"Yes, but we can build security in around those packets"
Always reasurring when they try to sell you a medical product and say, "why yes, we did bolt on security afterwards".
Transmitting medical data over an unsecured network? No problem, we can build security around it. This was the suggestion of Arqiva’s Ian Stewart at the LPWAN Forum in London this morning. Speaking on behalf of French outfit Sigfox’s UK reseller Arqiva during a panel discussion about the merits of proprietary and open cellular …
Any proposal that starts off insecure with security to be wrapped round it later should be filed in the round filing cabinet and the proposer sent off with a clip round the ear and told to try harder next time. To emphasise the point the clip round the ear should be connected to a high voltage supply controlled by an insecure network.
"The total cost is significant. It doesn’t scale with the cost of the alternative, which is the human social worker.”
For may people, the social worker home visit is needed to reduce the isolation they already feel. Sorry, IoT isn't going to change things except to isolate even more people from human interaction. Not all families are Rockwell paintings and as one gets older, friends die off.
The Sigfox network only burps out a message of 12 octets, so around 100 bits. The data that is there is going to be fairly abstracted or obfuscated. And nothing would preclude them from encrypting/encoding the data, sending it, and then decoding it when they pull it from Sigfox's cloud. So wouldn't it be like sniffing encrypted internet traffic?
LoRaWAN uses poor software implementation of AES-ECB. It was never designed to be really secure. The people whom designed the security purchased Atmel for the 508a $15 & ATAES132a @ $0.50 each. If you move the silly security in software to the ATAES132a then you can stop most of the cloning.
With LoRaWAN they say to protect against cloning every device has its unique AES-ECB key stored in a database. Very silly as databases are hacked every second. You never store AES in databases even if encrypted. Very silly idea. Arm new owner says 1 TRILLION IoT devices, LoRaWAN does not scale at all, due to poor design.
One issue for security requirements that has not been looked at is the lack of security on the I/O. No sensors or actuators can stop data injection with LoRaWAN. So krap in krap out looks to be the normal for LoRaWAN. Very silly design team, Microchip, did this part, fools. This is so they can spy on folk.
Mark Edgar firstname.lastname@example.org i am not a "Anonymous Coward" you twits, we hate signing into sites like yours thats all.
Biting the hand that feeds IT © 1998–2019