Publikation
How to Secure the Communication and Authentication in the IIoT: A SRAM-based Hybrid Cryptosystem
Christoph Lipps; Pascal Ahr; Hans Dieter Schotten
In: European Conference on Cyber Warfare and Security. European Conference on Cyber Warfare and Security (ECCWS), June 25-26, Chester, United Kingdom, ISBN 978-1-912764-61-7, Academic Conferences and Publishing International Ltd, 6/2020.
Zusammenfassung
Currently, the developments of the Fourth Industrial Revolution are taking place, accompanied by the
advancements of the Industrial Internet of Things (IIoT). This includes, among others, the interconnection of
different industrial spheres, devices and use-cases up to Machine-to-Machine (M2M) and Machine-to-Service
(M2S) communication.
However, especially this communication is critical because of the partly sensitive content as well as the
amount to data transmitted. Furthermore, the reliability and integrity of the data, in particular with regard to
industrial applications, an important issue.
But as the IIoT devices are designed for low energy consumption rather than to handle with complex
cryptographic approaches, new lightweight but nevertheless sound and secure techniques are required.
Furthermore, a strong authentication with a power optimized technique and an access control management is
necessary.
To guarantee both, a secure communication and a strong authentication, a Physical Layer Security (PhySec)
based system, in particular a Static Random-Access Memory (SRAM) related approach is a promising
opportunity. Especially because most Microcontroller Units (MCUs) are already equipped with SRAM, which
requires no additional implementation effort.
In this work the ability of SRAMs to use them as a Physical Unclonable Function (PUF) as well as the inherent
given characteristics are examined. For instance, the start-up value - the hardware fingerprint of the device – is
taken into account. Despite the reputation of PUFs to enable a hardware related deviation of cryptographic
keys for secure communication and device authentication, the lack of practical usability if often criticized.
To face this, in this work a practical application for PUFs with its potential with respect to the IIoT is
presented. Therefore, within a M2M communication scenario the application of a SRAM-PUF driven hybrid
cryptosystem is demonstrated. A secure asymmetric cryptosystem is applied to exchange synchronisation
data, followed by the PUF-based cryptography. The individual key is calculated from their PUF sequence in
conjunction with pre-transmitted helper data. As another benefit of the approach, there is no need to store
any cryptographic credentials on the device itself, because the key is regenerated every time required. This
enables not only completely new applications in IIoT environments but is also a resource saving, lightweight
and powerful security primitive.