AmbiSecure

Securing smart cities

The cities are vulnerable to threats such as signal jamming, remote systems or data manipulation, Denial of Service (DoS), malware attacks and the recent rampant ransomware and wiping attacks. There is a need therefore for comprehensive smart city plans to minimize cybersecurity risks and protect critical infrastructure in smart cities so as to defend stakeholders, ranging from residents to private and public service providers.

Smart cities’ virtual doors will need virtual keys and locks controlled through remote communications. In real sense, these virtual doors to smart cities are never fully locked, creating loopholes cyber attackers will sure attempt to exploit. This, then means smart cities are not safe until proven, hence measures must be put in place, spanning physical security and network security, to continuously ensure, guarantee and verify key components of the infrastructure never fail.

Security in LoRaWAN

The LoRaWAN specification has been designed from the outset with security as an essential aspect, providing state-of-the-art security properties that meet the needs of highly scalable low-power IoT networks. Unlike many other IoT technologies, the LoRaWAN specification already offers dedicated end-to-end encryption:

The specification defines two layers of cryptography:

• Using a unique 128-bit network session key shared between the end-device and network server
• Using a unique 128-bit application session key (AppSKey) shared end-to-end at the application level

AES algorithms are used to provide authentication and integrity of packets to the network server and end-to-end encryption to the application server. By providing these two levels, it becomes possible to implement “multi-tenant” shared networks without the network operator having visibility of the users’ payload data. The devices can be activated by Personalization on the production line or during commissioning, or can be over the air activated (OTAA) in the field. OTAA allows device sessions to be rekeyed if necessary.

LoRaWAN relies on symmetric cryptography, which requires sharing keys in a safe and secure way. To further aid with this process, LoRa Alliance members have developed:

• LoRaWAN backend interfaces that isolate the storage of root keys in the join server, so that becomes a trusted player, regardless of network
• Secure element solutions that provide additional hardware physical protection against tampering

Though LoRaWAN is inherently secure, the LoRa Alliance is constantly reviewing, designing and implementing security enhancements and best practices to ensure LoRaWAN stays ahead of the changing security landscape and Ambimat offers itself as an aide in this process with a value added solution.

Ambimat’s solution for your LoRaWAN

Ambi-Secure is a hardware-software solution based on 3 decades of experience in the field of IoT. The solution is a combination of a System on Chip (SoC) and Ambimat’s firmware residing on it which helps cater to almost all of the challenges present on your IoT (read: LoRa) device

Our Ambi-Secure acts as a secure hardware memory to help customers store their AppKey, NwkKey, AppSKey and other keys used for the communication in a secure location outside the memory of the main controller

Our Ambi-Secure can also help generate the most secure keys for your application while communicating with the gateway or the network server.

Ambi-Secure can confirm the authenticity and the validity of the source of the Firmware sent over the air for updation.

Ambi-secure implements the encryption algorithms in itself taking away the need to implement such algorithms in the main controller thereby providing more security to the solution as well as more flexibility to choose the controller of choice.

Ambi-Secure protects your infrastructure as well as your customers’ infrastructure from any challenges arising from a security perspective for the entire lifetime of your product.

AmbiSecure Key – Security Digital USB Key

The AmbiSecure Key is a FIDO2 compliant device used to provide a simple and highly secure signin feature to any online server supporting FIDO authentication algorithm.

Now that passwords are fast becoming obsolete and your privacy as well as the security of your digital profile is very often compromised it is necessary to up the anté with hardware security.

INTERFACES:

• A single USB device with Bluetooth and NFC interface will provide ease of connection with any mobile device or a computer. The fingerprint sensor on the device will protect your account even if you lose the USB key.
• Since the device will be based on the USB HID interface the device will work irrespective of the operating system the user is working on. You can even plug them into tablets over an OTG connector and they will work without the use of any specific drivers to be installed.

SECURITY AND EASE OF USE:

• On the security and ease of use aspect of the product you can simply plug it into your computer’s USB port or place it over the NFC antenna of your mobile device and use any FIDO enabled service online.
• The authentication service can reside at a common location in the login server. Every time there is a request for log in from a user (after the user has provided the username and password) it can be authenticated automatically if the fingerprint sensor as well as the USB key match the records provided at the time of registration.
• This FIDO enablement will enable your IT department to essentially provide secure access to any aspect of the IT services without the use of OTPs or Secure ID token.
• The AmbiSecure Key will support all smart card functionalities as well which include access control into high security areas, single sign on as well as any other services that the IT department wants to extend based on the FIDO algorithm.

EXTERNAL ATTACKS ON THE AMBISECURE KEY:

• Since the device is based on FIDO’s authentication algorithm which is trusted by companies like Google, Facebook, Github etc. getting access to or cloning. Furthermore NFC technology has a limited range protocol it is remains non-susceptible to any prevalent security attacks like man-in-the-middle attacks.

STANDARDS AND COMPLIANCE:

• The hardware will be FiDO compliant with the U2F (Universal 2nd Factor) authentication specification. FiDO or Fast iDentity Online is an alliance of some of the world’s biggest software companies who publish open and scalable standards that enable simpler and more secure user authentication experiences across many websites and mobile services. The FiDO ecosystem enables better security for online services, reduced cost for the deploying enterprise, and a simpler and safer consumer experience.

COMPARISON WITH EXISTING TECHNOLOGY:

• The device replaces the need for software based 2 factor authentications like OTP tokens on SMS, authenticator applications etc. which are highly time-consuming and end up becoming clumsy for the users.

PHYSICAL ATTRIBUTES:

• It will be light-weight such that it doesn’t become difficult for someone to carry around the neck.
  The device has a perpetual battery life since it draws power from either the USB port or over the NFC field.

USE CASES:

1)Secure Single Sign ON/Access control device:

• This device can be used as a single sign on device to your PC/Mac over USB and to your phones (Android or iPhone) over NFC
• When you disconnect the device from the USB port or take the device away from your mobile device your primary device can even log you out.
• Can be your log in to secure rooms within the organization that only you have access to.

2)Digital Signature:

• This device can be used to encrypt the data that the user wants to send to another person.
• The other person’s USB drive is used to decrypt the data that was encrypted by the sender.

Download Ambisecure key Brochure