FAQ: System & Security

 

Overview

Density is committed to protecting and securing the data it accesses, stores and processes from its customers. We recognize that having an internet-connected hardware device on customer premises requires a serious examination of security. Our approach to security includes both technical controls and internal processes and procedures.

We are continuously improving the product and its security. The following FAQs should help illustrate our approach to security for our hardware sensor, its embedded software, and our software-as-a-service offerings.


What data does the sensor collect?

The Density sensor uses infrared light, depth-sensing technology, and computer vision to register anonymous human movement through a door. Learn more.

This data is anonymous by design and is encrypted via TLS in transit. In addition to people count data, the sensors transmit periodic metrics about their own operation, including CPU and memory usage, internal temperature, uptime, boot-up logs, etc.

All metrics and logs data is sent to the Density API via HTTPS.


How is the sensor powered?

The sensor is powered via power-over-ethernet (PoE) or 12v power adapter if preferred.


How does the sensor get online?

The sensor is installed on your network within the DMZ. During the installation process, an iOS app is used to provision the sensor. The provisioning application uses bluetooth low energy (BLE) to configure the sensor for your network and provide it with the necessary credentials to communicate with the Density API.

All currently available sensors are equipped with a WiFi / Bluetooth dongle. This port can be disabled once provisioned. 


What ports does the sensor listen on?

The sensor does not listen on any ports by default. With a customer's permission, sensors can be configured to temporarily run sshd. 

The sensor also uses bluetooth low energy (BLE) for the initial provisioning process. This port can be disabled once provisioned. 


What hosts and ports does the sensor communicate with?

The sensor communicates with the Density API, hosted on Amazon Web Services (AWS). All communication from the sensor is encrypted via TLS. The sensor uses HTTPS only (on port 443) and communicates with a limited number of subdomains under `*.density.io`.

Sensors also download updates via signed URLs on AWS Simple Storage Service (S3). Sensors also communicate over HTTPS with the AWS managed Internet of Things (IoT) service.

Because the Density API is hosted on AWS, we currently do not support IP address whitelisting. A list of exact API subdomains is available upon request.


Is the sensor IPv6-capable?

We do not currently support IPv6. However, our API is dual-stack IPv4/IPv6, and we can provide support IPv6 on the device if required.


How is the sensor authenticated?

During initial setup, the sensor is given a persistent token by the Unit Setup app. The sensor uses this token for all communication with the Density API. The sensor mutually authenticates the Density API by the API's HTTPS certificates.


Does the sensor have any key material?

The sensor is shipped without any key material. Network credentials and authentication tokens are provided by the provisioning app and stored on the device.


What OS is the sensor running?

Density sensors run custom embedded Linux. The userland is Busybox. Density sensors ship with only the minimum services and tools required to operate.


How is the sensor patched?

Density sensors receive over-the-air (OTA) updates on a regular basis. The sensors check-in to the Density update server periodically. All communication with the update server is via HTTPS. The update server authenticates the sensor and provides the sensor with a time-limited HMAC-signed URL on AWS Simple Storage Service (S3) with the update, as well as a hash signature of the update.

Updates are always a whole OS-image. The sensor device has active and standby root partitions. The active root partition is always read-only. The sensor downloads the update image to the standby partition, verifies its integrity, and then reboots with a boot flag to use the new partition. If the update were to fail, the sensor will toggle back to the working partition.


How often is the sensor patched?

Density sensors receive regular OTA updates with algorithm improvements every 2 weeks. In the case of a security patch, the sensors will be patched immediately.


How is the sensor physically secured?

The sensor is mounted on customer premises above an entryway. Sensors have only the ethernet port and a USB port exposed.


Where are Density services hosted?

The Density API is hosted entirely on Amazon Web Services (AWS) in multiple US regions. Density also uses third-party services such as GitHub for source control and Sentry or NewRelic for application monitoring.


What data do Density services handle?

Anonymous depth data, processed count, health stats, and system logs.

Density provides an API and customer dashboard for viewing people count data over time. The service includes customer-provided metadata about the spaces associated with each sensor. 

Users are associated with a customer organization. Density stores the email address for each user for login purposes, as well as their hashed-and-salted password. No customer email addresses or login information is shared with any third party except as required for operational monitoring.


How are the Density services patched?

Density services are deployed using the principles of continuous integration and immutable infrastructure. Applications are continuously tested and deployed to our staging environment. Once approved, the application artifacts are deployed to production.


How does Density handle CVEs and vulnerabilities?

Density developers and operations teams monitor for new CVEs affecting applications in use. Patches for applications are continuously tested and delivered immediately upon validation.


Who has access to Density services?

 

The Density services are multi-tenant. Access to customer data is via mandatory role-based access control. Customers cannot access the data of other customers. Density staff have access to customer data only on a need-to-know basis. All access to Density services is logged.


Have Density services been externally audited?

Not yet. Density SaaS offerings will be subject to third party audits in accordance with the auditing standards under the Statement on Standards for Attestation Engagements (SSAE) No.16., Reporting on Controls at a Service Organization ("SSAE 16") published by the American Institute of CPAs (AICPA). The resulting SOC-2 reports will be made available as these audits are performed.

Density services rely on several third-party providers, such as Amazon Web Services (AWS). These providers publish their own SOC-2 reports which Density will make available upon request.


For any outstanding technical questions, please contact: security@density.io