May 2016
10
I
nternet
-
of
-T
hings
Hardware-based solutions secure
machine identities in smart factories
Dr. Josef Haid,
Infineon
Security is a cornerstone of Industry
4.0. Secure cryptographic identificati-
on of machines and devices protects
smart factories against manipulati-
on and data theft. Hardware trust
anchors implemented with dedicated
security chips provide robust protec-
tion for security keys while lowering
overall security expenses for device
manufacturers.
The Internet of Things (IoT) is connecting
more and more smart devices and machines
to create smart factories (known as Indus-
try 4.0 or Industrial Internet). Although
these highly automated, decentralized fac-
tories promise greater efficiency and flexi-
bility across production processes, they are
also exposed to attacks from cyberspace as
they rely on Internet connectivity. Software
measures alone do not generally provide suf-
ficient protection against these attacks. Hard-
ware-based trust anchors are required to
effectively protect smart factories. Infineon
OPTIGA security controllers provide scalable
security for embedded systems, thus protect-
ing machines, data and intellectual property
in smart factories.
Smart factories and connected supply chains
are presenting many manufacturing compa-
nies with new security challenges. Malware,
manipulation, sabotage, faulty firmware
updates and counterfeit components are
examples of digital threats that can bring
entire production lines to a halt and may lead
to significant costs and loss of image. The tini-
est security gap in a company infrastructure
can lead to theft of data, intellectual property
(IP) and process know-how. Safeguarding this
sensitive information calls for tailored solu-
tions that deliver end-to-end protection yet
also strike the right balance between secu-
rity performance requirements and financial
constraints. Manufacturers need powerful,
reliable and scalable security technologies to
safeguard communication between devices
and machines within heavily networked infra-
structures.
In this context, secured identities for machines
provide the anchor for implementing any
measures to protect electronic exchange and
storage of data. As known from daily life
where ID cards or passports are used for iden-
tification of humans, secured identities are
used by machines to reliably identify each
other. But even these secured IDs digitally
stored on machines could become the subject
of attacks and theft. Hardware-based security
solutions based on security chips are the best
way to efficiently protect machine identities
as well as data and communication. Security
controllers provide a greater level of security
than concepts that are purely software-based
as it is relatively simple to read and overwrite
software.
Integrating security chips into all critical
nodes helps to prevent unauthorized access
to production networks and smart factories.
Security chips continuously check compo-
nent authenticity as well as data and system
integrity to prevent manipulation. They are
capable of verifying the authenticity of soft-
ware updates and enable protection of remote
access activities. Last but not least they offer
robust protection against low-quality, coun-
terfeit spare parts and repair tools. Chip solu-
tions also provide cryptographic functionality
such as public key cryptography and key man-
agement. Although these functions could be
implemented in both software and hardware,
for industrial applications, a hardware-based
solution such as a dedicated security chip has
clear benefits and can add real value for man-
ufacturers.
Silicon manufacturers such as Infineon Tech-
nologies use highly secured, certified pro-
cesses to personalize hardware trust anchors,
i.e. to provide a secure identity to each secu-
rity chip. This often includes a set of keys
and certificates stored on the chip in order to
allow other devices in the industry automa-
tion system to securely authenticate a remote
device, to build up a secured connection, and
exchange data in a protected way. Proper
hardware anchors are security-certified com-
ponents that are also equipped with measures
to protect them against physical attacks. As
such they offer protection during transit. In
other words, a hardware anchor protection is
so robust that it does not need special secu-
rity measures to be shipped using cost-effi-
cient logistics channels. This not only applies
to shipping the security chip itself but, more
Figure 1. Manufacturers
need powerful, reliable
security technologies to
secure communication bet-
ween devices and machines
within heavily networked
infrastructures.
