying to save time and money, firstly by speeding up the deployment of new network services, and secondly by reducing operating costs and capital expenses.

Though vRAN offers rewards in greater efficiency and lower costs, it does not necessarily alter the current infrastructure supply chain. Almost all existing vendors are working on virtualizing their existing products.

Open RAN, on the other hand, represents a dramatic departure from a restricted vendor base. Advocates maintain that it offers telcos a cost-cutting alternative to traditional management of the radio access network, one of the costliest parts of the infrastructure.

Conventional network interfaces do not support interoperability between different suppliers, with the result that operators are locked into closed arrangements with single vendors. Proprietary hardware and software are tightly-coupled and closed to adaptation.

Open RAN sees a relaxation of these restrictions. Though such networks generally include virtualization, they are defined by their goal of opening up interfaces within and between the different elements in the radio access network: radio unit (RU), distributed unit (DU), and centralized unit (CU).

An example of the challenges that open RAN is trying to solve can be found in the interface linking radios and signal-processing equipment. Open RAN proponents regard this fronthaul interface, known as CPRI (common public radio interface), as incomplete. Currently, the only way for an operator to deal with this issue is to buy radios and signal-processing technology from the same vendor, usually one of the monolithic RAN suppliers.

In a more open system built on interoperability, that service provider would not be restricted in their choice of hardware or software supplier. They would have greater freedom in how they resolved technical concerns, being able to use one supplier’s radios with another’s processors.

The O-RAN Alliance, a specification group defining next-generation RAN infrastructures, has defined 11 interfaces for open RAN, covering the fronthaul (RU to DU), the midhaul (DU to CU), and the backhaul (connecting the RAN to the core).

These give operators the freedom to mix and match components from a growing number of suppliers, thereby inviting more diversity, competition and innovation into the supply chain.

Why open RAN?

In short, open RAN should offer telcos a more cost-effective and adaptable solution than traditional radio access networks. That’s the commercial reason. However, as trade wars have dragged on and the US-led campaign against Huawei and ZTE has gained momentum, open RAN has taken on political importance.

In the US, for example, it has been identified as a way to circumvent the need for Chinese network hardware, ostensibly eliminating much-publicized backdoor threats. However, a move to open RAN would also buy freedom from reliance on other international suppliers, notably Finnish Nokia and Swedish Ericsson. It is here that political and commercial motives meet.

Conventional radio access network arrangements see operators locked into agreements with a few big vendors who maintain ownership of RAN processes through proprietary equipment and services. It’s what’s been called an “oligopolistic vendor landscape” in which operators have little control, limited insight into RAN security and operations, and a paucity of choice.

While this has always been frustrating for telcos, the crises of the last year have laid bare the risks of persisting with a closed supply chain. Disruptions caused by Covid-19 have exposed a clear need to build supply chain resilience and security through greater supplier diversity. And, in trying times, it has become especially clear how much innovation is limited by restrictions on the telecoms supply chain.

These points underlie a growing wave of open RAN advocacy that envisages a brave new world of greater RAN efficiency, intelligence and versatility. According to the O-RAN Alliance, the radio access networks industry is moving towards “open, intelligent, virtualized and fully interoperable RAN.”

Industry groups like the O-RAN Alliance, the Facebook-initiated Telecom Infra Project (TIP), and the recently-formed Open RAN Policy Coalition are supported by a broad spectrum of stakeholders, including major vendors like Nokia and Ericsson. This appears to spell an acceleration in open RAN adoption.

ABI Research estimates that open RAN will outstrip traditional RAN within the decade, reaching a total market of approximately $30 billion in 2030, compared to $20 billion in the traditional RAN market.

These are not wild projections. Instead, they seem predicated on an already high level of open RAN activity. In Japan, Rakuten Mobile has launched open RAN-based 4G commercial services in urban areas and is currently building its 5G network to O-RAN specifications. Another greenfield operator, DISH, is preparing a significant open RAN network build in the US.

Meanwhile, suggestions that open RAN is only fit for new developments are being put to the test by a growing number of established operators. Telefónica, Deutsche Telekom, Vodafone, Orange, and Turkcell are all working on open RAN deployments.

There are a number of anticipated benefits driving these shifts.

The most obvious is that open RAN widens the supply chain, which is music to free market ears. More suppliers mean more competition at different layers in the hardware and software supply chains, translating into lower OpEx and CapEx for telecom operators.

Interoperability means telcos can ensure that they are making use of best-of-breed components with a reduced chance of vendor lock-in. This flexibility also ensures more progressive network updates and faster ecosystem evolution.

Virtualization and disaggregating hardware from software create a more agile network with lower deployment times and a better ability to scale at pace. New features can be added more quickly for specific use cases, while operators can provide enterprise-level services to support industry 4.0.

Open vRAN also permits edge-centric network architecture. The only site installation setup required is a radio plus power which, when coupled with mini data centres built closer to subscribers, translates into a flexible and scalable footprint that can support low latency applications – just one example of the potency of connection between open RAN and 5G.

Open RAN and 5G

Virtualized RAN may prove critical if 5G networks are to realize their projected performance standards. Cloud-based network functions will not be sufficient – all aspects of the 5G architecture will need to be virtualized in order to fully access 5G’s potential.

In vRAN, functions of the baseband unit (BBU) are enabled virtually through virtual machines (VMs) on centralized servers, while controller functions can be moved closer to the edge of the network. With these expanded options, operators can exercise greater (and more cost-efficient) control over their radio resources.

By separating network functions from the underlying hardware, vRAN enables an agile and dynamic RAN ecosystem characterized by streamlined resource utilization and more responsive deployment of new network services. This will be crucial to the operation of a smooth 5G network.

The O-RAN Alliance paints the picture of a RAN ecosystem based on interoperability and intelligence. It is the second principle, intelligence, that is especially pertinent to 5G networks, which will traffic massive amounts of data created by the internet of things (IoT), high-definition video, AR and VR.

5G will also see the deployment and management of countless virtual applications and their relationships. This will be beyond human capacities; the network will need to be intelligent. Though this kind of intelligence may be satisfied through virtualized networks, it is possibly through the accelerated innovation of open radio access networks that the 5G network will be able to evolve fastest.

For operators deploying 5G on legacy networks, open RAN is a burning question. As shown by Rakuten and DISH, the decision is relatively simple for greenfield deployments – open RAN supports a future-ready, scalable and upgradable software-driven network.

But for brownfield deployments, the considerations are more complex. Should open RAN only be initiated for 5G networks, or across all legacy Gs? What will be the long term impacts on CapEx and OpEx, as well as the operator’s total cost of operation? For many service providers the commitment to 5G may provide an incentive to consider open RAN across all network generations.


Though cost is the primary driver of the open RAN proposition, the debate has also rested on security. And rightly so. With such a strong potential for alignment between 5G and open RAN, the security of more open radio access networks is critical to national security.

This argument has featured strongly in political rhetoric and statements from pro-open RAN organisations. In the US, filings to the National Telecommunications and Information Administration (NTIA) by the Open RAN Policy Coalition and open RAN vendor, Mavenir, have suggested that open RAN is imperative to securing 5G.

Skeptics say such players are motivated by the enormous commercial opportunities that would become available in the widespread adoption of open radio access networks. But the security argument is a strong one.

In closed RAN, operators rely on vendors to maintain security and manage threats like back doors. The ability to respond to these threats is also determined by the efficacy of the vendor’s proprietary technology. The inflexibility of the supply chain limits telcos’ level of RAN insight and responsiveness.

Theoretically, the vendor diversity of a more open RAN could create the conditions for more responsive and dynamic network security. If threats or vulnerabilities are identified, the operator can move quickly to swap out the offending component without having to undertake a costly and extensive rip and replace, of the kind currently being applied to Huawei hardware in the US.

Ericsson has publicly questioned this line of thinking, arguing that “The introduction of new and additional touch points in O-RAN architecture, along with the decoupling of hardware and software, has the potential to expand the threat and attack surface of the network in numerous ways.” The vendor also maintains that the virtualization of network services could contribute to security challenges.

These claims have been rejected by CTOs for Rakuten and Telefónica, for example, who’ve reiterated the belief that open, non-proprietary networks will provide greater network security options. From the operators’ point of view, having 100% end-to-end visibility of the network is advantageous in monitoring security and pre-empting breaches.


Ironically, the greater freedom that defines open RAN could offer a route to tighter operator control, improved accountability and stronger security. The success of this approach will rest on strong standards supported by rigorous 3rd party testing – having the option to swap or upgrade components from multiple vendors is useless if those components aren’t safe.

However, as with 5G, the reality of an expanded attack surface in open RAN is a real concern. Operators appear confident that they will be able to take this challenge on, but their bullish mood remains to be tested.

The spirit of the open RAN movement is a positive one that should lead to a more democratized, innovative, lower cost and, hopefully, safer 5G-driven ecosystem. But the stakes are high and the path is new. We need to balance pioneering zeal with healthy caution if we are to create the secure networks that will usher in a new age of global connectivity.

5G in Manufacturing – 5G and Time Sensitive Networking (TSN) for Industrial Automation

5G TSN Manufacturing

In the recent report by IHS Markit – “The 5G Economy – How 5G will contribute to the global economy” – researchers claimed that manufacturing will garner almost $4.7 trillion in sales enablement by 2035. Or 36% of the $13.2 trillion total opportunity of 5G by 2035. Manufacturing will be by far the largest industry beyond mobile to be impacted by 5G.

In the manufacturing sector the adoption will benefit in the short-to-medium term from enhanced indoor wireless broadband coverage. Other early use cases include asset tracking such as visibility over incoming and outgoing components and goods in the supply chain; remote access solutions that enable remote machine maintenance from the internet; and industrial automation, such as continued automation of robots and connectivity for moving assets such as AGVs.

5G provides many of the network characteristics essential for manufacturing such as low latency, high reliability and high connection density. These are requirements that manufacturers currently rely on fixed-line networks. The 5G technology will allow for higher flexibility, lower cost, and shorter lead times for factory floor production reconfiguration, layout changes, and alterations.

The most impactful and most critical use cases, however, will also require network protocols that, more than “traditional” IT protocols include elaborate mechanisms to provide fault-tolerant network paths and precise time synchronization. As modern industrial networks are changing from communication architectures with strong compartmentalization towards communication from the sensor to the cloud, time synchronization becomes even more important. These use cases require precise time synchronization all the way down to device level.

In industrial automation information about physical events captured by wirelessly-connected and spatially-distributed sensors have to be synchronized. Individual devices must be carefully synchronized to project the relative chronological order of occurrences and extract correlation patterns in the event. Time synchronized coordination among machines and robots is crucial. In particular in closed-loop motion control, such as in packaging, printing, symmetrical welding, etc. in which machines execute meticulously sequenced real-time tasks isochronously.

Such time synchronization is also required for energy efficient radio scheduling and distributed coordination within the network.

Therefore, to realize all of the intended benefits of 5G-enabled industrial manufacturing, we need to add to the mix a deterministic, real-time communication with very accurate time synchronization.

In this article I will try to explain the importance of Time Sensitive Networking in the context of Industry 4.0. The time sensitivity requirements of the various industrial application (including periodic/deterministic, a-periodic/deterministic and non-deterministic) are examined. The building blocks of the TSN standard (IEEE 802) including Traffic Shaping, Resource Management, Time Synchronization and Reliability are explained. Finally, the enablement of Time Sensitive Networking for Industrial Automation with URLLC in 5G is discussed.

Industry 4.0

The world has seen industry evolve over time. At certain stages there has been a “revolution” vs an evolution:

  • 1st Revolution: “Steam power” introduced to mechanize industrial production ~ Late 18th Century
  • 2nd Revolution: “Mass production” pioneered by automotive manufacturers ~ Early 20th century
  • 3rd Revolution:  “Digital” or programmable electronic systems, robots automate production lines ~ Early 1970s
  • 4th Revolution: “Internet of Things” with time sensitive connectivity to the cloud to maximize automation
Industry 4.0 5G TSN
Figure 1: Industrial revolutions

The 4th industrial revolution is based on:

  • Internet of Things (IoT) that increase automation, improve communication and self-monitoring
  • Smart machines that analyze and diagnose issues without the need for human intervention
  • Increased sharing of data across multiple systems and participants in the manufacturing process

A critical component to enable Industry 4.0 is industrial IoT.

Connectivity Evolution for Industrial IoT

According to Omdia, “Connectivity is one of the fundamental pillars upon which the industrial IoT (IIoT) is built. And over the last few decades, industrial connectivity, in particular, has evolved considerably, especially in response to the ever-changing requirements of the manufacturing industry.” The article continues to illustrate how industrial connectivity has evolved over the past 4 decades:

  • 1980s: “Discrete wires” to communicate with field devices
  • 1990s: “Fieldbus” industrial networking technology and a controller to communicate with field devices
  • Today: “Ethernet” is deployed with the fieldbus and wireless technologies
  • 2020+ Time-Sensitive Networking (TSN) will be deployed
TSN Industrial Networking History
Figure 2: Industrial connectivity through the years

The time sensitive nature of industrial automation is explained by an example from high speed packaging:

  • Machines that filling, jars or bottles with food products need millisecond level precision in the timing of signals that control the process of placing, filling, removing and sealing the containers.
  • A warning from a machine tool that it has for some reason failed fully to offload the component it has just manufactured must reach the robot seeking to load the next component before it makes the attempt.
  • Missed connections and millisecond delays in communication between robotic systems can cause products and perhaps production machines to become unsynchronized, often leading to damaged products or even damaged machines.

The same article mentions another example of a failure with catastrophic consequences is failure of a system to respond immediately to a warning of over-pressure in a boiler.

