Fraunhofer AISECThe Trusted Connector is a secure embedded device based on Trusted Computing technologies. The connector is a great example on how to leverage Trusted Computing technologies for securing IoT gateways and embedded industrial use cases.
We designed the connector as an embedded device that makes a UEFI secure boot in combination with a measured boot to be capable of remotely attesting its state to other connectors or management parties. In addition, the connector makes use of the TPM for Full Disk Encryption (FDE) to protect its persistent data from physical adversaries. For the runtime integrity, the connector isolates execution contexts into different containers based on OS-level virtualization and a hardened Linux kernel.
The Trusted Connector is a full-blown technology that also allows for secure remote updates ready for use. The connectors can possibly be part of a complex ecosystem and form a network to exchange data, for instance data acquired by a connector in a manufacturing unit.
The interconnection and data exchange between the stand-alone devices finds application in many scenarios, such as in industrial computing. The most recent and prominent advances in industrial computing particularly include the growing interconnectivity of cyber-physical devices, as well as the increasing variety of complex applications exchanging data across company domains. In this context, the data becomes a valuable business asset and a trade good.
An example is the Industrial Data Space, which is a platform designed for the industry, allowing organizations the efficient data exchange and trade. The possibilities such platforms enable inevitably come along with new security risks regarding the establishment of trust, communication security, data usage control, or the integrity of participating systems. Based on the key security requirements for the operation of such platforms in untrusted environments, we designed an overall security architecture for the whole ecosystem including the secure design and implementation of an architecture for the participating cyber-physical devices, the Trusted Connectors. In the Industrial Data Space, the Trusted Connectors allow for the secure controlled and isolated execution of services for application-specific gathering, processing and exchanging of data between organizations.
Further information
- Open source code base for the Trusted Connector
- Research paper: An Ecosystem and IoT Device Architecture for Building Trust in the Industrial Data Space
- Industrial Data Space
- Open source code for the IDS functionality on the Trusted Connector
- www.aisec.fraunhofer.de/trustedcomputing
