Security and Privacy in Disruptive Technologies Sensing Solution

Disruptive Technologies has prioritized security and privacy throughout every part of the design and development process for our sensing solution, including chip design, sensor design, radio protocol design, cloud services and APIs.

Every layer of the Disruptive sensing solution is secure, from the individual sensors to the applications processing the data. Measurement and sensor identity data is encrypted within the sensors themselves. The data stays encrypted through radio transmission, cellular or Ethernet forwarding over the Internet until it reaches Disruptive’s secure cloud. The data is then passed to customers’ applications via encrypted protocols. Access control mechanisms in the Disruptive cloud provide controlled delivery of sensor data to designated processing systems.

Disruptive is committed to making sure customers enjoy simple installation, streamlined operation and low cost of maintenance. Security and privacy architecture and controls in the Disruptive sensing solution are designed to enhance productivity, not slow you down. With a fully secured system customers can focus on using data to meet their business goals and not worry about unintentional data access.

Why SecureDataShot™

With SecureDataShot, we pair sensors directly with users, rather than with a gateway. This architecture virtually eliminates the potential for man-in-the-middle attacks which exploit gaps in security architecture linked to gateways.

Unlike IoT technology that connects devices and data through a gateway, Disruptive Technologies uses Cloud Connectors to remove typical security weak points in the IoT architecture and simplify implementation and maintenance. We call this revolutionary end-to-end secure solution SecureDataShot™.

Pairing sensors directly with users via a Cloud Connector is also easier and faster than using a gateway. In our architecture, multiple Cloud Connectors allow for roaming to eliminate bottlenecks. Initial installation and later extensions to an existing installation is significantly faster using the Disruptive architecture compared to a gateway-based system.

SecureDataShot™ removes typical “man in the middle” security weak points by using end-to-end encryption.

Operational Security

Security is built into the development and manufacturing of Disruptive’s sensing solution at every stage.

Initial Crypto Key Installment

When it is manufactured, each sensor is assigned a unique 256 bit asymmetric encryption key. Key generation is managed by a tamper-proof FIPS 140-2 Level 3 certified hardware security module.

The public part of the asymmetric encryption keys is exchanged with Disruptive’s cloud via encrypted channels. Encryption keys are installed in a physically secured production facility with limited and audited access control. When these keys are securely exchanged, the sensor and the cloud authenticate each other and establish a tamper-proof, end-to-end encrypted communication channel.

Disruptive has patents pending related to the secure and low energy key exchange that takes place when a new sensor joins the Disruptive network. Disruptive Cloud Connectors are similarly provisioned with Transport Layer Security (TLS) certificates to establish secure connections and guarding from man-in-the-middle attacks targeted towards the Disruptive Technologies cloud.

Storage of Cryptographic Keys

On the Disruptive cloud side, cryptographic keys are stored in separate components, which are locked down and unavailable to the rest of the system except for use in establishing session communication keys. For protection against loss, encrypted backups of device keys are stored in multiple secure locations.

Monitoring

All Disruptive system components are instrumented and monitored 24 hours per day, seven days per week. Anomalies outside operational parameters trigger alarms and automatically notify our response team to initiate escalation procedures.

Google Cloud

Disruptive cloud components are running in Google Cloud, one of the most advanced security organizations in the world, with top level security controls. We follow best practices for security for each of the components in use. The Disruptive Cloud also uses Google Infrastructure services and relies on the security of these and Google to protect against attacks.

End-to-End Encryption

The illustration above highlights the following characteristics of the system:

• Encryption keys allows sensors to communicate securely with the cloud, regardless of how communication packages are routed through different Cloud Connectors or how they are connected to the Internet.
• The same package may be routed through multiple Cloud Connectors to the cloud, but only one of them sends a reply package. The cloud manages which Cloud Connector will respond to which sensor based on factors such as signal strength and communication history.
• Replies from the cloud back to the sensor, which may be simple ACK packages or more complex configuration updates, are also encrypted from the cloud and not decrypted until they are on the sensor itself.
• The cloud holds session encryption keys for each sensor. 
• Each sensor holds its own key(s) and the exchanged session key for the cloud.
• The communication channels from each Cloud Connector, through which some additional metadata such as offline/online status and cellular signal strength is passed, are also established using encrypted channels. These channels are established via pre-installed security certificates on each CCON.