Time Sensitive Requirements in Industrial Automation

Industrial systems therefore need to guarantee an event will occur precisely when expected. It is essential to ensure that events happen exactly when they are supposed to happen and that there is no scope for variability. Industrial ethernet due to its Carrier Sense Multiple Access (CSMA) nature cannot provide this level of determinism for industrial networking. In an IEEE paper the authors mention multiple industrial IoT use cases that require low latency. These industrial automation use cases referenced have the following traffic requirements:

  • Deterministic, periodic with stringent latency requirements
    • Motion control responsible for controlling moving and/or rotating parts of machines (e.g. printing machines, machine tools or packaging machines)
    • Control-to-control communication between industrial controllers e.g. an assembly line
    • Mobile robot able to fulfil a large variety of tasks usually following programmed paths
  • Deterministic, aperiodic with lesser stringent latency requirements or non-deterministic requirements
    • Mobile control panels with safety functions (safety panels) used for configuring, monitoring, and controlling machines, robots, or production lines. Safety control panels are also typically equipped with an emergency stop button. They require transmission of non-critical data (non-deterministic traffic) for the configuration, monitoring, and maintenance of the machines. They also require the transmission of highly critical and unpredictable safety data with stringent latency requirements (deterministic aperiodic traffic) when pressing the emergency stop button.
    • Process automation (P.A.) – closed-loop control, for example when several sensors are installed in a plant and each sensor makes continuous measurements. The latency and determinism in this use case are crucial. Closed-loop control produces periodic and aperiodic traffic with strict latency requirements (i.e. deterministic traffic). The traffic is aperiodic if for example the sensor only transmits data when a certain threshold is exceeded. It is periodic if the sensed data must be periodically transmitted to maintain the industrial process active.
    • Process automation (P.A.) – plan asset management: In this use case, sensors collect data about assets. This data must be transmitted for storage and processed within a defined time interval (deterministic aperiodic traffic). This data is used to continuously diagnose assets and components and be able to detect (and even predict) any possible degradation.
Industry 4.0 Use Cases and Applications
Figure 4: Industry 4.0 use cases and applications

Time-Sensitive Networking (TSN)

Time-Sensitive Networking (TSN) is a key technology to realize this fundamental change. TSN is a set of IEEE 802 Ethernet sub-standards, defined by the IEEE TSN Task Group that enables deterministic real-time communication.

In article on Time Series Networking and 5G by Ericsson: “TSN provides guaranteed data delivery in a guaranteed time window; that is, bounded low latency, low-delay variation and extremely low data loss. TSN supports various kinds of applications having different QoS requirements: from time- and/or mission-critical data traffic, for example, closed-loop control, to best-effort traffic over a single standard Ethernet network infrastructure; in other words, through a converged network. As a result, TSN is an enabler of Industry 4.0 by providing flexible data access and full connectivity for a smart factory.

Valuable tools within the TSN toolbox that enable deployments in industrial automation
Figure 5: Valuable tools within the TSN toolbox that enable deployments in industrial automation

The main goal of a Time Sensitive Network is to provide deterministic services over IEEE standard 802.3 Ethernet wired networks. This means guaranteed packet transport with low and bounded latency, low packet delay variation, and low packet loss. TSN features can be enabled for specific data streams in a network that also handles best effort type of traffic.

TSN enables deterministic data transfer by splitting time into repeating cycles by means of the TDMA (Time Division Multiple Access) method. Within these periods, time slots are reserved for high priority data streams, which need to be protected from other network transmissions. This creates virtual channels from one terminal device connected to the network to another. These channels are closely linked to the internal clocks of the participating network members. In order to achieve high precision for time synchronization, TSN usually uses the Precision Time Protocol (PTP) in accordance to IEEE1588.

TSN has typically been targeted at wired networks because it requires very low latency. TSN focused on the link layer of the network, which is different from the 3GPP 5G standards or the 802.11 Wi-Fi communications standards focused on the communications layer of the network.

However, the latest 5G and 802.11ax Wi-Fi (Wi-Fi 6) standards, which support ultra-reliable low latency communications (URLLC), make TSN over wireless networks an exciting possibility. These standards introduce different scheduling mechanisms than previous wireless standards allowing for a more efficient scheduling of simultaneous transmissions from multiple devices. This can eliminate delays, and can make it possible to provide bounded latency and high reliability in wireless communications. Something that was practically impossible previously.

As an example of 5G and TSN integration, Qualcomm has showcased this in a trial with Rexroth, a Bosch Company. Industrial devices use time-sensitive networking (TSN) technology while operating over a live 5G network by taking advantage of 5G URLLC features available in 3GPP Release 16.

5G TSN Qualcomm
Figure 6: High-level diagram of Qualcomm Technologies’ and Bosch Rexroth’s TSN demo

The TSN Toolbox Explained

TSN standards can be seen as a toolbox that includes several valuable tools categorized into four groups – Traffic Shaping, Resource Management, Time Synchronization and Reliability.

  1. Traffic shaping guarantees the worst-case latency for critical data by various queuing and shaping techniques and by reserving resources for critical traffic:
    1. The Scheduled Traffic standard (802.1Qbv) provides time-based traffic shaping.
    2. Ethernet frame preemption (802.3br and 802.1Qbu), can suspend the transmission of a non-critical Ethernet frame. It is beneficial to decrease latency and latency variation of critical traffic.
  2. Resource management is defined by the TSN configuration models (802.1Qcc)
    1. Centralized Network Configuration (CNC) can be applied to the network devices (bridges),
    2. Centralized User Configuration (CUC) can be applied to user devices (end stations).
  3. Time synchronization is based on the generalized Precision Time Protocol (gPTP) (802.1AS),
    1. It is a profile of the Precision Time Protocol standard (IEEE 1588)
    2. It provides reliable time synchronization and can be used by Scheduled Traffic (802.1Qbv).
  4. Reliability is provided by Frame Replication and Elimination for Reliability (FRER) (802.1CB) for data flows through a per-packet-level reliability mechanism.
    1. It provides reliability by transmitting multiple copies of the same data packets over disjoint paths in the network.
    2. Per-Stream Filtering and Policing (802.1Qci) improves reliability by protecting against bandwidth violation, malfunctioning and malicious behavior.
5G and TSN
Figure 7: 5G meets Time Sensitive Networking (TSN)

Time-Sensitive Networking Profile for Industrial Automation is referred to as IEC/IEEE 60802 specifies the application of TSN for industrial automation, and also gives guidelines to what 5G needs to support.

5G Specifications and TSN Requirements

3GPP 5G NR Release 16 specification is focused on enabling Industrial Internet of Things (IIoT) communications. Release 16 includes latency and reliability enhancements that build on the already very low air-interface latency and high reliability provided by Release 15. Release 16 approach is to integrate TSN over the top. TSN time domain information is distributed between the TSN translator functions in the network and the device using the 802.1AS standard protocol. More work is expected to occur in 3GPP Release 17.

5G specification includes several functionalities especially around the 5G New Radio (NR) that can be mapped to the TSN requirements:

  1. Low Latency in 5G NR is enabled by shorter slots in a radio subframe, which benefits low-latency applications. NR also introduces mini slots, where prioritized transmissions can be started without waiting for slot boundaries, further reducing latency.
  2. Resource Management 5G NR introduces preemption – where URLLC data transmission can preempt ongoing non-URLLC transmissions. Additionally, NR applies very fast processing, enabling retransmissions even within short latency bounds.
  3. Reliability – 5G defines extra-robust transmission modes for increased reliability for both data and control radio channels. Reliability is further improved by various techniques, such as multi-antenna transmission, the use of multiple carriers and packet duplication over independent radio links.
  4. Time synchronization is embedded into the 5G radio systems as the radio network components themselves are also time synchronized, for instance, through the precision time protocol telecom profile. This is a good basis to provide synchronization for time-critical applications.
5G URLLC overview of TSN components
Figure 7: 5G URLLC overview of TSN components

In the Ericsson white paper 5G evolution: 3GPP Releases 16 & 17 overview, the authors describe how Industrial IoT integrates with the TSN spec via 5G.

Overview of the TSN integration
Figure 8: Overview of the TSN integration

5G support for TSN is still a work in progress. If you want to check in more detail the current specifications, the most relevant clauses are:

  • TS 23.501 clauses 4.4.8, 5.27, 5.28, Annex H, Annex I on support for TSN and clauses,, on Ethernet forwarding;
  • TS 23.502 Annex F on support TSN;
  • TS 23.503 clause on support for TSN.`

Flexible 5G Frame Structure

5G NR defines multiple numerologies to support Enhanced Mobile Broadband (eMBB), Massive Machine Type (mMTC) Communications and Ultrareliable Low Latency Communications (uRLLC) with different QoS requirements. In 4G (or LTE – Long Term Evolution) defines a fixed slot duration. On the other hand, 5G NR defines different slot durations, and can simultaneously support different numerologies to serve a variety of applications.

Flexible usage of radio resources in 5G NR
Figure 9: Flexible usage of radio resources in 5G NR

5G and Network Slicing

5G Network slicing can support multiple applications with different QoS requirements thanks to the flexibility introduced in 5G NR with and 5G Virtualized Core Network. The slices share computing, storage and resources at the RAN, but configure differently their radio resources to support eMBB, uRLLC and mMTC applications. In the following figure:

  • Slice 1 is configured with shorter time slot durations for uRLLC applications for industrial IoT
  • Slice 2 uses a low numerology to support a large number of devices with low bandwidth demands and without strict latency requirements.
  • Slice 3 is configured to support eMBB applications with large bandwidth demands.


Illustration of RAN slicing
Figure 10: Illustration of RAN slicing

In summary the Ultra Reliable Low Latency Communications works in conjunction with the Network Slicing to achieve Time Sensitive Networking Requirements for industrial Applications.

Time Synchronization

Deterministic execution of the production cycle requires timely coordination among devices which is possible only if the devices and the E2E communication are synchronized to a common time reference with clock disparity of less than 1 microsecond.

TSN time synchronization is based on the generalized Precision Time Protocol (gPTP) (802.1AS) as a profile of the Precision Time Protocol standard (IEEE 1588).

For quite a while 5G networks will coexist with traditional networks and might require transparent integration to transport industrial Ethernet or TSN. In such scenarios, collaborative actions of devices belonging to different domains need to be coordinated in time and 5G systems will needs to interwork with the gPTP of the connected TSN network, as gPTP is the default time synchronization solution for TSN-based industrial automation. Initial capability for such bridging between 5G and TSN networks is a part of Release 16.

In 5G networks time synchronization is an essential part of the 5G radio system. Radio network components are themselves time synchronized for advanced radio transmission, such as synchronized Time Division Duplexing (TDD) operation, cooperative multipoint transmission (CoMP) and carrier aggregation.

There are two independent time synchronization processes running in parallel in an integrated 5G-TSN system: a 5G System synchronization process and a TSN
synchronization process.

5G URLLC – Time Sensitive Networking Industry Showcases

Ericcson and Audi

Ericsson and Audi are stepping up their 5G collaboration by testing Ultra-Reliable Low-Latency Communication (URLLC) capabilities for factory automation at the car manufacturer’s P-Labs facility in Germany.

Nokia ABB and Kalmar

Nokia, ABB and Kalmar have conducted industry’s first trial with ultra-reliable, low latency 5G technology for electricity grid and harbor automation.

5G Industry Consortia

Multiple industry consortia have formed to leverage 5G capabilities for industry applications including

5G Alliance for Connected Industry and Automation (5G-ACIA)

The overall goal of 5G-ACIA is to apply industrial 5G in the best possible way. Members jointly strive to make sure that the particular interests of the industrial domain are adequately considered in 5G standardization and regulation. Together, they discuss and evaluate technical, regulatory, and business aspects with respect to 5G for the industrial domain.

In its white paper 5G-ACIA provides an overview of 5G’s basic potential for manufacturing industry and outlines relevant use cases and requirements. Not being complete, the example use-cases demonstrate that QoS requirements can be very divergent ranging from process control with a cycle time of >50ms and availability of >99.99% to motion control demanding for availability of more than six 9’s and cycle time can be as low as <0.5ms. Worth noting that 5G must also meet operational and functional requirements of the industry, such as dependability, functional safety, security, cost efficiency and process flexibility.

Industrial Internet Consortium (IIC)

The Industrial Internet Consortium (IIC) was founded in March 2014 to bring together the organizations and technologies necessary to accelerate the growth of the industrial internet by identifying, assembling, testing and promoting best practices. Members work collaboratively to speed the commercial use of advanced technologies. Membership includes small and large technology innovators, vertical market leaders, researchers, universities and government organizations.

Alliance of Industrial Internet (AII)

The Alliance of Industrial Internet (AII) was jointly initiated by manufacturing industry, communications industry, Internet and other enterprises, aiming to study and promote industrial Internet standards, results of industrial internet testing and demonstration, as well as products and application innovation. Although most of its results are published in Chinese, its work is worth of reference.

International Electrotechnical Commission (IEC)

International Electrotechnical Commission (IEC) is a leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies. IEC has an extensive work range including smart city, smart grid, cyber security, smart electrification and so on. To promote international co-operation in the electrical and electronic fields, IEC publishes many standards, reports and specifications. Some of these publications such as 61850, 61907 and 62657 series of standards present the requirements of industrial automation on wireless communication

Avnu Alliance

Avnu Alliance is a group of silicon suppliers and networking vendors creating an interoperable ecosystem of low-latency, time-synchronized, highly reliable synchronized networked devices using open standards through certification.

Members of the Avnu Alliance include some familiar names like Intel, Keysight Technologies, General Electric and Extreme Networks.

The Alliance is focused on applications of these technologies in the Automotive, Professional A/V, Industrial and Consumer Electronics markets.

TSN-Specific Cybersecurity Challenges

It wouldn’t be my article, if I wouldn’t mention cybersecurity.

In addition to all the other 5G security and privacy challenges, when talking about TSN over 5G we have to consider time synchronization as a new attack surface that has to be protected.

