Documente Academic
Documente Profesional
Documente Cultură
G. Bolumar
Security, a key challenge for IoT
Interconnecting anything
On Air Network
Device Cloud Application
infrastructure
+ +
Protecting what maters, where it maters, when it maters
SIGFOX BRINGS
SECURITY BY ON NETWORK
DEFAULT ON-DEVICE ON CLOUD
INFRASTRUCTURE
Public - Restrcicted 3
Security at the heart of Sigfox
Design choices
Public - Restrcicted 4
1
Radio communication
Public - Restrcicted 5
Design choices: A built-in firewall
Secure transmission:
• From base station to cloud.
• From Cloud to costumer application.
Sigfox ReadyTM device Secure transmission
not connected thru IP
Public - Restrcicted 6
Ensure authentication, integrity & confidentiality
• AUTHENTICATION & INTEGRITY
- Authenticate the message’s sender:
Genuine Device / No - The SIGFOX network ensures that each message
clone of devices had been sent by a genuine device.
- The device ensures that the received messages had
been really sent by the SIGFOX network.
Communication - No data injection possible.
allowed
- Check the message integrity:
- If an entity intercepts a message and modify it, the
FOCUS ON SIGFOX PROTOCOL
Message not modification can be detected.
SECURITY MEASURES
corrupted
- Ensure that a genuine message cannot be replayed (anti-
replay).
Remove possible
injections of fake
messages - Be resilient to jamming attacks.
• CONFIDENTIALITY
- No payload encryption by default but available in option
Public - Restrcicted 7
MAC, pillar of the authentication & integrity
• MAC – MESSAGE AUTHENTICATION CODE:
- 2 to 5 bytes cryptographic token present in each message (uplink and downlink).
- Guaranty the message integrity and authenticates the message sender.
- Relies on symmetric cryptography (AES-128), each device has a specific secret
key, known by the network.
AUTHENTICATION &
INTEGRITY
Public - Restrcicted 8
Sequence Number to prevent message replay
• How to ensure that a message already emitted cannot be replayed ?
- A counter is present in uplink messages.
- This counter is incremented after each emission by the device.
- The SIGFOX network stores the last sequence number value for each
device.
- The sequence number of each incoming message is compared with the last
one, an incorrect value makes the message be discarded.
Sequence Counter
Public - Restrcicted 10
Advantages from Ultra Narrow Band
• Anti-jamming capabilities
- Thanks to UNB intrinsic ruggedness
- Coupled with spatial diversity of the base stations (+20dB)
More than 1000W are needed to jam a single Sigfox Base Station which is
impossible to get!
Public - Restrcicted 12
Security mechanisms on Base Station Software
• Base station can be deployed in hostile environment
• Contains I.P. that shall be protected
• Required security measures
- Nobody can steal Sigfox sensitive software (I.P. protection).
- Nobody can use the base station to intrude in the Cloud (VPN credentials
protection).
Public - Restrcicted 14
Prevent point of failure with DC redundancy
Synchronisation
CLOUD INFRASTRUCTURE
SECURITY
• REDUNDANT INTERNET
CONNECTION
- 2 connections with different paths for
each data center
- 3rd connection in case of emergency.
- DDOS protection software in Reverse
Proxy with daily update.
15
Functional redundancy & Layered architecture
• REDUNDANT FUNCTIONAL
COMPONENTS
- Each functional components of the core
network is redundant (load balancer,
application servers, database, …).
- No SPOF in a data center.
• SECURE ACCESSES
- Base station access based on VPN with
IP filtering.
- Different layers of reverse proxy.
Public - Restrcicted 16
4
Improving devices security
Public - Restrcicted 17
SIGFOX is concerned by device security
- Authentication credentials allows access to SIGFOX network
- These credentials are stored in the device
- They must be protected against disclosure and alteration to avoid device cloning
and unauthorized access to the network
Secure Element
Public - Restrcicted 18
To take away!
Public - Restrcicted 19
Security by-design – From core to the edge !
Secure
Hardware
Element
Security Module
Hardware Security Module to
manage key information in the
“Cloud”:
Payload Encryption • Dedicated hardware running
cryptographic computation in a secured
execution environment.
• Network Authentication Keys never seen
in clear outside the secured execution
RF Module Base Sigfox Customer environment.
Station Infra. Infra.
• No way to request or to extract keys &
algorithms used.
Secure Element to manage Payload encryption to securely transfer
sensitive info. on device: data from the object to the “Cloud”:
Available
• Store secured assets such as • Ensure confidentiality by ciphering data.
Network Authentication Key. • Specific algo. using different keys for each message.
• Store & run Sigfox authentication
& ciphering algorithms.
• Decryption by Sigfox infra. before callback generation. ENSURE ENHANCED
• No key provisioning required / Compliant with eSE. SECURITY ON
SIGFOX NETWORK
Available Available
Public - Restrcicted 20
security@sigfox.com
Thank you