search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEATURE EMBEDDED TECHNOLOGY WHERE TO PLACE TRUST IN SECURITY


Andreas Mangler, director of strategic marketing & communications at Rutronik Elektronische Bauelemente explores how trust and security play a vital part in embedded systems


The quality of the security depends on the


corresponding processes, which operate iteratively, beginning with the analysis of attacks and threats, from which security objectives and measures are derived. These act as a foundation on which to set up secure planning and development environments and a security laboratory for penetration tests. Companies can develop a portfolio of security-


certified trust anchors that enable the secure production and personalisation of end products. As these threats and attacks will continuously evolve, regular checks and analysations are inevitable.


E


mbedded devices are accompanied by the many risks they are exposed to,


especially due to the integration of networking capabilities. The level of risk increases with each layer of integration, e.g. in Cyber-Physical Systems of Industry 4.0. No sooner have core functionalities been migrated to the Cloud, further threats emerge. This is because the Cloud removes the protection that physical separation of devices used to provide. Up to now, no scalable security tools were available that mobile network operators could use to verify that their data and EDP systems remained confidential and damage-free. Thus, software components in the Cloud must be protected.


THREE SECURITY LEVELS


Security can be established on three levels: • Software level: anchoring of security mechanisms in the operating system is virtually cost-free; offers only limited protection


• Software and hardware: trustworthy execution environment comprising software and hardware: offers medium protection at low cost


• Software and tamper-proof hardware: permanently installed secure element implemented as hardware and equipped with encryption algorithms is expensive; guarantees the highest level of protection A variety of computer technologies are available for this purpose:


• Trusted Platform Module (TPM): reliable hardware system with a saved key


•Trusted Network Connect (TNC): access control system including security all the way to terminal devices


• Self-Encrypting Drive (SED): hardware encryption with finely graduated blocks


•PC client, mobile and automotive applications based e.g. on profiles of the TPM 2.0 Library specification For every application, it is necessary to gage the


protection-degree being required, because the equation "low investment = low protection" applies. The trick is to strike a balance between costs and risks.


18 NOVEMBER 2016 | ELECTRONICS / ELECTRONICS


Figure 2 Security options


Figure 1:


Typical application example in industrial control engineering [source: Infineon]


TRUST ANCHORS The main point in the system’s security is the key used to encrypt and decrypt sensitive data. If it is hacked or cloned, any security is eliminated. The manner in which the key is handled throughout the product lifecycle is critical. Three trust anchors guarantee the security of the key: safe storage of the key, protection of the encryption and handling of the key. These anchors can be implemented in the system in different ways: as a software component of the operating system or as hardware in a separate hardware system with expanded security functions. A typical, secure industrial control system could


appear as follows: A wireless sensor with a built-in encryption module is connected to a control unit via one-way authentication. The control unit is equipped with an authentication IC, which is a hardware module with a saved key. With this key, the control unit can check the authentication of the sensor by means of a second one-way authentication with another connected piece of equipment that contains the same encryption module as the sensor [Fig.1]. The control unit is securely connected to the sensor and to external equipment via a second path. Ideally, the server to which the control unit is connected also contains an authentication IC – as only then is security fully implemented and the system truly secure. In addition to enabling mutual authentication between


the control unit and server, it also provides access control and with it a secure data transmission channel, secure updates as well as lifecycle management. Together with Infineon, Rutronik offers modules


for every required security level and all degrees of system complexity in the industry. Infineon’s Optiga family enables the authentication of users and systems and allows the secure data exchange. Like a safe, the micro-controllers store security keys, certificates and data, guaranteeing integrity of the system and data so users can be sure that neither of them have been tampered with. All members of the family can be personalised with dedicated keys and certificates. For applications requiring a low security level, this family offers ready for use microcontrollers with a security chip using asymmetric elliptical curve crypotography (ECC), saving it in the protected memory. At the upper end, the Optiga TPM SLB 96xx,


corresponding to the TPM v1.2 and 2.0 standard, offers certified platform protection for software and data of complex systems at the highest level. Physically separated from the main processor, these devices withstand logical and physical attacks. When it comes to security, the co-operation of


Infineon and Rutronik plays an important role. This is because the security chips are supplied with a preprogrammed and pre-certified key from Infineon. It is essential that this key is secured against access en route to the customer. For this reason, the chips are sent as a closed system that Rutronik forwards directly to the customer. If it is necessary in the case of highly complex systems or applications, a certified integrator is also provided, to support implementation of the infrastructure. All security- relevant actions are regulated by means of Non- Disclosure Agreements. Rutronik supports the development environments with all available tools to ensure swift familiarisation with the issue of security.


Rutronik www.rutronik.co.uk T: 01204 363311


Figure 3


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56