Security

A fundamental priority persistently present in the entire Sigfox network chain

Sigfox’s ultimate mission is to expand IoT technology to the entire world and connect billions of devices to the global Sigfox network, thereby delivering business value locally and globally to critical customer systems across country borders. This is why security is an absolute necessity and why Sigfox S.A. implements state-of-the-art security within their entire network infrastructure from individual devices, to the network backend, and towards customer enterprise systems. You can read more about security on this page.

Security in the entire network chain

Security is integrated in every aspect of the global Sigfox network. The Sigfox Ready™ logo guarantees that only devices which are tested and approved by Sigfox have access to the network. In the following section we will describe the security in place for each part of the network chain.

IoT devices

Authorisation

All Sigfox Ready™ devices are assigned a unique symmetrical authorisation ID during production which makes the device identifiable by the network. In every message sent through the network, a cryptographic token is attached based on the device’s authorisation ID. In this way, the network will be able to confirm that the sender is in fact who they claim to be.

Reliability

To ensure that the messages sent by the device are reliably received by the base stations, every message is sent three times at different radio frequencies selected at random. This ensures that the messages are always successfully sent while also providing robustness against jamming attacks. The network also keeps tally of how often it has received every unique message while ignoring fabricated message repeats.

Ultra-limited access

While it may sound paradoxical, Sigfox devices are actually never connected to the internet. Instead, they use Sigfox’s proprietary protocol rather than the common Internet Protocol (IP) and thus have no IP address. Without an IP address, it is not possible for a black-hat hacker to send direct requests to the device over the Internet. The only way for a Sigfox device to receive messages is by requesting it itself. After requesting a message from the network, it will be able to receive it within a very narrow timeframe.

Base stations

Secured by Trusted Platform Module (TPM)

A Sigfox base station is a collection of hardware which receives messages sent by IoT devices through a network antenna. These are all secured through a security technology known as Trusted Platform Module which is a physical chip dedicated to securely generating and storing keys, passwords, and certificates.

TPM follows an international standard (ISO/IEC 11889), which involves a set of security specifications:

  • Every TPM module is produced with an RSA key which is used to encrypt messages sent through a VPN to the Sigfox network backend. This way, the core network can be certain that the data is sent from an authorised base station.
  • The TPM module generates a hash key which is sent along with every message. This hash key contains information on the software and hardware configuration of the base station from which the message was sent. This ensures that the base station has not been tampered with and that messages only come from certified hardware configurations.
  • There is a two-way security in place between the operating system and the hardware. This means that the operating system cannot boot at all unless the hardware is exactly as specified by Sigfox, while the operating system checks upon boot and refuses to run if the hardware is different than expected.

Data centres (Sigfox Cloud)

Security standards

The Sigfox core network is essentially a cloud-based network hosted in secure data centres in France. These state-of-the-art data centres are protected according to international standards and employ biometric protection to ensure only authorised access to each server rack.

Redundancy

The data centres are doubly-connected to several different internet providers and are intelligently and fully load-balanced. Every server is doubly-connected with every component being fully redundant, under constant surveillance, and scalable to meet future spikes in demand. This ensures that the service is always available with minimal risk of downtime.

Protected against cyber attacks

Sigfox uses a dedicated proprietary solution against cyber attacks supplied by their internet provider partner. This solution involves so-called ‘scrubbing centres’ which detect and mitigate attacks by analysing incoming data traffic against regular Sigfox data traffic patterns.

Customer systems

Secure connection with HTTPS

Whether you use the web portal, the Sigfox Cloud API, or receive messages through e-mail, your data is always sent through a secure connection using the HTTPS protocol which is the standard way of securing a connection through the Internet. It is the same technique which protects you when doing online shopping with your credit card and is nowadays a standard expectation for all websites.

You can furthermore create accounts with custom access permissions through the Sigfox Cloud backend which fit exactly to their function and purpose.

The data has now reached its final destination at the customer system with a secure and safe passage along the entire journey. For more information on security in the Sigfox network, visit the Sigfox website here:

Read moreRead more