7 minute read

Roaming SIMs

Roaming Sims fall into two categories. The first is a true roaming SIM that will connect to any network available to it. The second category is a managed or steered SIM. The steered sim has a list of partner networks that it will choose over any over other network open to it. This can create a problem when the preferred partner network is not available for the transmission of data in any given location.

A roaming SIM is designed to give you the best connection available in the location it is used in. The SIM allows access to the available networks, but it is the router/modem that chooses the network. The roamingSIM allowstherouter/modemto run asite surveywhen itis first powered uptoseewhat networks are available to it. Networks that have a poor signal or offer low throughput are blacklisted and the ones that are left are put in a preferred order (based on signal strength and throughput). When the preferred network has low signal or throughput this is also black-listed and then the next networkfrom the preferred list isselected.Once allnetworksareblack-listedthewholeprocess starts again. This process is perfect for a fixed device.

Advertisement

One common issue that can be experienced with a Managed Roaming SIM is where the home network applies a set of rules on how the connection is managed, so called steered roaming. Steered Roaming is where the SIM checks against an onboard Public Land Mobile Network (PLMN) list. It may then, for example, steer the router away from a strong Vodafone signal to a weaker Three signal because the supplier has a better deal with Three than they do with Vodafone.

Within the EU, and in the consumer market, charges for roaming are mandated to be equivalent to those applied on the home market. Since Brexit, there is no longer a requirement for this rule to apply to UK MNO’s. If a device will be crossing borders or deployed overseas, roaming charges could form most of the cost of the subscription. It is wise to check any contracts carefully, including for penalties should allowances be exceeded.

Anothersystem deployed to save costs is Network Level Steering. Consider that you have aTelefonica (O2) SIM and you are network roaming. The device picks EE to connect to (maybe using managed roaming). When the authentication request hits O2’s network, they reject it because they want you to use O2 where possible, as it costs them less.

A device will usually try this process five times before the O2 network will allow the authentication request through.The duration of thisvariesby device but is typically ten seconds per retry, which equates to a delay of up to 60 seconds before a connection is made.

By this point, most applications will have timed out, and will reinitiate the process, therefore giving the perception that no connection can be made. A true Global Roaming SIM does not have steered roaming applied to it and will connect to the first network it tries on the assumption that the device has already applied your criteria for the best possible connection at that time.

Tip: Use an un-steered roaming SIM from a Global carrier, which will have robust reciprocal agreements worldwide. Some Sims issued by minor carriers do not have robust reciprocalagreementsinplace andtheirperformancereflectsthisoverthe life of a project.

Cost of Failure

The cost of failure is often disregarded when planning or executing a mobile deployment. Often, to keep the costs and ongoing revenue down, the cheapest option for both the hardware and SIM solution are chosen. If the cost of failure is factoredintothecostofthe project,thechoiceofhardwareandSIMprovideroften changes.

Getting a system that works to specification at the best price means making the right choices on network, software, hardware, application layer and SIM provider and this requires some specialist knowledge. Often customers are reliant on their suppliers for technical advice and that is usually of variable quality.

A marketing team may use the word industrial router to increase the market perception of the hardware, however, when you drill down to the mean time between failures of its component parts, it matches consumer grade devices and not those of true industrial specifications. The cost of engineers being dispatched to reboot and replace hardware more than once during the life of the project means the price differential between two solutions pales into insignificance. It is also important to consider the cost in lost service and the potential of reputation damage.

Security

Security will be one of the main areas of focus for the next decade as systems move away from being standalone (isolated) systems to interconnected IP based that will run over public network infrastructure (not leased lines). It is strongly advised that both project design teams and procurement should be aware of Cyber Essentials and Cyber Essentials Plus and ensure as a minimum any supplier hold both certifications. Cyber Essentials is a simple but effective Government backed scheme that will help to protect your organisation against a range of the most common cyber-attacks.

A vast majority of Cyber-attacks are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a burglar trying your front door to see if it’s unlocked. However, as many are now finding out to their cost, Cyber-attacks are becoming more and more sophisticated in their execution.

There is a reluctance to acknowledge that the highest level of cyber security should be incorporated into any project (It makes no sense to be a little bit secure – you have locked the doors, but all your windowsareopen).Thismay be becauseofthe perceivedcostof increasingthe cybersecurityoreven the mis held conception that ‘no one would bother hacking the traffic lights in our sleepy backwater’, or, ‘Hackers are only after big corporations and banks as that’s where the money is’. Sadly, unless it is a specifically targeted attack on a bank or corporation, the hackers are unaware of who or what they are trying to hack into when they mount the attack.

