Edge Connectivity and Data Security
The experience of owning an Ather is elevated by the smart offerings that our scooter offers. It is not just limited to owning the scooter as only an automobile but connectivity and OTAs enable us to offer a continuously appreciating experience. This journey of continuous improvements, new experiences and seamless connectivity is provided through over-the-air updates.
At Ather, our belief in making a better product every day and chasing this spirit of improvement is made possible through an active feedback loop of data that can be analysed and acted upon to better the ownership experience.
We have clocked, on average, around 10 lakh rides per day on our scooters with this number increasing each day. At this scale, it is very important to maintain a seamless pathway of information from the scooter that can be used by our internal teams to study, analyse and improve the experience we offer. This pathway enables us to understand user experiences, user expectations and come up with new intelligent connectivity features.
Ensuring data security has always been of utmost importance to us as we do not and will not compromise on this for our customers. This ideology has driven us to have a security module on the scooter from the early stages of scooter development.
As a company, our focus on developing robust data security has enabled us to now confidently forge forward in building better experiences, features, and analytical engines around this data.
How do we do it?
The obvious answer is that we need data from the scooters without interruption. However, to achieve this, we need to ensure the data privacy and security of our users. Alongside this, our devices are continuously mobile and are susceptible to network conditions and bandwidth.
Keeping these limitations in mind, we ensure there is a secure and reliable channel for data transfer which doesn’t compromise the integrity, confidentiality and security of data. Our systems are designed to ensure all three points.
Why is data security important in the world of electric scooters?
The scooters we build are not limited to providing a mobility experience. We aim to provide a smart and seamless ride experience and take pride in ourselves on being ahead of the curve in offering safety in terms of not only data but the ride quality. This is possible only through our ability to make meaningful insights and also by being able to predict smarter and safer experiences from them.
These insights require data from the scooter — from various components and applications on the scooter — for analysis and understanding. The transmitted data from our scooters and charging grids are stored in the cloud in a secure, safe and reliable way.
The smartness that this data enables us to achieve drives us to build better EV products and bring better experiences.
The connectivity story
Our scooter fleet transmits data continuously to our servers. We ensure data security and integrity by using mutual TLS (Transport Layer Security) to secure our communication channels. The encrypted data is transferred over the network securely without any interceptions. But, before understanding mutual TLS let us first understand what TLS really is.
TLS (Transport Layer Security)
Transport Layer Security is a standard for securing communications over the internet. This ensures that data between two devices on the network is transferred securely and that the said data remains unaltered during transmission. TLS uses a Public Key Infrastructure (PKI) to guarantee this secure communication.
PKI uses a self-generated public and private key pair signed by a trusted Certificate Authority (CA). The public-private key pair is a unique pair of keys that complement each other. Anything encrypted using a public key can only be decrypted by its corresponding private key, and vice-versa. A Certificate Authority is a trusted third party that verifies the identity of entities and facilitates secure transmission/communication of data. The parties involved in the communication both trust the CA and any certificate signed/verified by the CA.
In a secure TLS handshake, the Secure Sockets Layer (SSL) certificates i.e. the CA-signed public keys of each device, are shared with each other during the initial handshake for identity verification through a certificate request. The public key is used to encrypt the data to achieve the initial TLS handshake which is decryptable only by the private key.
So, the general practice is to use TLS where the client authenticates the server prior to transmitting data from the vehicles to the server. At Ather, we go one step further by ensuring that both the client and the server authenticate each other before data is transmitted, thereby ensuring both devices know each other and are indeed who they claim to be. This is termed mutual TLS authentication.
This flow begs the question, ‘What if the private key is compromised?’
Communication through TLS banks on the confidentiality of the private key. It is of utmost importance that the private key of a client is never shared and that it be known only to the client. We ensure this through a Hardware Security Module (HSM). An HSM is a piece of hardware on the device that enables secure storage of data.
The private key, which is unique to each device, is stored, locked, and accessible only to the HSM. During the lifecycle of a device, one of the prior steps involves writing private keys to HSM and locking them. Crypto libraries on the vehicle interact with the HSM to achieve secure TLS communication. The HSM is itself tamper proof and any data locked into the hardware cannot be accessed. The principle here is based on the idea of ‘what you cannot see, you cannot break’ This robust authentication mechanism is used to provide a secure channel for the transmission of data which enables a smart AND secure user experience.
At Ather, we have built products that continue to improve over time. A lot of this is enabled by us analysing data gathered from our fleet and devising newer features to warp towards newer ownership experiences. All of it is backed by a robust data security platform. The process of using mutual TLS through HSM ensures data confidentiality and security while enabling secure data collection. We are dedicated to achieving complete security as we challenge and improve upon our own systems. Keep a lookout for more on this in the future!
Edited by Ram Bhavaraju , Udipto Phukan and Nikita Vaswani
