Data transmission security

SENSECOM devices place a high emphasis on overall security, from physical protection of the device and message transmission to access rights to transmitted data and remote device configuration.

Authenticity of message origin

in NB-IoT: Communication between device and mobile network fulfills international security standards for NB-IoT. In addition, communication can be encrypted by AES-256 between device and senseparam server.

in SIGFOX: SENSECOM devices contain a unique device identification (ID) and certificate. This identification is used to uniquely associate the link: device (ID) – transmitted data – customer/user access. Through the unique device certificate, each message is signed and a message hash is calculated (both using the AES128 algorithm in CRT mode) before being sent to the wireless IoT network. This guarantees the integrity of the transmitted message (transmitted data), i.e., message spoofing is virtually impossible.

Message security from network to senseparam server

The communication from NB-IoT base stations via mobile operator to SENSEPARAM using IPsec (SIGFOX) or UDP with whitelisted IP (NB-IoT).

Senseparam-Customer

The communication between the customer and the SENSEPARAM portal is SSH secured.

Data access protection in SENSEPARAM

Data can be accessed in the device manufacturer’s SENSEPARAM portal, where 2FA login is required for users of the following levels: L2 (operator), L3 (administrator). For L1 (normal user), 2FA is possible but not a requirement – L1 rights are limited to basic functions without the ability to manage users, devices and their settings.

E2E encryption

Some SENSECOM device models are supplied with E2E encryption FW using AES-256 (mainly for transmission of data categorized as personal), access (decryption) occurs only at the level of the SENSEPARAM portal solution.

Signal jamming

The device transmits with concentrated power in a narrow band and in SIGFOX network each message is sent 3 times on different frequencies. Signal jamming is very difficult (it would require a transmitting device with several kW of power). Compared to GSM communicators, signal jamming is very difficult, close to impossible. Signal jamming in NB-IoT is also more difficult in compare to GSM communication.

Protection of equipment

Most SENSECOM devices are equipped with protection elements, possibly in combination, such as

  • accelerometer
  • tamper switch
  • electronic seal

which ensures the signaling of a breach or the manipulation with the device.