The high-speed cellular communication standard, long term evolution (LTE), commonly called 4G, or Cat 4, has continued to advance with technology enhancements since first being proposed by NTT DoCoMo in 2004. Developed by the 3rd Generation Partnership Project, 3GP, the roadmap for high bandwidth communications is heading towards the much-hyped 5G standard that, by 2020, promises speeds of up to 100 Mbps in city areas and up to 1 Gbps in single-floor office environments. While there will be many applications that will benefit from the significant advances in data rates, there is also a growing list of use cases where the amounts of data and the throughput rates do not warrant the associated costs and power profiles high rates demand.
With the recent exponential growth in M2M and IoT applications, there is an increasing need for relatively low bandwidth, higher latency and lower cost communications links. Typically these might be sensors or actuators, where the amount to data to be sent is fairly low, and the frequency is, perhaps, as little as a couple times a minute. For some devices, such as a temperature sensor,communication may only be required when the temperature changes within a prescribed value. With this requirement in mind, the cellular industry has been working towards provisioning such a low power wide area (LPWA) capability across their network. Narrowband IoT, also known as NB-IoT or LTE CatNB1, was first trialled by Vodafone, Huawei and u-blox during 2015, ahead of the full commercial launch in 2017. NB-IoT provides a narrow 200 kHz bandwidth that offers data transfer in the order of 10s of kbps. Most importantly, as a standard supported by over 20 global cellular operators, it features all of the safeguards and security associated with the cellular network operating in a licensed spectrum. See Figure 1. Using NB-IoT the vast army of IoT sensors can now be connected to the secure, established and well-proven cellular network.
Figure 1 illustrates the roadmap for LTE and the path taken by a sub-group of LPWA technologies, such as Narrowband-IoT/Cat NB1, aimed at a broad range of low power, low data rate applications.As IoT applications start to become the norm, so does the diversity of different use cases. While we have so far mentioned the extremes of data communication, between Cat 3/4 (<100 Mbps full duplex) and CatNB1 (> 10 kbps half duplex download & upload), there are a growing number of connected devices that need bandwidth capabilities somewhere in between. The roadmap for LPWA, shown in blue in figure 1, shows Cat 1, the latest LPWA LTE-based technology. With an upload throughput up to 5 Mbps, and a download of up to 10 Mbps, LTE Cat 1 provides a viable connection method for IoT applications such as telematics, asset tracking, security and video. Cat 1 not only provides more than adequate data rates but the latency is typically 10 – 15 ms compared to 1 – 10 seconds for Cat NB1. By comparison LTE Cat 5 has < 5 ms latency.
When looking to implement any wireless connectivity link, it’s important that the developer looks not only at the required features of the link itself but takes a more holistic review of the security aspects too. Establishing a chain of trust is an approach that is proving to be a popular means of achieving this; essentially breaking down the process into a number of trusted domains. For example, at u-blox, we have an approach termed the five pillars.
Typically, when using any form of wireless module, that may or may not also include a GNSS receiver, the following define the areas of potential security breach or attack; device firmware, communications to the server, interface security, enforcing API control and robustness that includes handling spoofing/jamming.
Increasingly, ensuring that your device is executing the software that it should be dictates that a method of secure boot is employed. Authenticating the initial code before booting the next process stage is the best approach. In particular, firmware over-the-air (FOTA) update, a function that is extremely useful in geographically dispersed pools of IoT/M2M sensors, offers a potential attack surface, so ensuring that the new downloaded firmware image is validated prior to being flashed is crucial.
From the transport layer, there needs to be a way in which the device can authenticate itself with the host server and vice-versa. Signing and/or encrypting communications is the recommended approach, with the wireless module having the resources to manage the keys for signing, encryption and decryption. Man-in-the-middle attacks are being increasingly common, so preventing the data being communicated being intercepted or compromised is essential.
Another consideration for security is the use of APIs. Unfortunately, the access to device features and the implications for security can often be overlooked. Those wishing to exploit or compromise a device usually have a lot of time available to probe for open APIs and experiment with the interrelationship between them and device functionality. Sometimes APIs incorporated within code provide access not only to standard features and capabilities but also to premium or paid-for services. Developers also frequently provide undocumented APIs for their own testing and configuration so it is imperative that these are protected as well. Hence, formal authentication and authorisation techniques should be employed to allow access to or enable such API’s.
An example of a LTE Cat 1 wireless module that conforms to the five pillars chain of trust approach is the LARA-R3 series from u-blox – see Figure 3.
Measuring just 24.0 x 26.0 x 2.6 mm, the LGA form-factor low power LARA-R3121 module meets the medium speed, 5 Mb/s UL / 10 Mb/s DL, specification of LTECat 1. It also incorporates a 72-channel GNSS receiver, nine configurable GPIOs and operates from a 3.3 to 4.4 VDC supply. Communication with the host application can be via either Serial UART or USB 2.0. SPI and I2C interfaces are also provided. Software and security features of the module include embedded TCP/IP, UDP/IP stacks, secure transport socket (HTTPS, FTPS, TLS 1.2) support and FOTA upgrade capabilities. Secure boot and authentication features are also built-in.
Communication with the host, like many wireless modules, is through the use of the industry standard Hayes ‘AT’ command set, a full listing of which can be found here. Covering every aspect of controlling the module’s features, configuring and setting up a data link and managing FOTA upgrades, the command set provides a comprehensive resource. In use across the wireless industry, the adoption of the ‘AT’ instructions makes it extremely easy to migrate from one vendor’s product to another, aiding a second sourcing approach if required for the end design.
When it comes to setting up a prototype, the availability of an evaluation board or development platform is an essential piece of hardware for the designer. In the case of u-blox’s LARA-R3121, the EVK-R312, provides a comprehensive platform from which to trial an initial design – see Figure 4.
Providing a means of breaking out the capabilities of the LARA-R3121 module the EVK-R312 provides a regulated power supply, SIM card, and extended I/O capabilities. See figure 5.
LTE Cat 1 meets the demands for broad range of LPWA IoT, M2M and telematics applications that require higher data throughput and lower latency specifications. In particular, video-based applications such as security and surveillance are those that are driving the bandwidth and latency requirements.