Development and production processes for secure embedded control devices

Tobias Rauter; Andrea Höller; Johannes Iber; Christian Josef Kreiner

doi:10.1007/978-3-319-44817-6_10

Development and production processes for secure embedded control devices

Tobias Rauter^*, Andrea Höller, Johannes Iber, Christian Josef Kreiner

^*Corresponding author for this work

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Security is a vital property of SCADA systems, especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. In particular, we discuss the security concept used to secure our control devices in the operational stage and show how these concepts result in additional requirements for the development and production stages.We show how we meet these requirements and focus on a production process that enables the commissioning of secrets such as private keys during the manufacturing phase. We show that this can be done both, securely and with acceptable overhead even when the manufacturing process is handled by a contract manufacturer that is not under full control of the OEM.

Original language	English
Title of host publication	Systems, Software and Services Process Improvement - 23rd European Conference, EuroSPI 2016, Proceedings
Publisher	Springer International Publishing AG
Pages	119-131
Number of pages	13
Volume	633
ISBN (Print)	9783319448169
DOIs	https://doi.org/10.1007/978-3-319-44817-6_10
Publication status	Published - 2016
Event	23rd European Conference on Systems, Software and Services Process Improvement: EuroSPI 2016 - Graz, Austria Duration: 14 Sept 2016 → 16 Sept 2016

Publication series

Name	Communications in Computer and Information Science
Volume	633
ISSN (Print)	18650929

Conference

Conference	23rd European Conference on Systems, Software and Services Process Improvement
Country/Territory	Austria
City	Graz
Period	14/09/16 → 16/09/16

ASJC Scopus subject areas

Computer Science(all)

Access to Document

10.1007/978-3-319-44817-6_10

Cite this

Rauter, T., Höller, A., Iber, J., & Kreiner, C. J. (2016). Development and production processes for secure embedded control devices. In Systems, Software and Services Process Improvement - 23rd European Conference, EuroSPI 2016, Proceedings (Vol. 633, pp. 119-131). (Communications in Computer and Information Science; Vol. 633). Springer International Publishing AG . https://doi.org/10.1007/978-3-319-44817-6_10

Development and production processes for secure embedded control devices. / Rauter, Tobias; Höller, Andrea; Iber, Johannes et al.

Systems, Software and Services Process Improvement - 23rd European Conference, EuroSPI 2016, Proceedings. Vol. 633 Springer International Publishing AG , 2016. p. 119-131 (Communications in Computer and Information Science; Vol. 633).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Rauter, T, Höller, A, Iber, J & Kreiner, CJ 2016, Development and production processes for secure embedded control devices. in Systems, Software and Services Process Improvement - 23rd European Conference, EuroSPI 2016, Proceedings. vol. 633, Communications in Computer and Information Science, vol. 633, Springer International Publishing AG , pp. 119-131, 23rd European Conference on Systems, Software and Services Process Improvement, Graz, Austria, 14/09/16. https://doi.org/10.1007/978-3-319-44817-6_10

Rauter T, Höller A, Iber J, Kreiner CJ. Development and production processes for secure embedded control devices. In Systems, Software and Services Process Improvement - 23rd European Conference, EuroSPI 2016, Proceedings. Vol. 633. Springer International Publishing AG . 2016. p. 119-131. (Communications in Computer and Information Science). doi: 10.1007/978-3-319-44817-6_10

@inproceedings{e943dc330440451dbe525b5b8abc0c85,

title = "Development and production processes for secure embedded control devices",

abstract = "Security is a vital property of SCADA systems, especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. In particular, we discuss the security concept used to secure our control devices in the operational stage and show how these concepts result in additional requirements for the development and production stages.We show how we meet these requirements and focus on a production process that enables the commissioning of secrets such as private keys during the manufacturing phase. We show that this can be done both, securely and with acceptable overhead even when the manufacturing process is handled by a contract manufacturer that is not under full control of the OEM.",

author = "Tobias Rauter and Andrea H{\"o}ller and Johannes Iber and Kreiner, {Christian Josef}",

year = "2016",

doi = "10.1007/978-3-319-44817-6_10",

language = "English",

isbn = "9783319448169",

volume = "633",

series = "Communications in Computer and Information Science",

publisher = "Springer International Publishing AG ",

pages = "119--131",

booktitle = "Systems, Software and Services Process Improvement - 23rd European Conference, EuroSPI 2016, Proceedings",

address = "Switzerland",

note = "23rd European Conference on Systems, Software and Services Process Improvement : EuroSPI 2016 ; Conference date: 14-09-2016 Through 16-09-2016",

}

TY - GEN

T1 - Development and production processes for secure embedded control devices

AU - Rauter, Tobias

AU - Höller, Andrea

AU - Iber, Johannes

AU - Kreiner, Christian Josef

PY - 2016

Y1 - 2016

N2 - Security is a vital property of SCADA systems, especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. In particular, we discuss the security concept used to secure our control devices in the operational stage and show how these concepts result in additional requirements for the development and production stages.We show how we meet these requirements and focus on a production process that enables the commissioning of secrets such as private keys during the manufacturing phase. We show that this can be done both, securely and with acceptable overhead even when the manufacturing process is handled by a contract manufacturer that is not under full control of the OEM.

AB - Security is a vital property of SCADA systems, especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. In particular, we discuss the security concept used to secure our control devices in the operational stage and show how these concepts result in additional requirements for the development and production stages.We show how we meet these requirements and focus on a production process that enables the commissioning of secrets such as private keys during the manufacturing phase. We show that this can be done both, securely and with acceptable overhead even when the manufacturing process is handled by a contract manufacturer that is not under full control of the OEM.

UR - http://www.scopus.com/inward/record.url?scp=84987984423&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-44817-6_10

DO - 10.1007/978-3-319-44817-6_10

M3 - Conference paper

AN - SCOPUS:84987984423

SN - 9783319448169

VL - 633

T3 - Communications in Computer and Information Science

SP - 119

EP - 131

BT - Systems, Software and Services Process Improvement - 23rd European Conference, EuroSPI 2016, Proceedings

PB - Springer International Publishing AG

T2 - 23rd European Conference on Systems, Software and Services Process Improvement

Y2 - 14 September 2016 through 16 September 2016

ER -

Development and production processes for secure embedded control devices

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Industrial Informatics

AH-HyUnify - control platform for hydro-electric power generation

Cite this

Development and production processes for secure embedded control devices

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

Industrial Informatics

AH-HyUnify - control platform for hydro-electric power generation

Cite this