At the very least, a hostile attack will cost you the value of the data being transmitted and loss of reputation. The attack may be a planned Distributed Denial of Service {DDoS} where your equipment willhave malware added and at that prearrangedmoment intime,manythousands ofdevices around the worldwillmount aDDOS attackon a third party. If the hackers succeed in breaching your security, they may indeed leave malware to shut down your system until a ransom is paid.

Security is the silent killer in business today. No company has an incentive to talk about failure and so the opportunity for learning to minimise risk is missed. This also leads to an underestimation of the scale of the problem.

Data Path Diagrams

Security of mobile devices is often hampered by the lack of clarity of what systems are involved. The first step to understanding security in a mobile environment should be to build a data path showing every component from the remote end to the centre. An example diagram (Figure 3)helpsasaframeofreferencewhereyouhavearemotedevice–apanic button in this case- connected over mobile through a Mobile Virtual Network Operator (MVNO) providing a private network with fixed IP to the customers central office. This is the model used by the bulk of IoT applications today.

However, the reality is that these resources are shared with multiple companies. Some of whom have good security and some who have not. The shared resources model is shown in Figure 4.

This shared resources model, shown in Figure 4, creates some internal vectors of attack that are not often recognised.Wehave added another customer– a security company with CCTV running over the same private network. The first potential breach is at a Mobile Network Operator (MNO) level. They assume that a Peer-to-Peer connection between SIMs is desirable, creating a short-cut through the MNO, bypassing the security put in place by the customers, the network and the MVNO (Figure 5).

The next most common breach in service is at the MVNO – Figure 6. Ideally, when creating private networks, a distinct subnet should be used for each customer. This minimises the chance of cross infection.Commercialandtechnicalpressuresoftenmeanthatasharedsubnetismore thenorm.This shared subnet creates a very real opportunity for viruses, malware, or a Denial-of-Service attack to jump the gap.

Figure

Figure

Figure

Unsecured 3rd party edge devices can prove a weak spot via network operators if peer-to-peer communication is enabled.

A similar breach can be created at the MVNO level if shared subnets are used.

A fixed public IP address can make the edge device visible on the internet, which, in bypassing all network security, provides the easiest point of entry into a system which will often be the one exploited.

The last common vector of attack is that of fixed Public IP addressing – Figure 7. It is a very common requirement for remote access so that engineers can access a system from their laptops or that customers can easily access their own CCTV. However, having a fixed Public IP address bypasses all security in the mobile network. It puts that camera directly out on the internet – eventually it will be found and will only have limited levels of protection.

A chain is only as strong as its weakest link, and any public fixed IP equipment will be the easiest point of entry into a mobile system. As we have seen above, once in, avirusormalwarewillexploit any otherweak points inthe systemand compromise not just the original system but all the other users of the network.

Inourexample,acamerawithapublicfacingfixedIPishackedand malware is loaded onto the camera. Once on the camera, the malware then uses multiple points of weakness to infect all the devices in the system. The same malware can then use the paths in place to infect upwards to the companies’ central offices. The nature of modern hacking is that none of this is targeted. The malware is an autonomous, opportunistic system that simplyexploitsanyweakness that it sees. It will then lie dormant for some months before deploying itself as Ransomware or Distributed Denial of Service attack.

Tips and questions for potential suppliers

 Ask for core availability statistics for the last three years, and on-street, if available.

 Make sure the supplier bills by the byte.

 Invest in a good omni-directional antenna.

 Ensure it’s a global non-steered roaming SIM; preferably with a device roaming algorithm.

 Minimise antenna cable length.

 Ensure the supplier provides Permanent Roaming.

 Be aware of typical SIM network fault reasons.

 Ensure you are being provided a Machine-to-machine SIM rather than a Consumer SIM.

 Avoid use of USB Dongles for critical or commercial applications.

 Test the SIM connection in as real conditions as is possible.

 Do not use Pay-as-you-go SIMs.

 Use a SIM that employs Multi-Path Multi-Network architecture.

 Use a private APN to restrict the devices that can access the network.

 Ensure hardware has the ability to manage its own connection.

 Use suppliers that match or exceed corporate Code of Connectivity standards.

 Use IoT tariffs to avoid delays in regular data transmission.

 Use data aggregation to ensure overuse of one Sim is compensated in underuse of another.

 For larger data usage applications, find a supplier that can provide data reservoirs to allow for flexibility around pricing.

 Ensure Firewalls and Servers are correctly specified to allow the solution to operate at peak performance.

 Ensure the supplier has suitable contention ratios within their network to provide high bandwidth media if required.

This article is from: