Increased road safety through secure data transmission from mobile LED-congestion warning systems
About IBOMADE GmbH
IBOMADE GmbH is a manufacturer of various applications for traffic technology and road safety. The solutions include mobile LED-congestion warning systems, dynamic detour signs or freely programmable message signs. Mobile LED-congestion warning systems increase road safety using state-of-the-art technology, as good visibility and immediate transmission of data can prevent rear-end collisions, for example.
Problem
Within one year, IBOMADE developed products for traffic technology 4.0. In-house production was started at the beginning of 2020. For the product line of mobile LED-congestion warning systems, industrial routers were needed to securely transmit the data to their cloud system so that a flawless and safe traffic flow could be guaranteed. For this, the data must be transmitted continuously and reliably. Extensive tests were carried out in advance to integrate the industrial routers into the internal systems. To connect the devices in the field to the central system hosted in the cloud, a mobile radio solution was sought that provides a carrier-independent infrastructure. The first step was to look for a roaming SIM card that could establish a connection to the APN via different carriers. In addition, an industrial router was needed that could guarantee a stable connection on a permanent basis according to the applicable environmental parameters. In addition to a solution that provides connectivity, it was necessary to manage and monitor all the components involved. For this purpose, an encrypted VPN infrastructure was set up, which also has management solutions so that all routers in the field can be configured and updated remotely.
Solution
In the project, a wide variety of communication systems were used to realise a secure connection from the control cabinet to the central data administration. The components used fully meet the requirements of the German Federal Office for Information Security (as of 03/2021).
Welotec industrial routers
Due to the corresponding environmental parameters resulting from the areas of application of the mobile LED-congestion warning systems, the industrial routers must fulfil several requirements. They must be particularly robust, withstand extreme temperatures as well as shocks, vibrations, and vibrations, and always guarantee a reliable internet connection for data transmission. Another advantage of the Welotec devices used is the integrated switch function, so that no additional device is required. In addition to routing and switching functions, the roaming-capable Welotec TK815L-EX0 industrial router has an integrated state-of-the-art firewall that protects the system itself and the components behind it (main controller) from unauthorised access. Current security protocols, ciphers, and implementations such as SHA512, SHA385, SHA256, AES-256-CBC, AES-128CBC, DH4096, DH2048 are also integrated in the routers.
As this was a new development, there was a close exchange between the technical contacts, who provided advice on any questions that arose. In addition to the industrial routers, the corresponding antennas are also supplied. Depending on the requirements, different quantities of routers can be ordered and delivered flexibly and easily.
OPNsense
In this setup, an OPNsense serves as a central firewall and provides a secure connection between the router and the AWS Cloud as a VPN concentrator. The OPNsense is an open-source firewall and is continuously supported and updated by a large community. Like the routers, the OPNsense also has numerous security protocols and ciphers.
Welotec VPN Security Suite
The Welotec VPN Security Suite serves as the central management component of the routers and the VPN infrastructure. It can be used to roll out and change router configurations and centrally manage and install firmware updates. An integrated PKI (Public Key Infrastructure) enables the creation, assignment, distribution, and revocation of certificates. With the Welotec VPN Security Suite, a secure communication infrastructure can be established that is easily scalable.