By attacking the time synchronization protocol, a potential attacker could effectively cause a denial-of-service. Since TSN is based on the availability of time data, operational impact could be caused by simply deliberately overloading a single time slot.

Time synchronization protocols mentioned above, by themselves, do not have security mechanisms built in and completely rely on security controls present in the network.


This paper explores the TSN (Time Sensitive Networking) toolbox as defined by IEEE 802 that are a critical component to enable industry 4.0.

The TSN requirements are mostly fulfilled by the 5G specification in Release 16 with the flexible 5G frame structure, and the 5G Network Slicing Feature that optimizes the network resources to enable the uRLLC.

Cybersecurity and Safety in the 5G-Enabled Smart-Everything World

5G Cybersecurity Safety
5G Cybersecurity Safety

Neil Harbisson calls himself a cyborg. Without the antenna implanted in his skull, he would not be able to see colour of any kind. Born with achromatopsia, a condition of total colourblindness that affects 1 in every 30 000 people, Harbisson’s physical faculties are augmented by cyber technology to grant him access to a life of greater meaning and satisfaction.

As technological evolution leads to concomitant advances in medical science, we are seeing more and more examples of humans who are integrating devices and sensors into their biological makeup. For some, like those part of the growing “transhumanist” movement, this is a means of artistic expression or exploration of human potential. For others, it is a solution to a medical problem. Either way, it represents the most vivid and personal example of what may be called a cyber-physical system (CPS).

Harbisson campaigns for greater debate around the identity and rights of people with tech-adapted bodies. As in any discussion of CPSs, however, a more urgent part of the conversation should be security.

In March 2019, an alert from the US Department of Homeland Security and the FDA warned medical professionals and patients that a broad range of implanted devices, such as defibrillators and heart monitors, were vulnerable to hacking that could cause product malfunction.

White-hackers had proven these concerns before, but the DHS announcement was chilling confirmation of the threats to human life that accompany the convergence of the cyber and the physical.

Of course, these dangers are not only seen at the level of the private individual. Greater, more widespread risk is found in the cyber-physical systems that will soon be ubiquitous, crucial to the successful operation of industry and society. Adoption of these networks is being driven by access to the internet of things (IoT) or, more accurately in cases of biological integration, the internet of everything (IoE), and is about to be accelerated with the rollout of 5G. Unfortunately, however, so are the risks.

What Is A Cyber-Physical System (CPS)?

CPS is a broad, umbrella term for technologies that connect our physical world with the cyber world. It describes situations in which we find a fundamental intersection of computation, communications and physical processes without suggesting any particular implementation or application.

In addition to IoT, the cyber-physical systems term also includes Industrial Control Systems (ICS) – those setups that manage large-scale civil and industrial operations such as smart factories, water supply and power production and distribution, as well as technologies such as the Industrial Internet of Things (IIoT), robotics, drones, connected and autonomous transportation, building management systems, connected environmental controls and a myriad of other things. In essence, these are software-enabled collections of sensors, processors, and control components that automate entire, or large parts of, human operations. And they are already all around us.

Definitions of CPSs vary and many are excellent, but one that is particularly relevant to the topic is a definition I coined for the Cyber-Physical Systems Security Institute (CPSSI) in 1998: “Cyber-physical systems are physical or biological systems with an embedded computational core in which a cyber attack could adversely affect physical space, potentially impacting well-being, lives or the environment.” This definition goes beyond a technical assessment of a system’s makeup to recognize its potential impact on the world around that system. It identifies the inherent threat of cyber attacks and the dangers they inevitably pose to human life.

What Could Go Wrong?

The common appreciation of threats innate to cyber-physical systems is evolving more slowly than the technology within those systems, and more slowly than the thinking of those who wish to use this technology to cause harm.

The installed base of Internet of Things (IoT) connected devices currently stands around 30 billion, but is expected to grow to 75.44 billion worldwide by 2025, generating 79.4 zettabytes of data, according to IDC (That’s almost four times the amount of data that’s been created in history).

The use of these devices in our personal lives – everything from smart phones to smart appliances in smart homes – is already taken for granted in developed nations. Though private individuals are becoming savvier about their exposure to uninvited surveillance through these devices, most concerns are still centered around privacy and data security. Few people consider the possibility of technological tools and their components being captured for employment against them in tactile ways.

The case of vulnerable heart equipment shared earlier offers one example of how a cyber-physical attack could be lethal to individuals. Hackers have already proved that it is possible to hijack a moving vehicle remotely, raising obvious safety concerns for the driver, but also fellow drivers on the road. Now, imagine that same concern extrapolated across a network of self-driving vehicles all travelling at high speed –a scenario which, as we’ll see shortly, becomes a reality with the introduction of 5G.

This growing number of devices and their management applications connected to the IoT represents an exponentially expanding “attack surface” available to hackers and cyber-terrorists.

Unfortunately, regulations governing security of these devices and applications are underdeveloped, non-uniform and difficult to enforce across borders,an especially pertinent issue when equipment components are produced in one region, assembled in another and then sold in a third or more.The absence of these regulatory protocols leaves a huge gap as the vast majority of IoT devices are delivered without baked-in security. Even when companies do aim to make their products secure, these endeavours are usually hampered by a lack of expertise and constant pressure to be first-to-market.

This all translates into a perfect storm of cyber-physical threats in the private and social spheres, but greater dangers extend to a national, even international, level where the scale of impact is highest.

Nation-state attacks against cyber-physical systems are becoming routine. The Stuxnet malware incursion used to disrupt uranium enrichment in the Iranian plant at Natanz in 2010 saw the birth of cyber-kinetic weaponry. Since then, similar attacks have been numerous, with targets including military, civil and industrial operations.

In 2013, hackers thought to be working for a nation-state gained control of a small dam in the US, giving them the power to release water onto the communities below (had the sluice gates not been manually disabled).

The Dragonfly/Crouching Yeti espionage campaigns, thought to have taken place from 2011 to 2014, were attacks on targets in the aviation and defense industries in the US and Canada, as well as various energy industry targets in the US, Spain, France, Italy, Germany, Turkey and Poland. Similar tactics could be seen in the Ukraine in 2015, with the BlackEnergy malware causing significant power outages.

In 2017, the US electricity grid was attacked, emphasizing what experts have known for decades: critical systems such as national energy are constantly vulnerable to breach, with potentially devastating consequences for hospitals and clinics, industry, transport and civil supply services.

The Center for Strategic and International Studies (CSIS) regularly updates its list of significant cyber incidents, with a focus on cyber attacks on government agencies, defense and high-tech companies, or economic crimes with losses of more than a million dollars. More than 20 such major events have been recorded in the last two months alone, with most of those attacks having an impact on cyber-physical systems. Until 2017, I used to track cyber-kinetic incidents – those that have caused impacts in the real, physical world. I stopped because the number of such attacks increased beyond my capacity to track.

The attack surface is growing. We are already seeing a post-COVID-19 drive toward greater automation of manufacturing operations and supply chains as businesses try to mitigate the risk of reliance on human labour. These developments rely on the creation of CPSs that require increasingly sophisticated cybersecurity.

Most of these CPSs are built with 5G in mind. This budding technology is set to revolutionize industry and society, facilitating the establishment of highly integrated and largely autonomous production and distribution systems. But 5G is a two-sided coin. With its tremendous potential comes tremendous risk.

When Cyber Becomes Physical: Securing the 5G Bridge

5G has been discussed extensively in almost every industry. It is in its infancy, already showing impressive results, but yet to see widespread availability. It is set to redefine the possibilities of CPSs as well as the security requirements of those systems. But the questions linking 5G and CPSs go back some time.

On one side of the coin, the concerns. As far back as 2012, US Defense Secretary Leon Panetta warned the Business Executives for National Security of the dangers of attacks on national systems: “The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack on our country. Attackers could also seek to disable or degrade critical military systems and communication networks. The collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”

The term “cyber Pearl Harbor” was originally credited to Richard A. Clarke, former US national coordinator for counterterrorism, in 2002. But it was even further back that another Clarke clearly saw the other side of the 5G coin: cyber-physical systems that could transcend time and space.

In 1968, Stanley Kubrick invited writer Arthur C. Clarke to collaborate in the creation of the groundbreaking epic, 2001: A Space Odyssey. The film launched Clarke to the status of pop culture icon and indisputable futurist, though his uniquely prescient abilities were already well-established by then.

Of the many predictions Clarke made in his career, perhaps the most well-known was this one from 1964, in which the author declares: “I’m perfectly serious when I suggest that one day we may have brain surgeons in Edinburgh operating on patients in New Zealand.

As it turned out, the surgeon and the patient were both in China. The world’s first remote brain surgery was performed last year by Dr. Ling Zhipei, who conducted the operation by manipulating instruments in Beijing from his location in Sanya City, 3000 kilometers away.

Though this historic event had been expected for some time, the fact that Clarke predicted it more than 55 years ago is astonishing. What’s even more impressive, though, is the detail of the writer’s foresight. Not only did he see remote surgery coming, but he also saw the complications that would hamper its success. In his 1975 novel, Imperial Earth, Clarke addresses the problem of an even slightly laggy network: “‘Hawaii’s almost exactly on the other side of the world–which means you have to work through two comsats in series. During tele-surgery, that extra time delay can be critical.’ So even on Earth, thought Duncan, the slowness of radio waves can be a problem. A half-second lag would not matter in conversation; but between a surgeon’s hand and eye, it might be fatal.

Though he wouldn’t have known it then, what the writer had identified was one of the key distinctions between 4G and 5G networks.

To take nothing away from Dr Zhipei’s skills as a surgeon, his pioneering achievement would not have been possible without the computer, powered by a 5G network. 5G eliminates the lag and remote-control delay typical on 4G networks. But, that is not simply because it is an upgraded version of 4G. 5G is something entirely new. It is a momentous leap in potential. It has made science fiction science fact.

Though many rub their hands in glee at the prospect of super-fast movie downloads and instantly responsive gaming, the most notable impact of this technology will be through the CPSs it facilitates. It is there that we will see technology finally having the enduring societal impact it has promised for so long. But the halcyon image of humans living carefree in a hyper-connected world is also misguided.

When systems are cyber-kinetic, high speed, high efficiency, AI-driven decision making and systems autonomy are great when things are running well. But when they aren’t, people can get hurt. Or worse.

A New Age of Cyber…

Another soothsayer of sci-fi is William Gibson, venerated author of Neuromancer, coiner of the term, “cyberspace” and regarded by many as a prophet of the digital age. In a recent Financial Times interview, Gibson states, “The online/offline distinction is going to be fully generational soon. Only old people will think of being on or off.

The digital mystic is expressing a recurring theme that underpins the evangelical spirit of Neil Harbisson and other proponents of the Singularity–human and machine are moving closer and closer to becoming one. Though we are not yet at the stage of full cyber-bio assimilation, the functional integration of technology into our daily lives is already widely apparent through the IoT.

Thanks to consistently cheaper computer chips and the ubiquity of wireless networks, the IoT is expanding unabated. In a 5G world, the IoT will grow exponentially to a massive internet of things (mIoT) that includes sub-domains such as the industrial internet of things (IIoT) and critical internet of things (cIoT). The connection capacity of 5G networks will be breathtaking. For the first time, smart cities will be genuinely possible: all aspects of our lives – personal, professional, social – connected in a continuous stream of data creation and interpretation.

Our homes will be “intuitively” responsive to our every whim and taste, our offices will maximize energy efficiency and convenience, our social services will be preemptive and evolutionary.

Fleets of autonomous vehicles directed by self-managed and self-optimizing traffic control systems, public surveillance interfaces capable of refined facial recognition, civil management operations ensuring that water, energy and waste processes run increasingly smoothly – these are the anticipated fruits of a 5G world.

There are a couple of reasons for this. First, 5G is fast. Lightning fast. Its theoretical top speed (20 Gbps) is up to 200 times faster than 4G. 5G’s speed is what makes it possible to download Ultra HD movies in a matter of seconds.

Second, 5G operates with unbelievably low latency (the time it takes for a system to receive a response to a request). The average human reaction time to a stimulus is 250 milliseconds (ms). Most humans perceive 100ms as instantaneous. 5G’s reaction time is between 1 and 2ms. 5G’s super-low latency is what makes real-time instant gaming, remote surgery and driverless cars a reality.

5G is able to produce these sensational results because it is not like anything that has come before. Though the term “5G” is an abbreviation of “5th Generation,” this nomenclature is deceiving. It suggests that 5G is simply an advanced form of 4G, just as 4G was a step up from 3G.

This is not the case.

Unlike previous generations, 5G is not a physical network. It is an all-software cloud-based configuration operated through distributed digital routers. It is a decentralized system that optimizes processing speed and power by relocating operations to the fringe.

Resting in the digital ether, built on software and managed largely by AI, 5G represents the first widespread transcendence of physical computing and communication. Perhaps ironically, then, it is in the physical realm where 5G’s greatest dangers lie. Though the technology itself is agnostic, it does invite us to marry our physical lives with the cyber realm, and for all the promises in that union, there are many threats too.

…Needs A New Age of Security

There is little doubt that cyber-physical technologies are encroaching into every aspect of our lives and are evolving toward higher degrees of autonomy and adaptability.

With the explosion of CPSs connected through the upcoming 5G with its distributed structure, incredible speed and negligible latency, the reality is starting not only to match, but to exceed the expectations of science fiction writers and futurists of past generations.

But there is an inherent trade-off in this equation. In return for greater convenience we are increasingly losing the control over the related cyber risks.

Unlike 3G and 4G networks, which are more centralized, 5G’s edge computing decentralizes processing, moving it away from the “core” of the network to the data source. This is partly what makes 5G’s sub-second latency possible, but it also restricts cyber hygiene and makes the network harder to police. With thousands, or millions of devices on the “edge” of any organization’s network, all making decisions at different levels of the network, all potentially serving as attack vectors for the whole organization, cybersecurity approaches of the past are becoming obsolete.

