Security in general

Security is important in many machine applications. Smart grids must return accurate meter readings that cannot be modified. Network communications to instruct meters to change demand must not be modified or sent by a terrorist organisation. Financial-related transactions must be secure and it must be certain that they were received. Almost all machine communications have some level of security requirements.

To some degree these could be layered over the top of the Weightless network at the application layer. So a smart meter could encrypt its data stream before passing it to the Weightless radio embedded within it. The data would pass through the Weightless network in secure form and be decoded by the client in their central IT system. Indeed, this can be done even when Weightless has its own security to provide extra protection.

There are some functions that cannot be achieved at the application layer. These include authentication of the network by the Weightless device. Itwould be possible for a terminal to be ‘captured’ by a rogue base station and stay attached to it indefinitely. Authentication mechanisms are needed to prevent this occurring. Because of this, and because it prevented all applications having to build in their own security, it was decided to provide the Weightless standard with cellular-grade security mechanisms. However, as will be explained, some of the differences in message type and threat type mean that the same security mechanisms as are used in cellular cannot just be copied.