You are on page 1of 4

e d World

nnec t
Hy p er-Co
ing a Sa
Unleashing the New Wave of Connected Services
Wide adoption of connected technologies, such as 5G and the internet of things (IoT), is enabling industrial
digitalization through customer value creation. The promise of high-speed, low-latency, and secure, ubiquitous
connectivity with 5G, along with the growing demand for machine-to-machine (M2M) services, will enable mass
digitization of businesses and industries with a variety of use cases supporting it. According to GSMA, the global
IoT market will be worth $1.1 trillion in revenue by 2025 with more than 25 billion IoT connections (cellular and
non-cellular), driven largely by growth in the industrial IoT (IIoT) market.
As networks continue to evolve, generic services offered over 5G New Radio (5G NR) can be broadly categorized as
enhanced mobile broadband (eMBB), ultra-reliable, low-latency communications (URLLC), or massive machine-type
communications (mMTC) services.

Enhanced mobile Ultra-reliable, low-latency Massive machine-type

broadband (eMBB) communication (URLLC) communication (mMTC)

Figure 1: 5G NR use cases

While eMBB is focused on delivering reliable, high-bandwidth access to offer services such as enhanced AR/VR mobile
subscriber experiences, URLLC is focused on latency-sensitive applications targeting verticals, such as industrial
automation, connected cars, remote surgery, et al.; and mMTC enables device connectivity for low-cost, low-power
sensors in critical infrastructure services at massive scale.

Why Low Power Wide Area Technology Matters to IoT

Low Power Wide Area (LPWA) technology leverages existing mobile networks to connect low power-consuming IoT
devices, paving the way for completely new categories of applications in a cost-effective manner. 3rd Generation
Partnership Project (3GPP) has standardized the requirements for cellular-based narrowband technologies targeted
for low power wide area applications with improved network coverage.
Cellular IoT (CIoT) is becoming an increasingly dominant LPWA connectivity option to support low-cost, low-power
sensors and IoT devices, enabling massive device connectivity. Cellular IoT comprises complementary technologies,
LTE-M and NB-IoT, optimized and ideally suited for the needs of low-cost and low-power IoT applications, which
can operate along with 4G networks and is expected to connect billions of things with the evolution to 5G.

What Is Narrowband IoT?

Let’s take a closer look at the Narrowband IoT (NB-IoT) technology and the role it plays in driving the development
of M2M connectivity. 3GPP has defined a new radio access technology, NB-IoT, optimized for machine-type
traffic. NB-IoT operates in the licensed 200 kHz narrowband spectrum and can be implemented in three different
operation modes:
• Standalone mode—deployed in re-farmed spectrum (e.g., decommissioned GSM spectrum).
• Guard-band mode—deployed in guard-band within 3G and LTE spectrum.
• In-band mode—deployed within the existing LTE spectrum.
Advantages Use cases

Industrial IoT
Low power • Machinery control
consumption • Factory automation

Critical infrastructure
• Smart metering for utilities
Massive device (electricity, water, gas)
connectivity • Smart grid

Smart cities
• Smart street lighting
Improved network • Smart parking
coverage • Smart waste management

Figure 2: Advantages and use cases of NB-IoT LPWA technology

The use of licensed spectrum for NB-IoT taps cellular network capabilities to offer better reliability, predictable
performance, and quality of service for IoT services. Additionally, NB-IoT LPWA technology offers wide range of
benefits supporting IoT applications across many service categories.
Examples of domains where NB-IoT technologies are deployed include smart metering for utilities, critical infrastructure,
remote agriculture, smart cities, and IIoT use cases.
LTE-M is designed for devices on the move and requiring mobility and higher bandwidth, making it well-suited for
applications such as those doing asset tracking in the fleet management domain, with variable data rates. NB-IoT is
designed mainly for stationary devices requiring low bandwidth; for example, a smart metering service in the utility
domain transmitting small data at fixed periods, which is usually not delay-sensitive.

NB-IoT Optimized Network

M2M services exhibit a broad spectrum of capabilities and enable a variety of applications in multiple different
domains. Connecting these services over the radio network requires optimization techniques to be deployed to meet
the varying needs.
The traffic generated by M2M IoT applications is usually short, with the size of a typical data packet for a sensor-based
service around 100–150 bytes.1 To efficiently handle infrequent M2M short data transactions, 3GPP includes
specifications for CIoT EPS optimizations for user plane and control plane, with several paths that the user data can take.
The Control Plane CIoT EPS optimization allows devices to transmit small IP data on the control plane through an
S11-U interface between the MME and SGW, using the GPRS Tunneling Protocol for user data (GTP-U).

1. “IoT connections outlook,” Ericsson Mobility Report, November 2018,

S11 S11-U CIoT control plane EPS optimization

IP data on control plane (S11-U) CIoT service


• Smart grid
IP data on user plane (SGi)
CIoT-service Packet data network
gateway node

Figure 3: NB-IoT optimized network for small data transactions over IP

• Smart parking

The Control Plane CIoT EPS optimization uses the existing signaling data bearers without needing to establish separate
data bearers. Allowing user data over the control plane optimizes power consumption due to reduced signaling over-
head and extends the battery life for the device/UE.

Security Considerations for NB-IoT Traffic

While NB-IoT opens the doors for new types and classes of applications serving new revenue opportunities to the
operators, these low-power, low-cost, and unsecured IoT sensors also pose expanded security risks for the operator’s
network and end users. The IoT sensors have small code footprints and are constrained in memory, CPU, and bandwidth
to host built-in security modules, hence, riddled with vulnerabilities.
Even the simplest of vulnerabilities can turn into a serious threat concerning the business service, infrastructure, as
well as subscribers consuming the service. One vulnerability can be exploited to trigger another. For example, hackers
can use an authentication bypass vulnerability to allow remote code execution (RCE), allowing them to take control
of these vulnerable IoT devices and add them to their botnets, potentially resulting in an attack to disrupt network
Cyberattacks on critical infrastructure, such as power grids, shows advancement in the way attacks are becoming
automated, synchronized and coordinated.

NB-IoT Security
Prevent signaling threats from Narrowband-IoT devices and secure your CIoT services against DoS attacks from
weaponized CIoT devices, malware, ransomware, and other vulnerabilities. Palo Alto Networks K2-Series 5G-ready
next-generation firewalls provide complete visibility and granular control over NB-IoT traffic on signaling, control, and
user planes.
No matter which services you offer (e.g., utility services in the critical infrastructure domain, factory automation in
an IIoT setup, or even smart home automation services), we can help with securing your CIoT traffic and services.
Gain unprecedented levels of visibility into CIoT traffic and device-to-device communications on your network for
complete security.

Unlock the potential of cellular IoT connectivity and get ahead of the curve. Reinvent your IoT differentiation strategy
with our security offerings to chart your path to IoT success. Securing M2M and IoT services becomes critical—a chance
to move up in the value chain from being only connectivity providers to secure business enablers.

3000 Tannery Way © 2019 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
Main: +1.408.753.4000 All other
Sales: +1.866.320.4788 marks mentioned herein may be trademarks of their respective companies.
Support: +1.866.898.9087