Data protection and data security have top priority
The smart position system contains a local server, receivers, and assets.
The assets supply sensor-data, and send it together with their Mac-Address to the receivers within the assets signal range. Due to limited signal strength of the assets, it may occur that receivers are not able to receive data outside of the assets signal range.
The receivers create RSSI Data out of the asset data and send the RSSI, MAC-Address of the asset, and the sensor data to the server. The server then stores the data into a database and calculates positions out of the data using a combination of trilateration, fingerprinting and some of the most advanced filtering methods out there.
The Receiver and Server are bidirectionally authenticated to each other. This means that a Receiver authenticates itself to the server using a Public/Private Keypair and waits before transmitting the data until the server completes the equivalent authentication with the Servers Keypair.
Each part of the system is only allowed to do the specific actions that are strictly necessary. Meaning if you authenticated yourself with a specific key pair, you’ll only be able to do the things necessary for your role.
Every transmission uses the combination of integrity, confidentiality and either timestamps, salt/pepper, or sequence numbers that are only accepted once by the receiving end.
Integrity is used to ensure that the received packet is actually the packet that was sent.
Confidentiality in addition to integrity makes it possible to recognize erroneous (intended or unintended) transmissions.
Securing the stored information by only permanently storing information on parts of the system which cannot easily be stolen. The receivers do not persistently store information.
The server, which stores all the information, uses confidential storage only. The database is encrypted as is the hard drive that hosts the database.
Using different keys for every part of the system, so that even if one part is compromised, it does not affect the whole system.
The smart position asset monitoring system does this by sending out emails if authentications over SSH, MongoDB, or MQTT fail. We also send out emails once we notice a failed replay attack or any other attack pattern. These are automated emails that go to different systems. A successful attack is instantly noticed and countermeasures can be taken immediately.