In this exclusive piece for IoT Insider, Ralph Stillinger, Dev. Engineer – Embedded Firmware, Zenner USA covers security measures for gas and water meters
As the digital landscape evolves, fortifying customer data privacy and authenticity has become paramount. One practical example of robust security measures in action can be seen in the deployment of IoT Meter Interface Units (MIUs) for gas and water metering. These units are designed to comply with the LoRaWAN 1.0.4 specification, ensuring secure and reliable data transmission.
IoT MIUs: Safeguarding gas and water metering
Consider a bustling urban neighbourhood where gas and water consumption data must be accurately monitored and securely transmitted for billing and operational purposes. In such a scenario, the reliability and security of the MIUs become paramount.
Security layers unveiled
A star-of-stars topology assumes a pivotal role in the architectural paradigm. Gateways, strategically positioned, relay messages between end devices and a central network server, establishing a robust communication channel that transcends geographical barriers.
Before data reaches the network server, it passes through gateways fortified with additional security measures. These gateways utilise a Private Access Point Name (APN), providing a dedicated and secure pathway for communication. Furthermore, a robust firewall is employed to scrutinise incoming data packets, filtering out any malicious or unauthorised attempts before they can reach the network server.
Customer data flow – Security layers
Encryption lies at the core of the security framework. Every wireless transmission originating from ZENNER IoT endpoints is shielded with AES-128 (Advanced Encryption Standard) cryptography, bolstered by unique application keys. This ensures that data remains unintelligible to unauthorised entities throughout its journey.
Endpoint security: Fortifying the first line of defence
At the heart of the security architecture lies the deployment of the IoT MIUs. These MIUs serve as the frontline guardians of customer data. From gas to water meter registers, the MIUs are equipped with robust encryption mechanisms, ensuring that data remains impervious to unauthorised access.
- Unique encryption keys: Each endpoint is furnished with cryptographically secure encryption keys, meticulously generated and stored within the device and our fortified servers. This ensures that data remains encrypted both during transmission and at rest, minimising the risk of interception and tampering
- Physical tamper resistance: Physical tampering poses a negligible threat, thanks to encapsulation techniques that render intrusion virtually impossible. Devices are encased in epoxy, fortifying against intrusion attempts and safeguarding the integrity of encryption keys
- Secure key management: Key management is paramount to security strategy. Use of best practices to securely generate, store, and manage encryption keys, mitigating the risk of key compromise and unauthorised access to sensitive data
Data transit and backend security: Ensuring data integrity
Metering data enters the server network and is first decrypted as it passes through the LoRaWAN Network Servers (LNS). Data undergoes rigorous error-checking processes to identify and rectify errors or duplicates before being seamlessly integrated into our primary SQL data storage system.
Once data is requested by the Web application interface, it undergoes a comprehensive re-encryption process over an SSL (Secure Socket Layer) connection. This additional layer of encryption ensures the confidentiality and integrity of data as it traverses through the network, safeguarding against unauthorised access and potential data breaches.
External access security: Protecting customer data access
External access to data is facilitated through the secure web interface layer. Leveraging the same robust Secure Socket Layer (SSL) encryption protocols employed in global financial transactions, this ensures the privacy and protection of customer data. Users are required to undergo stringent authentication processes, including logging in and verifying their credentials, before accessing metering customer data.
This comprehensive approach to data security, spanning from endpoint encryption to backend data transit and external access, underscores the importance of protecting the integrity and privacy of customer data throughout its lifecycle.
A use case
Imagine a utility provider tasked with remotely monitoring gas and water consumption across a sprawling urban landscape. Traditionally, such endeavours would entail manual meter readings, leaving ample room for inaccuracies and security vulnerabilities.
Real-time data acquisition facilitated by MIUs enables the utility provider to monitor consumption patterns with unparalleled accuracy and timeliness. Moreover, the robust security measures embedded within the devices ensure that sensitive customer data remains safeguarded against malicious threats.
Forging ahead with confidence
In a world where security breaches happen every day and where data is increasingly hailed as the new currency it is no longer an option to fortify the security of IoT communications. Through adherence to stringent standards, proactive engagement with industry bodies, and a relentless pursuit of innovation, we can continue to pave the way for a safer, more connected future.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.