Blog postIoT & IIoT securityManufacturingSEE

Secure Execution Environments in Industrial IoT environments

PrimeKey SEE

One problem in Industrial Internet of Things (IIoT) environments and connected manufacturing is their broader attack surface. In addition to connecting the production site to the Internet, this is also due to the growing complexity of supply chains. Many companies work with an Original Design Manufacturer (ODM) or Electronic Manufacturing Services (EMS) provider from the country where their products are produced. This means they have to be sure that such a service provider cannot manipulate or copy production and design data as well as process controls and machine programs.

It would be disastrous if firmware updates or new application releases for products by the contracted manufacturer contained malicious code or backdoors. Such discussions have arisen, for example, in connection with server boards and IIoT components built in the Far East. In certain regions, intellectual property protection isn’t enforced as rigorously as in the EU or North America. There, intellectual property theft, for example in the form of production data, may be considered a trivial offence. The code also offers attack angles for crypto operations – even if it runs in enclaves, the protected memory areas of processors. Researchers have successfully introduced malware into Intel's Software Guard Extensions (SGX), which are primarily used in cloud data centers. This attack is particularly dangerous because the malicious code is shielded by the enclave itself and can therefore no longer be removed, even by system administrators. Solutions that execute applications and data in a secure environment – a so-called Secure Execution Environment (SEE) – can correct that. It should be a priority that users, i.e. experts from industrial companies, can implement and operate such a solution without much effort –expert knowledge of cryptographic procedures and the management of keys and certificates should not be required. Secure production, provisioning and configuration of IIoT devices is a fundamental step to establish and operate a trustworthy IIoT infrastructure. Using a Secure Execution Environment to operate production related software on off-shore facilities helps to reduce the risk of manipulation and data extraction of relevant data.

SEE-Icon-Green

We should never forget that IIoT devices and the infrastructure that they are a part of can never be more secure than the production environment where they have been manufactured.

What is an SEE stand and how does it work?

An SEE is typically a standard x86-based server system. This hardware forms the basis for running a KVM (Kernel-based Virtual Machine), which is the foundation for application execution and the operating system environment. This makes it possible to back up existing applications and to run complex, multiple virtual machine environments. The security of the execution environment is ensured by using a so-called trust anchor in combination with the physical protection of the computer unit. The trust anchor ensures that:

  • The integrity of the KVM and the user device is checked and ensured from the very start.
  • A clear assignment of rights and roles for installation, configuration and runtime of the system is established.
  • The server environment is only started after a successful integrity check.

In addition, the SEE consistently restricts the system's communication interfaces, so that only required interfaces are available during operation and all unnecessary interfaces (for example USB ports, which can be found and supported on servers but 99 percent of which are not used during operation) are switched off. This can be changed by the user, if needed. Due to the physical structure of the system, a safety level up to a verified FIPS 140-2 Level 3 standard should be applicable. In an IIoT environment, sensitive programs and information can be protected through SEE appliances when they are sent to or deployed in potentially unsafe locations. Extracting or copying this data from the SEE server system is not possible for unauthorized personnel, whether they are humans or IIoT components. Even theft of the entire system is useless, since the attack does not reach the motherboard or the hard disks due to the physical protection measures of SEE. Only those who have authorized access can use the application and the data stored within it. This means no risk of loss or theft of data and knowledge as well as no problems with products whose firmware or applications have been tampered with in advance.

Read about the PrimeKey PKI, Signing and SEE products that can be used in IIoT solutions:

PrimeKey SEE

EJBCA Enterprise

SignServer Enterprise

 

Download white paper

This is an abstract from the PrimeKey white paper that takes a deep dive into Security for IIoT environments. The white paper is available here: 

Download white paper

Martin Oczko from PrimeKey on securing the connected factory

Author

Martin Oczko


Martin Oczko holds an MS in Computer Science and has over 15 years of experience in IT security. He has been working in different technical and sales positions for globally acting IT security software and hardware vendors before joining PrimeKey in 2012. Since then, Martin was responsible for the product management, development and production of PrimeKey’s hardware based products like the EJBCA Appliance and SEE. Martin is currently responsible for PrimeKey’s product portfolio and product strategy, as well as the operations of PrimeKey Labs in Aachen, Germany.

martin.oczko@primekey.com