Protecting the Industrial Edge without Additional Hardware

With the rise of the Internet of Things (IoT) and “Industry 4.0,” industrial sites and critical national infrastructure are becoming connected networks. Processes are remotely monitored through networks of smart devices, which gather data used for predictive analytics and optimizing industrial throughput. 

But when processes rely on the integrity of connected sensors and their data, strong security becomes indispensable. Connected networks exchange sensitive data, which must be kept safe from eavesdropping and alteration, because at the end of the day this data is used to drive critical business decisions with lasting consequences.

Traditional Security Solutions

Keeping sensor data safe is not a trivial task since it requires end-to-end security. To get data safely from IoT device into the cloud, a secure channel needs to be established. The secure channel makes sure data cannot be eavesdropped upon or altered when in transit. To establish this channel, the device and the cloud service need to exchange keys and certificates. Many methods exist for this, such as “zero touch provisioning.”

The biggest challenge when applying these methods is to get the required keys and certificates on the IoT device. The traditional method for provisioning keys and certificates is to use an additional chip in the device, such as a Secure Element (SE) or a Trusted Platform Module (TPM). However, this comes with significant downsides:

• Higher BOM cost for an additional chip 
• Dependency on SE/TPM vendor to handle keys
• Extra effort to onboard SE/TPM
• SE/TPM cannot be added to in field devices

Intrinsic ID SRAM PUF Technology

These problems are resolved by using the patented Intrinsic ID SRAM PUF technology, which creates a unique and unclonable identity for every IoT device. This identity is never stored in memory and cannot be copied from device to device. The identity is immutable, and invisible to adversaries, creating an unequalled Root of Trust for every device.

Since no additional hardware components (like SE/TPM) are required, SRAM PUF technology can be flexibly integrated and comes at an IoT-scale-friendly price point. Deployed devices can even be upgraded with an over-the-air update without the need for an expensive redesign of the system.

Today, the Intrinsic ID SRAM PUF technology is deployed on over 400 million devices in the field, because of its strong benefits:

• It can be used on any device to create an unclonable, immutable, and unique identity
• No need for additional hardware, so it is a cost friendly solution
• Cryptographic keys are created internally and never leave the device
• Even deployed devices can be retrofitted with security, while remaining in the field

Partnership for Industrial Edge Security

Now Intrinsic ID is joining forces with EnactTrust to protect industrial plants, systems, machines, and networks against cyber threats. EnactTrust offers security and compliance for Edge & IoT devices. EnactTrust provides an easy-to-deploy Arm TrustZone firmware agent, which connects to the EnactTrust Security Cloud. It can be used as a managed service or on-premises.

Here is what Svetlozar Kalchev, CEO of EnactTrust says about securing the industrial Edge:

“Thanks to the Intrinsic ID PUF-based identity, EnactTrust can establish a hardware Root of Trust without the need for hardware changes. This enables us to secure existing industrial systems that are currently at high risk from cybersecurity attacks. Our joint solution can be used in smart meters, manufacturing plants, energy infrastructure, and building management systems (BMS).”

Key capabilities of the EnactTrust solution for industrial automation and control systems (IACS):

• Portable solution for industrial systems of any type and size
• Continuous device health protection and reporting:
  • Maintaining the known good state of system configuration and applications
  • Protecting critical application data from tampering
  • Audit trail for any modification of the system
  • Physical tamper-proofing of IoT & Edge devices
• Compliance with the worldwide regulations for connected systems:
  • International IEC-62443
  • EU Cybersecurity Act
  • UK Secure by Design
  • US IoT Cybersecurity Act
• Easy integration without R&D cost for the customers

If you are interested in using Intrinsic ID and EnactTrust in your industrial environment, contact us today at info[@]intrinsic-id.com