Security

Security

BubblyNet Security, which fully complies with Bluetooth Mesh Security Standards, is considered by many engineers to offer the highest level of security available today for a wireless commercial lighting control system. All messages are encrypted and authenticated. In Bluetooth Mesh, security is mandatory. Failing to implement the required protocol security for Bluetooth Mesh nodes is a violation that precludes the use of the Bluetooth Mesh trademark.

Open vs. Proprietary Protocols

A larger number of people and organizations contribute to the design and implementation of security in open-source protocols compared to proprietary-based ones.

The security of open protocols is available for research and testing since the standard is openly accessible, which is not the case with proprietary protocols.

For these reasons, open-source protocols are typically considered more secure and safer than proprietary protocols.

Secure Architecture

BubblyNet uses a distributed architecture, which makes the network intrinsically more secure than one based on a centralized or decentralized architecture. Every node in the network needs its own Device Encryption Key, the Application Encryption Key of its main function, and the Network Encryption Key of the network in order to operate

The compromise of one key would not allow for the operation of the network, as two keys are needed. The compromise of one device would not allow for control of the entire network, as the additional keys would be missing. All messages are secured using AES-CCM 128-bit encryption.

difference-between-centralized-decentralize-and-distributed

 

Secure Network

When creating a network a Network Key is generated. When a device is added to the network, the Network Key, Application Key and Device Key for that device are bound and from that moment on, the device is enclosed into the encrypted network and is no longer discoverable by a provisioner. The provisioning of a device uses 256-bit elliptical encryption and OOB (Out Of Band) authentication.

 
provisioning-and-commissioning-diagram

Air Gap

Air-Gap or Air-Wall is a security measure that isolates a network from other devices and networks, including public internet. The strategy of using air-gaps or disconnected networks to protect critical data is also known as security by isolation.

BubblyNet uses the most advanced Bluetooth Mesh SIG standard which does not require WiFi hubs to interconnect smaller network sections as most wireless systems do. A BubblyNet network can be set up as a 100% stand alone system with no connection to the building system or the data system and so the potential intruder will not be able to access sensitive information through the lighting control system.

BubblyNet Security

bubblynet-mesh-network-security

 

Other Security

non-bubblynet-mesh-network-security-not-bubblynet

 

Size

A single BubblyNet air-gap network can be as large as 8,000 devices and about 1million sq.ft. Larger air-gap networks can be set-up using BubblyNet local gateways (not requiring internet or Wifi) acting as bridge nodes between multiple networks.

Applications

BubblyNet networks have been used in governmental, aviation and industrial classified project as the system grants an additional layer of security when operated as a disconnected network.

Replay / Man-in-The-Middle Protection

The Bluetooth Mesh specification requires that all messages be unique from each other to prevent man-in-middle attacks. This is achieved by adding a nonce to every message that is sent.

A nonce is a unique number generated by two main inputs, a sequence number, and an IV index. The sequence number is a value that is shared between two nodes on a network. Every time a node receives a message, it increments its sequence number. The two nodes must stay next to each other in sequence number otherwise the message will be discarded and assumed to be a replayed message.

Sequence numbers have a maximum value, so in order to prevent wrap-around, an IV index number is kept throughout the whole network. When a node is reaching the end of usable sequence numbers, it initiates an IV index procedure to notify all nodes in the network to reset the sequence number back to 0x0000 and use the new IV index. This allows a mesh network to run for billions of years before running out of unique messages.

An attacker is not able to see the current IV index and sequence number without having the network key. This prevents them from generating a message with a valid sequence number and IV index.

Trashcan Protection

If a device is lost or stolen from a network a key refresh can be initiated. This replaces all NetKeys and AppKeys on a network. Even if someone is able to physically recover the keys from a device they will not be able to use those after a key refresh has been completed.

Visitor Protection

Visitors can be added to a network by adding them to their own subnet. A subnet has its own NetKey and Appkey. This isolates them from the rest of the network allowing them to only control what they have been given access to. To remove the visitor from the network all that needs to be done is delete the subnet keys from the devices that the visitor had access to.

ioXt Certified

BubblyNet devices are ioXt certified. IoXt is a worldwide alliance of leading companies in the Internet of Things space such as Amazon, IBM and Google. It is the global standard for IoT security. https://www.ioxtalliance.org/

ioXt-alliance-logo