Secure Key Memory for Industry 4.0
As a continuation of the first and second industrial revolution in the 19th century and the so-called industrial revolution in the 20th century with the emergence of digital technology and the use of computers for automation of production, the increasing networking of machines and devices within the production facilities is commonly called the fourth industrial revolution. But in the so-called “industry 4.0” it is not only about networking of devices and the exchange of data, but also about so-called cyberphysical systems that can make decisions independently to solve certain tasks.
However, the safety aspect must not be disregarded in all these endeavors. Several attack scenarios are possible that could cause significant damage to a company. Especially the manipulation of important production data can bring production to a standstill by disturbing important processes or decision processes of the cyberphysical systems. The attack can occur by intercepting or changing of the sent data of individual industry 4.0 nodes, like sensors, or by an exchange of the devices or their firmware.
Security not only for performant systems
The individual nodes in an industry 4.0 network form mostly small, lightweight, embedded systems. To protect embedded systems from manipulation, the system has to be identifiable and authenticate itself inside of an industry 4.0 network. In addition, the firmware has to be stored in an encrypted form in the memory to protect it from manipulation. Also, the communication should be carried out in an encrypted way to shield the data from interception or manipulation of the data. For these tasks there are established cryptographic protocols that have been found safe that usually need a cryptographic key that is filed on the system inside of a secure key memory.
These keys are often filed in a secure storage area. For example, for smartcards or debit and credit cards an asymmetric cryptosystem is used in which the private key is generated on the device inside of a so-called hardware safety module (HSM) and filed in a memory area that cannot be read out from outside and therefore serves as a secure key memory. The key can be applied for the encryption and signing of data without leaving the system. Before a hardware access to the stored key, such a system is not necessarily secure anymore.
An individual fingerprint for every chip
Fraunhofer IMS has developed a system that uses the random manufacturing deviations in the ASIC as an individual fingerprint to derive a cryptographic key. Every chip exhibits deviations within the defined limits of the production process, for example in the values of passive circuit elements. Combined with a robust readout circuit these elements build a secure key memory, because the saved value is undisclosed to manufacturer and user and must never leave the chip.
Because the exact value of the circuit element is generated within the production process, it can’t be recreated with another production, which is why this is called a physical unclonable element or Physical Unclonable Function (PUF). An external measurement of the small variations is practically impossible or changes the features of the component permanently and therefore realizing a high security level in comparison to common key memories. With this form of secure key memories combined with the additional manipulation safeguard, the security level can be increased even more. In the Fraunhofer-internal research project COPYCAT, for example, a manipulation protective film has been developed that safely recognizes when the electronic housing is opened and can consequently delete or block parts of the memory area. This creates an additional guard from manipulation and reverse engineering.
PUF can also be implemented as a so-called “Strong PUF”. These have with the so-called “challenge” an input word, to which the PUF sends back an individual answer or “response”. Ideally, a high number of “challenges” is available. This way, the system can be identified, in addition to the application as a key memory, inside of a “challenge-response-protocol”, without having to carry out cryptographic calculations on the chip.
Fraunhofer IMS is currently working on a project of the cooperative industrial research (IGF), supported by the Federal Ministry of Economics and Technology (BMWi), in cooperation with the University of Applied Sciences Offenburg and a consortium of companies inside the sensor and automation industry, to make PUF technologies and secure key memories to small businesses for lightweight sensor nodes in industry 4.0 networks.