Choosing IoT connectivity technology needs careful consideration of multiple technical and commercial factors linked closely to individual use cases. Different applications favour different technologies so what the product is designed to do is a critical factor in the decision. This series of articles discusses what a successful LPWAN technology looks like. Last time out we considered energy consumption; this time we’re homing in on one of the most critical factors for many users looking to deploy an IoT use case: security.
- Quality of Service
- Battery life
- Proprietary vs Standard
Mention IoT and very quickly the issues of security and privacy will be raised. The two are somewhat related. If data is kept secure then the number of entities that can access it is limited and privacy is more likely to prevail. If the system is not secure then the chances of achieving privacy are low.
We are so used to hearing about security breaches in Internet-related systems that it is easy to assume that nothing is secure and that any system can be hacked. This is not entirely true. Wireless systems can be very secure – there have been few, if any, significant breaches of the cellular systems that have resulted in customer conversations being overheard or account information hacked. When breaches do occur they tend to be at the application layer with organisations like Facebook and others struggling to prevent loss of password data or similar. So a well-designed wireless solution should be able to keep data and privacy secure up to the point that the data passes to a solutions provider (such as a car manufacturer). After this point, it is out of the control of the wireless solution as to what happens to the data. Equally, a poorly designed wireless system can provide opportunities for attack that are hard to close off since updating remote terminals can be difficult, especially in one-way networks.
There are many different elements of security including:
- The network authenticating the terminal to be sure that the terminal is the device it claims to be.
- The terminal authenticating the network to be sure it is a valid network to which it can pass information.
- Encryption of the information such that if intercepted it cannot be read.
- Prevention of replay-type attacks where data is recorded and then replayed later to the network resulting in what appears to be the same message being resent.
The level of security selected is a compromise between many factors including:
- Ease of commissioning the device for the first time – ideally not requiring the commissioning engineer to enter long digit strings into databases or similar.
- The overhead added to messages to provide the encryption which should not be so large that it materially increases data traffic volumes.
- The processing power required in the terminal to perform any security-related operations which ideally should not require additional elements or higher power drain.
- The power of encryption which ideally should not prevent export worldwide.
A key choice is whether to embed a secret key within the terminal. This is the approach adopted by cellular systems where each SIM card has a secret key inaccessible to anyone once fabricated and brings many advantages since the terminal sets out from the factory with all the information within it to enable the network to authenticate it. However, it does require a secure database to be administered among chipset manufacturers and network operators and tends to work best in an open standards environment. It is the approach adopted by Weightless which enables it to achieve “carrier grade security”.
Another important design feature is the ability to upgrade the entire security suite over the air. This means that should a flaw be discovered a new security approach can be downloaded and installed remotely, resolving the problem. Again Weightless offers this capability.
There are other subtleties with IoT. Devices often send the same message repeatedly such as a meter reading or similar. Sending the same message generates a security weakness that attackers can use to decode (it was how the Enigma cracked the German code – the use of the phrase “Heil Hitler” at the start of many messages). Weightless overcomes this by generating a changing number called a “nonce” that is encoded along with the data from the device to ensure the message is always different. This also allows various other security checks such as that messages are arriving in sequence, preventing messages being recorded and replayed later.
So an IoT system can be made extremely secure – as secure as a cellular solution. At this point the weaknesses are much more likely to be with the client-stored data than the wireless network. But it requires excellent design, careful selection of trade-offs and a belt-and-braces approach of being able to swap out a security suite that turns out to be weaker than expected. Unfortunately, few systems available to date have all of these.
Security is a critical factor in virtually all IoT use cases so systems based on Weightless-P technology benefit from leading edge data security provision. AES-128/256 encryption and authentication to the network guarantees integrity whilst temporary device identifiers offer anonymity for maximum security and privacy. OTA security key negotiation or replacement is possible whilst a future-proof cipher negotiation scheme with a minimum key length of 128 bits protects long term investment in the network integrity.
What Weightless offers:
- Authentication to the network
- AES-128/256 encryption
- Radio resource management and scheduling across the overall network to ensure quality-of-service to all devices
- Support for over-the-air firmware upgrade and security key negotiation or replacement
- Fast network acquisition and frequency/time synchronisation