I am not really a true developer, so I apologize in advance for the naivety. How secure is HTTP POST over 4G LTE/NB-IOT? We aren't sending any sensitive data (the data ends up going to a publicly viewable endpoint anyway), but I am concerned that if someone was able to see a POST request they could mimic it and send erroneous data to the server. The data is basically a timestamp and water level to monitor rivers for a government flood monitoring system. I know that 4g and NB-IOT is generally encrypted, but is this enough? HTTPS is giving us issues with the small IOT boards, so we are looking at using HTTP if it doesn't pose a huge security risk.
How secure is HTTP POST over 4G/NB-IOT?
366 Views Asked by twist27896 At
1
There are 1 best solutions below
Related Questions in HTTP
- My get request for http is very slow
- Angular multiple http requests chrome android
- HttpRequestContext vs HttpContext
- Converting curl command to iOS
- getting google contacts using shuttlecloud
- Node.js http.get example
- How can hide url value in php
- Symfony2 - handle HTTP/Entity user access restrictions
- Angular http interceptor responseError doesn't have statusText
- Which of the following hostnames are valid?
- Send Http request at specific time
- Rails - read file from POST request / octet-stream
- Python - Cookies & BeautifulSoup
- Npm requests stopped by home router
- POST Android json data
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in NB-IOT
- Can't change baudrate in SARA-N2 modem
- 【ESP32/ NBIOT / AWS IOT】how to set three certification to connect aws iot with nbiot sim card?(using arduino IDE)
- UDP packets over NB-IoT
- How secure is HTTP POST over 4G/NB-IOT?
- NB-IoT signal quality query (operator independent)
- error when publish data to aws IoT using BG96 and MQTT protocol
- SIM7020 - Error during execution of AT+CHTTPCON (based on example)
- HERE Network Positioning API v2 - NB-IoT position not found
- What's the escape character in AT-commands?
- How can I relate a cellular towers CID with it PCI
- Pico-SIM7080G hat detects network but can't connect
- Facing error in "Learning Attribute" while working in Tensorflow federated
- SIMCOM SIM7080G certificate conversion error on AT+CSSLCFG command
- Azure IoT Hub MQTT username and password character length limitation
- How the get the real download time (not request time) in .NET core web api
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
It's as safe as any HTTP, which is to say you're passing plaintext around and if you don't want it intercepted or tampered with then don't use HTTP. Your default posture should be to not trust anyone in the transit path.
With NB-IoT the bandwidth is so low and latency so high that TLS won't work reliably. That's the root of the issue and is why operators that have deployed NB-IoT mostly are either shutting it down, or deploying things like LTE CatM1 or LTE Cat1 alongside.
NB-IoT's place is for scenarios in which technical security measures, such as encryption, are simply not required. Whether there are sensible IoT use cases today that don't need technical security measures is another matter (I vote 'no'). Given that you're concerned with something important (water) and are concerned about "fake" data you seem to have arrived at an answer regarding whether security matters.
The security used for the cellular network is irrelevant if you want end-to-end encryption. You could consider schemes that are not based on TLS, but be prepared for your customers or users to not 'trust' such mechanisms if they're not established and proven in the field. You could employ symmetric encryption on both endpoints - it'll affect your power budget and would require sufficient computational power in the devices - or look at the numerous research articles claiming to have found lightweight asymmetric mechanisms.
Alternatively, your carrier may offer to host a 'broker' so you rely on the encryption across radio and core interfaces, then a separate method of securing transport from the broker service to your endpoint. This isn't end-to-end but it could work for you.
One assumes that you've found a solution to the issue after this length of time since OP. We can only hope that it involved the recognition that NB-IoT was probably not a suitable approach and that another communications system was used. I'd love to hear what your solution was.