Fighting to Protect the Process

Friday, March 7, 2014 @ 05:03 PM gHale


Manufacturing data determine the production process for a product, and are just as valuable today as the design.

They contain distinctive information about the product and how it ends up manufactured. Whoever possesses this information just needs the right equipment and a pirated or counterfeit product is ready to go.

RELATED STORIES
Google Glass for Security
Strengthening Two-Factor Authentication
LinkedIn Joins Two-Factor Authentication
Starbucks iOS App Passwords Open

While design data end up well-protected from unauthorized outside access today, production data often lie exposed and unsecured in the computer-assisted machinery.

An infected computer on the network, or a well-placed USB stick, are all a thief would need to steal data. Or hackers could directly attack the IT network – for instance, through unsecured network components, like routers or switches.

In the growing manufacturing automation industry, an increasing number of unsecured, computer-guided production machinery and networks in production facilities are gradually evolving into gateways for data theft. New security technologies may directly shield the sensitive data kept there.

There is a software application that immediately encrypts manufacturing data as soon as they emerge.

Integrated into computer and equipment, they ensure that both communicate with each other through a protected transportation channel and that only licensed actions end up executed.

“To the best of our knowledge, no comparable safeguard has previously existed for manufacturing data that reside directly in the machine tool,” said Thomas Dexheimer from the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt Security Testlab.

Digital Rights Management (DRM) controls all important parameters of the assignment, such as designated use and quantity, among others. This way, brand manufacturers are able to guarantee that even external producers can only produce an authorized quantity, as instructed in advance – and no additional pirated units.

Dexheimer’s SIT colleague, Dr. Carsten Rudolph, is more involved with secured networks.

At the upcoming CeBIT show March 10-14 in Hannover, Germany, Rudolph will showcase his “Trusted Core Network.”

“Hackers can also gain access to sensitive production data via unsecured network components,” Rudolph said. “These are small computers themselves, and can be easily manipulated.”

In order to prevent this, he called upon one piece of technology that, for the most part, lies dormant (in deep slumber) and, for all intents and purposes, unused on our PCs: the Trusted Platform Module. This relates to a small computer chip that can encrypt, decrypt, and digitally sign the data. Installed into a network component, it indicates which software is running on the component, and assigns a distinct identity to it.

“As soon as the software changes in a component, the adjacent component registers this occurrence and notifies the administrator. Hacker attacks can be exposed quickly and easily this way,” Rudolph said.

“Both security technologies are important building blocks for the targeted Industry 4.0 scenario,” Dexheimer said. The term “Industry 4.0” stands for the fourth industrial revolution. After water and steam power, followed by electrical energy, electronics and information technology, now, the cyber-physical systems (IT systems embedded in machinery that communicate with each other via wireless or cabled networks) and the Internet of Things should move into the factory halls.

“This revolution can only work if the intellectual property is sufficiently protected. And that’s a tall order, because the targets of production IT will increase exponentially, due to ever growing digitization and networking,” Dexheimer said.

At CeBIT, Dexheimer and Rudolph will present a computer-assisted machine tool using a CAD computer and a 3D printer. SIT’s security software is on the computer and the printer; the data encrypted on the computer, and decrypted by the printer. The printer also validates the licensed authorization to conduct the print job. To ensure the data are also secure in the network, the scientists built a Trusted Platform Module into multiple routers.



Leave a Reply

You must be logged in to post a comment.