Establishing Trust in the Industrial IoT by Security by Design

The Three Pillars of Trust in the Industrial IoT (IIoT)

White Paper

Written by Anthony Fitze and Carl Fenger

The IIoT promises to optimize processes, lower costs, enhance quality, safety, accountability and service availability. Achieving these goals while establishing secure operational overview depends on an IoT platform’s ability to provide user accountability while securing interactions with sensors, assets and infrastructure. Only then can reliable and auditable business transparency be achieved.

“Security by Design” based on trust can be established through Mobile Credentialing, Managed Encryption and Secure Element technologies.

In industrial environments, mass deployment of sensors and the ability to gather and process data from fixed and mobile assets significantly increases efficiency and enables better business decisions. It makes it easier to streamline tasks, reduce errors, support auditing and enforce quality control that would otherwise be carried out on an ad-hoc or statistical sampling basis.

The common denominator: Trust

Simply connecting sensors to the internet is not enough. The viability of processes improved by the “Industrial Internet of Things” depends on a common denominator: Trust. Without the ability to trust data, sensors and the people who access them, IIoT deployments lose their effectiveness.

If users, sensors and their interactions cannot be trusted, the results can be costly and even catastrophic, especially where volatile assets and human safety are involved, which is often the case.

The Three Pillars of Trust in the Industrial IoT (IIoT)

Being able to trust in IIoT data relies on linking verified users with trusted sensors/objects so that their interactions are transparent, reliable and accountable. Accomplishing this relies on the following three principles:

1. Accountability:

Users must be identifiable and accountable before gaining access to sensors or infrastructure. Access permissions must be assigned based on roles, training and authorizations plus context-based criteria such as time, location, and environmental data. Permissions must be autonomously enforced, both online and offline, to minimize human error and support 24/7 operation. All activities must be transparent and auditable.

2. Security:

Equipment must only be configured and accessed by authorized users. Devices must be immune to spoofing. As sensors are the most vulnerable component of an IIoT system, physical hardware-level security must be implemented in the form of an embedded Secure Element for hosting of encryption keys and user permissions.

3. Transparency:

Interactions between users and devices and the data they generate must be trustable and transparent to validated users. They must not be visible to, nor subject to manipulation or interception by unauthorized parties either at the sensor, along local area networks, air interfaces or over the network, including the publicly available internet.

Pillar 1: Accountability

Trusted Users example: managing access to machines, infrastructure and information based on mobile user credentials

In order to establish accountability, IIoT system users must be biometrically verified to establish trust. Permissions to access areas, machines, functionalities, vehicles, information and storage must be assigned based on each validated user’s credential. Credentials can define where a user is allowed to go and when, what machines and their functionality are allowed to be used based on their training and function, which lockers and storage containers can be opened, etc.

Users change regularly – employees come and go, change job function or complete trainings on a daily basis.

External staff such as auditors or contractors require ad-hoc credentials on a time-limited basis. Permissions must therefore be able to be created and re-configured in real-time and over-the-air. The permissioning system must function in both online and offline modes as network connections are not always available or reliable.

Important system requirements include real- time updating of credentials, as well as adding and removing staff at the touch of a button. These can all be supported by a mobile app on devices such as iOS/Android smartphones or tablets.

Security by Design

LEGIC Connect mobile credentialing platform for IIoT system users

LEGIC Connect is a mobile credentialing platform that securely distributes mobile credentials or other data to registered smartphones or tablets anytime, anywhere and instantly at the touch of a button. The system provides a globally available, secure, end-to-end mobile credentialing service that is the backbone of establishing trust and accountability in user / sensor / infrastructure interactions.

The system can be easily integrated into existing industrial infrastructure, giving IIoT service operators the ability to manage user permissions as well as send and receive data securely from smartphones and sensors. For details see www.legic.com/connect

LEGIC Connect mobile credentialing platform for IIoT system users

Pillar 2: Security

Trusted data

Trusted data can only come from trusted sensors that are secured against manipulation. As typical IIoT deployments can result in thousands of sensors spread out over large areas, ease of deployment, configuration, management and reading must be easy, quick and cost-effective. Ease of sensor retrofit is also important as many existing industrial installations need quick upgrading in-place.

Establishing a trusted sensor network relies on several attributes:

All data coming from and going to sensors must be protected by the highest commercially available level of encryption such as AES (Advanced Encryption Standard).
Encryption keys must be invisible during initialization and inaccessible during operation. As sensor modules are at the network edge and hence physically vulnerable to manipulation, encryption keys and other sensitive data must be stored in a physically and electrically inaccessible secure element embedded in the sensor. During sensor initialization, encryption keys must never be human readable either at rest or in transit.
Infrastructure spoofing must be impossible (e.g., a sensor which has been maliciously replaced with a manipulated sensor). A unique, invisible encryption key embedded in secure element prohibits this from occurring: without the key, the sensor is unable to respond to external commands nor report erroneous data.
Wireless access is necessary: because sensors are often installed in hard-to-reach areas, encrypted wireless configuration and reading is necessary over RFID, Bluetooth Low Energy or NFC via smartphone.
Firmware update over-the-air is required: configuration and updating of sensors in the field including installation of encryption keys over the network or via smartphone must be possible; factory programming of sensors should be avoided to keep deployment and logistics costs down. This also increases security as third-party manufacturers are not involved.
Sensors and access to them must operate both online and offline: the system must function even with no network connection available.
Sensors must be modular, off-the-shelf, and easy-to-deploy without pre-configuration. Sensor modules should provide all main sensor functionalities and interfaces. This includes accelerometer, gyroscope, magnetometer, environmental sensors (humidity, temperature, air pressure), ambient light and a microphone for noise detection. Encrypted Wi-Fi, NFC and Bluetooth® Low Energy air interfaces provide convenient access to sensors while minimizing connection costs.

