17 Jul 2018

Securing unwired automation


With the increasing popularity of smart home devices, such as Google Home assistant or smart television, we are experiencing the transition from the Internet towards the Internet of Things (IoT) in which billions of restricted devices communicate with each other. Along with all the benefits of the IoT, a significant concern is arising (and will continue to do so): the security of these devices. The Mirai botnet [https://www.csoonline.com/article/3258748/security/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html] with the Internet outage that it caused in parts of the United States gave a foretaste of how crucial it is to secure IoT devices and how dangerous a misuse can be.

Parallelly to the IoT, the industry is experiencing a similar situation with the Industrial IoT: it clearly adds value to the industrial processes, but it makes industry a potential target of attacks [https://www.heise.de/newsticker/meldung/Sicherheit-Internet-of-Things-wird-Angriffsziel-Nummer-Eins-4106314.html]. In this sense, Stuxnet already showed both that attacks against industrial plants are indeed within the realm of today’s possibilities, and that the potential effects such attacks can provoke [https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/]. Again, the security of these networks becomes crucial.

So, what does this topic have to do with R3 Communications and my role here? Well, we firmly believe that wireless communications will play a major role in fulfilling and supporting the Industry 4.0. However, the security topic becomes even more important when the used medium is shared (not a cable) as such a medium can be accessed by proximity. And as you have already figured, my task is to make our wireless technology EchoRing robust against potential attacks. The challenge arises with the nature of EchoRing as it is optimised to minimise any kind of computation and communication overhead. However, the techniques used to secure communications come with costs that go against the mentioned nature of EchoRing. On the one hand, encryption, decryption and verification methods impose a computation overhead. On the other hand, authentication methods and message integrity codes imply extra communication.

Although this seems to be a paradox, it is nothing but another situation that challenges our engineering skills. Among other things, we are researching existing protocols and analysing their impact on the computation and communications. We are also working on applying different measures and learning from current breaches.

All in all, security against attacks is an indispensable feature, especially for wireless systems. And my job is to bring this security to make Industry 4.0 possible.