ASPIDER has developed a true end-to-end security solution for M2M communications that employs state-ofthe-art cryptography technology. Cryptography is the foundation of data security and it is employed in e-commerce activities such as online shopping, stock trading, and banking. The current version supports symmetrickey cryptography; public-key asymmetric cryptography will be enabled at a later date. As far as we know, Aspider is the first company to employ this robust technology for M2M security.
The security keys that ASPIDER generates, using an ultra-secure process, are stored in transparent files that are embedded in the SIMs. One subset of the security keys is open and accessible; another is only accessible using a PIN code. The M2M modem retrieves keys from the SIM , sends encrypted data to the server, which decrypts the data using the same key. The same encryption/description process is also used to send data to the modem. Ultimately the solution provides four security levels when using symmetric cryptography. (1) The Advanced Encryption Standard (AES) is employed for encryption. (2) The Message Authentication Code (MAC) enables data integrity to be secured. (3) Additional authentication can be provided by verifying the identity of the communicating entities. And (4) Adding Session Data (SD ) ensures that messages are secured and cannot be reused by an attacker at a later date. All four are required in order to ensure end-to-end security.
In asymmetric public key cryptography (PKI) one key is used to encrypt the information and a second key decrypts the information. A user can encrypt a short-lived session key using the communicating party’s public key and simply send out the encrypted key. PKC ensures that only the holder of the corresponding private key can decrypt and obtain the session key.
Encrypting data at the application level is an up-coming development. This enables the protection of sensitive data and the control of access to be provided in a finegrained way. The application is the obvious place to encrypt and decrypt data because the application knows exactly which data is sensitive and can apply protection selectively. Earlier this year ASPIDER M2M became part of the Wyless Group. Wyless is the global leader in M2M managed services and as such the company employs a comprehensive portfolio of security mechanisms, which include private IP addresses, IPsec tunnels, the Point-to-Point Tunneling Protocol plus clientserver and IPsec site- to- site VPNs.
Currently the company has agreements with 19 leading MNOs and a single Wyless SIM provides global connectivity. Therefore customers will now be able to add even more security by employing ASPIDER ’s end-to-end cryptography solution. However, I should like to emphasize that our solution delivers ultra-robust security in its own right and it is decoupled from the parent company’s managed services offer. At one time M2M solutions were thought to be secure because they were obscure, but M2M has moved on. The Heartbleed security vulnerability issue, for example, allows any sensitive data that would normally be protected by the SS L/TLS encryption, even private keys, to be stolen. Heartbleed did not impact any Wyless technical resources, but it did indicate that any device, host, or resource could, eventually, be exposed to a zero-day vulnerability. Security is a moving target – one that’s always in our sights.
For more information, please contact Aspider M2M