Get a complete overview of our Compressed Air, Industrial Gas & Process Cooling Solutions

Find out about our product ranges and newest technology for sustainable productivity.
Capability Brochure

Everything you need to know about your pneumatic conveying process

Discover how you can create a more efficient pneumatic conveying process.
3D images of blowers in cement plant
Close

Elektronikon® Nano™ security

Encryption, authentication and certification

Elektronikon® Nano™ security: Encryption, authentication and certification

Advances in connectivity technology have provided compressor controllers with astonishing new possibilities. The Nano from Atlas Copco is one of the most sophisticated. It enables remote compressor monitoring and control, and even over-the-air updates. That means that, just like phones, high-end speakers and cars, compressor performance can be improved and new features added via the wireless installation of periodic updates.


This allows Atlas Copco’s G compressors to become better over time … and the Nano™ will soon also be available for other series as well.


While these new options are great for users who want to monitor and control their compressors from afar or take advantage of the latest innovations Atlas Copco engineers have developed, there is one question that first has to be answered.


Is this technology safe to use?
 It is a valid question. After all, it seems as though reports of hacks and malware attacks – caused by careless users or poorly protected products – are increasing.


Fortunately, the Elektronikon Nano was designed to include proven cybersecurity standards. It protects the compressor from both online and offline threats.

The connected controller

To understand this protection, we should first look at how the Nano™ works as well as its many connectivity options and features. This advanced controller, which was developed entirely in-house and is the smallest of the popular Elektronikon series, connects with Atlas Copco’s SMARTLINK app. It gives customers the freedom to monitor their G compressor using their smartphone or tablet. All they need is a wired/wireless Internet connection. They can even control their G via Bluetooth®. The Nano also allows updates to be downloaded and installed.
 

Like any product that can be operated remotely or has an internet connection, a connected compressor can be exposed to a number of risks if it is not properly protected. That is why Atlas Copco has gone through extraordinary lengths to design the Nano so that it is completely secure.

Three main risks of compressor connectivity

There are three main areas of risk that had to be addressed.

  1. The risk of somebody taking over the compressor (or intercepting data) while they are in its vicinity.
  2. The risk of somebody accessing the data sent from the compressor to the cloud.
  3. The risk of somebody manipulating data like the over-the-air updates that are sent to the compressor.


Atlas Copco’s experts have made sure that none of these potential cybersecurity risks pose a problem for the Elektronikon Nano and the compressors it controls. Let’s go through them one by one to understand which steps have been taken to protect you from unauthorized access

Optimal protection from unauthorized on-site access

First let’s look at the risk of unauthorized access to the compressor by somebody who is physically close to it, for example by using a Bluetooth connection. If successful, they could steal data, install hacked firmware or take control of the compressor.


That is why Atlas Copco has ensured that unauthorized users in the vicinity of the compressor cannot succeed. A time-limited pairing procedure prevents unauthorized access via Bluetooth. Data storage encryption makes it impossible to gain access to or change data stored in the compressor. In addition, the Bluetooth communication channel is encrypted. This means that sensitive data such as your WiFi password will never be exposed.

Safeguarding your compressor from a cloud-based attack

Atlas Copco compressors equipped with a Nano controller are connected to the cloud, for instance to store data and download over-the-air updates. Such a cloud connection, if not properly secured, could allow data theft, eavesdropping, unauthorized remote control, denial of service attacks and the installation of hacked firmware.

With its cybersecurity measures, Atlas Copco ensures that this won’t happen – with regard to data your compressor sends to the cloud for remote monitoring and for data it receives, for example in the form of over-the-air updates. 

TLS 1.2 and X.509 CA authentication for experts

Thanks to an encrypted communication channel using Transport Layer Security (TLS) 1.2, Atlas Copco customers’ cloud-based information is safe from eavesdropping and data theft. While most people have never heard of TLS, they likely take advantage of this technology daily. It is a widely-used cryptographic protocol that provides communication security, designed to make the communication between two or more computer applications secure. 

