Amazon Devices Will Soon Share Your Internet

7. How does Amazon manage Sidewalk?
Amazon Sidewalk is a “pipeline” that moves data back and forth between an endpoint and its respective application server. In addition to security and privacy, a third key area of focus during these transmissions is network optimization. Sidewalk supports multiple protocols for endpoints to communicate with a gateway, including 900 MHz (LoRa and FSK) and BLE. To optimize the network, Sidewalk allows an endpoint to “find” the best solution given the radios it supports. For example, let’s take an endpoint that has LoRa and BLE onboard. While it communicates primarily on LoRa for longer range, when in range of a BLE gateway, the endpoint can switch to BLE (which required less power) to preserve battery life.

An important role Amazon plays when managing the network, is to ensure no single gateway becomes overburdened with Amazon Sidewalk traffic. The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, total monthly data used by Sidewalk enabled-devices, per customer, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.

11. What data will application developers get from Amazon Sidewalk?
Amazon Sidewalk won’t support third-party devices immediately at launch, but we will make careful choices about the information they receive from Sidewalk. We’ll have more details in the future.

Steve: But at a cost of bandwidth. If the carrier is a lower frequency, you can’t modulate it that quickly. And in fact, there is an incredibly clever modulation scheme known as LoRa we’ll get to in a second which uses chirps, chirping up or chirping down, which, well, anyway. We’ll get there.

They said: "With Amazon Sidewalk, customers will be able to place smart devices anywhere on their property and know they’ll work great, even in dead spots where WiFi and Bluetooth won’t reach. Using the 900 MHz spectrum to help devices communicate is not new. In fact, it’s been around for decades, providing reliable secure connections for long-range devices like the radios used by emergency services and the digital pagers carried by doctors on call. It’s by combining this tested communications network with an innovative new protocol developed by Amazon that we arrived at Sidewalk, a new way for the next generation of low-cost, low-bandwidth sensors and smart devices to work together to create a secure network of long-distance connections bridging the connectivity gaps around our homes.

"The immediate benefit of a 900 MHz-based network is the ability to use your favorite connected devices even if they’re located far away from the router inside your home. Today, Ring Smart Lighting Bridges use connections in this spectrum to extend the range of smart lighting products, and soon additional devices including the latest generation

Ring Floodlight Camera and Ring Spotlight Camera will also help customers extend the network connections around their homes and control those 900 MHz devices at much greater distances.

"Better network connectivity can also help keep devices safe and up to date. Today, when customers place a smart device at the edge of their home network, poor network connectivity can prevent that device from receiving important feature and security updates. By extending long-range, low-bandwidth connections using the Amazon Sidewalk network, customers won’t have to worry about smart devices that don’t have access to the latest security updates or work as intended because they’re out of network range.

"In the near future, we also see the potential to help customers get more from 900 MHz connections in their neighborhoods, creating a broad network among neighbors that can be used to extend connectivity all the way to your mailbox out at the street where a smart sensor lets you know exactly when your mail has been delivered, or to a water sensor that lets you know it’s time to water the garden in the backyard.

“For example,” they said, “just a week ago” - now, this is a week ago a year ago - “Amazon employees and their friends and family joined together to conduct a test using 700 Ring lighting products which support 900 MHz connections. Employees installed these devices around their home as typical customers do; and, in just days, these individual network points combined to support a secure” - and we’ll get to security because of course that’s super important, and I’ve got it nailed here in the podcast - "to create a secure low-bandwidth 900 MHz network for things like lights and sensors that covered much of the Los Angeles Basin, one of the largest metropolitan regions in the United States by land area.

“This neighbor-created network demonstrates the potential of Amazon Sidewalk - a broad coverage network, great for low-bandwidth, low-cost devices that require no complex setup or maintenance for customers. But the benefits don’t stop there. With Sidewalk, we also see the opportunity to deliver new devices and experiences that delight our customers.”

They said: “As one example, this week we announced” - and this would have been a year ago - "Fetch, a compact, lightweight device that will clip to your pet’s collar and help ensure they’re safe. If your dog wanders outside a perimeter you’ve set using the Ring app, Fetch will let you know. In the future, expanding the Amazon Sidewalk network will provide customers with even more capabilities like real-time location information, helping you quickly reunite with a lost pet. For device makers, Fetch also serves as a reference design to demonstrate the potential that devices connected to a broad, reliable network can provide to their customers.