With cyber risks transcending the traditional concerns of financial and reputational impact and becoming the risks to lives, well-being or the environment, traditional cybersecurity and cyber-risk management approaches and organizational structures must be rethought.

Consumers have already proven their appetite for IoT devices. 5G will enable them to access more at lower cost. Manufacturers will continue to meet this expansive need, until we have exponential demand curves meeting exponential supply curves. Billions of devices with multiple application types–the attack vectors become limitless.

As discussed, the security of these devices is unregulated, inconsistent and unreliable. Products developed with short-term profit focus are being designed as iterative models, always released as a minimum commercially viable product. They have no defense against cyber attacks. Protection is almost impossible.

Hackers will always find a way, and with billions of entry points into the 5G network, that could spell catastrophe. We simply can’t learn fast enough. As William Gibson suggests, there will be a never-ending process of adoption and adaptation as the “street finds its own uses for things.”

The outcomes are frightening enough when one thinks of cyber attackers infiltrating our private networks, but what about the broader implications spelled out in Panetta’s speech?

When hackers or cyber terrorists manage to compromise the systems that keep a smart city, or smart factory, or smart port, or a country functioning, the consequences are large scale and a threat to physical life. When water supply, power supply, traffic management, waste removal or connectivity are disrupted, humans suffer.

Defending ourselves against these possibilities is not a negative stance, nor is it a dampener on human progress, as some idealists would have us believe. The security of cyber-physical systems and the 5G that connects them is possibly one of the most urgent responsibilities we face in the coming decade.

A failure to enlist governments, regulators, private enterprises and consumers in a coordinated approach to the cyber-secure implementation of the smart-everything world could be devastating. Not even Arthur C. Clarke could predict the results.

(This article was originally published in ThinkTwenty20 magazine)

Introduction to 5G Core Service-Based Architecture (SBA) Components

5G SBA IMS MEC Architecture

The interest in 5G and mIoT is exploding. It’s exciting to see so many IT and cybersecurity professionals in my network trying to learn more about 5G and related technologies.

In addition to my usual articles about the societal impacts of these innovations, I’ll start a series of articles introducing key 5G and mIoT technology concepts. Before we move on to technical aspects of 5G security.

Let’s get started with reviewing the 5G core service-based architecture and learning the first few dozen acronyms, out of approximately a gazillion. The cellular industry loves acronyms. Even more than the cybersecurity industry.

5G SBA IMS MEC Architecture

5G architecture is an evolution of current 4G architectures but based on a Service-Based Architecture (SBA). The 3GPP defines the SBA for a 5G core network as delivered by a set of interconnected Network Functions (NFs), with authorization to access each other’s services.

Some of the key differences / focus areas:

  • In contrast to a fixed-function, hard-wired, appliance-based architecture as was the case for 4G LTE Core (or Evolved Packet Core (EPC)), fully realizing the potential of 5G means moving to a software and cloud-based open platforms.
  • EPC (4G Core) elements were architected to be implemented on physical nodes that were virtualized, but not designed to be virtualized from the outset.
  • Network elements in 5G core are cloud native; referred to as “functions” vs. “nodes.”
  • Automation and programmability are important part of the target 5G architecture.
  • With the flexibility, virtualization and programmability, the new architecture would better support possibility for diverging architectures for new service.

In summary – 5G core is designed for three enhancements:

  1. Control and User Plane Split – Mapping of 4G Core to 5G Core elements Access and Mobility Management Function (AMF), Session Management Function (SMF), User Plane Function (UPF).
  2. Native support for Network Slicing for the 5G Use Cases including enhanced Mobile Broadband (eMBB), massive Machine Type Communications (mMTC) & critical MTC, and Ultra-Reliable and Low Latency Communications (URLLC).
  3. Service Based Architecture – A service-based architecture delivers services as a set of “Network Functions”

4G Control and User Plane Separation (CUPS) EPC

The separation of Control and User Plane for the 4G architecture was introduced with 3GPP Release 14. It separated the packet gateways into control and user planes allowing for more flexible deployment and independent scaling achieving benefits in both, CapEx and OpEx.

The next step in the evolution to 5G was to rename core network entities and either split or merge them depending on the functions that fall within the user or control plane in the 5G architecture. For those of you with the 4G background, some 4G CUPS Core elements can be easily mapped to renamed 5G Core elements. Here are the few key ones:

Next generation NB (gNB)

The new radio access technology is called New Radio (NR) and replaces LTE. The new base radio station is called next generation NB (gNB) (or gNodeB). It replaces the eNB (or eNodeB or Evolved Node B) in 4G-LTE, or NodeB in 3G-UMTS.

The gNB handles radio communications with the 5G capable User Equipment (UE) using the 5G New Radio (NR) air interface. Although, some types of gNB may connect to the 4G EPC instead of 5G Core.

The Control Plane – AMF and SMF

The Mobility Management Entity (MME) in LTE is the signaling node for UE access and mobility, establishing the bearer path for UE’s, and mobility between LTE and 2G/3G access networks. Mobility Management Function in LTE is now replaced with:

  • Access & Mobility Management Function (AMF) – oversees authentication, connection, mobility management between network and device. It receives connection and session related information from the UE.
  • Session Management Function (SMF) – handles session management, IP address allocation, and control of policy enforcement.

The Data Plane – User Plane Function (UPF)

As CUPS decouples Packet Gateway (PGW) control and user plane functions. This enables the data forwarding component (PGW-U) to be decentralized which is mapped to the UPF for the 5G Core.

  • The user plane function consists of a single entity User Plane Function (UPF)
  • It combines functionality from previous EPC Serving-Gateway (S-GW) and PDN-Gateway (P-GW).
  • UPF is responsible for packet routing and forwarding and Quality of Service (QoS).

Network Slicing in 5G

A 5G network is geared towards supporting multiple use cases / applications. Examples of these uses cases include:

  • enhanced Mobile Broadband (eMBB) which entails supporting user throughputs in the Gbps range (x Gbps)
  • Industrial Internet of things that requires the Ultra-Reliable and Low Latency Communications (URLLC) capabilities (~ 1ms latency)
  • massive Machine Type Communications (mMTC)– a network that can support millions of IoT devices

5G supports these multitude of services by leveraging the SBA to support multiple virtual networks that operate on the same physical hardware. The slices that occupy a single physical network are separated, meaning traffic and security breaches from one slice cannot interfere with another slice.

I wrote more about network slicing in 5G Network Slicing Technology: A Primer

In short, a Network Slice is a logical network including the Radio Access and Core Network.

  • It provides services and network capabilities, which vary (or not) from slice to slice.
  • It lets service providers partition their networks into discrete horizontal slices for specific use cases, services, individual customers or even vertical segments, such as energy, healthcare and manufacturing.
  • A dedicated set of physical and virtualized network resources are allocated– from end devices, over the radio access, transport and packet core to application, content delivery and edge cloud domains.

In summary, a network slice is a logical network that provides specific network capabilities and network characteristics. A key component of a Network Slices is the Network Slice Instance (NSI). A Network Slice instance is a set of Network Function instances and the required resources (e.g. compute, storage and networking resources) which form a deployed Network Slice.

In 5G, a Network Slice includes the Core Network Control Plane and User Plane Network Functions as well as the 5G Access Network (AN). The 5G Access Network may be:

  • A Next Generation (NG) Radio Access Network (gNB)
  • A non-3GPP Access Network where the terminal may use any non-3GPP access to reach the 5G core network via a secured IPSec/IKE tunnel terminated on a Non-3GPP Interworking Function (N3IWF).

5G Core Service-Based Architecture (SBA)

Service-Based Architecture for core 5G networks is defined in 3GPP Technical Specification (TS) 23.501 — “System Architecture for the 5G System. It uses service-based interfaces between control-plane functions, while user-plane functions connect over point-to-point links.

A good introduction to the SBA is the “Service-Based Architecture in 5G” paper by NGMN Alliance.

For those of you from IT and cloud background, you can imagine the 5G SBA as a hybrid of Service-Oriented Architecture (SOA) and microservices.

In short, it is an architectural approach that enables 5G network functionality to become more granular and decoupled. This allows individual services to be updated independently with minimal impact to other services and deployed on demand allowing for vendor independence, automation and agile operational processes, reduction in delivery and deployment time, and enhanced operational efficiencies.

Basic principles are:

  • A Control Plane Network Function can provide one or more NF Services
  • A NF Service consist of operations based on either a request-response or a subscribe-notify model
  • Common control protocol using e.g. HTTP based API, replacing protocols like e.g. Diameter


Service-based interface (request-reply and subscribe-notify) (Credit: ITU)

The major building blocks of the 5G Core Service-Based Architecture are simplified as follows:

5G SBA IMS MEC Architecture Simplified

  1. Network and Resource Management
  2. Signaling
  3. Subscriber Data
  4. Application Function and Network Exposure Function
  5. Location Services
  6. Subscriber Management
  7. Policy
  8. Control Plane
  9. User Plane
  10. Access Network

The IMS Core Functionality is the same as for 4G.

Network and Resource Management

5G SBA IMS MEC Architecture - Network Resources Management

Network and Resource Management consists of three parts:

Network Repository Function (NRF)

  • Allows every network function to discover the services offered by other network functions.
  • It serves as a repository of the services;
  • supports discovery mechanisms that allows 5G elements to discover each other; and
  • enable status updates of the 5G elements.

Network Slice Selection Function (NSSF)

  • Selects the Network Slice Instance (NSI) based on information provided during UE attach.
  • Redirects traffic to a network slice.
  • A set of Access and Mobility Management Function (AMF) are provided to the UE based on which slices the UE has access to.

Network Data Analytics Function (NWDA)

  • Responsible for providing network analysis information upon request from network functions.


5G SBA IMS MEC Architecture - Signaling

Security Edge Protection Proxy (SEPP)

  • Protects control plane traffic that is exchanged between different 5G operator networks.

Service Communication Proxy (SCP)

  • SCP is a decentralized solution and composed of control plane and data plane.
  • SCP is deployed along side of 5G Network Functions (NF) for providing routing control, resiliency, and observability to the core network.

Binding Support Function(BSF)

  • BSF is used for binding an application-function request to a specific Policy Control Function (PCF) instance.
  • It is comparable to Policy and Charging Rules Function (PCRF) binding function provided by a 4G Diameter Routing Agent (DRA), for VoLTE and VoWiFi.

Subscriber Data

5G SBA IMS MEC Architecture - Subscriber Data

Consists of UDR, UDSF:

Unified Data Repository (UDR)

  • A converged repository of subscriber information that can be used to service a number of network functions.
  • Stores structured data that can be exposed to an NF.

Unstructured Data Storage Function (UDSF)

  • Repository for storage and retrieval of unstructured data by a suitable network function.
  • Network Functions (NFs) can store/retrieve “unstructured” data from UDSF.

Application Function and Network Exposure Function

5G SBA IMS MEC Architecture - Application Function and Network Exposure Function

Application Function (AF)

  • Supports application influence on traffic routing, accesses NEF, interacts with policy framework for policy control.

Network Exposure Function (NEF)

  • Provides a means to securely expose the services and capabilities provided by 3GPP network functions.
  • It exposes APIs from/to external systems.


5G SBA IMS MEC Architecture - Policy

Policy Control Function (PCF)

  • Governs the network behavior by supporting a unified policy framework.
  • Accesses subscription information for policy decisions taken by the UDR.
  • Supports the new 5G QoS policy and charging control functions.

Charging Function (CHF)

  • Allows charging services to be offered to authorized network functions.

Subscriber Management

5G SBA IMS MEC Architecture - Subscriber Management

Authentication Server Function (AUSF)

  • Is in a home network and performs authentication with a UE.
  • Relies on backend service authenticating data and keying materials when 5G-AKA or EAP-AKA is used.
  • Performs the authentication function of 4G Home Subscriber Server (HSS) – a database that contains user-related and subscriber-related information.

Unified Data Management (UDM)

  • Is a converged repository of subscriber information; used to service a number of network functions.
  • The 5GUDM (Unified Data Management) can use the UDR to store and retrieve subscription data.

Equipment Identity Register (5G-EIR)

  • Enables authentication of devices in the network.
  • Protects networks and revenues against the use of stolen and unauthorized devices.

Home Subscriber Server (HSS)

  • Is in 4G networks fills a similar function to the UDM for 5G.
  • It stores customer profile data and authentication information along with encryption keys.

5G Location Services

5G SBA IMS MEC Architecture - Location Services

Location Management Function (LMF)

Supports the following functionality:

  • Location determination for a UE.
  • Obtain downlink location measurements or a location estimate from the UE.
  • Obtain uplink location measurements from the 5G RAN.
  • Obtain non-UE associated assistance data from the 5G RAN.

Gateway Mobile Location Center (GMLC)

Supports the functionality to determine location for a target device:

  • Sends location service request to AMF for a target UE or AMF decides to initiate location e.g emergency call;
  • the AMF then sends a location services request to an LMF;
  • the LMF processes the location services request (e.g. transferring assistance data to the target device);
  • the LMF then returns the result of the location service back to the AMF (e.g., a position estimate);
  • the AMF returns the location service result to the GMLC.

Control Plane

5G SBA IMS MEC Architecture - Control Plane

Access & Mobility Management Function (AMF)

  • Oversees authentication, connection, mobility management between network and device.
  • It receives connection and session related information from the UE.

Session Management Function (SMF)

  • Handles session management, IP address allocation, and control of policy enforcement.

Short Message Service Function (SMSF)

  • Supports the transfer of SMS over NAS.

UE radio Capability Management Function (UCMF)

  • Used for storage of dictionary entries corresponding to either PLMN-assigned or manufacturer-assigned UE Radio Capability IDs.

