Page 38

EETE JULAUG 2014

DATA ENCRYPTION & SECURITY Software is the new asset to protect in modern manufacturing By Oliver Winzenried Considering the entire span of human history, it seems like yesterday when the first industrial revolution changed the complete structure of society, attracted people from the countryside to central areas of aggregation, determined the creation of cities, improved efficiency, and introduced quality standards. Now, with Internet connection and utilities being available globally and constantly, manufacturing sites can be built practically anywhere; they are automated to an extent that was unthinkable just a few years back and they can be monitored and programmed remotely. This accelerated pace towards a machine-to-machine kind of control has shifted the attention from hardware to software. Even if the need for physical access control remains necessarily high, the threats have become sneakier. On the other side of the planet, a hacker or a competitor can get hold of your machineries, tamper the code, and severely damage the production cycle. However, the opposite is also true: you can maintain your machinery and guard your facilities from far away. What can software developers, device manufacturers, and companies operating such systems as smart grids, traffic control, and facility management actually do to guarantee cyber-security and even safety in their premises? Imagine some real scenarios: an attacker that develops a “fake” device, looking like the original but whose functions have been altered for nefarious purposes; or a perpetrator who develops his own software and runs it by replacing the memory card in the embedded system; or a transgressor who extracts the memory card from the embedded system, manipulates the software and plugs the card back into the system. Or still someone that, without even accessing the premises, controls the communication interfaces from outside and alters the data. Being aware of such dangers, manufacturers can implement security measures aimed at multiple scopes. From a business perspective, their ultimate goal is to prevent the copying of machine designs, the unlawful transfer of essential know-how, or even illicit production shifts, resulting in revenue and a loss of competitive advantages. From a technological point of view, their priority is to avert cyber-attacks in the form of reverse engineering, tampering, and piracy. Even though initially manufacturers might be tempted to develop proprietary solutions, they soon realize that coping with a myriad of operating systems, portable devices, and integrations with other platforms erode their resources. The answer comes from vendors who have been vertically focused on digital rights management for decades, who closely observed the Internet of Things while it penetrated the industrial environment, and who marshalled their resources to face this challenge. These vendors’ solutions make use of existing technologies in completely new ways. Take, for example, the case of symmetric encryption: the software is stored encrypted in the device’s nonvolatile memory. At runtime, required parts of the software are decrypted in the RAM of the system. The cryptographic keys for this decryption need to be stored securely so that they cannot be duplicated. This is readily seen in TPM chips or smart card chips in industrial dongles. Such apparently simple, and yet innovative systems, protect the software embedded in a control device, and in turn hinders the theft or reproduction of intellectual property. An additional solution is represented by also encrypting the program code. This will protect the know-how by making the use of decompilers and disassemblers impossible. Additional measures are necessary to avoid dumps of decrypted code from RAM. Algorithms are often the result of intensive and expensive research and development, and embody the unique selling points of a device or machine. If able to analyze these algorithms and understand their principle without large efforts, competitors can quickly imitate. More sophisticated security techniques protect against tampering. In principle, a typical embedded system is powered up after the successful completion of multiple steps, associated to consecutive shells. It has to be kept in mind that an outer shell can access the memory of an inner shell, whereas in most cases the opposite is not possible, as the outer shell (hardware / boot loader) is the initial shell of the overall process. Oliver Winzenried is the CEO and founder of Wibu-Systems - www.wibu.com 38 Electronic Engineering Times Europe July/August 2014 www.electronics-eetimes.com


EETE JULAUG 2014
To see the actual publication please follow the link above