Communications networks, including a core mobile communication network (“mobile network” or “core mobile network”), carry traffic for a large number of networked devices. An increasing portion of the communication traffic is transmitted to and from network-enabled devices with little or no user input. Network-enabled devices of this type, such as Internet-of-Things (“IoT”) devices, may transmit information related to the device itself, or related to the environment of the device. In some cases, the information may be unassociated with a user, or it may be associated with a user account rather than to a person's particular request for information. Information may be transmitted to or from network-enabled devices or an application server, such as an application server operated by an organization associated with the network-enabled devices. The organization associated with a network-enabled device may provide services related to the device, such as remote monitoring or maintenance services.
Network-enabled devices may serve specialized functions, such as receiving data from sensors or providing control signals to other devices (e.g., receiving temperature data from and providing control signals to a thermostat). The network-enabled device may be relatively small or simple, such as a device including few components and/or with low-end capabilities. The simplicity of such network-enabled devices may cause the devices to have few or no security measures. Unfortunately, a lack of security may leave the network-enabled devices open to being compromised or disabled. A compromised network-enabled device may be used in a security attack, including a physical attack (e.g., disabling all streetlights in a target area) or a network-based attack (e.g., commanding a large number of compromised devices to communicate with a target server system).
Current solutions for securing communications with a network-enabled device include using security keys to encrypt or authenticate communications to and from the network-enabled device. An encrypted communication may improve security of the communication or of related systems, such as the network-enabled device. However, the security key itself may be stored insecurely (e.g., unencrypted) on the network-enabled device. In addition, updates or maintenance operations may transmit the security key insecurely on a network (e.g., the Internet).
As noted, a network-enabled device may not have the sophistication to provide security for itself. In addition, a company that provides network-enabled devices or associated services may lack the resources or inclination to provide security. An application server that is configured to recognize unusual behavior may be limited to analyzing the behavior of network-enabled devices that communicate with the application server (e.g., only devices associated with a company running the application server). Attacks that are organized using network-enabled devices from multiple groups (e.g., multiple device types, multiple companies) may not be detected by an application server associated with a particular group.
It is desirable to provide security for communications with a network-enabled device. In addition, it is desirable to provide security that minimizes the complexity or cost of the network-enabled device. Furthermore, it is desirable to recognize unusual behavior that is associated with network-enabled devices from more than one group.