Common Design

Security

Security of IOT (“Internet of Things”) applications is getting a lot of scrutiny from commercial companies and government agencies. As more critical infrastructures are including remote operations, they become vulnerable to cyber attacks. Qameleon systems are addressing these securities in a number of ways.

  • Edge architecture
  • Binary data with encryption
  • Controlled access to operating system
  • Commercial cellular modems

Edge architecture

Qameleon products utilize an “edge of the Internet” architecture. This implementation does not utilize a single server somewhere on the internet (cloud). Instead, each unit is a separate node on the internet. As the remote device runs autonomously, it stores its data internally. Users connect directly to these nodes from their PCs or laptops using a Qameleon-provided program. Each time a user wishes to establish a connection to a remote device, a TCP/IP session is automatically established. The remote device and the user’s PC authenticate the connection allowing access to only known entities. The user can then operate the remote device in real time and download the stored data to their PCs. When the user is finished with their session, they break this TCP/IP socket. The Qameleon device then goes back into autonomous mode and waits for another session to be established. This can be with any user PC that is recognized.

The advantage of this approach is that there is no single point of attack by malicious actors. Attackers can only disturb one unit, if they meet all of the internal safeguards. This makes it not worth their effort. They cannot interfere with the rest of the implementation.

Binary data with encryption

When a user’s PC communicates with a Qameleon device, there is no readable data in the messages. Instead we send a code number and a small amount of binary data. These messages only have meaning to the two parties that see part of the session. An attacker may be able to disrupt the communication, but cannot read or alter the data. Qameleon systems do not preform any control functions remotely by design.

When stored data are transferred, the messages are encrypted and validated by the receiver.  Retry strategies are employed if there is a random or deliberate interruption of the communications. This ensures that the data is  valid.

Controlled access to operating system

Malicious actors try to gain access to the operating system of a remote device. Access to the operating system is controlled using passwords. The individual files on the unit have permissions that control access to them.

For added security, there is a hardware switch on the main circuit board of each unit that prevents the loading of the operating system command interface when the unit is powered up.

Commercial cellular modems

Security protocols for IOT devices are evolving. NIST has been charged with designing security measures to be required by government IOT applications when wireless communications are used. Qameleon devices employ trusted commercial modems for their cellular communications. The manufacturers of these modems make updates to their devices to comply with the latest requirements. The modem manufacturers work with the cellular carriers to implement different security protocols. Some of our customers also arrange for their cellular carrier to implement a virtual private network (VPN) to the modems.