“Extending the convenience of a long-range network will take time, but we’re already working quickly to bring this future to life for customers. For device makers, we plan to publish protocols that any manufacturer can use to build reliable, low-power, low-cost devices that benefit from access to long-range, low-bandwidth wireless connections. In the meantime, you can sign up to be notified when more information is available.” And they finish: “Amazon Sidewalk is a long-term effort, but we’re excited to get started and can’t wait to see what device makers build and how customers benefit. The possibilities are endless.”

Okay. So clearly what they are planning and are in the process of bringing is a new radio which will be added to all of their Amazon devices. And that new radio will be 900 MHz, the 33-centimeter unlicensed amateur radio band. It also works with Bluetooth Low Energy, alternatively. Now, of course Amazon has been selling devices for quite a while. Today, all Echoes except for the first generation, so the second and third and fourth gens

in 2017, 2019, and 2020 are all Sidewalk-compatible. This year’s fourth-gen Echo also has the 900 MHz radio. All of the Echo Dots are Sidewalk compatible, but none of them have the 900 MHz radio. So they’re limited to using Bluetooth Low Energy. The same is true for the Pluses. There are five Echo Shows, and this year’s Echo Show 10 is 900 MHz- capable. And then those two devices they mention, the Floodlight Cam and the Spotlight Cam, those are both last year’s devices, and they already have the 900 MHz radio.

So in the show notes I’ve got a link to this whitepaper which I’ve read and digested and understand. In there they make a couple of points that I’ll share. They said: "A simple control is provided to enable and disable participation in the neighborhood network.

When customers first turn on a new Sidewalk gateway device, they will be asked whether they want to join the network. For customers with existing devices that are Sidewalk- capable, an over-the-air update will connect them to the network. No action is needed.

These customers will first receive an email about the pending update and instructions for how to disable, if that is their choice."

So that’s how, as I said at the top, that’s how Amazon sort of walked this fine line of really wanting this network to take off, but recognizing that they are using the Internet connectivity of their customers in order to create, they hope, over time a true 900 MHz Wide Area Network which can do all kinds of stuff, like fitting into a gap that exists today. And I think, for example, of the person who has a long drive from their home out to the end of their driveway where they have an automated gate, and they would like access to it, but WiFi won’t reach. This technology would be perfect for that. And it might even be that the gate is using the Amazon Sidewalk bandwidth of the house across the street, which is closer than their own. And I’ll explain how this works and why it can be safe.

Amazon also said: “As a crowd-sourced community benefit, Amazon Sidewalk is only as powerful as the trust our customers place in us to safeguard customer data. To that end, this document outlines the steps we have taken to secure the network and maintain customer privacy. These efforts are core to our mission and will continue to evolve and improve over time.” And, finally: “The maximum bandwidth of a Sidewalk Bridge” - and I’ll explain some of these terminologies. There’s five new definitions we have. “The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps,” they say, “which is about one 40th of the bandwidth used to stream a typical high-definition video. Today, total monthly data used by Sidewalk-enabled devices, per customer, is capped at 500MB, which is equivalent to streaming about 10 minutes of a high-definition video.”

So, I mean, the whole point of this, you know, nobody is going to use your Internet connection out literally on your sidewalk to download something. That’s not what this is. You don’t have, this is not an Internet protocol extension. There’s no IP, Internet Protocol, on this 900 MHz. It is a message-passing, signaling level network. So the overall network can be visualized by, well, can be visualized as consisting of five things. There are gateways like the Ring Floodlight. There are endpoints like a humidity sensor in your backyard. There’s the Amazon-operated, what they call the “Sidewalk Network Server.” And that’s distinct from, and I’ll explain how, from application servers which are the things that the endpoints communicate to. And then there are message packets, which is the medium of communication.

So the gateways, which they also call Sidewalk Bridges because it is a bridge from either your WiFi or your wired LAN to this participation in the 900 MHz network, the bridges forward packets to and from the Sidewalk Endpoints and through your LAN connect to the Sidewalk Network Server which is Amazon’s device. The gateways right now are Amazon devices, like the Ring floodlight cam, that use this 900 MHz band, or Bluetooth Low Energy, to provide connection to the Sidewalk network. At 900 MHz it either uses this LoRa (L-O-R-A) modulation or simple FSK (Frequency Shift Keying).

And LoRa is a very clever technology, which as I mentioned it uses bidirectional frequency chirps. So it’s inherently broad spectrum because a chirp is. But it allows it to obtain extremely good range at very low bandwidth. It makes good use of receiver sensitivity. And because the carrier is actually chirping, it solves the problem of particular carrier frequencies being blocked, just naturally blocked by some substances. You know, if something were in the way, which happened to be absorbing some particular band or a spike because it happened to be resonant at that frequency, it would absorb the energy. But the chirp spans that so the chirp still gets through. Anyway, the point is this is a very different technology meant for a very different application.

