Builds E2E IoT Security through Industry Collaboration 

IoT Is Fundamental to Infrastructure Security, but there are abundant risks and challenges facing by IoT, such as user data leakage and privacy risk, difficulties in secure device management, challenges in software upgrade for billions of devices, security challenges in infrastructure virtualization, risk of eavesdropping, hijacking, and tampering in network communications. IoT security threats are mainly posed by devices and diminished at upper layers. There are three carrier-class security contributes to IoT security:

Device threats and challenges

• Physical attack: Unmanned physical interfaces are exposed to risks, terminals are attacked, and terminals are used to attack the network.
• High power consumption: Simple network access process and low power consumption/cost are required.
• Malware injection: Attackers inject malware to control the system.

Network-layer threats

• Network communication attacks: Man-in-the-middle attacks (MITM attacks) or theft of/tampering with communication content cause device errors.
• Signaling storm/DoS attack: A large number of devices access the network, which may cause signaling storm/DoS attacks. As a result, the core network/IoT platform resources are exhausted, paralyzing the network/platform

Application-layer threats

• IoT-application attack: The application layer has the most external contact points and is likely to be accessed, thereby facing various attacks, such as unauthorized user/device access.
• Privacy theft: Application-layer data includes user privacy, and data breach causes personal property loss or even safety risks.

In order to enhance the IoT security, some governments adopt legislation to strengthen IoT Cyber Security. The Ministry of Industry and Information Technology (MIIT) is developing NB-IoT technical specifications, including security technical requirements and test methods. In 2017, the United States Department of Homeland Security (DHS) released the Strategic principles for securing the Internet of Things. In 2017, the European Network and Information Security Agency (ENISA) released the best practice research report on smart vehicle network security from three aspects: policies/standards, organizations/methods, and technologies. The National Institute of Standards and Technology (NIST) released an implementation guide for SP 800-160 IoT device security in 2016. In June 2017, GSMA released a series of IoT security guides for service providers, IoT device manufacturers, and network operators. IoT SF released the IoT security compliance framework and IoT security construction principles in 2017. OWASP established an IoT project team to study the IoT attack surface, vulnerability, firmware upgrade, and log analysis, and released the IoT security guide. However, no formal or unified regulations or industry standards about IoT security are available. National security laws and regulations are the source of reference. Efforts are made to promote security standards and framework research, including the best practice in the security field, by means of collaboration with international standards organizations and industry alliances.

Huawei provided reference framework of the IoT security solution. The key contents of the security framework are:

• Compliance: Ensure security compliance and build key capabilities.
• Synergy: A full range of device, pipe, and cloud security features are available, and device-cloud synergy helps intelligent detection.
• Focus on LPWA and vehicle IoT, and provide support for other domains.
• Notion: Device authentication (for device trust and identity authentication), pipe monitoring/awareness, and cloud analysis (for cloud security policy orchestration) are implemented to build a security-oriented IoT solution for customers.

Huawei is establishing an all-round, healthy, and open IoT security ecosystem, and enabling IoT Security capabilities of partners. Huawei supports IoT commercial case incubation and creates great partnership in IoT security. Huawei is also contributing to standard formulation and best practices, and promoting IoT security alliance building.