WiTTRA System Security Statement
WiTTRA offers the typical security any web solution offers. There are two ways to access the data, either through the database directly or through our API. The database is a standard NoSQL solution (Firebase) that requires authentication and is set up in a way that only accounts within our Google Cloud project have access to them. The API is secured so that you only have access to data within your own organization, with the possibility for the creator of an organization to invite others.
Sensors send data is encrypted and authenticated with DTLS, ensuring host-to-host security between the device and the gateway. This means that no wireless device can eavesdrop on data being sent nor impersonate a WiTTRA device without first breaking state-of-the-art AES-CCM encryption. The gateway then relays data to the cloud over a TLS connection, with a keypair managed by the built-in TPM chip (Trusted Platform Module), ensuring the security secrets never exist in the gateway’s memory; rather, they are kept inside of the tamper-resistant TPM. This allows the backend to reliably authenticate WiTTRA gateways and protect the confidentiality of all sensor data.
If you have any further questions regarding the WiTTRA System Security Statement, please reach out to us at firstname.lastname@example.org