III. GATEWAY SECURITY
The ALTA Ethernet Gateway 4 has been designed and built to securely manage data from
sensors monitoring your environment and equipment. Hacking from botnets are in the
headlines, Monnit Corporation has taken strong measures to ensure your data security is
handled with the utmost care and attention to detail. The same methods utilized by financial
institutions to transmit data are also used in Monnit security infrastructure. Security features
of the gateway include purpose built operating system, data encryption, and bank-grade
security.
Monnit’s proprietary sensor protocol uses low transmit power and specialized radio
equipment to transmit application data. Wireless devices listening on open communication
protocols cannot eavesdrop on sensors. Packet level encryption and verification is key
to ensuring traffic isn’t altered between sensors and gateways. Paired with best-in-class
range and power consumption protocol, all data is transmitted securely from your devices.
Thereby ensuring a smooth, worry-free, experience.
SENSOR COMMUNICATION SECURITY
Monnit sensor to gateway secure wireless tunnel is generated using ECDH-256 (Elliptic
Curve Diffie-Hellman) public key exchange to generate a unique symmetric key between
each pair of devices. Sensors and gateways use this link specific key to process packet
level data with hardware accelerated 128-bit AES encryption which minimizes power
consumption to provide industry best battery life. Thanks to this combination, Monnit
proudly offers robust bank-grade security at every level.
DATA SECURITY ON THE GATEWAY
The ALTA Ethernet Gateway 4 is designed to prevent prying eyes from accessing the data
that is stored on the sensors and on iMonnit. The ALTA Ethernet Gateway 4 does not run
on an off the shelf multi-function OS (operating system). Instead it runs a purpose specific
real-time embedded state machine that cannot be hacked to run malicious processes. When
fully secured after initial configuration steps, the gateway provides no active interface that can
be used to gain access. The fortified gateway prevents snooping of sensor traffic, keeping
your sensitive data from malicious parties and secures the gateway from becoming a relay for
malicious programs.
SERVER COMMUNICATION SECURITY
Communication between your ALTA Ethernet Gateway 4 and iMonnit is secured by packet
level encryption. Similar to the security between the sensors and gateway, the gateway and
server also establish a unique key using ECDH-256 for encrypting data. The packet level
data is encrypted end to end removing additional requirements to configure specialized
VPN’s. The gateway can still operate within a VPN if it is present.
PAGE 3
SNTP SECURITY
The gateway can be set up to retrieve time from an SNTP server. An SNTP server can be
set up on the same LAN as the gateway, such as on a router or a Linux computer. The
gateway should be configured to retrieve time from only trusted servers, such as ones
maintained by your ISP. Incorrect time can affect the delivery of sensor traffic.
If the Monnit Server is active, it will be utilized for time synchronization in ordinary opera-
tion. So SNTP will be used as a backup.
SNMP SECURITY
SNMP stands for Simple Network Management Protocol) is an Internet application protocol
that manages and monitors network device functionality. Monnit uses SNMP version 1.
These settings can both be configured both on iMonnit and the local interface.
