Reading time ( words)
Networking devices and machinery is in full swing. However, despite all the Industry 4.0 enthusiasm, there are voices of caution: Secure your communication. For this, identification of the participants is one requirement and special SD cards offer a surprisingly simple and flexible solution—ready for post-quantum cryptography.
For IT security experts, the three steps that open a "secure channel" are obvious: identification, authentication and authorization. A two-step authentication process can significantly improve security. The token used for authentication can also be used for encrypting the communication content.
Today, these processes are generally accepted by the human user of IT networks. But this is different for the Internet of Things (IoT). So far, sensors, actuators, devices, machines, IT systems, and, of course, critical infrastructures rarely need to “identify” themselves when they connect to networks—and anybody who requests data from them or stores data on them also remains anonymous.
In well-guarded manufacturing plants that are not connected to the internet, these risks might be tolerated. In the smart, networked factories of the future, such security gaps are no longer acceptable. The risk is too great for unauthorized individuals to gain control over the smart factory using remote internet access. There are reports and videos about cars that could suddenly be remotely controlled by unauthorized parties. They emphasize that the possibility of remotely controlling factories and power stations, or of third-party controlled manufacturing robots, should not simply be brushed aside.
Therefore, things also must be assigned an ID. If only identified devices can communicate with each other, life becomes significantly more challenging for hackers.
ID Inside the Memory Card
Thus far, fitting a device with a secure element either meant soldering identifiable hardware components (trusted platform module or TPM) onto the relevant components or using processors that can be unambiguously identified via integrated security functions (trusted execution environment or TEE). There is a significantly more flexible option to retrofit infrastructures with an equivalent to ID cards simply by using a SD, microSD or USB interface and secure memory cards.
Secure memory cards, such as those from Swissbit, consist of a flash memory chip, a smart card and a flash controller. Because a crypto element is used as the secure element, not only can communication be secured, but data can also be securely encrypted. This allows for trusted boot concepts to be implemented and for licenses to be secured. Flash memory with integrated AES encryptor can also be used to encrypt additional data memory (for example, conventional hard drives) within the system. The flash memory cards proposed for the authentication and encryption within the Industrial Internet of Things (IIoT) are already employed on a large scale in tap-proof mobile phones, police bodycams, and for the protection of patient data in medical technology.
Trusted Platform Module as Retrofit
Combining the identifier with a standard data memory holds much appeal, mainly because most of the components and embedded systems in the IIoT require memory anyway for operating systems and data. Implementation is comparatively simple because memory interfaces are standardized and even middleware for the integration of TPM-requests can be supplied if required.
One of the biggest challenges when creating secure IIoTs is retrofitting older systems and existing components. If they have USB or SD interfaces, these legacy systems can simply be equipped with an SD card as TPM with tamperproof identities and integrated retrospectively into the security concept.
An even greater challenge: During a product life cycle, security becomes more vulnerable, as attack methods become increasingly sophisticated. The quantum computer, which is expected to become available within the next few years, is a threat to the encryption process. Consequently, it will be easy to hack asymmetrical cryptography. It will be necessary to develop post-quantum cryptography (PQC), demanding algorithms that are resistant to attacks from quantum computers. Thus, product managers must consider the upgradeability of security solutions, not least because of the German IT Security Law, which requires the use of the most modern technology. As easily exchangeable modules, secure memory cards thus provide a solution for the PQC challenge as well.