search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Security & Monitoring


Providing peace of mind in the wireless IIoT world


Wireless communications offer significant advantages in the world of industrial control and automation. The number of wireless devices in any automated industrial operation has significantly increased, all connected to form an Industrial Internet of Things (IIoT) consisting of equipment, routers and sensors. Moreover, all have specific communications needs and requirements. Rich Miron, applications engineer at Digi-Key Electronics, tells us more


Rich Miron O


perating a process within such a comprehensive control environment is quite involved and can pose a


great challenge. Consider multiple sources of data requiring different protocols and data types. Data, voice, video and control signals—an IIoT network must have the bandwidth and the network management intelligence to avoid data loss due to simple signal drop-out or malicious intent. In these situations, data loss is productivity loss. In the world of IIoT, devices must be robust enough to handle the industrial


environment. The industrial landscape can vary from a sterile medical facility to the dark depths of a uranium mine. Solutions must be flexible and reliable. Devices must also tolerate temperature variations, shock, vibration and the specific hazards of the workplace, and must meet Federal and local codes and standards. Perhaps most importantly, the system must be secure and safe. Data disruption due to network hacking or malicious software is an important issue when it comes to wireless IIoT operation. An insecure system serves as a danger to the operating systems/devices and human workers. The challenge for the embedded developer is designing a platform from which they can build a secure, reliable and trusted solution from the beginning. Developing any embedded design from scratch can be a daunting task even for the most experienced engineer, and adding security functionality and being able to thoroughly test it can take a lot of time. Helping this process greatly while speeding time to market has meant that many development teams are opting to base their designs around a pre-certified single board computer (SBC) module.


Building a secure IIoT device A good fit for any IIoT design is Digi


International’s extremely compact ConnectCore 6UL system-on-module (SOM) solution. It provides a powerful, secure and cost-effective wireless system in a package about the size of a postage stamp. It is also conveniently available as an SBC, the ConnectCore 6UL SBC Pro. The ConnectCore 6UL SBC Pro is a


feature rich, secure, pre-certified embedded system. It is based on the NXP i.MX6UL-2, ARM Cortex-A7 processor and also hosts a media co-processor. This ultra-flexible design easily integrates into any IIoT project with minimal cost and design effort. This SBC is rugged enough to handle most industrial settings. It can handle temperature ranges from -40°C to 85°C and high humidity environments, and has earned many IEC 60068 certifications which include vibration and shock immunity. With a 100 mm x 72 mm form factor, it is small enough to fit into almost any environmental control enclosure. Embedded developers will be very familiar with the advantages of using a pre-certified SBC. What will stand out with the ConnectCore 6UL is that it includes a complete and tested Yocto-based Linux security framework, TrustFence, which provides engineers with the tools to design secure and reliable connected products. This approach means that core security functions can be built into any IIoT design as part of the main development process rather than having to search out and add such sophisticated security functionality once the initial application design has been created. The availability of a comprehensive ConnectCore 6UL development kit will further speed the solution design from workbench to end product. Digi TrustFence aids the provision of


secure connections, authenticated boot, access controlled ports, encrypted data storage and secure software updates in order to protect data and device integrity,


enabling engineers respond to their IIoT security mandate as well as keeping cost and development time to a minimum.


Security as an intrinsic function Within the ConnectCore 6UL Yocto Linux, the TrustFence features are enabled through use of a class parameter within the conf/local.conf configuration file. Individual TrustFence features are also enabled in this way. For example, the secure boot function allows use of an ‘open’ device, where no checking of the boot image takes place, compared to the ‘closed’ state where only properly signed U-Boot images can be used to boot the device. A one-time programmable master key (OTPMK) is used for this purpose. In addition, secure boot can operate in a manufacturing mode where the device’s authentication and encryption keys are protected, and in the deployment mode where the boot image’s digital signature is verified prior to the image being decrypted so the device can fully boot. The most popular method of providing a digital signature is through the use of asymmetric cryptography techniques where a pair of keys (the public key and a private key) are created.


Other security functions available within the ConnectCore’s TrustFence capabilities include encrypting the partition where data is stored, a physical tamper detection interface, and securing the device’s JTAG interface – typically the first attack point an intruder might use that has physical access to the device.


Digitally signing a boot image will


ensure that a device’s capabilities are never compromised through the use of an illegal firmware image. Digi’s embedded Yocto uses its stored private key to encrypt the firmware image hash and sign the image. The signed image, complete with a public key and digital certificate are then written to the device’s flash memory. Booting from a signed image is a two-


stage process. First, the public key used within the image is compared against the master public key held in the ConnectCore device. The boot process is aborted if they do not match. If they do match, then the boot can then process to the second stage. The validated public key is used to decrypt the firmware hash of the signed certificate which is compared against the hash derived from the image. If they agree, then the boot process can commence. A further step in this process can be created if necessary to encrypt the image itself. This provides a greater level of security not only for the boot process, but also prevents unauthorised developers from accessing the firmware image itself. Increasingly this approach is becoming popular in situations where manufacturing takes place within a third-party manufacturing site.


Figure 1: TrustFence security suite 18 March 2018 Components in Electronics Figure 2: Digital signing of firmware image www.digikey.com www.cieonline.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48