Access Networks

5G SBA IMS MEC Architecture - Access Networks

User Equipment (UE)

  • Any device used directly by an end-user to communicate (a handheld phone, laptop etc.)

4G/5G Radio Access Network (RAN)

  • Radio technology that provides access to the core network.

Non-3GPP Interworking Function (N3IWF)

  • Responsible for interworking between untrusted non-3GPP networks and the 5G Core.

Trusted Non-3GPP Gateway Function (TNGF)

  • Enables the UE to connect to the 5G Core over Trusted WiFi access technology.

Wireline Access Gateway Function (W-AGF)

  • Enables wireline access to the 5G Core

Non-3GPP Interworking Function (TWI)

  • Enables WiFi & 5G Interworking for Trusted WiFi access technology.

Wi-Fi only devices (with no NAS and no SIM credentials) accessing the 5G services can be accommodated over the Trusted Wi-Fi access. In this scenario a Trusted WLAN Interworking function (TWIF) collocated with the TNGF terminates the N1 signaling for the UE.

User Plane Function

5G SBA IMS MEC Architecture - User Plane

The major benefit of the Service-Based Architecture is that the 5G core components are defined as Network Functions (NF) together with an API that can be used to invoke services. In addition, the 5G core decouples the user-plane (or data plane) from the control plane (CUPS).

A key benefit of this capability is that the control plane can be centralized while the User Plane Function (UPF) can be distributed to various parts of the network to achieve low latency or to offload traffic closer to the actual users.

A key application of the CUPS capability is to allow mobile IP traffic to be broken out at different parts of the network enabling distribution of content delivery depending on the use case.

  • Ultra-Reliable Low Latency Communication (URLLC) traffic is terminated within the aggregation network resulting in lower end-to-end latency.
  • eMBB traffic is terminated on eMBB caches at the network edge so that this traffic does not need to be carried further into the core.
  • Non-critical IoT traffic is terminated at a core location.

5G UPF Termination


The 5G Core network builds on Control and User Plane Separation introduced in 3GPP Release 14. The 5G network architecture is based on the Service Based Architecture. It specifies Network Functions that support a multitude of applications that are knit together as Network Slices. The 10 building blocks of the 5G Core network presented include: Network and Resource Management, Signaling, Subscriber Data, Application Function and Network Exposure Function, Location Services, Subscriber Management, Policy, Control Plane, User Plane and the Access Network.

Due to the number and types of use cases supported by 5G, traffic patterns in a 5G network will be a lot more dynamic. The underlying transport network will need to allow programmatic control to allow it to react in near-real-time to the changing traffic demands of the mobile network.

Appendix: 4G Core Revisited

A comparison of the 5G vs 4G architecture in the following figure. The main component of the 4G RAN include:

  • eNodeB (E-UTRAN) connected
  • via S1-U (U=User plane) to the Serving Gateway
  • via S1-C (C=MME=Control Plane) to the MME
  • The Serving Gateway connects to the PDN node via S5
  • The Serving Gateway connects to the MME node via S11
  • The PDN Gateway (Packet Gateway) connects to the internet via SGi
  • The MME is mobility management entity

5G vs 4G ArchitectureHSS – for Home Subscriber Server is a database that contains:

  • user-related and subscriber-related information;
  • provides support functions in mobility management;
  • call and session setup, user authentication and access authorization.

Serving GW part of the User plane (with the PDN GW). It

  • transports IP data traffic between the User Equipment (UE) and the external networks;
  • is the point of interconnect between the radio-side and the EPC;
  • serves the UE by routing the incoming and outgoing IP packets;
  • is the anchor point for the intra-LTE mobility i.e. handover between eNodeBs;
  • is also the anchor point for between LTE and other 3GPP accesses;
  • is logically connected to the other gateway, the PDN GW.

PDN GW (connects to external IP Network aka Packet Data Networks i.e. PDN GW). It

  • is the point of interconnect between the EPC and the external IP networks;
  • routes packets to and from the PDNs;
  • performs functions e.g. IP address / IP prefix allocation or policy control and charging.

As per 3GPP PDN GW and Serving GW

  • are assigned independently may be combined in a single “box”.

MME Mobility Management Entity. It

  • deals with the control plane;
  • handles the signaling related to mobility;
  • security for E-UTRAN access;
  • is responsible for the tracking and the paging of UE in idle mode;
  • is the termination point of the Non-Access Stratum (NAS).

Smart Home / Smart Building Connectivity Options and Their Cybersecurity

Smart Home Wireless Connectivity

In a recent session on smart building cybersecurity, a student cheekily asked me “How did we ever connect anything before 5G?” At that moment I realized I might have been overdoing my 5G cheerleading recently. To atone, here are the key performance and cybersecurity attributes of the most commonly used connectivity technologies in smart home / smart building use cases… And 5G.

If you thought that the “traditional” home life is under heavy attack from digitization of media and constant communication, wait until you learn about the Internet of Things (IoT) and Smart Homes.

Our most personal spaces – our homes – are rapidly getting digitized and connected. Hundreds of IoT devices – sensors, actuators, smart speakers, smart toothbrushes, and smart everything are being implemented in every home. All trying to create an environment that caters to our every whim, predicts our needs, personalizes our physical space, monitors our health, conserves energy, etc. In doing so all constantly communicating with each other, with our mobile phones, and with a myriad of solutions located somewhere in “clouds”. All creating new cybersecurity and privacy risks.

Indeed, the most representative indicator of technology impact on daily life is the development of wireless communications as the enabler for all these transformations. After the emergence of radio and TV, it was the appearance of the 1st generation of cellular communications technology in 1980s that introduced analog mobile voice communication service and accelerated the transformation. In the next decade 2G offered digital communications and paved the way to the 3G—cellular technology from the beginning of the 21st century that provided IP support and wireless broadcast transmissions. Today the most widespread cellular technology is 4G (as the first all IP cellular technology) and the world is briskly preparing for deployment of its successor—5G.

Simultaneously with the development of cellular technologies, other wireless technologies shaped the market and enabled simple, ubiquitous, device-to-device communication at short ranges. In this article we’ll explore wireless connectivity options for smart homes / smart buildings and introduce main cybersecurity attributes of each.

Wireless technologies and smart home – smart building products

Even though IoT solutions are becoming an indispensable part of everyday life, just 0.06% of the things with Internet connection potential are online at the moment. This unexplored landscape represents foundations for further evolution and innovation of IoT solutions and new services.

Smart home is the most popular IoT use case currently. Smart homes popularity is probably driven by the fastest growing age group of new homeowners – the Millennials. Having grown up with technology, they often find it more important than other traditional new home features. Millennials are more attracted by smart homes and smart buildings solutions, having confidence in technology, supporting its further innovation and development, and having knowledge to widely accepted new services.

Amazon, Google, Apple, Samsung are the most dominant companies in the smart home market, offering all kinds of products, from smart thermostats to smart lighting devices. The rise of energy or other utilities production and distribution costs, decreasing cost of technologies and massive production, ongoing government policies, campaigns for energy consumption savings, increasing awareness of the carbon footprint consequences for the environment are great motivation for increasing popularity of smart home devices.

Smart lighting systems, like Hue from Philips, can detect presence of people and adjust lighting as needed. Smart light bulbs are supported with auto-regulation based on sunlight intensity.

Nest from Nest Labs Inc. is a representative example of a smart thermostat. It comes with embedded Wi-Fi, allowing users to schedule, monitor and remotely control home temperature. Smart thermostats can also report about energy consumption or remind users about maintenance issues, filters changes, etc.

Smart locks are perfect support for users to allow or deny access to their premises. With smart security cameras, real time home monitoring becomes available 24 hours a day.  Smart motion sensors, supported with many features and setting options, can also make a difference between residents, visitors, pets and unauthorized visitors. They can notify authorities about suspicious activities and activate day or night cameras for recording or even provide monitoring that can help seniors to remain at home comfortably. These safety features are extendable even to pet care.

Smart homes also include use cases such as smart TVs, smart washing machines and dryers in the laundry rooms or different kitchen appliances like smart coffee makers, smart toasters, smart refrigerators that monitor expiration dates, make shopping lists and even create recipes based on currently available ingredients.

One of the most important devices in smart homes is a smart home hub. It represents the central point of the smart home system capable for wireless communications and data processing.  It combines all separate applications into a single comprehensive application capable of controlling the smart home.  Some available smart home hub solutions are Amazon Echo, Google Home, Insteon Hub Pro, Samsung SmartThings, Wink Hub, etc. Artificial intelligence (AI) technology is implemented in smart homes as well, such as in voice-activated systems like Amazon Echo or Google Home that are illustrated in Figure 4.

Smart home hub with embedded AI - Amazon Echo and Google
Figure 1: Smart home hub with embedded AI – Amazon Echo and Google

They have embedded virtual assistants capable of learning users’ behavior and personalizing the smart home patterns and context.

Generally, IoT solutions apply to smart buildings as a next logical step. Majority of technologies applicable to smart homes are implemented in smart buildings such as lighting systems, security and access systems, identity management or heating and air conditioning systems. Smart buildings generally increase the quality of everyday life by enhancing digital experience, tenants’ satisfaction and staff business efficiency, enabling real-time information, improving life organization and work productivity.

Review of wireless technologies and their applicability for smart home / smart building use cases

The primary task of wireless communication technologies is to provide connectivity for automation. Wireless communication technologies differ in specific capabilities which make them more or less suitable for particular use cases.

One of the first wireless communication protocols developed for home automation support and communication among electronic devices was X10 released in 1975. It provided wireless communication at 120 kHz via digital bursts between programmable outlets or switches. This precursor of modern wireless technologies in the beginning had some drawbacks and disadvantages compared to present-day solutions. It was a simplex one direction communication, because home devices did not have the capability to generate backlink response. Wireless communication in both directions was later enabled via X10 protocol, but it was not a cost-effective solution. Moreover, there was a serious problem of communication reliability because of a signal loss caused by circuits that were wired on different polarities.

In the meantime, thanks to the continuous development of different wireless communications and their convergence with cellular communications driven by the adoption of IoT technologies, home automation continued growing.

Today’s wide availability of wireless technologies (like Bluetooth, ZigBee, RFID or NFC) at a reasonable price is a catalyst for rapid development and implementation of a myriad of smart home IoT use cases.

Performance of wireless technologies
Figure 2: Performance of wireless technologies

Wireless communication technologies work on different frequencies, use different modulations, differ in ranges, have different resistance to obstacles and interference, they have different power consumption and different power supply solutions, support different mechanisms for security and communication reliability, etc. All these features influence suitability for particular use cases.

Let’s briefly describe some representative wireless communication technologies like Bluetooth, Zigbee, Wi-Fi, RFID and NFC with their strengths, challenges and applicability for smart homes and smart buildings.

For more wireless protocols, check out my list of IoT wireless protocols.

IoT Protocols Speed Range

BLE (Bluetooth)

Bluetooth is a short-range wireless communications technology based on the IEEE 802.15.1 protocol. It works in a crowded license-free 2.4 GHz frequency band and shares this resource with many other technologies.

Bluetooth is the optimal solution for establishing small wireless networks called Piconets, by connecting two Bluetooth devices. One of these nodes is Master that can be connected via Bluetooth link to 7 other Bluetooth devices—Slave nodes in Personal Area Network (PAN). Typical data rates are 1-3 Mbps.

The newest versions of Bluetooth is known as Bluetooth Low Energy (BLE) or Bluetooth smart.

It is important to note that Bluetooth and BLE are not compatible technologies. For example, channel bandwidth in Bluetooth technology is 1MHz and in BLE is 2MHz, number of channels in Bluetooth is 79, while BLE supports 40 channels. They also differ in waveforms, transmission power, network organization etc. Bluetooth Versions 4.1/4.2/5.0 support both BLE and Bluetooth standards, but if the master device is a BLE device, the slave must also be a BLE device.

In the most recent Bluetooth Version 5.0 new wave-forms and coding techniques are implemented to achieve longer ranges of 50m or more, less power consumption, lower latency, better robustness and support for a higher number of subscribers in a single Bluetooth network.

At its inception the Bluetooth technology was used for data streaming or file exchange between mobile phones, PCs, printers, headsets, joysticks, mice, keyboards, stereo audio or in the automotive industry.

These days BLE technology became an indispensable protocol used in mobile phones, PCs and other types of devices applicable in gaming, sports, wellness, industrial, medical, home and automation electronics. It is an important wireless technology for smart homes and smart buildings because of the achieved ranges, throughput (2 Mbps), reliability, security performances, low power transmission and low power consumption. BLE provides wireless connectivity that enables home automation via the control of lights—smart bulbs and outlets, smoke detectors, cameras and other security systems, thermostats, video door bells, smart digital locks, hubs and controllers, different assistant devices, universal remotes, gaming consoles, TVs, etc.

In smart buildings, this wireless technology enables automation of some complex systems, as presented in Figure 2, such as: Heating, Ventilation and Air Conditioning (HVAC), lighting, security and indoor positioning. BLE technology deployed in smart buildings enables optimal space utilization, lowers operating and maintenance costs by condition monitoring via different sensors, contributes to energy savings, enhances the tenants, staff or visitor experiences, etc.

BLE smart home systems
Figure 3: BLE smart home systems

BLE is important for both residential and business buildings. It changes the outlook of the offices by formatting the smart meeting spaces or enabling the sensor-based occupancy mapping, improves workflow efficiency, reduces expenditures, increases revenues and employee satisfaction. In specific smart building types—smart healthcare facilities or smart hospitals, BLE is crucial for patient care and operational efficiency improvements.

In retail industry, coupled with beacon technology, it supports enhanced customer services like in-building or in-store navigation, personalized promotions and specific customer oriented content delivery. Some BLE limitations for smart home and smart building use cases would be: suitability for short range controls only, interference with other wireless technologies (Wi-Fi, Zigbee, etc.) that are using license free 2.4GHz frequency range, optimal for short-burst wireless communication, lower throughput compared to some other wireless technologies, lack of generic IP connectivity etc.


