SCION makes IoT systems even more secure

Cyber threats lurk around every corner – especially on the periphery of IT systems, where connected devices and sensors are more vulnerable. IoT devices that communicate with each other via wireless services are particularly prone to attacks, due to their widespread use and connectivity: the data transmitted between IoT devices and the central server is often sensitive, and that’s why it must be protected. This applies to financial services, the processing of medical data or in critical infrastructures: a cyber attack on an energy supplier’s connected devices, for example, could lead to a large-scale power outage. With disastrous consequences for both the economy and the community.

Since the public Internet doesn’t offer enough safeguards for these cases and also has deficiencies in reliability and control, additional protective measures are necessary for IoT devices. Solutions such as VPN, MPLS or SD-WAN can perform well here, but depending on the application’s purpose, they often lack flexibility, control or scalability.

This is where SCION comes to the rescue: it offers the highest level of protection – especially against DDoS attacks – and ensures efficiency, flexibility and control of data flows. For IoT systems with particularly high requirements for compliance and capacity, Sunrise Business has been offering SCION as a new, efficient alternative to common networking technologies since 2024. Together with its partner Anapaya, IoT devices are connected within an isolation domain so that the paths can be controlled from end to end. The connections are invisible to external parties, and this is what makes them invulnerable.

The following examples are already being implemented or currently in the planning phase:

Example 1: Smart meters in the mobile network

IoT-connected smart meters are already being used extensively in Swiss households to measure energy consumption – after all, the Electricity Supply Act obliges Swiss carriers to replace all old electricity meters with modern smart meters by 2027. These connected electricity meters transmit measurement data to the carriers and are usually connected directly to the management system via mobile-communication services.

Energy data is sensitive because it contains information about who consumes how much electricity and when, or how much a private solar installation produces – and thus can reveal whether or not someone is on holiday, for example. In addition, the power supply can be interrupted remotely via smart meters.

SCION ensures that exchanging data between the smart meter and the carrier’s central server never has to involve the public Internet. Instead, SCION uses an isolation domain that offers end-to-end security: continuous control over the path, access restrictions and performance management in the IoT system. With SCION, the electricity meter-reading service achieves the highest level of reliability, which in turn guarantees uninterrupted operation.

Example 2: Admission control and payment at major events

If QR-code scanners at a concert hall’s entrances fail and tens of thousands of fans are denied entry, the effects can be devastating: cancellation of the concert, chaos at the event venue and considerable financial losses are just some of the possible consequences. Disruptions to the payment terminals used at the food and drink stands would have similarly serious consequences.

The cause of such device failures might be a successful hacker attack – or a mobile-network overload, as can happen whenever there are large gatherings of people.

This is why a high-performance, secure and stable data connection to review and accept e-tickets within milliseconds and smooth payment processing are essential at major events. The ticket scanners and payment terminals can be connected within an IoT system and now made more secure with SCION from Sunrise Business.

Example 3: Medical analysis devices and health wearables

Medical-analysis devices and health wearables, such as heart-rate and blood-pressure monitors or fall trackers, are increasingly being adopted for elderly living and chronically ill patients. These devices monitor vital signs continuously and send them to central health systems in real time. If transmission is disrupted or the devices aren’t adequately protected, important health information could be lost or manipulated. The data is also highly sensitive, as it offers insights into a patient’s health condition, making them attractive targets for cyber criminals.

A secure IoT system is essential in this environment, since even the smallest disruptions in data transmission or security gaps in the communication channels can pose considerable risks for the patients affected. For medical devices that monitor vital signs, failure or data manipulation can be potentially life-threatening.

SCION offers significant benefits to elderly-living facility operators: health data is always transmitted within an isolated domain – and not via public Internet. This makes communication between the devices and the central healthcare systems invisible to cyber attackers. In addition, SCION offers a particularly high level of reliability because it controls the data paths. Even if there’s an attack or network instability, alternative secure paths can be used to ensure continuous health monitoring.

Invisible to the public Internet – how it works

The decentralised architecture of SCION and its ability to isolate network segments increases resilience against various types of cyber attack, most notably DDoS attacks. SCION offers full control over data traffic in the isolation domain and prevents network attacks right from the outset thanks to security by design. Thanks to multi-pathing, redundant and parallel paths ensure extremely high availability – even when network failures happen.

If a DDoS attack or network instability occurs, SCION connections can quickly switch to alternate paths in order to minimise downtime. In a conventional set-up, IoT devices can be secured via VPN, but the data paths can’t be controlled. However, SCION ensures full control between the SIM card in the IoT device and the customer’s server.

The challenge: the connections created for SCION must be completely secure – even though the technology is based on existing networks (Internet). For this reason, a VPN-protected route to the SCION GATE is used between the mobile device and the server, and it’s through this that the data reaches the isolated SCION. The data is then transmitted to the operator’s server via a SCION EDGE service. This is because the customer’s systems are also connected to the isolation domain of the SCION network with IPVPN. The transition from the mobile network to SCION therefore takes place via SCION GATE.

To enable the connections necessary for the IoT system, the use of SCION means that SCION EDGE and SCION GATE are required.

Conclusion

With SCION, IoT systems become more secure because they’re invisible to cyber criminals, making them invulnerable. The use of SCION in IoT networks is new and there is just as much potential for other applications that communicate via mobile communications, such as water supply, e-commerce and financial services, government (smart city), real-estate management (smart home) or medical-analysis devices like wearables (eHealth). Whenever sensitive data needs to be exchanged between connected devices within a partner ecosystem, SCION can provide more security and control of data paths than traditional solutions.