Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Securing industrial legacy system communication through interconnected embedded plug-in devices

Safety and security enhancements for the embedded plug-in device communication
: Heigl, Michael; Fuchs, Andreas; Grzemba, Andreas; Aman, Martin

Mottok, Jürgen:
Applied Research Conference, ARC 2016 : 24 June 2016, Augsburg
Berlin: Pro Business, 2016
ISBN: 978-3-86460-494-2
ISBN: 3-86460-494-X
Applied Research Conference (ARC) <2016, Augsburg>
Conference Paper
Fraunhofer SIT ()

The trend of industrial networks including critical infrastructures to rely upon ubiquitous computing and the realtime collaboration of many devices, demand for more sophisticated security concepts for future electronic systems. Office- IT systems have a high dynamic and IT-security concerns can easily be implemented within the regular lifecycle. Industrial networks on the other hand undergo less change and have longer operational time, which makes them more vulnerable to security threats due to outdated hard- and software. With Ethernet and IP based protocols, as omnipresent communication technologies in industrial networks, IT-security is becoming a mandatory aspect since security considerations have not been taken into account during the initial production of many legacy systems. In this paper a concept for embedded plug-in devices is presented which secures the authenticity and integrity of communication flows between communicating network parties in such systems. An adjusted signature based Diffie-Hellman key exchange, utilizing a Trusted Platform Module, is used to establish a trusthworthy secure connection between embedded plug-in devices. The connection uses a message authentication mechanism for IP based protocols through an adapted HMAC employment without neglecting the safety aspect imperative for industrial networks. A key focus of the development is to strengthen the communication infrastructure between embedded plug-in devices whilst retaining especially the necessary realtime capabilities. Possible attack vectors and errors are discussed to argue that the developed mechanisms are secure in compliance with both: safety and security.