Data transmission security
SENSECOM devices place a high emphasis on overall security, from physical protection of the device and message transmission to access rights to transmitted data and remote device configuration.
Authenticity of message origin
SENSECOM devices contain a unique device identification (ID) and certificate. This identification is used to uniquely associate the link: device (ID) – transmitted data – customer/user access. Through the unique device certificate, each message is signed and a message hash is calculated (both using the AES128 algorithm in CRT mode) before being sent to the wireless IoT network. This guarantees the integrity of the transmitted message (transmitted data), i.e., message spoofing is virtually impossible.
The message between the device and the network (up to the SIGFOX cloud or NB-IoT Base station) is proprietary, not based on IP but the communication from NB-IoT base stations via mobile operator to SENSEPARAM using IPsec. The communication between the customer and the SIGFOX cloud or SENSEPARAM portal is SSH secured.
Data access protection
Data can be accessed:
A) in the device manufacturer’s SENSEPARAM portal, where 2FA login is required for users of the following levels: L2 (operator), L3 (administrator). For L1 (normal user), 2FA is possible but not a requirement – L1 rights are limited to basic functions without the ability to manage users, devices and their settings.
B) in the SIGFOX cloud (in technical, unparsed form), access is protected by password and access rights level.
Some SENSECOM device models are supplied with E2E encryption FW (mainly for transmission of data categorized as personal), access (decryption) occurs only at the level of the SENSEPARAM portal solution.
If the customer requires E2E encryption with decryption in the customer’s database, SENSECOM devices can be supplied with a decryption algorithm and unique keys for each device supplied under a contract including an NDA as part of the entire series delivery.
The device transmits with concentrated power in a narrow band and in SIGFOX network each message is sent 3 times on different frequencies. Signal jamming is very difficult (it would require a transmitting device with several kW of power). Compared to GSM communicators, signal jamming is very difficult, close to impossible. Signal jamming in NB-IoT is also more difficult in compare to GSM communication.
Protection of equipment
Most SENSECOM devices are equipped with protection elements, possibly in combination, such as
- tamper switch
- electronic seal
which ensures the signaling of a breach or the manipulation with the device.