The proliferation of connected devices over the past decade and their subsequent adoption by public and private sector organizations for a variety of applications has opened a proverbial cybersecurity Pandora’s Box by providing malicious actors with a multitude of network entry points. In addition to traditional hacking methodologies like phishing, crafty cyber criminals can also now take advantage of ubiquitous IoT devices, such as environmental sensors, VoIP phones and even surveillance cameras, that have not been properly secured.
But while much attention has been placed on cyber hardening technologies like these in recent years, very little consideration has been given to the common denominator that makes them all vulnerable in the first place, which is the fact that they all transmit data via the internet or cellular communications. However, a French-based company called Sigfox has developed a communications technology that could change this paradigm.
According to Christophe Fourtet, the Co-Founder and Chief Scientific Officer at Sigfox, the company’s narrowband 0G network can be used by governmental agencies and private organizations alike to relay data securely across the world.
Like many other communications engineers, Fourtet says he spent a significant portion of his career focused on how to increase data rates, however; about ten years ago, he started to wonder if there might be a need for low-data rate communications in mission-critical systems.
“It is true that we came back to old (communications) principles, in fact; the use of narrowband was quite common basically to increase sensitivity of the receiver at maximum range in the links,” Fourtet explains. “In professional, governmental, and military applications, you often look for efficiency, efficiency in range, etc., so because of physics, you are using narrowband communications. What we’ve done is modernized this approach.”
And while this would have been a very expensive methodology in the past, Fourtet says they have been able to bring costs down substantially by using software-defined radio and modern compute power.
“The idea was to kind of make an asymmetric system where you do everything you can on the infrastructure so that you can pick up and establish contact with a device as far as possible with as many devices as possible… trying to have the maximum capacity for a device, which is as low-cost as possible,” he adds. “Basically, you transfer some of the complexity of the device to the network, having a network as intelligent as possible so that you can have device (communication) that is simplistic as possible. That’s the idea behind Sigfox.”
Sometimes in engineering, Fourtet says you have to be willing to say no to certain things and they have dedicated themselves to always be a low data rate technology. In talking with many end-users, for example, Fourtet says their perceptions of their needs often do not line up with reality.
“Doing this is a way to simplify your security or make it more robust,” Fourtet says. “Because it is the device’s initiative to establish the link, it is not possible, in fact, to downlink or broadcast to the device or to establish a link through the infrastructure. It’s not possible to hack a device through the infrastructure. There is also no IP address in Sigfox. You might transform it in TLS and we, by the way, have a way to make a translation between Sigfox and IPv6, but over the air and within the network – also in the links between the base stations or gateways to the cloud – there is no question of IP address.”
A Proven Methodology
And while the idea of disconnecting modern data-generating systems from the two most common forms of modern communications technology may seem fanciful, consider the fact that dedicated, secure radio networks have been in use for decades. Though it may be an extreme example, Fourtet says military communications oftentimes leverage narrowband technology to send secure messages to personnel stationed around the planet.
“For instance, in submarine communications, you have a big transmitter somewhere – usually a very, very low frequency with a low data rate – but they are really broadcasting, and you can see it from almost anywhere in the world. But there is no way you can understand what it is transmitting – no way,” Fourtet says. “You have only two, single entities that know this very complex system so you could spend – even with quantum computing – billions of years before hoping to figure it out. It is really brute force security and because of this brute force, it is closing a lot of possibilities. It is not possible to exchange keys, it is not possible to establish new links dynamically and so on. There is a little bit of this in Sigfox.”
Applications for Physical Security
Aside from the cybersecurity benefits of Sigfox’s 0G network, the technology is also currently being used for physical security applications in Europe. In fact, Securitas has leveraged the Sigfox network as an alternative communications technology on 2.8 million alarm systems across the continent.
“They had panels connected through cellular, locally connected with other UHF technology and they came to us due to jamming concerns,” Fourtet explains. “We understood that jamming, in some very sensitive cases, could jeopardize their process and through Sigfox they had a link that was almost impossible to jam.”
While Securitas may have been the company’s first mass deployment, Fourtet says they are now being contacted by a variety of other businesses, such as logistics firms, due to the reliability and low-cost of their solution. The Sigfox network is currently available in over 70 countries and covers 5.8 million-square kilometers worldwide.
Joel Griffin is the Editor-in-Chief of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].