The topic of individual production in batch size 1 is already a reality in sectors such as the furniture industry. This goes so far that the customer can individually determine the dimensions of their cabinets in addition to choosing from countless equipment options. Machine and software suppliers in this industry have already invested a great deal in automated processes over the last 20 years, but have hardly considered the issue of IT security at all. As part of the IUNO research project, solutions have now been developed to remedy this deficit.

Production facilities in the furniture industry are already built in such a way that they can produce workpieces in batch size 1 almost as quickly as series parts - i.e. with cycle times in the region of two to three seconds. As manual data entry is not possible at this speed, the machines are extensively networked and the workpieces can be identified manually or automatically using barcodes.

Vertical and horizontal networking using the example of furniture production.

© Homag Group

In the same way, the process from the sale of the furniture, through the generation of the production order and the processing programs to the transfer to the processing machines is also largely automated. In other words, production is fully networked both horizontally and vertically.

What does this mean in terms of the security of such networked production? To answer this question, the IUNO research project looked at the individual processes in detail and categorized them into four scenarios (use cases):

1. Product creation
2. production planning
3. Production planning
4. service

Fraunhofer SIT first carried out a threat and risk analysis for all of these scenarios. This means that the planned use cases were summarized in a data flow diagram (DFD), which was then subjected to a threat analysis using 'Stride' (a classification developed by Microsoft for the threat to systems) and a subsequent risk assessment using 'Fair' (a method for considering the level and frequency of losses). This initial step was essential in order to know what needed to be protected and what did not.

This is also an important insight for all companies involved in IT security: You first have to be clear about the goods (assets) worth protecting before you start thinking about how to protect something. However, it must also be clear to everyone: 100% security is impossible! It is therefore important to concentrate on the assets that are particularly worth protecting.

Product development

components of product creation in order to be able to process customized orders in a highly automated manner.

© Duravit

The product creation scenario was mainly developed by Duravit, a manufacturer of bathroom furniture. It looked at the generation of production data from product development and the customer order with all the components and interfaces involved.

The threat and risk analysis in this use case ultimately revealed that the CAD models and the XML furniture description data derived from them are particularly sensitive data. The main threats here are the violation of availability and integrity by means of tampering, an attack method for manipulating data, or DoS (Denial of Service). The latter is an attack method with high-frequency requests that ultimately causes the server to collapse. In the case of parameterizable CAD models and XML data, the threat analysis has shown that another major threat is the breach of confidentiality.

In order to increase IT security, various measures were implemented: To prevent misuse of the CAD data, encryption with a cryptographic key is carried out by the CAD system as soon as it is generated. A tool for generating such keys is integrated directly into the CAD system. This means that the CAD data cannot be used by outsiders and the know-how remains reliably with Duravit. In addition, the server for the XML data is secured by a firewall and the data is supplemented by a hash value for integrity checks.

Production planning

At Nobilia, a manufacturer of kitchen furniture, the focus was on production planning. In single-batch production, it often happens that individual customer-specific parts cannot be manufactured on a machine, resulting in downtime. This use case therefore includes a simulation of the production process for each workpiece on virtual machines - in the context of Industry 4.0, this is referred to as the 'digital twin' of both the workpiece and the production equipment. In this case, the workpiece data comes from Nobilia, the machine models from Homag and finally the embedding in the overall system or the control of the simulation software was created at Fraunhofer AISEC.

The threat and risk analysis of this use case has shown that the processed order, production and machine data as well as the machine templates are the data particularly worthy of protection. Relevant threats are the violation of availability and integrity, while confidentiality is not important. A central weak point in the system is the simulation results memory.

In this IUNO scenario, production planning to the external systems is secured via encrypted connections with cryptographic keys generated by Nobilia IT. The actual simulation and the results memory are protected by firewalls and user administration. Last but not least, the connection to the production network at Nobilia is made via a 'read-only' connection, so that manipulation of the data can be reliably prevented.

The production

To illustrate the 'production' scenario, Duravit looked at the 'intelligent workpiece' on a processing machine and its environment. The aim is to automate the process of loading and unloading a processing machine using data technology, with the necessary communication being secure.