Zigbee is wireless PAN (Personal Area Network) technology developed from IEEE 802.15.4 wireless standard and supported by the Zigbee Alliance. IEEE 802.15.4 standard defines the physical and data link layers with all details about the robust radio communication and medium access control. Zigbee Alliance provides content standardization of the transmitted messages from network layer to application layer. It is a non-profit association, responsible for open global Zigbee standards development. Companies like Google, Amazon, Qualcomm, Samsung, Silicon Labs, Philips, Huawei, Toshiba etc. are members of Zigbee Alliance.

The Zigbee wireless communications technology operates in unlicensed frequency bands including 2.4 GHz, 900 MHz and 868 MHz, within 100m range. It enables up to 250 Kbps throughput in the 2.4 GHz frequency band and 40 Kbps/20 Kbps in the 900/868 MHz frequency bands. In the 2.4 GHz frequency band the Zigbee technology is organized in 16 channels, shifted in 5MHz steps. This technology supports theoretically up to 65000 nodes organized in a single wireless network. There are three types of nodes – logical devices in a Zigbee network:

  • Zigbee Coordinator – is a device responsible for establishing, executing, administering and managing the overall Zigbee network, its security, subscribers list, etc. There is only one coordinator in Zigbee network.
  • Zigbee Router – is an intermediate node responsible for routing packets between end devices or between end devices and the coordinator. In one Zigbee network there could be several routers.
  • Zigbee End Device – represents a sensor or a node that monitors and collects required data. Unlike routers or coordinators, these nodes are usually battery operated. Hence, they could be put to sleep for a certain period to minimize battery draining and conserve energy when there is no activity to be monitored. End devices can neither route traffic nor permit other nodes to join the network.

Zigbee technology supports three types of network topologies—star, mesh and hybrid mash.

  • In a star network, one hub, the coordinator is the central point of all communications, limiting the network coverage with its range and processing power. As the most important node in a Zigbee star topology network, it represents a single point of failure.
  • In the mesh network all end nodes are router nodes at the same time, including the coordinator after the network initialization, making this topology robust and without a single point of failure (presented in Figure 3).
  • Hybrid mesh topology combines the first two types—in this topology there can be several star networks and their routers can communicate as described in a mesh network.

We must consider the choice of topology in the network planning phase, taking into account its purpose, available power supply solutions, range and throughput requirements, schedule for end nodes (sensors) activity, costs and other factors important for specific use cases.

In the endless process of technology evolution, the Zigbee Alliance continues improving Zigbee standard. The latest version of Zigbee standard has enabled interoperability among the wide range of smart devices from different manufacturers and provides access for end-users to innovative products and services that will work together seamlessly.

Today Zigbee 3.0 is one of the most common wireless standards implemented in IoT devices. It significantly affects smart homes and smart buildings development because of the low power consumption, long battery life, built–in support for mesh networking and IP, provided communication security and reliability, cross-band communication across 2.4GHz and sub-GHz frequency bands, etc. Zigbee became one of the most crucial technologies and a global standard for home automation. It helps creation of smart home, by enabling appliances control, improvements in everyday comfort, security and energy management.

As the Zigbee 3.0 devices have energy harvesting support and long battery life, we generally describe this technology as the low-power Wi-Fi.

Its applicability in smart homes and smart buildings enabled remote control of different equipment like smart plugs or motion sensors, light switches, thermostats, door locks and systems like security, HVAC and energy or water consumption.

Worldwide compatibility is enabled between the Zigbee 3.0 devices which improves inherited interoperability challenges. At the same time, operating and maintenance costs are decreased, making it a win-win solution for both—end users (staff, tenants or visitors) and providers.

Zigbee is the standard of wireless technology choice for smart home and smart building applications, but some of its disadvantages are recognized as well, such as short range communication, data throughput that is optimized for bursts of sensor transmissions but not for streaming, lack of advanced error correction mechanisms, sometimes more complex troubleshooting, star topology single point of failure, etc.


The Wi-Fi represents wireless technology that includes the IEEE 802.11 family of standards (IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n, IEEE 802.11ac, etc.). Within 50m range, it operates in 2.4 GHz and 5GHz frequency bands.

This technology was developed for wireless networking of computer devices and is commonly called WLAN (Wireless Local Area Network), where the communication is realized between wireless routers typically connected to the Internet and other wireless nodes within its range.

In compliance with performances of specific IEEE 802.11 standards, different data rates are enabled and their theoretical throughput is 11 Mbps (IEEE 802.11b), 54 Mbps (IEEE 802.11a and IEEE 802.11g), 100 Mbps (IEEE 802.11n) or 300 Mbps (IEEE 802.11ac).

In the overcrowded 2.4 GHz frequency band, there are 14 channels dedicated for the Wi-Fi technology. In 5 GHz frequency band, RF channel distribution for Wi-Fi is correlated with national legislation and RF bands allocation plans.

A new Wi-Fi HaLow (IEEE 802.11ah) standard is a technological successor of the current IEEE 802.11ac wireless protocol. It works at 900 MHz frequency band in the USA and significantly improves wireless coverage and energy efficiency as one of the most important features for smart homes, smart buildings and other IoT use cases.

Among other available choices, this technology is used in smart homes and smart buildings for use cases with high throughput audio/video streaming requests, centralized management applications, video monitoring and security systems, etc. Networking of multiple devices such as cameras, lights and switches, monitors, sensors and many others is enabled with this technology.

One of the major Wi-Fi benefits is its prevalence in almost all digital devices today and capability to provide high-capacity wireless links. From a security perspective, activation and implementation of supported encryption mechanisms provide acceptable protection, like Wi-Fi Protected Access (WPA) or WPA2. Wi-Fi technology enables generic IP compatibility, easy installation and operation procedures, possibility to add or remove the devices to or from a network with no particular management efforts and impacts to network functionality, efficient troubleshooting, etc.

This technology can be implemented as a back-end network for offloading aggregated data from a central IoT hub to the cloud, which is a very important feature applicable to smart homes and smart buildings.

Some Wi-Fi drawbacks for smart home and smart building use cases are power consumption, higher infrastructure price, susceptibility to obstacles that limits the range, susceptibility to RF jamming—important for smart home or smart building security systems, available throughput is shared between connected devices, susceptibility to interference from the many devices that operate at the same frequency—including Wi-Fi and other wireless technologies devices like cordless phones, microwaves, etc.

Radio-Frequency Identification (RFID)

Radio-Frequency Identification (RFID) is a technology commonly used for identification, status administration and management of different objects. It is important for people identification, as it is commonly deployed in latest biometric passports.

It operates in several frequency bands like Low frequency band from 125 kHz to 134 kHz, High frequency band with 13.56MHz working frequency, Ultra-high frequency band with 433 MHz working frequency and 860 – 960 MHz sub-band.

In Ultra-high frequency bands there are two types of RFID systems—Active and Passive.

  • Active RFID system operates on 433 MHz radio frequency and on 2.4GHz from Extremely High- Frequency Range. It supports range from 30 to 100+ meters.
  • Passive RFID system operates on 860 – 960 MHz frequency and supports up to 25m range.

Commonly, a RFID system has three major components: RFID tag, RFID reader and RFID application software.

  • RFID tags can be active (with microchip, antenna, sensors and power supply) or passive (without power supply).
  • RFID reader is another hardware component that identifies a RFID tag and transmits its status to the RFID software application.
  • RFID software applications (often mobile applications) monitor and administer RFID tags. They usually exchange information with RFID readers via different beacon technologies or Bluetooth.

RFID technology is very important for different IoT applications including smart homes and smart building. According to the applied frequency ranges, some advantages and limitations of RFID systems are given in Table 1.

RFID system type Advantages Limitations Applicability
Low frequency band
  • Unique applicability compared to other RFID systems
  • Global standardization support
  • Very short range
  • 10cm
  • Limited memory of RFID devices
  • Low throughput
  • High production costs
Animal tracking, access control, applications with high volumes of liquids and metals.
High frequency band
  • Support for NFC global protocols and standards
  • Higher capacity of the memory
  • Short range – 30cm
  • Low throughput
DVD kiosks, library books, personal ID cards, gaming chips, etc.
Active RFID systems
  • Longer range.
  • Lower infrastructure costs compared to Passive RFID
  • High memory capacity
  • Higher throughput
  • High tag cost
  • Restrictions due to battery power supply
  • Complex software solutions
  • Susceptibility to interference from metal and liquids
  • Lack of global standardization support
Vehicle tracking, auto manufacturing, mining, construction, asset tracking.
Passive RFID systems
  • Long read range
  • Low tag cost
  • Variety of tag sizes and shapes
  • Global standards support
  • High throughput
  • High infrastructure cost
  • Moderate memory capacity
  • Susceptibility to interference from metal and liquids
Supply chain tracking, manufacturing, pharmaceuticals, electronic tolling, inventory tracking, race timing, asset tracking, etc.


RFID tags are implemented as an interface between the IoT ecosystem and the subscribers. This technology potential is significant because of its low cost and low power features.

Smart clothes are a representative example of RFID technology deployment in a smart home. Garments with embedded RFID tags could share information with smart home appliances, to help us improve life quality. Smart bins could help to sort clothing items into logical groups, while balancing the load size. Smart washing machines in smart homes or buildings could read the embedded RFID tags on smart clothes and set the optimal wash cycle in compliance with provided instructions. Smart cleaning/laundry services provided in smart buildings can establish real-time communication with the building tenants, keeping them informed about the status of requested service.

RFID is also important for indoor location applications development and Angle of Arrival (AOA) technology. AOA technology implies the optimization of the mobile tag signals arrival angle from at least two adjacent sources, establishing a real-time location system with centimeters accuracy. In the context of localization systems and indoor applicability, this is a significant improvement.

RFID technology enables new consumer applications and services for smart homes and buildings like smart shelves, smart mirrors, self check-in or check-out, restricted area access control, etc.

Some important RFID technology advantages for smart home and building applications are low cost, low power consumption, great implementation potential, perspective for development of different user friendly software (mobile) applications, etc. RFID technology limitations are susceptibility to interference caused by different objects or eavesdropping and DDoS attacks, lack of standardization support, signal collision, etc.

Near field communications (NFC)

NFC is a short range two-way wireless communication technology that enables simple and secure communication between electronic devices embedded with NFC microchip. NFC technology operates in 13.56 megahertz and supports 106, 212, or 424 Kbps throughput. There are three available modes of NFC communication:

  • Read/write (e.g. for reading tags in NFC posters)
  • Card emulation (e.g. for making payments)
  • Peer-to-peer (e.g. for file transfers)

There is no need for pairing code between devices, because once in range they instantly start communication and prompt the user. NFC technology is power efficient – much more than other wireless technologies. The communication range of NFC is approximately 10 centimeters and it could be doubled with specific antennas. The short range makes this technology secure. Only allowing near field communications makes this communication technology optimal for secure transactions, such as contactless payments. Some examples of NFC applicability include:

  • Ticket confirmation for sports events, concerts, at theaters, cinemas;
  • Welfare performances improvement – syncing workout data from a fitness machines with personal user device;
  • Personalized content sharing – viewing special offers on your phone in museums, shopping malls and stores;
  • Loaders of translated content in different services, like menus in the restaurants;
  • Check-in and check-out in hotels, airports, etc.;
  • Security systems – unlocking an NFC-enabled door locks, etc.

NFC technology provides further support for smart home and smart building evolution. In the bedroom an NFC tag can be used for monitoring TV, wireless system, alarm, lighting or other devices via the smartphone. In the kitchen NFC tags could be placed on refrigerator and oven making them smart as presented in Figure 3., or they could be used to modify the ambient according to your needs (turning on and off some lights, music, etc.)

NFC support for smart kitchen
Figure 4: NFC support for smart kitchen

NFC tags can transform a smartphone or other personal digital device embedded with NFC chipset, into a universal remote capable of performing any action. Compared to RFID technology, every NFC device has embedded NFC reader and NFC tag capabilities. The potential for NFC technology applicability in smart homes and buildings is endless.

NFC advantages for smart homes and buildings applicability are simplicity, security, capability to connect unconnected devices via NFC tags or bridge other incompatible wireless technologies, low power consumption, widespread technology in almost all electronic devices, etc.

The main limitations that have to be considered for NFC applicability in smart home and smart building use cases are: very short distance, lower throughput compared to other wireless technologies, it is not completely risk-free technology – due to the fact that mobile based hacking tools are evolving and became common today.

Built-in cybersecurity features of wireless technologies (Bluetooth, Zigbee, Wi-Fi, RFID and NFC)

Traditionally, wireless networks are self-contained, homogenous and do not provide interoperability between different wireless technologies. There is no single wireless technology optimal for all use cases, capable of supporting all coverage, throughput, mobility, etc. requirements. As these technologies are wireless and susceptible to security issues, security protection is one of top priorities and the most challenging features in wireless networking. Rapid development and increasing importance of all wireless technologies became crucial for the fourth industrial revolution (IoT). Communications infrastructure is more complex than ever before. This trend will continue.

Hence, the general conclusion is that the principal task of wireless communication technologies should be to provide secure connectivity. In this chapter I’ll present some representative security features and challenges of above-mentioned wireless technologies.