Okay. So we have the gateways. The endpoints, which they also call “Sidewalk-enabled devices,” may be known as edge devices, endpoints, or applications. They’re able to roam around on the Sidewalk network by connecting to Sidewalk gateways, whether your own or somebody else’s. The system is completely agnostic about whose gateway you’re connecting to, and it makes that secure. The endpoints are low-bandwidth, low-power smart products like leak sensors, door locks, lights, or devices attachable maybe to valuable things like luggage tags or a pet which is wandering around. The endpoints can be built and maintained by Amazon or by third-party developers, so the system is open.

The gateways can also act as an endpoint themselves and receive Sidewalk benefits like maintaining functionality when the device falls offline. And that’s interesting. For example, it would mean that if your own router and cable modem froze, your Sidewalk- enabled IoT devices like lighting or your door lock would normally fall offline. But this allows them to remain connected, thanks to a neighborhood-wide active Sidewalk network that would allow it to automatically ride over someone else’s bandwidth - again, not exchanging lots of data, but down at the message-passing level.

We have the Sidewalk Network Server, which is Amazon’s. It’s responsible for verifying that the incoming packets, and I’ll explain this in a second, are coming from authorized Sidewalk devices, routing packets to the desired destination, which is an application server, or in the other direction to an endpoint or a gateway. And it also keeps the network time synced. Time is an important component here, as we’ll see. They have very cleverly used time to cryptographically rotate all of the IDs of all of the devices, exactly analogous to the six-digit PINs that we’re all used to now with our one-time passwords. So everything needs to know what time it is. But given an agreement about time, this is how tracking is prevented over time. But anyway, I’ll explain that in a second.

Finally, the Application Servers are different from Amazon’s what they call the Sidewalk Network Server. The Sidewalk Network Server is the protocol endpoint, but that then forwards the packets, routes them to the Application Servers. So, for example, the company that provided the moisture sensor in the backyard or the leak detector, it would have its own app and its own server, which today we are connecting to, if you have WiFi. In the future it would be able to work over Sidewalk.

So the Application Servers are managed by the endpoint manufacturer, which could be Amazon or some third party. So, for example, say that the garage door opener manufacturer Genie were to create a smart Sidewalk-enabled garage door opener. It would normally be connected to your home WiFi, and it would normally be offering Sidewalk connectivity to your neighborhood. But reciprocally, it would also be able to use the neighborhood’s Sidewalk network if, for example, your WiFi was not available. So if you needed to reach it while your home LAN was down and you weren’t, you know, your router hung or your cable modem froze or something, the Genie Application Server would route through Amazon’s Sidewalk Network Server to reach your Sidewalk-enabled garage door opener via a neighbor’s Internet connection. And all of this is transparent. And the last component are Packets, also known as Messages, which are the things exchanged between the Endpoints and the Application Server going both directions through the Gateways and Amazon Sidewalk Network Server.

So that’s the architecture. Looking at it, the network’s design reveals that Amazon has put a great deal of time, attention, and design work into creating a system that provides the security controls that Amazon requires for the network to operate safely while also blinding Amazon to all of the network’s messaging traffic. Amazon can see nothing about the messaging level.

Our listeners know well about the Onion Router network, this concept of - it’s termed an “onion” because it’s consecutive shells of encryption. Well, that exactly mimics the design of this network. Sidewalk uses three layered wrappings of encryption. The innermost encryption is the application layer, which protects the privacy and security of the communications between the endpoint, like out in your backyard, and the application server which needs to talk to that device.

So this is the layer that does the actual signaling work, the message passing. And it is end-to-end encrypted using the state-of-the-art means that we know of to do that today. So that creates an encrypted tunnel between the far extremes. The application layer encryption is then in turn encrypted, also at the endpoint. So the endpoint encrypts first for the application server. Then it encrypts that for the Amazon Network Server. This conceals and protects the Sidewalk packet as it’s moving over the air. And the plaintext data encrypted by this layer is accessible only to the endpoint and the Amazon Network Server, nothing in between.

And then, finally, what they call the “Flex Layer” is added at the gateway device. So the endpoint encrypts twice, once with a key known only to the application server. Then it encrypts that with a key known only to Amazon’s Network Server. That goes over 900 MHz to the Sidewalk gateway device. It encrypts that for the Amazon Network Server using a trusted and tamperproof reference for message-received time and adds an additional layer of confidentiality. That’s then what it transmits, either over your wired LAN or WiFi, to Amazon’s Network Server.

