本文へスキップ

Soracom Air Security

Soracom IoT SIM cards take advantage of cellular communication's characteristics and the ability to use additional Soracom services to remain secure.

コピー/保存

このページはまだ日本語では利用できません。現在は英語版を表示しています。ブラウザの翻訳機能をご利用ください。

ブラウザで翻訳する
  • Chrome / Edge: アドレスバーの翻訳アイコン、またはページを右クリックして「日本語に翻訳」を選択してください。
  • Safari: アドレスバーの「aA」メニューから「翻訳」を選択してください。

翻訳メニューが表示されない場合は、ブラウザ設定で翻訳機能が有効になっているか確認してください。

英語版を見る

Soracom Air Security

Soracom IoT SIM cards take advantage of cellular communication's characteristics and the ability to use additional Soracom services to remain secure.

Security Diagram

Preventing Unauthorized Use of IoT SIM Cards

Soracom provides two features that can prevent the unauthorized use of Soracom IoT SIMs: CHAP Authentication or IMEI Lock.

  • CHAP Authentication allows you to add an extra layer of username and password authentication on top of SIM authentication. Using CHAP authentication can help prevent a Soracom IoT SIM from being removed and used in an unauthorized or tampered device, as the new device will be required to provide additional authentication credentials before it can establish a network connection.
  • IMEI Lock provides a straightforward method for securing your Soracom IoT SIM, ensuring that in the case that your Soracom IoT SIM is stolen, it cannot be used inside another device, resulting in unwanted data usage charges.

Additional Security Features

  • Devices using Soracom IoT SIMs are assigned private IP addresses, preventing potential attackers from directly accessing the device over the internet.

  • When using Soracom IoT SIMs, communication from a device to a local cellular provider's base station and switching station is encrypted. In addition, the switching station and Soracom are connected via a closed network, reducing the risk of unauthorized access or eavesdropping by attackers.

  • Soracom IoT SIMs contain a tamper resistant UICC (Universal Integrated Circuit Card) that stores the authentication and programming required to connect to the cellular network.

Security from Soracom Platform Services

Data security between your device and backend can be further increased by leveraging the services described below.

Soracom Beam

Soracom Beam is a proxy service with several beneficial security features including:

  • Protocol conversion from less secure protocols to TLS-encrypted protocols, offloading encryption workloads to the cloud and allowing you to integrate devices with protocol limitations.
  • Cloud-side endpoint credentials storage, preventing attackers from obtaining security information from a device if it is compromised.
  • Endpoint proxy, allowing for fleet-wide endpoint changes in the case that a server is compromised.

Virtual Private Gateway

Soracom's Virtual Private Gateway (VPG) service provides a private networking environment for your devices using IoT SIM and the ability to use additional services and security features:

  • An Outbound Filter can be configured to restrict destinations that devices in the VPG can send data to.

  • Two Fixed Global IP addresses can be assigned to your VPG. If enabled, all internet-bound traffic from the VPG will originate from one of the two addresses, allowing you to easily set up IP-based filtering in your firewall or security policies.

The following services can be used in combination with a VPG to securely connect your devices to a closed network:

  • Soracom Canal directly connects Soracom VPGs to Amazon Web Services (AWS) Virtual Private Cloud networks through AWS Peering Connections or using AWS Transit Gateway.

  • Soracom Door provides connectivity to customer systems using an Amazon Web Services virtual private network connection.

  • Soracom Gate provides extended networking functionality for VPGs that enables device-to-device access via a LAN environment for your devices within VPG. Gate also allows for remote access to your devices via a VXLAN connection from your private network to the VPG.

検索 Escで閉じる / Enterで検索結果