July 2019

| 30 | July 2019 www.smartmachinesandfactories.com | SOLUTIONS | non-vulnerable application is done first by using your own identity or your own key. Here the access authorisations of the devices or persons are assigned and checked. Although identities and keys are established, they are still the most critical element in this first step of the root of trust, because the device is only as secure as the protection of the key. For this reason, it is necessary to implement additional protection functions, which ensure secure storage of the key and forwarding to the right recipient. In order to be able to protect the actual functions of the devices from unauthorised access, a secure boot process is required when the devices are started. Brand highlights that authentication and subsequent deciphering of the software will ensure that the devices are protected from attack and manipulations: “Without a secure boot, it is relatively easy for potential attackers to intrude, manipulate, and execute error-prone codes. Secure updates are an important step in handling the ever-changing application environment and emerging security vulnerabilities. As soon as new hardware or software vulnerabilities are discovered, they should be remedied as soon as possible by updating the devices, even before major damage can be caused by attacks. Secure updates are also performed to fix any product errors or to implement product improvements.” In order for a trusted environment to perform additional security services, such as cryptographic application programming interfaces (APIs), are required. It also includes protection features such as encryption, authentication, and integrity. Brand emphasises that all of these security functions should be placed in a separate and protected execution environment from the actual applications of the equipment to ensure that there are no errors in the codes that could result in consequential damage to the equipment. Cyber Security To meet the increasing security requirements, Brand says his company tries to incorporate the concept of the root of trust in its products and developments: “The goal is to be able to offer appropriate attack-resistant products for those areas or industries for which they are of concern, thus ensuring the highest degree of customer confidence and a significant increase in the value of their applications. This means, primarily, to Figure 2. Root of trust: the steps to building trust for a secure application. Figure 1. The sweet spot: the highest security for the transition from the analog to the digital world.