With cellular modules getting more attention for their role in IoT solution security, ABI Research offers the first of a series of educational articles covering cellular modules. In each post, ABI Research analysts provide their insights on cellular modules and their impact on IoT solution security in critical areas of the IoT value chain.
Author: Dan Shey, Vice President, Enabling Platforms
What Is a Cellular IoT Module?
A cellular Internet of Things (IoT) module is the radio component of a smart device. It is the conduit for digital information transferred to and from a cellular network. Cellular modules are one of multiple components on a Printed Circuit Board (PCB) that enable computing and communications. One side of a cellular module is connected to antenna components for transmission and reception of data to/from the cellular network. On the other side, the module is connected to an application processor, a Microcontroller Unit (MCU), that is the brains of the intelligent device. The application processor is responsible for all the computing activities on a mobile device and directing the use of other components such as the cellular module for data communications.
What a Cellular Module Can Do
The sole function of a cellular module is to transfer information to and from a cellular network. For data transmitted from the cellular network to the device, the cellular module converts analog radio waves captured by the antenna into digital signals, effectively 1s and 0s. This transformation is done using the Radio Frequency (RF) front end, one of the major components of a cellular module. The second major component of a cellular module is the baseband processor. This component demodulates (translates) the digital RF signal into commands that can be understood by the Operating System (OS) of an IoT device’s application processor. The OS can differ depending on the application processor Original Equipment Manufacturer (OEM) and the processor capabilities. The baseband by itself or if combined with the RF front end make up the chipset of the cellular module. Cellular module vendors buy these components from chipset suppliers such as Qualcomm, Sony, and Sequans.
What a Cellular Module Cannot Do
As the application processor has the sole control of the connected device, it alone determines when data are sent or received. This is not a function of the cellular module; the cellular module can detect if the cellular network has data for delivery to the cellular device, but it cannot receive those data unless instructed by the processor of the device.
Identification and authentication are two functions performed to start a new session of data communications between the IoT device, the cellular network, and the application. Who (identification) the sender of data is, and their trust status (authentication) is an important security layer in data communications. But this is another function that is not controlled by the cellular module.
Instead, it’s the Subscriber Identity Module (SIM) card that controls the identification and authentication for connectivity to the cellular network. The application processor, using the data encryption features such as Datagram Transport Layer Security (DTLS)/Transport Layer Security (TLS), certificates/keys, etc. verifies that the data are coming from a trusted application. When the SIM and the application processor verify network and data source identity and trust, the cellular module is allowed to continue the data session.
One concern with connected devices is the ability of malicious activity to cause erratic device behavior or even turn the device on and off. These outcomes would result from malicious activity on the application processor, not the cellular module, as the cellular module does not control the IoT device.
One important caveat is smart modules. This is an evolution of the module package to include an application processor. The benefit is to consolidate many of the computing components with the cellular connectivity components to reduce the Bill of Materials (BOM) cost and device size. Cellular module suppliers do offer these types of modules. But even with smart modules, the application processor still controls the module functions.
What Is the Value of a Cellular Module Supplier?
Cellular module suppliers play an important role in the development of smart/IoT devices. Below are the three primary ways that cellular module suppliers provide value for device manufacturers:
- Design Simplification: Module suppliers simplify the design process for adding cellular connectivity to the IoT device. A single cellular module replaces several components needed for building cellular communications into a device. Modules include the cellular baseband chipset, the RF front end, multiplexers, voltage regulator, memory, and integrations between these components.
- Reduces Staffing Needs: Module suppliers eliminate the need for RF engineers to design these components into the PCB of the device. In fact, the RF engineering team of the module supplier may be sufficient for addressing connectivity design requirements such as antenna choice and integration. A module is a self-contained chip form factor communications sub-system, ready for installation.
- Device Certification: All cellular devices must be certified for use on cellular networks. The certification process can be costly and time-consuming, particularly for certification on North American networks, and may require hiring full-time engineers to shepherd the device through the certification process. Because modules are certified on cellular operator networks, which can vary greatly by country and global region, finished device certification time is greatly reduced, in addition to reducing the RF engineering expense. Overall, module suppliers substantially lower the time, cost, and complexity of bringing a cellular device to market.
