Solna, March 26th 2019 – PrimeKey, a world leader in open source PKI and digital signing, presents innovative and practical security solutions for digital, connected production facilities and control systems at Hannover Messe 2019. The need to create secure environments for IoT platforms and other applications is illustrated by a live hack of an engine in hall 6, stand D12.
The protection and integrity of control software and the entire software update process are central topics for PrimeKey at this year's Hannover Messe. Combining a Secure Execution Environment (SEE), Public Key Infrastructure (PKI) and code signing, a live demo shows visitors how effective end-to-end security can be achieved. In halls 5 to 8, the so-called "House of Digital Pioneers", exhibitors present their latest software for virtual product development, production planning and control as well as predictive analytics. Approaches for data distribution in the digital factory play an important role as well. In each industrial sector with connected production, IoT platforms have become the central point of attack. Therefore, PrimeKey demonstrates the risks associated with IoT platforms and applications that do not run in a secure environment and use insufficient cryptography. For this purpose, the security specialist has developed a simulation that illustrates the entire life cycle of control software and its protection.
The engine hack and its consequences
This simulation involves cyber-criminals attacking engine software that runs on an Electronic Control Unit (ECU). Successful manipulation of the software very often leads to a total failure, because the engine operates in undefined characteristics and usually wears out completely. To prevent this scenario, it is up to the dealers and authorized partners to include secure software lifecycle processes and updates. They, in turn, require authorization and legitimacy to carry out the processes. Security in production plants and service workshops also encompasses the protection of the application software for addressing and communicating with its own control unit. At Hannover Messe, PrimeKey presents its Secure Execution Environment (SEE) for the first time. The x86 server system is secured in a way that renders attempts of accessing or stealing the software or its data impossible – without the need for further constructional or organizational measures. Reliability and availability of applications and data can be achieved by implementing a PKI in conjunction with code signing. A PKI verifies the identity and integrity of the communication parties by providing certificates for each device and implementing electronic signatures. Thereby, PKI and code signing ensure that only authorized IoT components can communicate with each other.
Securing the ECU’s lifecycle
In a PrimeKey showcase, visitors experience firsthand how the control software for an engine’s ECU can be secured in the SEE and with a PKI appliance – including a SignServer for code signing. These four crucial steps in the lifecycle of the application will be illustrated:
- Manufacturing and “birth certificate”: The ECU is produced, and its “birth certificate” is issued.
- Deployment: The ECU registers with the certificate on the IoT platform (org) in the SEE.
- Operation: The entire system goes into operation, before the IoT platform triggers an update. Subsequently, the signed software package is loaded onto the ECU. The update process only starts if the signature is validated beforehand with the certificate.
- Discontinuation: The final part visualizes the discontinuation of the security device.
PrimeKey on stage: Is cryptography sufficient to ensure trust in Industry 4.0?
PrimeKey highlights the practical relevance of its solutions as part of the "Industrial Security Forum" series in hall 6, booth F03. On Thursday, April 4th, at 3.30 p.m., Andreas Philipp, Business Development Manager at PrimeKey, raises the question if it takes more than just cryptography to create trust in Industry 4.0. The security expert will first give an overview of the possibilities for creating a continuous chain of trust – from production to the after-sales process. In best practices, the expert then discusses secure execution environments that start early in the production process of digital devices.
During Hannover Messe, Andreas Philipp, Business Development Manager at PrimeKey, is happy to talk to you. If you are interested, please contact email@example.com or +49 89 17959 18-0.
Or want to know more about the use case?
See the recording of the webinar "Simplifying Compliance Audits". Fill in your email address below and we will send you a link to the recording.