As safety and reliability have become critical in IIoT systems, embedding the highest levels of trust is now essential.
So while the PC connected to the network might have traditionally been the point at which security was enabled, the trust anchors now need to be located down at the hardware level, in silicon, and as close to the edge as possible — even in the sensors.
In the following pages, we will offer you the lay of the land for IIoT security solutions. First, we start with the chip level, where there are several options.
Infineon provides the OPTIGA family of hardware security controllers with software containing the cryptographic keys and certificates, plus the drivers and software libraries. It enables engineers to integrate security into their systems.
For simple authentication, the Trust B product is used for IoT edge devices and “dumb” sensors that simply supply information; the device supports smaller cryptographic key sizes that might be used for authenticating a spare part or a battery, for example.
Trust E addresses the security requirements of devices that are more feature-rich and need a higher level of security; it is a turnkey solution with OS, Applet, and complete host-side integration support and up to 3-kB memory.
The company’s main solution for high-end security for industrial automation is the OPTIGA Trust X. It’s a discrete hardware security module built on elliptic curve cryptography (ECC) with 256-bit, AES128, and secure hash algorithms (SHA)-256 encryption.
It enables functions like mutual authentication, secured communication, data store protection, lifecycle management, secured updates, and platform integrity protection and has up to 10-kB user memory.
Infineon OPTIGA family of security controllers. (Source: Infineon)
Steve Hanna, senior principal at Infineon, says that Trust X is designed for environments in which the main CPU may not have full-fledged power and asymmetric and symmetric cryptography must be offloaded from the main CPU.
Two of the world’s largest industrial equipment manufacturers use Infineon’s security chips at the IIoT gateway and the endpoints. “Industrial IoT is very much a complete system, so you need to look at the endpoint, the gateway, and the cloud,” he said.
“Our chips are designed to be easily integrated into the system as well as cloud-based architectures. The gateway is an ideal choke point to implement security without touching the edge, so our customers are integrating security chips into [both] gateways and endpoints.”