Wireless Sensor System Security…Essential…
Table of Contents
Security is mandatory in Bluetooth mesh networks. Phantom features Unparalleled Security Features.
By offloading decryption, encryption, and authentication works to our CryptoCell-310, Phantom can deliver high performance in Bluetooth mesh networks.
Mesh network, individual applications, and Bluetooth 5 devices are all secure. This cannot be switched off or reduced in anyway.
- All mesh messages are encrypted and authenticated.
- Network security, application security, and device security are addressed independently.
- Security keys can be changed during the life of the mesh network via a Key Refresh procedure.
- Message obfuscation makes it difficult to track messages sent within the network providing a privacy mechanism to make it difficult to track nodes.
- Mesh security protects the network against replay attacks.
- The process by which devices are added to the mesh network to become nodes, is itself a secure process.
- Nodes can be removed from network securely, in a way which prevents trashcan attacks.
Three security keys provide security to different aspects of the mesh and achieve a critical capability in mesh security, that of “separation of concerns”.
- NetKey (network key) possessed by all nodes. It allows a node to decrypt and authenticate up to the Network Layer. A Relay node uses NetKey to decrypt and authenticate messages before relaying.
- AppKey (application key). Application data for specific application can only be decrypted by nodes possess the right AppKey.
- DevKey (device key) is unique to each node. It is used for secure communication with the Provisioner during provisioning process.
In a mesh network with many nodes, a lot of processing power is required for decryption and authentication at least for the Relay nodes and possibly for other nodes. Phantom is embedded with an ARM CryptoCell-310 cryptographic co-processor. To achieve acceptable mesh network performance, Phantom should be used in mesh networks with many nodes.
CryptoCell-310 provides the following key features:
- Cryptographic hardware engines, providing CPU host offloading, operation acceleration and power consumption reduction.
- Cryptography and security middleware services
- Platform Security building blocks libraries
- Device Life-Cycle-State management
- Key Management infrastructure
- Secure Boot.
By offloading decryption, encryption, and authentication works to CryptoCell-310, Phantom can deliver the highest performing security of all Bluetooth mesh wireless sensor networks.
ABOUT THE AUTHOR
Michael Howard, D.Sc is an American entrepreneur, a veteran of the United States Air Force, and respected leader in the predictive maintenance industry. Michael is an avid CrossFit® athlete, CrossFit® CF-L1 Trainer and passionate advocate of revolutionary concepts in the wireless instrumentation and the IIoT communities for the maintenance & reliability industries.
Michael is a native of South Glens Falls, New York and a graduate of Excelsior College, Capella University, & Charter University with degrees in Electro-Mechanical Engineering, Leadership, & Organizational Management, & Engineering Management. Mike is a Certified Reliability Engineer, Six-Sigma Black Belt & Certified Maintenance & Reliability Professional. Mike is the CEO of Erbessd Instruments and is responsible for Strategic Direction, Distribution, Sales, Marketing and Operations throughout the English speaking markets.
ERBESSD INSTRUMENTS is a leading manufacturer of Vibration Analysis Equipment and Dynamic Balancing Machines with facilities in Mexico and the United States and representatives around the world. ERBESSD INSTRUMENTS – MASTERS OF MACHINE HEALTH