Specifically, a transport trolley was previously loaded in such a way that the sequence of the workpieces on it is known. The trolley itself is identified via an RFID chip as soon as it is placed in front of the machine. The machine operator then removes the parts one by one and places them on one of the machine's two processing stations. The control system uses a smartwatch on the operator's wrist and Bluetooth beacons at the machine's two processing stations to recognize which station the operator wants to place the workpiece on. Once the placement of the workpiece has also been confirmed via the smartwatch, a camera system carries out an optical plausibility check of the inserted workpiece based on the dimensions and then starts processing.

Due to the networking of the various components, this system has various weak points in terms of data security - especially when it comes to data transfer from one system to the next. In general, interfaces always pose an increased security risk, as it is much easier to launch attacks there than within a closed system. The problems at the interfaces between control systems can be solved by using the OPC UA industry standard, which enables secure communication through encryption and authentication. This has also been confirmed by the German Federal Office for Information Security (BSI).

All other areas, such as Bluetooth beacons or RFID tags, can only be read and not changed. If an attacker reads these, there is no damage to the company, which is why these areas are negligible in terms of IT security. The second component for improving security is the ASIC security module CodeMeter from Wibu Systems. This uses certificates to protect the data stored in the RFID tag.

The service

Finally, as part of IUNO, Homag looked at how new service approaches can increase the availability of machines for operators. Cloud-based services are a promising approach to this. OPC UA is also to be used as the communication protocol, as this protocol appears to be establishing itself as the future international standard for Industry 4.0 communication.

The threat analysis carried out for the communication of applications using OPC UA is based on an extended consideration of an analysis already carried out by the BSI in 2016. Identified threats were evaluated using a traffic light scale of CVSS (Common Vulnerability Scoring System) values. The manipulation of messages and direct attacks on the operating system were identified as threats with high criticality. Other significant threats include various DoS attacks from untrusted clients or servers, the sending of unreadable messages and direct attacks on private keys. The latter are emerging as particularly sensitive objects whose protection needs to be improved. This is because a potential attacker who is in possession of such a key can break the entire security. A key memory that is anchored directly in the hardware - for example in a TPM chip - can provide a remedy here.

Solution approach with global certification authority for the automatic generation of certificates, for example for OPC UA communication.

© Homag Group

In contrast to the production scenario, when using OPC UA in the service context, it should be noted that this must be a global certificate authority. This authority issues certificates not only for the Duravit and Nobilia demonstrators, but also for all Homag applications that are used worldwide by the operators of the corresponding machines.

However, setting up such a certification body involves a considerable amount of work. Although there is experience in the area of office IT, there is none yet in the direct production environment. In addition, it has not yet been clarified how third-party machines can be reasonably integrated here, as the machines of several independent companies must now trust the same key.

This also needs to be considered in this context: Not all machines have a permanent internet connection and accordingly the certificates cannot renew themselves automatically when they expire. This would mean that the machines would no longer be able to produce because OPC UA communication would no longer work. Consequently, a concept must also be developed in this context that covers those machines that have no connection to a global certification authority. This would place more focus on the availability of the machines at the expense of security.

In summary, it can be said that IUNO's 'Customized Production' work package has successfully demonstrated that the issue of IT security can be solved in all areas involved in production. However, there are often still no directly purchasable products that are easy to use. Instead, you have to put them together yourself with a certain amount of effort and detailed knowledge. However, this cannot and should not be an excuse for not addressing the issue. In the foreseeable future, there will certainly be solutions that are easy to use without the need to be an absolute IT security expert.

Author:
Ernst Esslinger is Director Methods / Tools Systems at Homag and coordinator of the IUNO research project.

The IUNO project

IUNO is a publicly funded research project of the Federal Ministry of Education and Research (BMBF). 14 industrial companies and seven research institutions are pursuing a common goal: securing the production of tomorrow against external attacks, in particular espionage, sabotage and manipulation. A total of four demonstrators are being developed in the project, each led by an industrial partner. In detail, the following sub-aspects and use cases are involved:

• Secure data / technology data marketplace
• Secure networking / visual security control center
• Secure services / remote maintenance of production facilities
• Secure processes / customized production