BLE (Bluetooth) Cybersecurity

Several security modes are recognized in Bluetooth technology. Each version of Bluetooth standard supports some of them. These modes differ based on the point of security initiation in Bluetooth devices. Bluetooth devices must operate in one of four available modes:

  • Bluetooth security mode 1 – it is an insecure mode. It is easy to establish wireless connectivity in this mode, but the security is an issue. Bluetooth security mode 1 applicability is in short range devices and only supported up to Bluetooth v2.0 + EDR (Enhanced Data Rate) standard version.
  • Bluetooth security mode 2 – a centralized security manager is responsible for access to specific services and devices in this mode, by implementation of the authorization procedure. All Bluetooth devices can support this security mode. However, v2.1 + EDR devices support it only for backward compatibility.
  • Bluetooth security mode 3 – in this link level-enforced security mode, the Bluetooth device initiates security procedures before establishment of physical link. It uses authentication and encryption for all connections to and from the device. Bluetooth Security Mode 3 is only supported in Bluetooth devices with v2.0 + EDR or earlier versions.
  • Bluetooth security mode 4 – in this mode security procedures are initiated after link setup. Secure Simple Pairing uses Elliptic Curve Diffie Hellman (ECDH) techniques for key exchange and link key generation. This mode was introduced at Bluetooth v2.1 + EDR.

Following five basic security services are implemented in Bluetooth technology:

  • Authentication – verifies the identity of devices that are exchanging data, based on their Bluetooth address.
  • Confidentiality – ensures that only authorized devices can access and view transmitted data. It is important for preventing compromise of information, for example caused by eavesdropping.
  • Authorization – ensures that Bluetooth devices are authorized to use the service.
  • Message Integrity – verifies that a message sent is a message received, without any changes in between its source and destination.
  • Pairing/Bonding – creates and stores shared secret keys important for a trusted device pair establishment.

Supported security mechanisms developed together with standard versions. In compliance with the Bluetooth Specification Version 5.0, two security modes are implemented in BLE: Security mode 1 and Security mode 2. Within each of them, there are different security layers. BLE security mode 1 has 4 layers:

  • No security (without authentication and without encryption).
  • Unauthenticated pairing with encryption (AES-CMAC encryption or AES-128 -is implemented in this layer, during communications when the devices are unpaired).
  • Authenticated pairing with encryption.
  • Authenticated BLE secure connections pairing with encryption (each time after the pairing is initiated Elliptic Curve Diffie-Helman key agreement protocol is used for key exchange BLE secure connections).

BLE security mode 2 is supported with 2 layers:

  • Unauthenticated pairing with data signing.
  • Authenticated pairing with data signing.

Security manager protocol, built in the session layer of the OSI reference model, is responsible for pairing, signing between nodes, encryption, key administration, key management, security services management and all other security features in a BLE network. Bluetooth has some security vulnerabilities, as does any other wireless technologies. Its implementation has to be planned taking into account possible security threats. Some representative security challenges of BLE (Bluetooth) technology are:

  • Passive eavesdropping and Man in the Middle (MITM) attacks or identity tracking apply to Bluetooth technology. The interception of radio waves between a smartphone and smart lock can be realized by a different kind of sniffers. Their price range today is 50-100 USD.
  • Bluejacking involves the sending of a vCard message via Bluetooth to other Bluetooth users within the short ranges – typically 10 meters. The risk is that the recipient will not realize what the message is and it is possible to open messages automatically, assuming that they are sent from someone known from the contact list.
  • Bluebugging is the Bluetooth security issue that allows unauthorized remote access to a phone and usage of its features. It may include placing calls and sending text messages. In the meantime, the owner does not realize that his phone has been taken over. Depending on the attacker’s creativity, denial of service (DoS) attacks and resource misappropriation are consequences of this security issue, too.
  • Car Whispering is a hacking technique that implies the usage of specific software to send and receive audio and other files to and from a Bluetooth enabled car stereo system, to invade privacy or listen conversation. It could be applied in the same manner to a Bluetooth enabled systems in smart homes or smart buildings.
  • Bluesnipping is a hacking technique capable to extend the range of unauthorized Bluetooth communication system monitoring and provide malicious coverage within a mile distance. It is realized with a specific hardware – a Bluesnipping gun that is made with a few hardware pieces like folding stock, Yagi antenna and Linux terminal.

These vulnerabilities can cause unauthorized access to sensitive information, unauthorized use of Bluetooth devices and other systems or networks to which the Bluetooth devices are connected. In order to protect a network from security vulnerabilities, it is always useful to be careful with third-party applications and install applications only from trusted sources. Recommendation is to deploy a home network firewall that will protect and encrypt all incoming and outgoing data.

Zigbee Cybersecurity

The Zigbee Alliance and its members are continuously improving security performances of Zigbee technology, to achieve optimal balance between deployment, exploitation and security requirements in wireless machine to machine communication.

Zigbee is considered to be a relatively secure wireless communication protocol, with security architecture built in accordance with the IEEE 802.15.4 standard. To meet the security needs, Zigbee provides a standardized set of security specifications based on a 128-bit AES algorithm and compatible to wireless 802.15.4 standard.

Security mechanisms include authentication, authorized access to network devices, integrity protection and encryption with key establishment and transportation. Device authentication is the procedure of confirming a new device that joins the network as authentic. The new device must be able to receive a network key and set proper attributes within a given timeframe to be considered authenticated. Device authentication is performed by the Trust Center. Integrity protection is realized on the frame level using message integrity checks (MIC) to protect the transmitted frames and ensure they are not accessed and manipulated. A 128-bits symmetric-key cryptography is implemented in Zigbee’s security architecture. Zigbee technology supports 3 different types of keys for different purposes:

  • Master key must be obtained by pre-installation, secure key transport or user-entered data such as PIN or password. It is used for link keys derivation and establishment.
  • Network key is used for network establishment and broadcast network communication. This key provides network level security.
  • Link key is used for encryption point-to-point communication at the application level. It is different for each pair of devices in the network that are working in point-to-point mode. Link keys are used to minimize the security risks of Master key distribution. This key provides APL level security and the messages between devices are protected with both – the Network key and the Link key.

There are two types of security models in Zigbee networks. They mainly differ according to the implemented mechanisms, i.e. how new devices are admitted into the network and how they protect the messages in the network – Centralized security network and Distributed security network.

In the Centralized security model only Zigbee Coordinator with Trust Center credentials can establish centralized networks. Nodes join the network, receive the network key and establish a unique link key with the Trust Center.

In the Distributed security model, there is neither Zigbee Coordinator with Trust Center credentials nor Master keys. All the nodes in the network are pre-configured with the Link key, before entering the network and using the same network key for message encryption.

Zigbee technology supports different key management and transportation mechanisms, such as pre-installation (realized by manufacturer), key establishment—a method of generating Link keys based on the Master key, and key transport—when the network device makes a request to the Trust Centre for a key.

Security attacks and unauthorized usage are possible, as Zigbee technology applies to remote control and monitoring of sensitive resources, infrastructure or home security. Some important security issues in Zigbee networks would be:

  1. Replay and injection attacks. In the first phase, specific tools for Zigbee network discovery transmit beacon request frames and analyze responded information about available nodes in the network. This entire process finds Zigbee devices working on dedicated working channels, sends and receives beacon request and response frames over that single channel. Next phase is capturing the packets, analyzing them, then replaying the same packets and making it look as if they came from the originating node to cause a change in the device’s behavior, determined by the replayed packets. The network will treat the malicious traffic as regular traffic.
  2. Wormhole attacks exploit the mechanisms to discover routes of on-demand routing protocols and apply to Zigbee networks. A malicious user that receives packets at one point in the network then replays these packets in other areas to interfere with the overall network functionality. The attacker can control the data that flows through the malicious tunnel and launch other attacks, especially if network nodes are far enough from each other.
  3. Misplacement of some low-cost Zigbee devices with limited protection capabilities – for example, without tamper-resistance (such as temperature sensors and light switches), makes them vulnerable for unauthorized access to privileged information like keys, network identification, working channels etc.
  4. Zigbee uses the same security level in all network devices for the purpose of achieving and maintaining the device interoperability. This could lead to some security risks.
  5. Eavesdropping applies to Zigbee networks, especially to ones supported by OTA firmware upgrade capability. This kind of attack is very hard to discover.
  6. DDoS attacks at the MAC layer are a realistic scenario. If an attacker floods a radio channel with frames, the network will be forced to deny any communication between devices, because Zigbee uses CSMA/CA mechanism and devices always check if a channel is busy before transmission if it is running in non-beacon mode.
  7. Without integrity protection provided by MIC, a rogue device could modify a transmitted frame and the modification may not be detected by the recipient.
  8. A denial-of-service (DoS) attack causes a node to reject all received messages. In a Zigbee network, DoS attack can be done by altering routing tables to redirect all or some of the network traffic to a malicious device (sinkhole attack). It is achieved by purposely sending messages to build artificial routing paths or to implement loops to the routing process of legitimate nodes. As a consequence, transmission of packets among devices is hampered.
  9. DoS attacks could be realized too, by using jamming techniques to trick the user for initiation of a factory reset and preventing the devices from communicating. It could be also realized by sending a “reset to factory default” command to the device and waiting on the device to look for another Zigbee network to connect.
  10. Upon leaving the network, a node can still access the communication, since it still possesses the master and link keys. If we analyze an example of a smart home or smart building where Zigbee devices are used for opening doors or improving energy efficiency, it is not impossible that one or many of the devices are lost or stolen. For that reason, if the keys stored on the devices are not properly revoked, someone might take advantage of the situation and exploit this weakness. Therefore, this type of attacks together with network physical security should not be underestimated and must be taken seriously.

In order to meet the increased security requirements for smart home and smart building use cases, the Zigbee Alliance is permanently engaged in security improvements (new algorithms and functions research and development, security protocols and hardware and software support requirements, networks and system organization and settings, regulatory topics and standards establishment).

Wi-Fi Security

The Wi-Fi Alliance enables the implementation of different security solutions across Wi-Fi networks through the Wi-Fi Protected Access (WPA) family of technologies. Simultaneously with Wi-Fi technology, deployable for personal and enterprise networks, security capabilities evolve too.

Today there are several available levels of security applicable to Wi-Fi networks implemented in WPA protocols, like WPA3 – Personal, WPA3 – Enterprise, WPA2, Open Wi-Fi and Wi-Fi enhanced open.

WPA3 security protocol

WPA3 is the latest generation of Wi-Fi security protocol. It is a successor of successful and widespread WPA2 protocol.

WPA3 adds new security features to deliver more robust authentication, enable increased cryptographic strength for highly sensitive information exchange and support resiliency of mission critical networks.

Once implemented, WPA3 protocol represents best security practices in Wi-Fi networks, while disabling obsolete security protocols and requiring usage of Protected Management Frames (PMF) at the same time. It includes additional features specifically to Personal or Enterprise networks and maintains interoperability with WPA2 protocol.

WPA3 is currently an optional certification for Wi-Fi certified devices that will become mandatory in compliance with the market needs and growth.

WPA3-Personal protocol enabled better protections to individual users by providing more robust password-based authentication. This capability is enabled through Simultaneous Authentication of Equals (SAE), which replaces Pre-Shared Key (PSK) in WPA2-Personal protocol. Some of its advantages are natural password selection (allows easy to remember passwords), protection of data traffic even if a password is compromised after the data was transmitted and easy to use.

WPA3-Enterprise protocol is developed specifically for enterprises, governments and financial institutions, offering an optional mode that uses 192-bit minimum-strength security protocols and cryptographic tools for better protection of sensitive data. It is supported  with authenticated encryption (256-bit Galois/Counter Mode Protocol  – GCMP-256), key derivation and confirmation (384-bit Hashed Message Authentication Mode with Secure Hash Algorithm – HMAC-SHA384), key establishment and authentication (Elliptic Curve Diffie-Hellman – ECDH exchange and Elliptic Curve Digital Signature Algorithm – ECDSA,  using a 384-bit elliptic curve) and robust management frame protection (256-bit Broadcast/Multicast Integrity Protocol with Galois Message Authentication Code – BIP-GMAC-256).

WPA2 security protocol

WPA2 protocol provides security and privacy to Wi-Fi networks since 2006. It is a well-known successor of an obsolete WPA security protocol. The major improvement in comparison with WPA is deployment of stronger AES encryption algorithms in WPA2 protocol.

During 2018, to meet security requirements in evolving networking environments, Wi-Fi Alliance augmented existing WPA2 protocol through configuration, authentication and encryption enhancement. By these enhancements, susceptibility to network misconfiguration is reduced and security of managed networks with centralized authentication services is supported.

Open Wi-Fi networks

In some use cases, open Wi-Fi networks are the only available option. It is important to be aware of the risks that open networks present. To address these risks, Wi-Fi Alliance has developed a Wi-Fi Enhanced Open as a solution for users of open Wi-Fi networks.

Compared to traditional open networks with no protection, Wi-Fi Enhanced Open certification provides unauthenticated data encryption to subscribers. It is based on Opportunistic Wireless Encryption (OWE) method defined in the Internet Engineering Task Force (IETF) RFC8110 specification and the Wi‑Fi Alliance Opportunistic Wireless Encryption Specification. Wi-Fi Enhanced Open enables data encryption that maintains the open networks ease of use and benefits network providers because of simple network maintenance and management.

The intensive evolution of security features in Wi-Fi technology makes it very deployable in the IoT domain and specifically to smart home and smart building use cases. Like other wireless technologies, it has some security challenges too. If we take into account the number of devices embedded with Wi-Fi chips, this becomes even more important. Some representative Wi-Fi security challenges are:

  • Jamming susceptibility – a Wi-Fi signal can be easily jammed today. In smart homes or smart building, this attracts additional attention. If a home security system is based on Wi-Fi technology, intruders could effectively block the Wi-Fi signal and disable the alarm system.
  • Because of the single point of failure (wireless router or Access Point), DoS attacks are potential risks for smart homes or smart building Wi-Fi networks. If the Access Point is out of service, there is no service availability and complete wireless network is malfunctioning.
  • Eavesdropping is performed by simply getting within range of a target Wi-Fi network, then listening and capturing data. This information can be used for a number of unauthorized activities including attempting to break existing security settings and analyzing non-secured traffic. It is almost impossible to reliably prevent this category of attacks because of the nature of a wireless network. It is always important to set the complex parameters in security mechanisms.
  • Evil Twins or Rogue Wi-Fi Hotspots are one of the most common ways for obtaining sensitive information from Wi-Fi networks. It represents a fake Wi-Fi access point that imitates the legitimate one. In this scenario, an SSID is state similar to original Access Point and any information disclosed while connected to Rogue Wi-Fi Hotspot could be misused.
  • Packet Sniffers – by using a packet sniffer, it is possible to identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts.
  • File-Sharing – if enabled on devices, it can be used for unauthorized access to a device connected to the Access Point or Wi-Fi hotspot and malware drop.
  • Malware and Ransomware susceptibility of public Wi-Fi hotspots that could be a part of smart building. Without the protection of AV software and web filters, malware can be silently downloaded.
  • A generic IP nature of Wi-Fi networks makes them a perfect surrounding for the testing of the new hackers’ tools and for improvements of the existing ones.