So as I noted above, ultimately the communication is between the endpoint devices and their application servers, with the Sidewalk gateway devices and Amazon’s Network Server functioning as intermediaries. So consequently the innermost wrapper of encryption is end to end between endpoint device and the device’s matching application server. Neither the gateway that facilitates the communication at the neighborhood end nor the Amazon Network Server that facilitates the communication over the Internet are able to see anything about what’s being transacted.

And looks like I quoted from Amazon’s document. They said: “Amazon has carefully designed privacy protections into how Sidewalk collects, stores, and uses metadata. Sidewalk protects customer privacy by limiting the amount and type of metadata that Amazon needs to receive from Sidewalk endpoints to manage the network. For example, Sidewalk needs to know the endpoint’s Sidewalk ID to authenticate the endpoint before allowing the gateway to route the endpoint’s packets on the network. Sidewalk also tracks a gateway’s usage to ensure bandwidth caps are not exceeded and latency is minimized over a customer’s private network.”

They said: “Information customers would deem sensitive, like the contents of a packet sent over the Sidewalk network, is not seen by Sidewalk. Only the intended destinations, the endpoint and application server, possess the keys required to access this information. Sidewalk’s design also ensures that owners of Sidewalk gateways do not have access to the contents of the packet from endpoints,” whether or not they own those endpoints which may be using their bandwidth.

“Similarly, endpoint owners do not have access to gateway information. The Sidewalk Network Server” - that’s Amazon’s - “continuously ‘rolls,’ or changes transmission IDs” - they call them “TX-IDs” - "and Sidewalk Gateway IDs every 15 minutes to prevent

tracking devices and associating a device to a specific user. The IDs use a time-based cryptographic system like our TOTPs so that the endpoints are continuously and autonomously reidentifying themselves using a periodically changing ID, and the Amazon server shares the underlying key and thus can determine who’s who. But no one monitoring the metadata could determine whether the same or some other device was communicating" from one series of events to another.

From the view of the endpoint, the device using someone’s gateway device, it’s only able to view information that pertains to the normal operation of its device, whether the smart light is on or off. It’s unable to see routing information or even what gateway, for example, if it’s not owned by its owner, the smart light is receiving support from, nor any information about that gateway and the gateway’s owner. The gateway information is encrypted behind the Sidewalk network layer and the flex layer. So again, it’s a well- designed system of deliberate blinding layers so that only the information needed is visible. Everything else is encrypted in a lower level layer. And the thing down at the low level has no awareness of what’s going on at the higher level.

From the viewpoint of the gateway device, it is unable to see what the endpoints, whether or not they’re owned, are receiving from their gateway. They have no idea what types of endpoints are connected, nor the times in which they are connected, or information about the owner of the endpoint. All of that information is encrypted as it passes by the Sidewalk Application Layer. At the far end, the application server is unable to see any information pertaining to the gateway owner because that’s been stripped by Amazon’s Sidewalk Network Server. It only has access to the endpoint information, since those outer wrappers and metadata, like the gateway ID, will have been removed by Amazon’s Network Server.

And as we would hope, the registration time establishment of unique identifying credentials assure that only trusted and known devices can enter the Sidewalk network, which prevents unauthorized devices from joining. The Sidewalk Network Server, the Application Server, and each Sidewalk device, both the gateways and the endpoints, are provisioned with a unique set of Sidewalk credentials that are used during the Sidewalk device registration process to mutually authenticate each device’s identity and to derive unique session keys for use between them. Rolling encryption keys are periodically derived from their respective session keys.

Amazon also noted that to protect their customers’ privacy, the routing data that they were necessarily using to link the location of a known endpoint device to perhaps someone else’s gateway by network but also probably by geographic location is deliberately wiped and discarded on a rolling 24-hour basis. So it’s only retained for a day.

So that’s the system. It’s not neighborhood WiFi. It’s an encrypted IoT low-speed communications signaling solution. It’s initially primarily Bluetooth Low Energy, since all of Amazon’s various devices have that. And we know that’s, what, 30 feet maybe, 10 meters, so not a great distance. But over time all new Amazon devices will certainly include this newer 900 MHz radio that will really start to give the system some useful range. And as I said, while it certainly will need to survive a deeper analysis by crypto people and academic analysts, it’s clear that they really thought this through. They worked hard to create and deliver a state-of-the-art secure messaging solution. And if it were to succeed, we might be in a world where a cool low-frequency, low-bandwidth, low data rate message passing network was pervasive. And it would allow things that right now have a hard time staying connected to be connected. So I think it’s cool. That’s what Sidewalk is.