How to (not) secure your Mesh Network

Like any other communications channel, mesh networks require encryption keys to ensure their privacy and integrity. If you’re following any of the practices below, then technology could be doing more for you to help you scale securely:

Using a single set of keys across all deployments. With one key for all sites, maintaining secrecy becomes very hard. Developers, partners, and manufacturers all need access and each point of access increases the risk of the key being compromised. If this key is compromised, all deployments and your reputation are at risk.?

Having initial default keys that are used to transmit the final keys. This is clearly an improvement on the previous practice: There is still the single secret that has the potential to compromise many sites, but at least there are steps you could take if you knew that key had leaked and, if the attacker did get a hold of those keys, they would need to be present at the moment keys are exchanged. But it still shares the characteristic that many individuals and possibly parties have access to secrets critical to your system’s global security.

Shipping devices with pre-programmed, site-specific keys. This practice eliminates inventory flexibility. Devices are tied to specific sites before leaving the warehouse, making it impossible to redirect shipments or maintain a central stock. The costs of shipping devices to incorrect locations or rush-ordering new ones for urgent deployments tend to accumulate fast.

If customers or auditors scrutinise your security architecture, they will find these issues. If they don’t scrutinise then they are trusting you to follow security best practices, which these are almost certainly not. There are secure and flexible provisioning methods available for all major IoT networking technologies, including Bluetooth Mesh, LoRa, ZigBee, Thread and Wirepas.

We have developed Symples Join to help our partners integrate security into their Wirepas solution or hardware products with minimal effort. If you are looking for help building secure solutions, we’re ready to help.