Smart Factory, Smart City, Smart Everything: IoT-enabled devices are becoming normal. But which standard wireless technology guarantees secure data transmission over long distances using little energy? A comparison of NB-IoT and LoRaWAN.
The growing number of networked IoT devices is not only optimising the production of goods or coexistence in cities, it is also increasingly jeopardising our digital security. This is the opinion of 76 per cent of German companies surveyed by Bitkom and the Fraunhofer Institute as part of their 2020 Economic Protection Poll.
As the degree of networking increases, so does the number of potential vulnerabilities, making it all the more important for companies to keep an eye on their IoT security. In addition to the search for qualified personnel and attempts to sensitise all employees to the topic of IT security, many medium-sized companies are focusing on security by design when dealing with IoT applications. This also includes the question of which transmission technology offers the necessary security in which context.
In the early days of the Internet of Things machine data was transmitted mainly by 2G or GSM (Global System for Mobile Communication). Special networks for IoT applications, so-called Low Power Wide Area (LPWA) networks, were developed to improve building penetration, reduce data costs and energy consumption during transmission, and increase the short battery lifespan. They guarantee robust, energy-saving transmission of smaller amounts of data at low hardware costs. Two of them are especially popular: NarrowBand IoT (NB-IoT) and Long Range Wide Area Network (LoRaWAN). Which is better in respect of security?
Simply fill out the contact form – we’ll get back to you as soon as possible.
Let us first consider the fundamental differences between the two standards and their implications for corporate cybersecurity. NB-IoT (NarrowBand IoT) has been around since 2016 and is a technology developed especially for the Internet of Things and, initially, mainly in connection with Industry 4.0. It uses the licensed LTE frequency range, is based on the 3GPP specifications and incorporates LTE security functions developed and tested by the partners in the 3rd Generation Partnership Project. They include reciprocal authentication of terminal device and network, cryptographic algorithms such as AES, and a high level of security in creating and exchanging encryptions. The remaining LTE functions, not being needed, are not provided, which makes wireless modules inexpensive and transmission energy-saving.
NB-IoT transmits via the air interface LTE Cat-NB1, which is encrypted at the user and/or control level. Different encryption and integrity procedures are used and end-to-end encryption is not defined as standard, but can and should be implemented in the DTLS protocol or, in the near future, in the BEST or OSCORE protocol too. Telekom also increases the level of security by means of measures like the use of security tunnels (IP VPNs).
LoRaWAN, developed since 2015 by the Lora Alliance, uses in contrast – like the French competitor Sigfox – the unlicensed frequency spectrum, which in Germany is available free of charge. Users that operate their own gateways need neither SIM cards nor contracts with cellphone network providers and do not incur roaming charges. The price for these advantages is that the network is not entirely immune to faults and malfunctions. An adequate remedy is the Chirp Spread Spectrum (CSS), the robust Lora modulation method used by LoRaWAN, which switches frequency continuously, making it almost impossible for hackers to intercept entire messages.
LoRaWAN consists of three main components: nodes such as a sensor and endpoints, gateways, and the network server. All data sent by sensors reaches all gateways in the vicinity before it is passed on to the cloud-based network server. The network server filters packets for duplicates, installs security updates and, for one, sends the packets to the application server, which performs the required action. For another, it sends confirmations back to the gateways. It does so relatively slowly. As a consequence, despite the low transmission power a high range can be achieved by a low number of gateways. The combination of network and application layer ensures a good level of security.
NB-IoT devices have a SIM card - a secure element that LoRaWAN devices lack by default. The SIM card is an advantage because it makes it much more difficult to extract the master key and other cryptographic data. However, because end devices without a secure element are cheaper, many companies are opting for LoRaWAN. With the integrated nuSIM, Deutsche Telekom offers an inexpensive solution that does away with the physical SIM card but not the security of the LTE standard.
A possible vulnerability of NB-IoT is the fact that many terminal devices have multimode wireless modules and can connect with a 2G network if no NB-IoT network is available. Hackers could exploit that. Unlike the LTE network, fake base stations can be created on GSM and UMTS, making it easier to penetrate the network even without reciprocal authentication. So it is always advisable to implement additional end-to-end encryption, especially when roaming on third-party networks.
Terminal devices are vulnerable for LoRaWAN users too because they lack a secure element such as a SIM card or a chip. As most IoT devices are only occasionally connected to the network and are otherwise in energy-saving mode, hackers can often manipulate them unnoticed. Another LoRaWAN vulnerability is that the main key never changes and, if misappropriated, can be used for the entire network.
LoRaWAN, like its LPWA fellow combatant Sigfox, is suitable for use with very simple devices intended to send data with a minimal energy input from time to time over long distances and from remote and difficult-to-access locations. They include, for example, smart applications used in agriculture, especially in areas without LTE, let alone 5G coverage. Their users may have to find the network themselves, but companies can in this way serve rural production locations such as farms and fields.
NB-IoT has good building penetration, is generally resistant to interference and its reciprocal authentication and secure key generation and exchange contribute to a very high level of cybersecurity. NB-IoT is suitable for applications with a low bandwidth that require reliable transmission, such as Smart Metering, Smart City applications, filling level sensors or simple trackers. Even when bidirectional M2M communication is required NB-IoT is the better choice.
In the final analysis both technologies provide an acceptable level of security. Which standard a company should go for will depend on factors such as objectives, budget or geographical location. In principle NB-IoT is superior to LoRaWAN when it comes to storing critical data, but LoRa has a good modulation that absolutely justifies its use in rural areas.
We would be delighted to offer you the assistance of our Telekom experts with choosing the LPWA technology that is most suitable for you.
Would you like to know in greater detail what lies behind the two LPWA standards? Then let us recommend to you our free whitepaper on the subject of “Comparison and Analysis of the Security Aspects of LoRaWAN and NB-IoT.”
"Comparison and analysis of the security aspects of LoRaWAN and NB-IoT":
The most critical component of any successful IoT project is data security. That’s why we offer comprehensive IoT security solutions – from secure networks and certified devices to expert support from our IoT Security specialists. Rely on maximum protection for your IoT projects today!
Having been with Telekom since 2008, Ümit possesses a comprehensive understanding of various facets of the Internet of Things. He has a keen interest in the digital transformation of the business world. On this blog, he shares insights into the latest developments and trends in the IoT sector that provide genuine value to customers.
The Internet of Things (IoT) is changing how companies collect data, control processes and develop new services. IoT Governance is intended to form the strategic foundation for transparency, control and trust in an increasingly digital infrastructure. How this works, you will find out here.
In the Internet of Things (IoT), the MQTT protocol is a lightweight publish-subscribe protocol, ideal for reliable data exchange between resource-constrained devices. Learn more about its functionality, applications, and benefits in the article.
The retail sector is facing a digital transformation.Internet of Things (IoT) technologies are transforming traditional shops into smart, connected spaces, opening up new possibilities and opportunities for both retailers and customers. Find out more in this article!