Featured Topic

Security Design Challenges in Industrial Big Data Networks

The demand for residential and commercial solar power and smart grid solutions is beginning to take off. According to GTM research, in 2012, there were 83,000 PV installations in US residences. At the same time, it is widely understood throughout the power industries that energy management in private households is a critical issue that smart grid technology must incorporate. Thus, with feed-in systems for solar and smart grid technology now being pushed into residences and businesses, one significant challenge is being pushed to the fore: how can power providers and system integrators protect data and the physical integrity of computing devices in widely distributed industrial networks, even when it is not possible to reliably lock down every device with strong physical security?

Securing these devices does not just mean the encryption and packet filtering of user-space input/output. What is crucial for devices that are deployed into customers’ homes is the protection of low-level software and hardware integrity, so that the devices cannot be physically tampered with in a way that compromises their operational purpose. Residential homes and commercial offices will be entirely unable to provide a strong physical security layer for edge devices in the industrial cloud, and unless measures are taken to render the devices useless in any role other than that for which they were intended, theft and malicious hacking attempts will be debilitating problems.

TPM: A Unique Solution for Unique Challenges

The conventional challenges of securing data across the open Internet or over local wireless links—like 3G cellular, or Wi-Fi—are easily addressed using readily available tools like packet filtering, firewalls, and data stream encryption with a VPN tunnel, or WPA2. To guarantee user privacy (and cut the risk of lawsuits), data gathered from private residences and businesses must be protected. However, these measures only secure data transmissions from being read, or from DoS or man-in-the-middle attacks; they do nothing to protect the physical hardware, and if that attack vector is left open then the entire system can be quickly compromised by even an inexperienced attacker. Fortunately, there exists Trusted Platform Computing, a powerful tool that addresses this vulnerability, but which currently remains rather under-utilized in the industrial computing field.

Here’s a quick review for those who have not familiarized themselves with it: trusted platform computing embeds a unique, 2048 bit hardcoded cryptographic key—called a Trusted Platform Module, or TPM—into the hardware itself. Originally developed by a consortium of IT giants that were concerned with securing computers against hardware-based attack vectors, the TPM was defined and refined with the close cooperation of the ISO and IEC and is now commonly found on most enterprise-grade computer hardware, especially those tasked with very sensitive, confidential operations.

In addition to its hardware integration, the TPM’s 2048 bit key allows for much stronger encryption and security guarantees than are typically available on ordinary systems. Effectively, each computer comes with an extremely strong password hidden from view through direct integration into its hardware. The key is so easily kept hidden from non-secure environments that one would have to try very, very hard to expose it.

Up to now, TPM has mainly been used in large enterprise networks where computing stations must be secured against tampering. Consequently, TPM is mostly associated with the IT industry, not least because up until now there has not been much of a need for physically securing industrial computing and networking devices: the equipment was already located in protected factories and other secured locations. Yet as big-data industrial systems go ascendant, these needs have changed: the types and amounts of information available on industrial systems pose a very real security risk, both individually and as a society. Strongly secured hardware and operating systems for industrial IT are now as necessary as strongly secured data.

With that in mind, Moxa has integrated TPM into its new line of embedded RISC computers, and the combination of these two technologies presents exciting possibilities for industrial automation engineers. TPM allows the integration of the very lowest levels of device software and firmware with physical-layer security, allowing for the possibility of creating computing platforms that can detect any physical alteration or interference in the device’s normal functioning and immediately lock the device down to protect its data and keep it from being turned to malicious use.

Stopping Up the Final Hole

Yet despite the strong security that TPM provides, there remains an obvious attack vector available to a determined cracker. If an attacker is able to divert the device’s boot process to a spoofed kernel, or is able to insert code into the kernel that intercepts the communications with the TPM, then the system is fully opened up to any exploit the cracker wants to use. The best means of protecting against this is to implement a secure boot process, where every time the device boots up the kernel is authenticated as whole and unaltered. From then on, any communication that calls on the TPM may be trusted.

Moxa has implemented just such a process on the UC-8100. Our secure boot feature is a patented means of authenticating the kernel each time the device boots up, before the computer loads the kernel and moves into user-space.

Many big IT players (such as Samsung, Windows, and MIT) have already patented various secure boot designs. Typically, a symmetric key is used to build a hash, and that is stored either on the local storage drive (where it may be directly read during operations) or in volatile memory (where determined crackers can lift it). Additionally, many of these approaches suffer one or more weaknesses like a failure to include a randomized cipher, storing the cipher in ROM, or an overly resource-heavy, multi-step process.

Moxa has eliminated these attack vectors by building the cipher and authentication system directly into the boot loader. Our secure boot system takes a randomized cryptographic seed from the platform’s kernel—say, four bytes of code, selected at random—and then, using a bitwise operation, appends to it the place in the kernel from which it was pulled and the direction in which it was read (forwards or backwards). Then, after concatenating all of this into a single key, the system generates a hash of the kernel. TPM is not necessary for this procedure—the passkey used to derive the hash can be configured by the user, if TPM is not used—but when combined with TPM the secure boot process closes the most likely attack window a cracker would exploit when attempting to subvert a TPM-protected system. Once this secure boot process is implemented, whenever the system boots up the boot loader will use its cipher key to decrypt the hash, read where and how the original key was generated, and then check the kernel to make sure it has not changed. If anything is amiss the system exits and shuts down.

The UC-8100: Answering the Distributed Challenge

Moxa’s UC-8100 computers are a line of embedded computers designed for deployment in edge applications, particularly for use in distributed, big data networks like smart grid solutions, intelligent transportation networks, or public surveillance systems. With an integrated TPM and our patented secure boot feature, the UC-8100 gives system integrators and end users a powerful, highly secure computer with which to build a wide variety of feature-full solutions. In addition to these powerful security features, the UC-8100 supports two SD card slots—a micro SD and an SDXE—that can deliver well over 100 gigabytes of solid state storage, a mini PCIe slot that supports any 3 or 4G cellular module, two Ethernet LAN ports, 2 serial ports, onboard Modbus support, and a full complement of TPM-enabling software on its open Debian ARM 7 software platform. With the powerful, open Debian software platform coupled with its strong security and connectivity features, the UC-8100 is an extremely versatile computing platform suitable for a wide range of end solutions, whether for fire control, surveillance, smart grid, residential solar systems, access control, smart house, or medial applications.

To get a technical overview detailing the security features we have worked into our UC-8100 series of embedded computers, download our white paper here. If you'd like a closer look at the UC-8100 and what it can do, head over to our latest product microsite here. Once you're there, don't forget to share your ideas with us about how it might be used, so you can be in the running to receive a trial testing kit, and maybe even a free computer!

Back to index