Data transmission security
SENSECOM devices place a high emphasis on overall security, from physical protection of the device and message transmission to access rights to transmitted data and remote device configuration.
Authenticity of message origin
in NB-IoT: Communication between device and mobile network fulfills international security standards for NB-IoT. In addition, communication can be encrypted by AES-256 between device and senseparam server.
in SIGFOX: SENSECOM devices contain a unique device identification (ID) and certificate. This identification is used to uniquely associate the link: device (ID) – transmitted data – customer/user access. Through the unique device certificate, each message is signed and a message hash is calculated (both using the AES128 algorithm in CRT mode) before being sent to the wireless IoT network. This guarantees the integrity of the transmitted message (transmitted data), i.e., message spoofing is virtually impossible.
Message security from network to senseparam server
The communication from NB-IoT base stations via mobile operator to SENSEPARAM using IPsec (SIGFOX) or UDP with whitelisted IP (NB-IoT).
Senseparam-Customer
The communication between the customer and the SENSEPARAM portal is SSH secured.
Data access protection in SENSEPARAM
Data can be accessed in the device manufacturer’s SENSEPARAM portal, where 2FA login is required for users of the following levels: L2 (operator), L3 (administrator). For L1 (normal user), 2FA is possible but not a requirement – L1 rights are limited to basic functions without the ability to manage users, devices and their settings.
E2E encryption
Some SENSECOM device models are supplied with E2E encryption FW using AES-256 (mainly for transmission of data categorized as personal), access (decryption) occurs only at the level of the SENSEPARAM portal solution.
Signal jamming
The device transmits with concentrated power in a narrow band and in SIGFOX network each message is sent 3 times on different frequencies. Signal jamming is very difficult (it would require a transmitting device with several kW of power). Compared to GSM communicators, signal jamming is very difficult, close to impossible. Signal jamming in NB-IoT is also more difficult in compare to GSM communication.
Protection of equipment
Most SENSECOM devices are equipped with protection elements, possibly in combination, such as
- accelerometer
- tamper switch
- electronic seal
which ensures the signaling of a breach or the manipulation with the device.