July 2019

www.smartmachinesandfactories.com July 2019 | 31 | | SOLUTIONS | introduce security where there is a connection to a network. This mainly refers to semiconductor products for the communications sector, especially industrial Ethernet and TSN components. Furthermore, security is also inevitable wherever an integrated system is present on a chip; that is, where a microprocessor handles essential functionality.” A decisive factor for manufacturers is early cooperation with customers who may already be in the definition phase of their projects. This allows the most basic security requirements to be included in the designs, protecting the entire signal chain. Thus, identities can already be embedded on the physical level, directly at the sensor node of the signal chain, which ensures greater confidence in the security of the data communication. It is for this reason, among others, why Band says Analog Devices has expanded its cyber security expertise and acquired Sypris Electronics’ Cyber Security Solutions (CSS) division. Brand says that thanks to this acquisition, Analog Devices will be able to offer its customers highly flexible, reliable, and integrated system-level security solutions in the future: “With secure key generation/management, secure booting, secure updates, secure memory access, and secure debugging, these so-called CSS security solutions extend beyond traditional encryption technologies. They offer a fully integrated replacement for classic cryptographic solutions and in the future will enable the realisation of highly secure hardware platforms without much effort, leading to a significant increase in the value of the products they offer customers.” CSS cyber security technology, or rather all its security functions, is usually implemented on a separate FPGA-based subsystem that runs parallel to the actual application functions of the chip. This is called a trusted execution environment (TEE), as shown in Figure 3. The FPGA-based implementation easily enables software upgrades of field devices, eliminating any potential product vulnerabilities with little effort. Unlike software-based encryption technologies, this hardware-based solution uses a dedicated processor to calculate encryption algorithms and dedicated storage for secure key hosting. The dedicated memory is only accessible via the dedicated processor. By using the dedicated components, the TEE and all sensitive operations can be isolated from the rest of the system, increasing the speed of execution of the encryption functions while significantly reducing the potential attack surface for hackers. It prevents any unauthorised access to the rest of the chip, while access to the cryptographic functionality takes place via the API interface. As a result, a very high degree of security can be achieved. Cyber security and the protection of technical systems from possible attacks are key elements in the transition to digitisation, especially in the automation industry. Due to a lack of regulations and, above all, a lack of knowledge in cyber security, many companies still have great uncertainty as to how to tackle this important issue. The evaluation of (acceptable) risks to their processes is only the beginning, but a central point. But how can cyber security be further anchored in companies and their products? Above all, manufacturing companies depend on the support of experts and their know-how. Brand told Smart Machines & Factories that his company has been addressing this issue for quite some time and has set itself the task of developing a secure portfolio that facilitates the introduction of security solutions and builds trust in order to push ahead with the introduction of Industry 4.0 and IIoT: “These include developments of turnkey, hardware- based solutions that allow customers to easily integrate data security into their products. With many advantages over software-based encryption technologies, semiconductor manufacturers are increasingly focusing on hardware-based cryptographic solutions to support cutting-edge technology solutions and protect them from unwanted attacks. Most sensitive applications, where security and reliability are critical, such as in the industrial automation, automotive, energy, and critical infrastructure markets, can be offered the highest level of security.” *Thomas Brand began his career at Analog Devices in Munich in October 2015 as part of his master’s thesis. From May 2016 to January 2017, he was part of a trainee programme for field applications engineers at Analog Devices. Afterward, in February 2017, he moved into his role as field applications engineer. Within this role, he is mainly responsible for large industrial customers. He specialises in the subject area of industrial Ethernet and supports appropriate matters in Central Europe. Figure 3. An FPGA platform with integrated hardware- based encryption technology in the form of a separate TEE.