Reading time ( words)
Where data storage solutions are required for industrial applications, the key selection criteria must include robustness, durability, fail-safety and long-term availability of the flash storage media. Noteworthy too: demanding security requirements can be addressed with special versions that feature WORM (write-once-read-multiple) or cryptography functionality.
Our increasingly networked world in the age of The Internet of Things (IoT) is, at the same time, increasing the threat of misuse, sabotage, data theft, counterfeiting etc. Cyber-security has become a key concern for a wide range of applications, from the automotive industry to the Smart Factory. Here, the attack vector is through vulnerable software. For all-round full protection, hardware solutions can also complement pure software solutions. Here, a Trusted-Platform-Module (TPM) is used for encryption, for example, or a secure element as a tamper-proof memory and security anchor. To ensure secure operation of a system, booting should already be monitored seamlessly as a trusted boot.
This concept ensures that software can only be launched on specific hardware or hardware classes. The boot loader uses an authentication secret that is only available within the boot environment (BIOS/UEFI). Swissbit’s approach: essentially every system requires memory, for example as boot media or data-collection, and this is where the solution comes into play. The secure element isn’t fixed to the hardware but provided as a removable component like a dongle for example. This makes security solutions retrofittable.
This opens up a variety of new approaches for security solutions for secure-boot, data-protection, license-protection and secure identification of connected devices within a M2M communications network. At the same time, since only standard interfaces for SD memory cards or USBs are needed, systems designers can be flexible in their selection of hardware. TPM-functionality can be implemented by the SmartCard in the Secure Storage Card as a Java card applet.
Copy Prevention and Authentication
In 2015, AUDI AG, BMW Group and Daimler AG paid €2.8 billion to take over Nokia’s geodata company “Here,” indisputable evidence of the significance of navigation systems at the dawn of autonomous driving. Commonly SD Memory Cards are used to load map data into a navigation system. Swissbit-cards with hardware-encryption enable data protection. The use of flash memory devices with secure element offers direct benefits such as navigation system data-control and ensuring license terms compliance.
Memory cards with integrated SmartCards make it possible to assign vehicles with tamper-proof identities as the basis for authentication applications. In future, infotainment systems within vehicles will become increasingly important as an interface to ITC devices and the internet. The secure element makes it a secure platform that can be used to provide paid services, obtain media content, or pay tolls for example. New functions can be retrofitted and protected to highest cryptographic standards.
Data-protection and Functional Safety
In recent years, increasing connectivity within and outside the car, i.e., Car2Car Communication, has made protection and defense against cyber-attacks a much-debated key concern, mainly with regard to possible consequences for functional safety. Communication of ECUs via bus systems can be encrypted if for example at certain nodes an eMMC (embedded multimedia card) with Secure Element serves as a TPM. Thanks to this authentication feature, the risk of tampering with in-vehicle communications can be averted.
Demand for security solutions will increase significantly. Not only for embedded systems for the Industrial Internet of Things (IIoT), but also for ordinary everyday applications, where safeguarding of recordings or events is required. These include, for example, smart meter readings or log files in industrial systems, and of course current fiscalization of cash registers. E-mobility charging stations will no doubt need similar solutions in the near future to safeguard billing processes. As soon as a drop in fuel tax calls for consumption-led taxation of e-mobility, fiscal processes will also need to be implemented. The solution: an audit-proof record can be achieved using WORM (write-once-read-multiple) memory functions that ensure that data is only written once and can no longer be deleted. For export, data within the WORM memory is linked to a digital signature to ensure its authenticity and integrity.
Swissbit’s secure memory cards consist of a flash memory chip, which beginning at wafer-level are produced and tested to industrial standards and powered by a special version of the durabit-firmware with integrated AES-256-bit-encryptor. With the DP (data protection) version, all data is encrypted and protected in various ways (CD-ROM mode, PIN protection, hidden memory, WORM mode). The standard edition for authentication and PKI applications, the voice edition with elliptic curve cryptography for mobile applications, and the premium edition with symmetric and asymmetric encryption all feature an Infinion/NXP Smart Card Chip CC EAL 5+/6+. For applications subject to FIPS (Federal Information Processing Standard) requirements, an option with NXP Smart Card Chip FIPS 140-2 Level 3 as a secure element is also available. Swissbit memory cards as described above are also available as various flash types: MLC (Multi-Level Cell), pSLC (pseudo Single Level Cell) and SLC (Single Level Cell) - and in various sizes. An SDK and a PKCS#11-library for using the API are available for the development of applications.
These examples are just a snapshot of the diverse applications, where data-storage and provision as well as access- and communication-protection can be simply achieved with a single solution. Swissbit’s extremely robust and durable flash memory devices with security features make them particularly suitable for challenging applications with long life- and maintenance-cycles. The use of standard interfaces has the advantage that retrofittable and upgradable applications can be developed. Considering cyber security is still a constant battle between attacker and defender, a replaceable security device can even be an insurance for the future for new products.
Hubertus Grobbel is head of the Security Products Division of Swissbit AG.