Connected machines and ICT systems require security mechanisms that are more robust than ever before and remain so for the long life common with industrial hardware. Withstanding attacks over the long-term means keeping the protections at the state-of-the-art through updates. Researching and assessing such updatable security mechanisms was the objective of the joint ALESSIO project. The project partners are presenting the results today at the VDMA Forum at SPS, the leading trade fair for the automation industry.
Under the leadership of Infineon Technologies AG, the Fraunhofer Institute for Applied and Integrated Security (AISEC), Giesecke+Devrient Mobile Security GmbH, Siemens AG, the Technical University of Munich, and WIBU-SYSTEMS AG have been developing chip-based solutions and prototypes for connected computer applications and embedded systems since 2016. ALESSIO is supported by around €3.9 million in funding from Germany’s Federal Ministry of Education and Research (BMBF) and is scheduled to end on 31 December 2019.
Secure information and communication structures for connected manufacturing
Every new connected device is a potential gateway for cyber-attacks. Sensitive company data and information could be captured and abused for further attacks. This is why reliable protection for security-critical information in devices relies on a combination of software and hardware. While software can still be modified at a later point, hardware or a security chip, once integrated, is protected from being remotely manipulated. Security chips could be imagined as a highly protected safe zone in which data and security-related information are stored, safely away from the software. Nevertheless, there must also be ways to update this secure zone itself, since attack vectors and methods may change over time.
The partners on the ALESSIO project were able to show that updatable security solutions can be achieved with two different technical approaches, using either chip-based secure elements with updatable software or an updatable secure element implemented in programmable logic devices known as FPGAs (field-programmable gate array), in which hardware components can be securely updated during runtime. Both options enable ICT networks and data to stay secure and security-related data to be managed efficiently over the long term.
Oliver Winzenried, CEO and founder of WIBU-SYSTEMS AG, is proud of the progress made by Wibu-Systems and its partners: “Ever since we started using smart card security controllers in our products, we have been committed to offering firmware updates for patching vulnerabilities or adding functions and features. ALESSIO has come up with an innovative process for these updates that uses secure cryptographic schemes with new algorithms. This represents a real gain in security for a longer working life of our hardware.”