Toggle Nav
Menu
Account
  • Compare Products
Search
Advanced Search

BubblyNet Security Architecture

The BubblyNet ecosystem allows for rapid deployment, control, and configuration of smart building technology. These deployments are done with security in mind at all system levels, from physical device protection to user authentication in our controls apps.

1. BubblyNet Firmware and Physical Device Security

  • BubblyNet devices are all programmed using custom firmware that will only run on a single device. This security measure prevents someone from cloning a device to get control over a network. BubblyNet also signs all of its firmware to ensure authentic firmware is programmed onto devices in the factory.
  • The device configuration and security keys are all stored encrypted at rest, making the data useless if accessed by physical means, preventing trashcan attacks.

2. BubblyNet Network Security

  • The BubblyNet Network is built around the open standard of Bluetooth Mesh, which was designed starting with security in mind. The major benefit of utilizing an open standard is that security researchers worldwide can vet the Bluetooth specification, making sure it is fully secure as technology evolves.
  • All Networks deployed utilized three levels of encryption that are secured using 128-bit keys.
    • Network Encryption - Every network has one or more networks keys that are unique to the individual deployment. Having Multiple network keys allows for isolation between network segments such as the first floor and second floor of a building.
    • Application Encryption - Every network has one or more application keys that are used to isolate communication between different components of the smart building, such as HVAC, lighting, and security systems.
    • Device Encryption – Each device on a BubblyNet network has its own 128-bit encryption key used for the device's configuration. This prevents someone already on the network from moving or resetting a device located in the building unless they have the specific key for that device.
  • Bluetooth mesh is a distributed networking protocol; this means that every device on the network has to authenticate every other device on the network. Every BubblyNet device can detect a compromised device on a network and ignore messages coming from it. This interdevice authentication prevents man-in-the-middle attacks and replay attacks.
  • Only authorized provisioners are allowed to add new devices to an existing network. This can be achieved utilizing a secure Generic Attribute Profile(GATT) connection with an IOS or Android device or by using Advertising(ADV) with the gateway. These two methods are the industry standard for safe communication between two devices.

3. BubblyNet Cloud Security

  • The BubblyNet Gateway allows people to control their network from anywhere in the world securely. It does this by extending many of the features of Bluetooth mesh to work over the internet. The data contained in every message sent to the cloud is not only encrypted using modern web techniques such as Transport Layer Security(TLS) but raw data contained in the message is encrypted using the same security keys used inside the Bluetooth network.
  • User Authentication
    • Cloud – By design, our cloud is protected against Cross-Site-Scripting, Structured Query Language(SQL) Injection, clickjacking, and cross-site forgery requests and hosted on a secure server in a world-class data center. Our user authentication uses HTTP StrictTransport-Security(HSTS) to ensure all requests from our sites are made using Hypertext Transfer Protocol Secure(HTTPS). All user data is stored securely in a protected database located on a world-class cloud provider. All passwords are encrypted, and there is no access to a password. We only use the password for the initial login and then use unique keys to authenticate all user requests.
    • Mobile - All user requests are made using Representational State Transfer (REST) or Google Remote Procedural Call(gRPC) via Application Specific Interfaces (API) to our cloud servers. These API requests are always sent via HTTPS and use unique keys to sign all requests. All user data is stored encrypted within Apple's or Android's key storage for maximum user security
  • The cloud responsible for verifying that every piece of firmware flashed onto devices is authentic. It does this by creating a TLS connection between the cloud and the BubblyNet OEM tool.

4. Long Term Security

  • BubblyNet can securely update every device over the air(OTA), allowing devices to stay up-todate with the latest security techniques and patches.
  • Humans are often the weakest link in any security system. The BubblyNet ecosystem takes this into account; if someone managed to leak keys to an unauthorized person, a key refresh could be initiated, replacing all keys on the network and locking out anyone who may have the old keys.

© 2022 BubblyNet All Rights Reserved · Wire Size Calculator · Privacy Policy · Terms and Conditions ·

All brand names, product names and trademarks are the property of their respective owners. BubblyNet disclaims any proprietary interest in brand names, product names and trademarks of others. Certain trademarks and trade names may be used to refer to either the entities claiming the marks or their products.