Save as PDF

Hack-proof M2M connections to the cloud

Published 2013-09-05

In order to increase the cyber security in M2M applications SSV (Germany) is offering a security kit. The kit consists of embedded VPN gateways which are directly integrated into the subsystem, as well as software components for the cloud servers.

ALTHOUGH SEEMLY TRIVIAL TO THE USER, M2M system messages and measurement data are open to client or server side spoofing attacks. Once compromised the packets can be monitored or changed. The company’s introduced kit, protects M2M data by encrypting packet data directly at the source. Typical applications for it are CAN-to-cloud solutions. Here, a VPN gateway is used that is included on one side to a CAN environment. The opposite side operates the VPN tunnel to the cloud.

The integrated gateway firmware, in cooperation with the cloud server building blocks, allows for a certificate-based, bidirectional authentication. In contrast to a HTTPS transfer the bidirectional authentication lets both communication partners verify the identity of each other. In addition the cloud server has surveillance over the individual embedded VPN gateways. Should the digital identity of a gateway come into question, the certificate will be declared invalid and the user will be excluded from the VPN. All data packet’s will be encrypted and signed with a digital finger print in addition to the authentication. In order to securely operate this solution, it is necessary to run the cloud server in an environment protected from intrusion. Users can run the server in their own IT departments or via certified service providers