Atlas Copco uses this technology in combination with X.509 certificates, another term familiar to experts. X.509 certificates are used to ensure that the compressor will only connect to secure Atlas Copco entities. That means your data only goes to the Atlas Copco cloud, which is protected by extensive Microsoft security measures, and nowhere else. The same technology is used to prevent unauthorized access to the Atlas Copco cloud. Only a compressor controller that can provide a correct key is allowed to connect to the Atlas Copco cloud, and that key is kept in the secure storage of the controller.

This ensures that the data you transmit and receive is perfectly safe, only goes where it is supposed to go, and is only received by the intended recipient.

In addition, Atlas Copco uses firmware authenticity verification to guarantee that you will never install firmware that was hacked or tampered with. This is done by employing the Elliptic Curve Digital Signature Algorithm (ECDSA) and the RSA public-key cryptosystem.

TLS 1.2 and X.509 CA authentication for laypersons

So, what does that mean?
 

Most people don’t know that when computers communicate, it’s usually never as easy as one device “talking” directly to another. In most cases, the information from Device A first goes through routers and firewalls.
 

Unless the proper steps are taken, which Atlas Copco did, this poses two potential problems. The first is that their communication could be “read” or recorded by any of these intermediary devices. In addition, there is a danger that the message that seemingly came from Device A did not actually originate there, i.e. that somebody with nefarious motives is pretending to be Device A or altered the original message.
 

Fortunately, devices like the compressors controlled by the Nano can be optimally protected from both threats.
 

First, this is done by using encryption to guarantee that the message from Device A to Device B cannot be read by any of the intermediaries. Essentially, only these two devices can understand the message because it is encrypted by Device A and not decrypted until it gets to Device B.
 

Now they just have to figure out how Device A can encrypt the data in a way that Device B – and only Device B – can decrypt it.
 

The answer is a process called “public key cryptography”, also known as asymmetric cryptography. In this process, Device B sends a “public” key to Device A. This key is asymmetric, an important qualifier because that is what makes the key secure. It can be used to encrypt data, but the same key cannot be used to decrypt it. To decrypt this data, a “private” key is required. Device B will send out its public key so that device A can encrypt the data but will never share its private key. This ensures that only Device B can read the encrypted data. If the public key were to get intercepted by an intermediary device, this is no problem as this key can only be used to encrypt data but not to decrypt it. Likewise, Device A will send its public key to Device B so that Device B can encrypt data to be decrypted only by Device A. This is how the two devices establish a secure communications channel.
 

This is one of the ways in which the Nano protects its G compressor: the information it receives is sent through one of these secure channels and outside parties cannot use any of the information if they were to intercept it.
 

The second challenge is to make sure that the devices are who they claim to be. After all, what could stop an intermediary device from pretending to be Device B? If this happens, Device A will use the public key of the fake Device B to encrypt and share sensitive data and Device B will be able to decrypt and read this data. The answer is certification. When Device A requests the public key, it also asks Device B to provide a certificate of authenticity (an X.509 certificate). More specifically, Device B will “sign” the public key using the certificate and Device A will verify whether the signature is correct. An intermediary device will not be able to provide the correct signature.  This “mutual transport layer security authentication” allows each device to be sure that the other is the intended recipient. The two devices can then exchange confidential information without any risk of exposure.
 

While all of this might sound complicated, it is most of all secure. With these advanced protocols Atlas Copco has made sure that the Elektronikon Nano is just that.

Want to learn more?
Want to learn more?
Get in touch with one of our experts to discover more.
 
Get in touch with one of our experts to discover more.
Over-the-air updates
Atlas Copco over-the-air updates compressor
Over-the-air updates
What are OTA updates for compressors and how do they work?
 
What are OTA updates for compressors and how do they work?
What are OTA updates for compressors and how do they work?
Explore the G series
G 15 L compressor (2021), G 15-22 range, G 15 G15 G22 - Oil-inected screw compressor
Explore the G series
Superior connectivity and performance
Atlas Copco elektronikon Nano controller SMARTLINK
Superior connectivity and performance
Read more on the Elektronikon® Nano™ controller
 
Read more on the Elektronikon® Nano™ controller
Read more on the Elektronikon® Nano™ controller

Elektronikon® Nano™ security

explainer icon