Flash-memory expert Swissbit offers a simple but smart security solution for connected factories: SD cards for system identification.
IIoT and smart factories rely on sensors, actuators and systems that are networked and communicate with each other, but how can that communication and data be safeguarded against espionage and sabotage? Flash-memory specialist Swissbit offers an answer – smart and highly flexible SD cards featuring integrated security for system identification.
Intelligent production that automatically adapts to products or circumstances, providing convenient remote control and remote maintenance are poised to bring manufacturing to a new level in terms of quality, efficiency and flexibility. However, networking industrial installations and the consequent autonomous communication between "things" also bring with it new risks. For instance, what happens if hackers or manipulated systems seize control of robots or industrial installations? In other words, how does a "thing" know that the data or data selections it receives from another "thing" are legitimate and that these system components are "who" they say they are?
IIoT issues can be addressed through the use of modern security solutions in classic IT, along with communication between human users. These solutions require identification, authentication and authorisation here on the example of a user.
The user could also be thought of as a (sub-) system in machine based processes.
Pure software-based solutions for installations requiring security (including production lines and industrial installations) do not provide adequate protection and can be easily copied and manipulated. Systems that communicate with each other via the Internet or through IIoT gateways must, on one hand, provide an identity that cannot be cloned, and on the other, have the ability to send and receive highly secure encrypted data. Such protection always requires a solution that is integrated into hardware, known as a security anchor.
Selecting the right security anchor for a given application can be done in any of a number of ways:
Although all of these solutions provide levels of protection and have a number of pros and cons, under real conditions they are subject to certain limitations which need to be considered. One thing they all have in common is that they limit the flexibility of the solution provider, binding equipment manufacturers to certain producers, components and or processors, and distribution channels in the technological development processes.
Switzerland-based Swissbit, suggests a solution: industrial flash memory cards with embedded security that functions as a Trusted Platform Module (TPM). This solution is advantageous for IIoT component and solution developers and can meet safety requirements as well as performing other functions.
*Figure 1: Industrial flash memory cards are part of Swissbit's simple but secure soluton.
The advantages kick in during the integration phase, which becomes very simple for developers for a number of reasons:
This solution is based on flash memory modules, which for many years have been highly rated for use under industrial conditions – such as a much larger temperature range than consumer/commodity cards and a far superior product life-span and availability.
Swissbit’s idea of combining a unique identifier with a standard data storage device is elegant by virtue of the fact that most IIoT components and systems already need memory for their data and operating systems.
Secure memory cards, which are already widely used in big deployments for wiretapping-proof governmental mobile phones and police body cams, are mainly composed of a flash memory chip, a smart card and a controller. Their special firmware with integrated AES encryptor supports other application scenarios.
The fact that Swissbit uses crypto chips as security anchor means not only that communication is secure but also that data can be securely encrypted. This in turn allows for Trusted Boot implementation and license monetarisation. What’s more flash memory with an integrated encryptor can be used to encrypt a system’s data storage devices such as classic hard drives.