Integrating BICS SIM for Things with AWS IoT to Provide Secure Cellular Connectivity for IoT Solutions
By Rodrigo Merino, EMEA IoT Partner Solution Architect
There are three main challenges to any Internet of Things (IoT) use case that cannot be ignored when going into production:
- Achieving reliable and seamless global connectivity for your IoT devices.
- Keeping IoT devices securely connected end-to-end, even in large and mass roll-out deployments.
- Extracting business value from IoT data.
Mobile or cellular networks (2G, 3G, 4G LTE, NB-IoT, LTE-M) are one of the most effective and widely available solutions to the first challenge.
In this post, we will address the second and third challenges and describe the high-level architecture integration between AWS IoT and the BICS SIM for Things platform, a global connectivity solution for IoT. BICS is an AWS Partner Network (APN) Standard Technology Partner.
By leveraging BICS’ network connectivity information, customers using BICS Global IoT SIM for their connected devices can achieve enhanced security and extract additional insights from their IoT fleet. Using BICS’ advanced APIs, solution architects can follow the steps in this blog to enable the integration between AWS IoT and SIM for Things.
BICS Global IoT is a Secure Cellular Connectivity Solution
The SIM for Things offering provides a single global SIM to securely connect IoT devices all around the world. This includes connectivity in more than 200 countries on six continents, with at least two mobile network operators per country.
BICS’ unique worldwide infrastructure, patented roaming technology, and custom-built virtualized IoT core network provide enterprises with reliable and high-quality secure connectivity for any type of connected service deployment.
Additionally, all platform functionalities are available through highly-flexible and easy-to-use APIs. With more than 210 ready-to-use APIs, BICS has the widest range in the market and is constantly adding new APIs for easy integration and automation of enterprise IoT solutions.
In Figure 1, you can see a good example of the kind of information the SIM for Things platform provides, such as monthly current data volume; cost; status of all SIM/endpoints (online, offline, attached, etc.); latest network events; country and operator providing network coverage to each specific SIM, and more.
Figure 1 – SIM for Things is a global connectivity management platform built by BICS.
SIM for Things provides the following benefits to IoT customers seeking reliable connectivity:
- Network-agnostic and global mobile connectivity: Flexibility to define the type of network or connection best suited to the location and purpose of the device, and to be able to alter this as required.
- Efficient network management: Real-time tools to provision SIMs, set device parameters, monitor quality, and control data usage across the entire fleet. The platform can manage connectivity on a device-by-device basis, allowing for troubleshooting and automated updates on specific data usage.
- Simple integration: Customizable and flexible enough to integrate with enterprise backend systems. SIM for Things has the largest panel of ready-to-use APIs to manage end point lifecycles, perform software updates, and collect data for business intelligence.
- Monetization: A flexible business model allows pay-as-you-go and scale-as-you-grow implementation, with options including post-paid, prepaid, or package billing; or a combination of the three.
Benefits of the Integration for Customers
Keeping IoT security end-to-end is a real challenge, as IoT solutions are complex and multi-dimensional. An IoT deployment includes many parts, sensors, end-devices, gateways, and integrators that put all the pieces in place. IoT security is therefore a matter of securing all the components included in a deployment, and network connectivity plays a key part.
From a connectivity perspective, BICS has built a SIM connectivity platform from the ground up to address the needs of enterprises looking to connect devices and machines across multiple countries with a highly secure network infrastructure.
From the IoT platform perspective, AWS IoT enforces the highest level of security, with TLS 1.2 for the encryption of communication between devices and the cloud, and certificates for mutual authentication. Fine-grained policies per group, per device, and even per action, allows enterprises to remain in control of what their connected things can or cannot do.
Besides these security mechanisms, AWS IoT provides additional features thanks to AWS IoT Defender, which allows customers to define the expected behavior of a device. For example, if the device suddenly becomes “chatty” and sends bigger payloads because of a DDoS attack, administrators are automatically notified and can take the appropriate action, such as deactivating the thing and revoking the certificate.
Moreover, the integration between SIM for Things and AWS IoT gives customers a higher level of security for their IoT solutions, as well as added value by leveraging BICS network connectivity information. BICS’ extensive API library makes it simple to integrate the SIM for Things platform and AWS IoT to provide customers such enhanced security.