Third-party Verification

Disruptive has completed two independent security reviews, conducted by UL, a global safety consulting and certification company and security expert Lars Lydersen.

Data Ownership

Data processed through the Disruptive solution is owned by the customer. The Disruptive cloud collects data from connected sensors, such as temperature readings, humidity, button touches or door opening/closing events.

Customers may also add some metadata to the installation, such as naming the sensors or attaching key/value labels to them. It is by this process that the customer may create personal data out of the raw data delivered by sensors.

The data entered into the system by a customer via DT Studio or our APIs is protected by Disruptive as the property of the customer. Access to the data is controlled by the customer to the point that the customer must explicitly grant Disruptive Customer Service access if they would like assistance (e.g. using DT Studio.)

Data Access and Restrictions

By default our developers do not have access to production data. The number of Disruptive personnel with system access to production data is kept to a required minimum. Access to production data generates an audit log and a customer’s data protection policy specifies rules for such access. Data required by Disruptive to analyse sensor performance, energy consumption and lifetime estimates is managed according to contract terms for such use.

Technical Access to Sensor Data

Customers can access data from sensors via Data Connectors and via the use of our API. Data Connectors are controlled through the same access mechanisms as other device information and can only be configured by personnel with sufficient permission levels.

Data Connectors

Data Connectors push data to configured end points. Only encrypted channels are accepted. Customers can provide a secret to each data connector, which will be used to cryptographically sign each event passed through the data connector. By verifying the signature on the receiving side, customers may confirm that no unauthorized third party can pass data into their reception point undetected.

Streaming API Methods

For some applications, the API allows setting up streaming connections that listen to a subset of sensors in a project. All API access is authorized through access rights granted to service accounts. The API user must authenticate the API access through valid service account credentials, and the service account access rights will limit what the API access will allow. Service accounts and their access rights are controlled by customers themselves, either through DT Studio or programmatically through the API.

Privacy

Customers control access to projects and their organisation by granting roles to users and service accounts. It is the responsibility of the customer to manage who has access to their data through these mechanisms. Access management and labelling of raw data with user or project values can be done through the DT Studio user interface or via the API. Using these control mechanisms, customers can and must comply with regulations that may pertain to their collection of personal data.

GDPR

The EU General Data Protection Regulation (“GDPR”) from 25 May 2018 is an important piece of legislation intended to strengthen and unify a consistent personal data protection regime across Europe. The GDPR applies to companies that collect and handle personal data from EU-based individuals, regardless of where the data is processed.

Personal data is defined as any information relating to an individual that can be directly or indirectly identified. The GDPR distinguishes between companies that act as data controllers and data processors. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller.

Customers will typically act as data controllers for any personal data they handle in connection with their use of Disruptive Technologies’ services, while Disruptive Technologies is a data processor. As data controllers, customers are required to assess whether their data processor is meeting the requirements of the GDPR.

Disruptive Technologies’ own corporate GDPR compliance includes implementation of technical and organisational measures to ensure a level of security appropriate to the risk, such as:

• GDPR owner appointed (contact: compliance@disruptive-technologies.com)
• Personal Impact Assessments (PIA). Our review method is based on recommendations by European advisory bodies on data protection and privacy, and addresses questions related to device and system security, access control and data management. As part of this review, we have evaluated our ability to support our customers in performing their duties as data controllers.
• Data Processing Agreements (DPA) developed for customers and suppliers.

Data Storage Locations

All sensor and Cloud Connector data are stored in the EU region of Google’s data centers. For customers in other regions, data will be stored in Google’s regional data centers. Google’s Cloud Platform is compliant with applicable EU regulations on privacy and data protection. 

Conclusion

For everyone at Disruptive Technologies, security and privacy are a priority, not an afterthought. We have ensured security throughout our product design and development process by building in security controls and rigorously testing them. You can trust that only the people you designate have access to sensor data and data remains private and secure.