LEGIC XDK Secure Sensor Development Kit supported by mobile credentialing and Secure Element

Security by Design

LEGIC XDK

The LEGIC XDK Secure Sensor development Evaluation Kit is the “The Swiss army knife of IoT solutions”. The kit is a universal programmable sensor device & prototyping platform for any IoT use case you can imagine. It includes a LEGIC Security Module which enables sensor configuration and readout via mobile devices which can be configured in real-time from the cloud for user authentication and sensor access permissioning.

With built-in integrated Secure Element for storage of cryptographic keys/whitelists and wireless communications, it enables rapid prototyping of highly secure, touchless, sensor- based products and IoT applications. For details see www.xdk.io

All-in-one sensor kit: no need for component selection, hardware assembly, or deployment of a real-time operating system
Operates with LEGIC Connect for secure, endto- end management of mobile credentials (Android & iOS)
Includes accelerometer, gyroscope, magnetometer, environmental sensors (humidity, temperature, air pressure), ambient light and a microphone for noise detection, together with Wi-Fi, Bluetooth® Low Energy and an SD card slot
Software examples (i.e. for Azure integration) and development APIs included

Pillar 3: Transparency

With trust in user accountability and sensor security

With trust in user accountability and sensor security established, system-wide transparency is achieved by verified users securely collecting data from trusted sensors over an encrypted network for processing by a management system.

As IIoT deployments comprise sensors distributed over a wide geographic area, or in mobile vehicles or containers that could be anywhere, being able to trust data as it traverses multiple wireless, cellular and internet links is crucial.

As no network, private or public can be 100% protected against data interception, end-to-end encryption must be employed.

Using managed AES encryption, the most powerful commercially available encryption protocol, even networks susceptible to data interception cannot be meaningfully hacked as the payload in each data packet is impossible to read without the encryption key. Encryption keys must never be visible either in-transit or at rest.

Security by Design

LEGIC Orbit enables system-wide data security and transparency

Based on the implemented end-to-end encryption, LEGIC Orbit enables you to securely configure your mobile solutions. LEGIC Orbit secures the new credential technology LEGIC neon which is at the heart of your mobile ID solution. It also protects messaging from your microcontroller back to your IIoT management system. Details about secure implementation of keys and configuration data for sensors and infrastructure can be found at www.legic.com/products/key-management-services/legic-orbit

LEGIC Orbit: Secure Key and Authorization Management

A secure gatekeeper at the IIoT edge

LEGIC IIoT Security Platform

With a cryptographically secure, end-to-end IIoT platform based on Mobile Credentialing, Managed Encryption and Secure Element technologies, accountability, security and transparency can be achieved.

Dynamically updateable user credentials combined with location and other context-based information such as sensor data to make tasks easier, more efficient and safer while improving process quality, integrity and convenience.

Implemented as a trusted security platform which provides accountability, security and transparency, the LEGIC IIoT Security Platform can be integrated with any application and in any infrastructure.

Providing secure, managed cryptography combined with secure element technology, mobile credentialing and Bluetooth, NFC or RFID radio communications is a strong candidate to be the safest and most secure solution for life- and business-critical IIoT systems. For more details about deploying trust based IIoT sensors and systems visit: www.legic.com/iot

Some specific use-cases:

Logistics automation:
A trusted IIoT platform enables secure and transparent movement of goods within as well as between facilities by securing access and logging interactions and states during transportation. Authorized transport of goods within a facility is further enhanced by indoorpositioning systems. (See use case Combining UWB Real-Time Locating System with secure transporter authentication)
Building management:
Linking of persons with a verified identity enables trusted monitoring of building assets and interactions between users and doors, HVAC systems, security systems, fire alarms, indoor navigation systems, etc. Location-triggered automated processes can be implemented based on user identity and managed via centralized, digitally distributed access rights and permissions.
Industrial equipment:
Linking of persons with a verified identity followed by dynamic permissioning and access to equipment ensures trusted interactions and accountability. Industrial equipment can be reliably located, identified and monitored. Protocolled equipment usage data can be collected per user. Granting and restriction of permissions can be performed in real-time and over-the-air.
Hospitality:
Hotel room booking and check-in via smartphone. Guests download virtual keys, bypass reception and go straight to their rooms. Indoor navigation via UWB guides guests to their destination. Customized offerings can be pushed to each guest’s smartphone based on preferences stored in their digital credentials which are downloaded with the key (see use case Smartphone- app Hotel Room Entry at Village Hotels UK)