Architecture and Data Flow
The architecture in Figure 2 enables the integration of SIM for Things with AWS IoT and offers a simple way to analyze network connectivity information.
This analysis, done with AWS IoT Core and analytics services like Amazon Athena and Amazon QuickSight, gives extra security and information that customers can leverage in their IoT use cases, such as:
- Which SIMs are currently online and the data volume of each, with the ability to define static or adaptive thresholds.
- Movement of SIMs in the last 48 hours, thanks to the position of the serving cellular base station, as well as an accurate estimate of position for non-GPS devices. The system also offers the capability to define geofences areas and generate alerts
- SIMs that have suffered IMEI changes (indication of a possible fraud by inserting the SIM in a different device).
- SIMs with the most cell-id changes (indication of either a bad location or bad coverage of the chosen radio provider).
Figure 2 – SIM for Things from BICS and AWS IoT integration.
The data flow of the integration works like this:
- A “dispatcher” AWS Lambda reaches out periodically (e.g. 5 minutes) to the BICS API to get the full list of SIMs for a specific customer. For small IoT fleets, with less than 60 SIMs, this same Lambda can do the duties of the worker Lambda (described later).
This divides the full list of SIMs in batches of a specific size (10 SIMs, for example) and inserts those batches in Amazon Simple Queue Service (SQS). BICS also offers integration methods like data streaming to an Amazon Simple Storage Service (Amazon S3) bucket or to Amazon Kinesis Data Streams (KDS) that can be used to obtain a similar integration.
- Amazon SQS enables a fan-out architecture that can scale up to any number of SIMs.
- A “worker” AWS Lambda is triggered by each message (SIM batch), enabling the parallelization of Lambdas to handle IoT fleets of any size (and therefore any number of SIMs). Each worker Lambda reaches out again to the BICS API asking for the specific information of each of the SIMs of the assigned batch, like connectivity, events, and statistics. Data about the serving cell is included in the connectivity information provided.
In real-time, we enrich the network information with the location data of that cell, provided by Unwired Labs Location API. Once this information is collected from the BICS API, we create a thing for each SIM and populate each SIM’s shadow (reported state) with the latest information gathered from the BICS API.
- A couple of rules are defined—one for the storage of all the network information in an Amazon S3 bucket (for later analysis) and another to trigger notifications when critical security issues happen, such as IMEI changes or cell-id changes.
- Once the data is stored in Amazon S3 with all the processed network information from BICS, it is queried in a serverless way with Amazon Athena.
- Finally, with Amazon QuickSight we can have useful dashboards with near real-time control of SIMs in the IoT fleet, control on the state (online/offline), data volume, as well as important security features like rough position of each of the SIMs for geofence use cases, detection of IMEI changes, and changes of radio network provider.
In Figure 3, you can see a map in Amazon QuickSight where the user can see in real-time which SIM are online and how much data are they sending.
Figure 3 – Amazon QuickSight global map with online BICS SIMs and data volume of each.
The analytics capabilities of AWS services allow customers to have historical tracking of the SIM movement, thanks to BICS networking information.
Figure 4 – Amazon QuickSight global map with historical data showing how BICS SIMs moved during the last two days.
One of the benefits of the integration described is that customers can detect when a SIM is taken out of the original device and inserted in a completely different device, providing extra security by being able to detect fraud and hacking situations.
Figure 5 – Amazon QuickSight table showing which SIMs had gone through an IMEI change.
The architecture described in this post allows a simple methodology to analyze all the SIM network information of an enterprise’s IoT fleet while providing extra security.
Thanks to BICS’ advanced APIs, it is easy to integrate the SIM for Things platform with AWS IoT to provide joint customers with enhanced security for their IoT solutions. It’s also easy to extract value from BICS network connectivity information.
BICS and AWS continue our partnership in IoT, exploring new solutions to make IoT more secure and simple for customers. This includes network-based identity, where AWS IoT can leverage network-based authentication to automate the provisioning of things in AWS IoT, as well as AWS Device Defender for enhanced security by analyzing call detail records from BICS.
BICS – APN Partner Spotlight
BICS is an APN Standard Technology Partner. Their solutions support the modern lifestyle of device-hungry consumers: global mobile connectivity, seamless roaming experiences, fraud prevention and authentication, global messaging, and IoT.
*Already worked with BICS? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.