Delivering Secure Communications Across Wireless Networks

As the worldwide adoption of the Internet of Things (IoT) gathers speed, security of the data retrieved and shared by these applications becomes an increasingly crucial issue, writes Marc Pegulu. There’s a real threat of data passed between parties via the IoT being intercepted. Even if this data isn’t confidential, the mere interruption of its delivery could have seriously negative consequences.

Of course, data protection itself is a vital issue, but unauthorised access to data could result in the failure (and possibly the catastrophic failure) of whatever system is being controlled – whether monitoring temperature or air quality in a smart building, alerting people to the possibility of fires or carbon monoxide leaks or overseeing pollution control or disaster prevention.

A major problem with most proprietary technologies used in low-power wide area networks (LPWAN) is that they simply don’t do enough in terms of encryption. An additional layer of security, which could be costly, cumbersome and power consuming, would have to be installed to improve their data security capabilities.

Also, the level of secure data delivery demanded by the IoT is simply not possible using high-bandwidth, high-power networks that are based on cellular, Bluetooth Low Energy or Wi-Fi technology. 5G will not be ready for serious IoT data delivery for some time (worse still, recent research identified no fewer than 11 serious security flaws associated with 5G networks), while Wi-Fi has been shown to be insufficiently secure and, obviously, not capable of transferring data over very long distances.

Delivering secure data over long distances

An alternative solution based around long-range devices has been shown to offer the level of encryption that’s required for secure IoT data management. An LPWAN protocol for the IoT is called LoRaWAN and this supports low-cost, mobile and secure bi-directional communication for low-power, machine-to-machine, Smart City and industrial applications.

Security is built into the protocol’s specification from the beginning, with end-to-end encrypted communication using the Advanced Encryption Standard developed by the National Institute of Standards and Technology.

As security is a vital element of LoRaWAN, it’s thought to be ideal for scaleable IoT networks. Unlike other IoT-based technologies, the protocol’s security design satisfies the principle that security must be future-proof since devices are deployed in the field for long periods of time (ie many, many years). This is why security properties are embodied in the current protocol specification using standard, well-vetted algorithms and end-to-end security with mutual authentication, integrity protection and confidentiality.

By connecting IoT sensors to the cloud, long-range wireless networks are able to deliver real-time communication of data while also providing analytical information for organisations to boost productivity and improve efficiency. They are particularly suited to applications where safe mobile and secure bi-directional communications are required.

Chirp Spread Spectrum

What makes the difference is that long-range wireless systems are based on the Chirp Spread Spectrum technique that encodes data through wideband linear frequency modulated chirp pulses. This helps the technology to work efficiently across far greater lengths than the alternatives mentioned above, while operating on the lowest power of all data communications platforms on the market.

Used in over 100 countries, wireless technology is best suited to LPWAN-based IoT – whether indoor or outdoor, operating in public, private or hybrid data transmission networks – and it forms the basis of around 40% of all existing LPWAN connections. This is because analytics platforms, such as those used in Artificial Intelligence or machine learning applications, demand the level of data diversity that’s only deliverable through sensors based around such long-range technology.

Other benefits of this open source communications offer include being able to share data via the cloud over distances up to 30 miles in rural areas and ten miles in cities, even when extremely dense building materials are involved. At the same time, longevity is ensured by network devices offering a battery life of up to ten years.

Other features include reliable connectivity, low power consumption, ease-of-use, low operating overheads and straightforward scaleability.

Monitoring and managing

For developers of Smart Cities, long-range radio frequency solutions have become the go-to technology for parking management, infrastructure monitoring and automated metering. In agriculture, the technology is used for year-round monitoring of crops and livestock, while other applications include disaster prevention, pollution control, natural resource protection and smart supply chain and logistics.

In building management, long-range wireless networks have also proven ideal for monitoring lighting, water and energy usage while ensuring personnel safety and checking unauthorised access. Other uses include monitoring levels of smoke, temperature, fire, CO2, carbon monoxide and airflow/air quality.

Facility managers and building owners have also benefited from access to consistent and reliable data that facilitates building planning, including the efficient use of space and enhanced office layout if required. It isn’t an exaggeration to say that this technology can not only protect property investment, but it can also save lives.

Marc Pegulu

Marc Pegulu

With IoT applications increasingly playing a key role in creating the smart environments mentioned earlier, these applications will help to achieve what must be the ultimate goal – a smart planet containing billions of seamlessly connected devices. Until then, there’s the issue of connecting a mere 100 million devices and the fact remains that device owners are the only parties in the mix of stakeholders with access to sensor data. Of course, this could present a challenge because mission-critical decisions may only be made in full confidence if the security of data is guaranteed and networks are joined safely and securely.

The reason the LoRaWAN specification plays an important role in terms of data security is that it governs the authenticated connection between device, application server and network (using VPNs and HTTPS), making sure that only genuine and authorised entities can interact with the correct type of networks. In turn, the 24-bit unique identifier ensures that the data being gathered and shared hasn’t been interfered with in any way and isn’t accessible to unauthorised parties.

With the growth of the IoT, gathering and sharing massive amounts of data within milliseconds across buildings, cities and even continents will become more and more commonplace. The security of that data will be paramount to the reliability of operations across the globe. As various claims are made about different types of communications technology, it pays to shop around and make sure that the one you choose to go with is capable of delivering the level of security that you demand from an IoT data management system.

Marc Pegulu is Vice-President of the IoT in the Wireless and Sensing Products Group at the Semtech Corporation

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts