Best choice for protecting remote updates in Smart Factories
In smart factories, configurations and design data will be updated remotely and automatically. Preserving the confidentiality of these updates is essential in order to protect Intellectual Property. Authentication and integrity protection are important to enable only valid configurations and hinder attackers from impersonating a server or robot.
The preferred security solution hardened against attacks
Using the TLS (Transport Layer Security) protocol for authenticated and confidential communications is a widespread approach. The security of TLS is based on the TLS handshake, where the two communicating parties authenticate each other and derive a session key that is used to protect the communications session. The security of the entire system depends on the certificates and the private keys. Keeping the private keys secured is of utmost importance in order to protect against impersonating attacks.
OPTIGA™ TPM improves the security of the remote data exchange significantly
Each party starts with its own public-private key pair and verifiable certificates binding its identity and public key:
- The update server sends message 1 to the control system, including a random challenge
- The control system responds with message 2, which contains the control system’s certificates, a new random number, and cryptographic signatures of the messages sent so far
- The update server responds with message 3, which contains the update server’s certificates and signatures
As a result, a session key is derived that is used to protect the communication between the two parties.
Keeping the private keys secured is of utmost importance – please see below why OPTIGA™ TPM is the preferred choice for this challenge:
Usually the secret keys are kept in the shared memory. Software vulnerabilities in the operating system could be exploited to steal the keys for example.
With OPTIGA™ TPM, secrets are stored in a discrete, certified chip effectively reducing the attack surface. The secret keys are kept and processed inside the device, so it gets independent of software vulnerabilities of the OS and applications.
OPTIGA™ TPM SLM 9670 offers robust security – best fit for industrial and other demanding conditions
The OPTIGA™ TPM SLM 9670 serves as robust foundation to protect the integrity and identity of industrial PCs, servers, industrial controllers or edge gateways. It controls access to sensitive data in key positions in a connected, automated factory as well as at the interface to the cloud. OPTIGA™ TPM is a ready-to-use security building block offering an operating lifetime of 20 years and industrial-grade quality.
- Standardized and certified
- Extended temperature range of -40° to 105° Celsius
- Meets stringent requirements of industry in terms of robustness and quality - qualified according to the industrial JEDEC JESD47 standard
To find out more, click here and download the product brief.Buy Now
Software and documentation - free download @ GitHub: