To understand this protection, we should first look at how the Nano™ works as well as its many connectivity options and features. This advanced controller, which was developed entirely in-house and is the smallest of the popular Elektronikon series, connects with Atlas Copco’s SMARTLINK app. It gives customers the freedom to monitor their G compressor using their smartphone or tablet. All they need is a wired/wireless Internet connection. They can even control their G via Bluetooth®. The Nano also allows updates to be downloaded and installed.
 

Like any product that can be operated remotely or has an internet connection, a connected compressor can be exposed to a number of risks if it is not properly protected. That is why Atlas Copco has gone through extraordinary lengths to design the Nano so that it is completely secure.

There are three main areas of risk that had to be addressed.

1. The risk of somebody taking over the compressor (or intercepting data) while they are in its vicinity.
2. The risk of somebody accessing the data sent from the compressor to the cloud.
3. The risk of somebody manipulating data like the over-the-air updates that are sent to the compressor.

Atlas Copco’s experts have made sure that none of these potential cybersecurity risks pose a problem for the Elektronikon Nano and the compressors it controls. Let’s go through them one by one to understand which steps have been taken to protect you from unauthorized access. 

First let’s look at the risk of unauthorized access to the compressor by somebody who is physically close to it, for example by using a Bluetooth connection. If successful, they could steal data, install hacked firmware or take control of the compressor.

That is why Atlas Copco has ensured that unauthorized users in the vicinity of the compressor cannot succeed. A time-limited pairing procedure prevents unauthorized access via Bluetooth. Data storage encryption makes it impossible to gain access to or change data stored in the compressor. In addition, the Bluetooth communication channel is encrypted. This means that sensitive data such as your WiFi password will never be exposed.

Atlas Copco compressors equipped with a Nano controller are connected to the cloud, for instance to store data and download over-the-air updates. Such a cloud connection, if not properly secured, could allow data theft, eavesdropping, unauthorized remote control, denial of service attacks and the installation of hacked firmware.

With its cybersecurity measures, Atlas Copco ensures that this won’t happen – with regard to data your compressor sends to the cloud for remote monitoring and for data it receives, for example in the form of over-the-air updates. 

So, what does that mean?
 

Most people don’t know that when computers communicate, it’s usually never as easy as one device “talking” directly to another. In most cases, the information from Device A first goes through routers and firewalls.
 

Unless the proper steps are taken, which Atlas Copco did, this poses two potential problems. The first is that their communication could be “read” or recorded by any of these intermediary devices. In addition, there is a danger that the message that seemingly came from Device A did not actually originate there, i.e. that somebody with nefarious motives is pretending to be Device A or altered the original message.
 

Fortunately, devices like the compressors controlled by the Nano can be optimally protected from both threats.
 

First, this is done by using encryption to guarantee that the message from Device A to Device B cannot be read by any of the intermediaries. Essentially, only these two devices can understand the message because it is encrypted by Device A and not decrypted until it gets to Device B.
 

Now they just have to figure out how Device A can encrypt the data in a way that Device B – and only Device B – can decrypt it.
 

The answer is a process called “public key cryptography”, also known as asymmetric cryptography. In this process, Device B sends a “public” key to Device A. This key is asymmetric, an important qualifier because that is what makes the key secure. It can be used to encrypt data, but the same key cannot be used to decrypt it. To decrypt this data, a “private” key is required. Device B will send out its public key so that device A can encrypt the data but will never share its private key. This ensures that only Device B can read the encrypted data. If the public key were to get intercepted by an intermediary device, this is no problem as this key can only be used to encrypt data but not to decrypt it. Likewise, Device A will send its public key to Device B so that Device B can encrypt data to be decrypted only by Device A. This is how the two devices establish a secure communications channel.
 

This is one of the ways in which the Nano protects its G compressor: the information it receives is sent through one of these secure channels and outside parties cannot use any of the information if they were to intercept it.
 

The second challenge is to make sure that the devices are who they claim to be. After all, what could stop an intermediary device from pretending to be Device B? If this happens, Device A will use the public key of the fake Device B to encrypt and share sensitive data and Device B will be able to decrypt and read this data. The answer is certification. When Device A requests the public key, it also asks Device B to provide a certificate of authenticity (an X.509 certificate). More specifically, Device B will “sign” the public key using the certificate and Device A will verify whether the signature is correct. An intermediary device will not be able to provide the correct signature.  This “mutual transport layer security authentication” allows each device to be sure that the other is the intended recipient. The two devices can then exchange confidential information without any risk of exposure.
 

While all of this might sound complicated, it is most of all secure. With these advanced protocols Atlas Copco has made sure that the Elektronikon Nano is just that.