The high-speed cellular communication standard, long term evolution (LTE)—commonly called 4G or Cat 4—has continued to advance with technology enhancements since first being proposed by NTT DoCoMo in 2004. Developed by the 3rd Generation Partnership Project, 3GPP, the roadmap for high-bandwidth communications is heading towards the much-hyped 5G standard that, by 2020, promises speeds of up to 100 Mbps in city areas and up to 1 Gbps in single-floor office environments.
While there are many applications that will benefit from the significant advances in data rates, there is also a growing list of use cases where the amount of data and the throughput rates do not warrant the associated costs and power profiles that high rates demand.
With the recent exponential growth in M2M and IoT applications, there is an increasing need for relatively low bandwidth, higher latency, and lower cost communications links. Typically these might be sensors or actuators, where the amount of data sent is fairly low and the frequency is, perhaps, as little as a couple times a minute. For some devices, such as temperature sensors, communication may only be required when the temperature changes within a prescribed value.
With this requirement in mind, the cellular industry has been working toward provisioning such a low-power wide area (LPWA) capability across their network. Narrowband IoT, also known as NB-IoT or LTE Cat NB1, was first trialed by Vodafone, Huawei, and u-blox in 2015, ahead of the full commercial launch in 2017. NB-IoT provides a narrow 200 kHz bandwidth that offers data transfer in the order of 10s of kbps. Most importantly, as a standard supported by over 20 global cellular operators, it features all of the safeguards and security associated with the cellular network operating in a licensed spectrum. (See Figure 1.)
Using NB-IoT the vast army of IoT sensors can now be connected to the secure, established, and well-proven cellular network.
Figure 1. LTE roadmap showing Cat 1
Figure 1 illustrates the roadmap for LTE and the path taken by a sub-group of LPWA technologies, such as Narrowband-IoT/Cat NB1, aimed at a broad range of low power, low data rate applications. As IoT applications start to become the norm, so does the diversity of different use cases.
While we have mentioned the extremes of data communication, between Cat 3/4 (< 100 Mbps full duplex) and Cat NB1 (> 10 kbps half duplex download & upload), there are a growing number of connected devices that need bandwidth capabilities somewhere in between. The roadmap for LPWA, shown in blue in Figure 1, shows Cat 1, the latest LPWA LTE-based technology. With an upload throughput up to 5 Mbps and a download of up to 10 Mbps, LTE Cat 1 provides a viable connection method for IoT applications such as telematics, asset tracking, security, and video. Cat 1 not only provides more than adequate data rates, but the latency is typically 10 – 15 ms compared to 1 – 10 seconds for Cat NB1. By comparison, LTE Cat 5 has < 5 ms latency.
When looking to implement any wireless connectivity link, it’s important that the developer looks not only at the required features of the link, itself, but also takes a more holistic review of the security aspects, too. Establishing a chain of trust is an approach that is proving to be a popular means of achieving this; essentially breaking down the process into a number of trusted domains. For example, at u-blox, we have an approach termed the “five pillars”.
Figure 2. Establishing a chain of trust for wireless communication
Typically, when using any form of wireless module that may or may not also include a GNSS receiver, the following define the areas of potential security breach or attack: device firmware, communications to the server, interface security, enforcing API control, and robustness that includes handling spoofing/jamming.
Increasingly, ensuring that your device is executing the software that it should be executing dictates that a method of secure boot is employed. Authenticating the initial code before booting the next process stage is the best approach. In particular, firmware over-the-air (FOTA) update, a function that is extremely useful in geographically dispersed pools of IoT/M2M sensors, offers a potential attack surface, so ensuring that the newly downloaded firmware image is validated prior to being flashed is crucial.
From the transport layer, there needs to be a way in which the device can authenticate itself with the host server and vice-versa. Signing and/or encrypting communications is the recommended approach, with the wireless module having the resources to manage the keys for signing, encryption, and decryption. Man-in-the-middle attacks are becoming increasingly common, so preventing the data being communicated from being intercepted or compromised is essential.
Another consideration for security is the use of APIs. Unfortunately, the access to device features and the implications for security can often be overlooked. Those wishing to exploit or compromise a device usually have a lot of time available to probe for open APIs and experiment with the interrelationship between them and device functionality. Sometimes APIs incorporated within code provide access not only to standard features and capabilities but also to premium or paid-for services. Developers also frequently provide undocumented APIs for their own testing and configuration so it is imperative that these are protected as well. Hence, formal authentication and authorization techniques should be employed to allow access to or enable such API’s.
An example of an LTE Cat 1 wireless module that conforms to the “five pillars” chain of trust approach is the LARA-R3 series from u-blox – see Figure 3.
Figure 3. Example LTE Cat 1 module – u-blox LARA-R3121
In the LARA-R3 series, communication with the host, like many wireless modules, is through the use of the industry standard Hayes ‘AT’ command set, a full listing of which can be found here (PDF). Covering every aspect of controlling the module’s features, configuring and setting up a data link and managing FOTA upgrades, the command set provides a comprehensive resource. In use across the wireless industry, the adoption of the ‘AT’ instructions makes it extremely easy to migrate from one vendor’s product to another, adding a second sourcing approach if required for the end design.
When it comes to setting up a prototype, the availability of an evaluation board or development platform is an essential piece of hardware for the designer. In the case of u-blox’s LARA-R3121, the EVK-R312, provides a comprehensive platform from which to trial an initial design – see Figure 4.
Figure 4. Evaluation platform for u-blox LARA-R3121
Providing a means of breaking out the capabilities of the LARA-R3121 module the EVK-R312 provides a regulated power supply, SIM card, and extended I/O capabilities. See figure 5.
Figure 5. Functional block diagram of EVK-R312
LTE Cat 1 meets the demands for a broad range of LPWA IoT, M2M, and telematics applications that require higher data throughput and lower latency specifications. In particular, video-based applications such as security and surveillance are those that are driving the bandwidth and latency requirements.