Wireless Challenge 4: Wireless Security in the “Ring”

Authors 
Bart Shields 
Xavier Bush 
Oliver Kutolski

BACKGROUND

The news is constantly buzzing about the latest data hack or cybersecurity breach. The circumstances differ, but the method remains the same: an intruder breaches a secure system without permission. What often gets glossed over is the actual processes the intruder employs, as well as the prevention measures that can be taken in advance.

Despite Hollywood’s glamorized portrayal, the reality of hacking and cybersecurity is usually – but not always – quite mundane, often hinging on a weakness or backdoor left open by human error or oversight. This is exacerbated by the fact that, for the vast majority of wired and wireless networks, the central security mechanism is a single static target: an encryption key. Much like the key to a house or the combination to a safe, encryption keys allow authorized users to access locked valuables (encrypted data) but through user carelessness can easily fall into the wrong hands. 

Wireless communications are particularly vulnerable to intrusion. Unlike wired networks, would-be hackers only require a physical proximity to a wireless transceiver^[1] to breach and hijack a network. Security therefore is a vital concern for industrial grade wireless networks that have worker safety and critical heavy machine controls at stake.  

SECURITY IN LAYERS

Security in communications and IT systems is managed in layers^[2]. The first layer is comprised of data encryption and active countermeasures against various hacking methods.

Replay Attacks are one of said hacking methods; an intruder can intercept and capture encrypted data, then masquerade as a legitimate network user by playing it back to the network.

Process of a Replay Attack

Unfortunately, Replay Attacks can be executed even on data frames that are encrypted. A hacker that has captured and categorized enough of these frames can then “inject” them as necessary, gaining access and control of the network. This is known as a Command Injection.

Process of a Command Injection

Before we continue, it is important to stress that while encryption is an important security feature, it alone is insufficient to prevent an intruder from hijacking a system, causing chaos and costing the system owner significant time and money. Wireless security must therefore provide not just encryption, but a full suite of other precautions as well. These include features such as Perfect Forward Secrecy and countermeasures against Denial of Service (DoS) attacks.

The most common type of encryption for wireless networks is a shared set of security credentials – known as a shared secret – spread over each station within a network. Temporary encryption keys are issued for each session and each security link between wireless nodes, allowing them to access the shared secret and perform actions.

The issue with this scheme is that all stations effectively become compromised whenever a single station is breached. As the encryption key for a shared secret is universal across the entire network, a hacker can use it to access everything they can find.

To help illustrate this point, consider the following real-world example: as an emergency measure^[3], all houses within a neighborhood may share an electronic master key (a temporary shared secret). The key is generated from a single master secret housed a secure location somewhere in the neighborhood. For added security, the master secret creates and issues a new key each morning that is only valid for 24 hours. On the surface, this sounds like a secure solution, yet what happens if a hacker manages to get their hands on a single key? They could quickly unlock every house in the neighborhood.

This example demonstrates a proverbial Holy Grail that all hackers yearn to discover – an infrequently-updated (in IT terms) set of centralized security credentials. Issuing encryption keys more frequently (such as every few minutes) can help improve a system's security, yet this method also creates more opportunities for interception. The master shared secret itself also remains an obvious target.

In short, the paradoxical dilemma facing wireless security is that the more complex and inscrutable a security system becomes, the more potential weak points are created. This is known as a network’s threat surface.

As IoT and Industry 4.0 expand, innovative new security systems must be developed from the ground up to offer a diverse yet non-complex security suite.

Security the EchoRing Way

Industrial wireless networks require a security solution that:

• Is lightweight and consumes fewer resources than traditional security protocols
  
• Avoids transmitting (and therefore exposing) any secrets that can result in a network breach
• Features next to zero latency – all security credentials must be pre-calculated
• Employs extremely high entropy (making it more difficult to hack^[4])
• Runs on decentralized system architecture^[5] with no single point of failure^[6]
• Features a very simple security framework with a small, easily monitored threat surface
• Requires virtually no maintenance after its initial deployment
• Features built-in intrusion detection that gathers real-time analytics on each network frame^[7]
• Is specifically designed to operate at “IoT scale”

In partnership with Olympus Sky Technologies, R3 provides just that. We have developed a full-scale security suite to keep pace with EchoRing; fast, simple and flexible while being easy to deploy, maintain and operate. The suite is also available at a fraction of the cost associated with world-class security systems. But how does EchoRing's security work, exactly?

As is standard, each EchoRing subnetwork (ring) features a continuously refreshing encryption key, the interval of which can be set by the user to best fit the use case. What makes EchoRing's security system unique is that each ring within an overarching EchoRing network can refresh its encryption key at different times, while each tranciever within each ring can connect to multiple rings at once. Furthermore, rather than transmitting keys directly from a vulnerable master station, security credentials are refreshed autonomously from pre-programed keysets encoded within each ring.

This system allows EchoRing to enjoy Perfect Forward Secrecy as linked to above - should an attacker gain access to a single ring, only that small section of the network becomes compromised. Combined with EchoRing’s replay attack countermeasures, message authentification codes and detailed analytics gathering for each network frame, any network breach is easily located, isolated and contained.

Together, all of these features grant EchoRing a simple, robust and comprehensive solution for the future of wireless industry.

[1] A transceiver is a device that can both transmit and receive communications, in particular a combined radio transmitter and receiver. Source

[2] Read more about security layers here.

[3] A typical reason behind shared residential encryption keys is to allow police, fire or other first responders to easily gain access to a residence in case of emergency.

[4] The total number of potential security key sequences between back-to-back sessions exceeds the age of the universe measured in seconds.

[5] Redundancy via decentralization is incredibly important for critical systems.

[6] Single Point of Failure (SPoF) refers to system components or system paths through which the system is no longer operational in the event of a failure. Source

[7] This is possible when the core technology of the underlying security framework is a security protocol itself.