July 2017
11
E
MBEDDED
C
OMPUTING
Industry 4.0 and the IoT: paths
to secure data communication
By Konrad Zöpf,
TQ-Group
Against the background
of Industry 4.0 and the IoT,
the need for secure communications
and the associated networking of
systems and components is increasing.
New requirements on hardware and
software performance are the result,
as described in this article.
n
IoT (the Internet of Things) is the hot topic
today and requires a secure system. However,
this should not be confused with functional
reliability, which is used to describe the reli-
ability and resistance to a system outage.
Rather it refers to vulnerability to the outside
world. Usually, external attacks are intended
to cause damage or gain an economic advan-
tage by tampering.
Until now, secure systems could only be devel-
oped with a lot of individualization effort.
For more than three years now, research and
the business world have been occupied with
the topics of Industry 4.0 and IoT. Basically,
these topics depend on the necessity of hav-
ing the increasing volumes of data available
everywhere at all times. The whole subject
describes a very complex topic, starting with
small controllers that accept data from actua-
tors and sensors and transfer these data to the
cloud. One clear trend can be seen in differ-
ent market segments. More and more clients
are asking for solution modules that cover
the stricter requirements in the security and
safety area.
Until now, embedded systems were usually
stand-alone solutions and possessed only lim-
ited connection options, if they had any at all.
In this way, it was relatively easy to ensure the
security of a system because access was possi-
ble only on a very limited basis. With newer
systems, easily accessible communication
options are required. Networked production
systems must have suitable countermeasures
to protect against external access (from the
Internet, say) and against internal attacks, too.
It must be ensured that the sender is the per-
son or device that it purports to be (authen-
tication). It must be verifiable later that only
this sender transferred the data or message
(non-repudiation). The data were not mod-
ified over the transmission path (validation).
The data are encrypted and cannot be read or
interpreted by others (secrecy). The hardware
of the sender or receiver cannot be manipu-
lated (protection).
All these countermeasures require high-per-
formance hardware and secure software.
Another aspect critical for security is that only
a safe (reliable) system secured against out-
ages (safety) is able to resist external attacks.
In addition, hardware accelerators integrated
into the CPU support the software and reduce
the load on the CPU. This has a direct effect
on the performance of the system and on the
power consumption.
Versatile countermeasures are needed to
implement a secure system. The most import-
ant of these are described in the following.
These include High Assurance Boot (also
called a Secure Boot), trusted execution, hard-
ware accelerator for cryptography, secure
debug controller, protected memory access
(encryption) and hardware security measures
(tamper detection, runtime integrity checker
– RTIC).
A secure system boot must ensure that only
authenticated program code may be run on
the CPU. Usually, this software is the boot
loader. Secure Boot, also known as a High
Assurance Boot, is an important element
in security measures and prevents the CPU
from executing untrusted or unauthorized
(image source:
y123rf.com/Prasit Rodphan)
Figure 1. The TQMa7x mini module, based
on the i.MX7 processor from NXP, combines
the ARM Dual Cortex-A7 core technology
with a variety of interfaces.