Cellular Network Connectivity
Another factor that must be considered with cellular module adoption is network connectivity. Before a cellular IoT device is connected, the enterprise due to deploy it will already have a relationship with a cellular network operator, which will provision the new IoT device for connection to its cellular network, normally through a SIM card or chip, and today increasingly using Embedded SIM (eSIM) services. The SIM holds the International Mobile Subscriber Identifier (IMSI) number (a unique number identifying every device in the mobile network), which is already registered in cellular network databases, and a secure credential that is verified by the network operator. Provisioning includes activating the connectivity network profiles stored on the SIM, including all roaming partners. The SIM can also contain subscriber information, network configuration and network usage rules such as total data consumption allowances, and quality of service requirements, which are used to properly bill the customer per their agreement with the service provider.
A cellular device will either initiate a connection to a cellular network or respond to a request by the cellular network to send or receive data. For all communication with the cellular network, the SIM card authenticates the connection request, and eSIM services can allow for remote provisioning so that profiles can be securely changed while in the field, including installed certificates and functional behavior. The cellular module does not have any control of these connection requests. Its only role is to transfer messages and data between the device and the network.
Control of Device and Data Once Cellular Module Is Deployed in the Field
Once a device—and its embedded module—is deployed in the field and connected to a cellular network, the IoT device, and the data sent and received, is controlled by the applications that are using the device. There are two types of applications that can control device activities, as outlined below:
- Process Applications: These can be a smart meter application used by the utility that collects meter usage data, for example. Or they can be a telematics application that is collecting data on vehicle functions such as engine use, tire pressure, or battery levels.
- Device Management Applications: Device management can include updating firmware and software in the device processor or on the cellular module itself. It can also update security features such as digital certificates or anti-virus software. Finally, device management software can adjust different parameters of a device’s operations such as how often data are sent or received, or how long the device is powered on.
Both applications, which typically reside in the cloud or enterprise’s data center, operate by communicating with the application processor’s device OS. Communications can be facilitated with Application Programming Interfaces (APIs), small pieces of software that allow connecting to the device OS. APIs are typically used on higher compute OSs such as those from Microsoft or Linux. For smaller compute devices that use Real-Time Operating Systems (RTOSs), OS-specific agents are embedded in the application processor, allowing communications and device control.
Processing applications can have full control of the device. Device management applications, in contrast, are restricted to very specific activities and almost always are not able to control the device. Device management software is typically provided by a separate supplier, but the enterprise owner uses it and controls its use.
In summary, both types of software only operate through the device’s application processor, so the cellular module has no control over the device and data communications. In addition, most module suppliers do not offer process applications or device management applications.
Cellular Module Security Supporting IoT Device Security
Given the importance of the device application processor, device security needs to address vulnerabilities that can occur through this component. However, the cellular module can contribute toward overall device security and it starts with a so-called secure boot. The boot operation is when the cellular module transitions from simple hardware operations to software-based operation using its OS. A secure boot loader, which is the product of the module chipset vendor (e.g., Qualcomm), verifies that the cryptographically signed firmware matches the signature burned into the device chipset at the time of manufacture.
Even prior to device operation, cellular modules can also contribute to overall device security with firmware that has been examined for vulnerabilities by a trusted third party. The outcome of this process is a list of vulnerabilities that can be remediated. This process also provides an extra layer of trust for the module vendor, which typically adds new software on top of the firmware already provided by the chipset supplier.
Summary
The cellular module plays an important role in a cellular IoT solution. Not only does it provide wide area cellular connectivity, but module vendors reduce IoT solution development time and cost for the enterprise. Simply put, the cellular module market is enabling a sprawling and fast-growing industry of innovative, connected solutions.
Within a device, cellular modules are the data conduit for IoT communications. However, they are controlled by the application processor and can only connect to the cellular network if authorized by the SIM card. When the device is in the field, the application processor also authorizes commands for device management services such as cellular module firmware updates.
The security implications of the processor-module relationship are that any commands to turn the device on and off or send data to a non-authorized source cannot come from a hack on the cellular module. Application processors control the device, which is the primary target for malicious activity.
Taking a more holistic view of security, supply chain security is what determines not only cellular module security, but overall device security. Module vendors can do their part by implementing security in the supply chain across all levels, including validated and signed software, authorized users and authentication processes, trusted partners, and encrypted communications, to ensure module security over the device’s lifetime.