To maintain worldwide interoperability and secure communications between devices from different manufacturers, Wi-Fi alliance permanently improves the security solutions implemented in Wi-Fi technology, provides product certifications, forward and backward compatibility. This approach is very important for Wi-Fi support to different IoT use cases and particularly for smart homes and smart buildings evolution.

RFID Security

RFID technology is becoming increasingly popular for smart homes, smart buildings and other IoT use cases. RFID is considered to be the successor of the barcode technology.

If any of the security mechanisms in RFID is not implemented properly or not operational, the security is broken. Particularly in smart homes and smart building use cases, it may result in unauthorized access to personal data, or even personal tracking.

Like other wireless technologies, RFID is exposed to security threats and the most typical RFID security challenges are:

  • Interference susceptibility is caused by environmental factors such as radio noise and collision caused by metal and liquids. The interference affects the RF propagation and eventually leads to error in localization services, propagation, ranges, service availability etc.
  • Tag isolation is technically the simplest attack, and the most represented. It includes the jamming of tag communications and blocking data that has to be transferred to the reader.
  • Tag cloning includes eavesdropping, the extraction of the unique identifier (UID) and/or the RFID content and their insertion into another tag. Tag cloning is commonly used for unauthorized access to restricted areas or even for changing – decreasing the price of certain goods in supermarkets.
  • Relay/Amplification attacks consist in unauthorized amplification of the RFID signal by using a relay and extending the range of the RFID tag beyond the borders of its coverage zone.
  • Denial of Service (DoS) attacks include the scenario when a tag is flooded with a large amount of information from a malicious source and cannot process the operational signals sent by real tags. Other techniques are based on jamming – emitting radio noise at the RFID system operating frequency.
  • Remote tag destruction is realized by RFID zappers able to send energy remotely. This electro-magnetic field can be very high and capable of burning certain components of the tag. Remote tag destruction is possible if the kill password in some tags is misused – first by passive eavesdropping in order to open the kill password and then applying it intentionally to disable the tags.
  • Man-in-the-Middle (MitM) attacks, SQL injection, virus/malware and commands injections are possible by placing an active malicious device between a tag and the reader to intercept or alter the communications between both elements and endanger the readers functioning.
  • RFID skimming includes the deployment of unauthorized portable terminals, to make fraudulent charges on payment cards.

To provide a secure wireless network, described security challenges have to be taken into account when creating smart home or smart building systems based on RFID wireless technology.

NFC Security

NFC wireless technology enables all objects to connect to the Internet. Its applicability in the IoT domain, to smart home and smart building use cases is crucial, especially if taken into account the fact that all modern personal devices (cellphones, tablets and notebooks) are embedded with NFC chips and their mutual compatibility is achieved.

One of the security mechanisms implemented in NFC is Digital Signature (defined in the NFC Forum Signature RTD 2.0) with asymmetric key exchange. The Digital Signature is a part of the NFC Data Exchange Format (NDEF) message, which includes also a Certificate Chain and a Root Certificate. Each NFC device has a private and a public key. Developed by HID – NFC tag manufacturer, another security mechanism is a Trusted Tag. It fully complies with NFC Forum Tag Type 4 and works with any NFC Forum compatible devices. The Trusted tag is protected from cloning and embedded with cryptographic code generated by every “tap” or click on NFC button. This cryptographic code protects the content of the transmitted information.

NFC technology operates in limited range and includes additional protection like PIN or biometric locks that enable secure data exchange.

Similar to other wireless technologies, NFC is susceptible to some security challenges. Some illustrative examples are:

  • General theft of property or losing a device is hard to avoid. The best defense from this threat is to ensure phones, tablets and other personal devices from unauthorized logging and usage.
  • Eavesdropping and interception attacks apply to NFC technology.
  • Man in the middle attack is possible if there is a malicious device positioned between two NFC devices or in their short range that receives and alters the exchanged information. They can be prevented by remaining aware of unusual devices that are attached or positioned nearby to transactions premises. It is important to ensure that NFC transactions are realized only in official and authorized places.

5G for smart home / smart buildings

Deployment of 5G cellular communication technology establishes a new ecosystem with great potential. These potentials are based on the creation of the most advanced and the most critical communications infrastructure ever, capable of supporting new service possibilities, including efficient information exchange in an IoT context. A new ecosystem outlines are shaped by the availability of 5G technology features such as:

  • High speed (1-20 Gbps) data throughput capable of effectively processing augmented and virtual reality (AR/VR) systems, 3D video streaming with 4K /8K resolutions screens, online gaming and other services, etc.
  • Ultra-low latency (<1ms) that is of crucial importance for real time services such as telemedicine and healthcare, AR/VR, intelligent transportation, smart homes and industry automation.
  • Millimeter-Wave radio communications with new waveforms and massive MIMO (Multiple In Multiple Out) applicability with beam-forming and beam management, due to frequency range – wavelength, size of antenna and spacing characteristics.
  • Massive connectivity and dense coverage for vehicles, mobile subscribers, enterprises, IoT etc.
  • Very low energy consumption with extremely long battery life (up to 10 years), necessary for IoT M2M (Machine to Machine) communications.

To enable these capabilities, a completely new air interface capable of supporting heterogeneous access networks in different frequency bands and variable bandwidths is provided for 5G networks. Supported by small cells network structure, it ensures ultra-low latency, great indoor and outdoor coverage, localization and service availability. Cloud Radio Access Network (CRAN) model implemented in 5G technology enables split access architecture and deployment of network virtualization. In this new radio access model, a “central” edge cloud location is responsible for some access network functionality, while other functions are realized in the remote locations, enabling the separation of the front and back-haul in the transport network.

Implementation of adaptable software-based architecture technologies especially applicable to the first three layers of OSI reference model – Software Defined Radio (SDR), Software Defined Access (SDA) and Software Defined Networks (SDN) is enabled in 5G networks together with packet core network upgrades. The implementation of these technologies enables Network slicing as a unique 5G attribute. Network slicing manages and processes the creation of multiple virtual networks within shared physical infrastructure and is expected to be a crucial feature that will empower the deployment of different 5G use cases.

Expectations are that 5G will expand boundaries in all domains of modern life such as travelling, driving, production efficiency improvements, smart systems deployment such as smart cities with smart homes, buildings, hospitals, factories, public safety and services management etc. – all areas of human activity.

AI, IoT and 5G technology are intertwined. 5G technology is responsible to provide a network surrounding capable of supporting widespread use of AI and IoT applications and services. AI significantly improves the network management and services availability. Through integration and advancement of these technologies 5G telecom carriers are in position to improve network planning, capacity expansion forecast, coverage auto-optimization, network slicing, CRAN and dynamic cloud network resource scheduling.

AI is recognized as a game changer that will lead the transformation from the current carriers’ management model based on human capabilities to the self-driven automatic network operation and maintenance management mode. At the same time, availability of IoT and AI applications and services is directly correlated with construction of new 5G infrastructure and networks deployment.

When considering smart buildings and smart homes use cases, automation saves time and costs. Automation processing is moved to a higher level with 5G technology.

By supporting massive connectivity, 5G enables the deployment of smart home devices that work automatically, with no additional settings. For instance, by connecting the specific utilities meters to a central network, it is possible for suppliers of energy or other utilities to monitor, detect and respond if any unusual changes in consumption occur in smart landscapes like buildings, homes and cities.

Improvement in security systems performances is expected due to lower latency with high throughput and network reliability that is provided by 5G technology.

Taking into account predictions that over 80% of traffic will be originated by indoor subscribers, indoor coverage becomes extremely important. The small cells structure of 5G networks improves the indoor coverage, compared to other cellular communication technologies and, at the same time influences the evolution of different HD enterprise services, home VR, holographic communication, telemedicine and other new services applicable to smart homes and buildings.

5G security

5G networks are designed not only to enable information exchange between people, but to also connect machines. The security and privacy are a major concern that spans far beyond 5G as the technology with the most complex infrastructure. It is important to be aware that 5G networks will support millions of low-cost sensors that affect the security, too. Considerations in 5G security and privacy developed new trust models, service delivery models, evolved threat environments, and privacy concerns.

To support all new relations between distinct entities in the 5G ecosystem, new trust models have to be established.

The increase of security requirements in areas such as authentication between distinct elements of a complex set, accountability and non-repudiation is expected.

New categories of devices will shape the trust models and extend the wide range of different security requirements applicable to many use cases such as industry automation control devices, smart home devices with associated services, next-generation of personal devices like tablets and smartphones, etc.

New identity management solutions play an important role in defining new trust models, too.

Cloud technology, AI and network virtualization applicability in 5G networks influence the shaping of the new service delivery models. Decoupling software and hardware, separation of the front and back haul in the transport network, third-party applications deployment in the clouds together with some native telecommunications services impact the demands on virtualization with strong isolation properties and force the new security system organization and deployment.

Simultaneously with new performances, new threats and challenges are rising. So are the privacy concerns.

Generally, the level of 5G security is not defined by the number of specified security mechanisms. A multi-stakeholder approach that involves operators, vendors, regulators, policy makers and representatives of 5G subscribers (from different ecosystem segments) is fundamental to the security baseline of trustworthy, cost-efficient and manageable 5G networks. In such a complex landscape standardization is of crucial importance for everyone – enterprises, public safety, industrial automation, smart homes and buildings, etc. Standards defined by entities such as the ISO (International Organization for Standardization), the IEC (International Electro-technical Commission) and the CSA (Cloud Security Alliance) will also impact the technology evolution, applicability, and customers’ services availability. To provide safe and secure wireless connectivity worldwide, new comprehensive security policies have to be created and implemented in 5G technology.

5G security challenges

Similar to other wireless communications, 5G is susceptible to security challenges. 5G even more so.

There are several specific facts that are determining unique 5G susceptibility in security context, such as:

  • Network components that are virtualized and potentially deployed on the NFVI (Network Function Virtualization Infrastructure) and cloud components provide dynamic configurations of 5G architecture and need more dynamic and flexible security solutions.
  • Complex control of Network slicing – as a completely virtual type of networking deployed through all entities of 5G network.
  • Radio access network is vulnerable to all common wireless network security threats such as rogue nodes, modification, altering or injecting user plane traffic, MEC server vulnerability and DoS attacks.
  • AI applicability to 5G networks generates the new cybersecurity challenges, such as AI “black boxes”, the inability to test AI for intentional backdoors, or adversarial learning, which is remote reprogramming of the neural network algorithms.
  • Since the 5G network is managed by different software – its protection and reduction of API (Application Programming Interface) and other software vulnerabilities within the network became the priority, together with external roaming threats.
  • 5G implements edge computing that represents the potential for new security threats. It moves processing from the core and places it at the edges of the network – spatially distributed closer to high-density data sources to 5G.
  • The expansion of bandwidth in 5G creates more complex air interface and security challenges like eavesdropping, RF jamming, MitM attacks, complex resources administration and monitoring, etc.
  • Vulnerability is increased by attaching billions of smart but often low-cost and hackable devices to an IoT networks and other types of subscriber devices that can suffer from malware, MitM attacks, DDoS (Distributed Denial of Service) and other botnet types of attacks, lack of device tampering protection, snooping and sniffing attacks, etc.
  • Protection of subscribers’ personal privacy is a very important component of 5G security that includes access to location information (location based services), data and personal information privacy (personal health information, identity management or employee personal information available for enterprises).
  • Quantum technology is expected to break almost all encryption solutions available today. This issue has to be resolved on time, by upgrading encryption models to quantum resilient ones. For example SK Telecom, South Korea’s largest mobile operator has already developed Quantum Key Distribution (QKD) technology for its 5G network.

Without further standardization, regulation and strong proactive measures, 5G networks offer the widest and the most attractive attack surface and remain vulnerable to cyber-attacks.

Conclusion – wireless technologies and IoT perspective

It is impossible to deploy a functional IoT ecosystem without the support of wireless technologies. They provide the communications between the billions of devices, network and applications servers, cloud infrastructure, machines and sensors, subscribers, new applications and services, etc.

The latest cellular communications technology – 5G is recognized as a game changer that will support different heterogeneous wireless technologies, open new perspectives for AI and augmented reality applicability, provide necessary infrastructure that will enable secure and safe deployment for smart homes, smart buildings and smart cities or any other IoT use cases.

5G, as the communications technology with the widest applicability for different IoT use cases, is expected to become the most critical of critical infrastructures ever.

Enabled by 5G, the potential of smart homes, smart buildings, and smart cities will explode. With the wide applicability and ubiquity, the arrival of 5G will further expand the demand for smart home devices, impact their development, lead to more competitive pricing and make them more available in everyday life.

It is essential to pay close attention to the integration and configuration of wireless devices, in compliance with system needs and to achieve secure communication in different IoT use cases. Regardless of the security protocols applied in the wireless – cellular technologies and security solutions implemented across the different layers of OSI reference model, we must also keep the focus on user attention as one of the most important details that significantly contributes to overall system safety and security, especially for smart homes and smart building use cases.  

Most popular articles this week