Industrial networks are not only an attractive target for cyber criminals; it can also be worthwhile for a competing machine manufacturer to penetrate a competitor's network and place targeted malware there. Whether production is disrupted or clandestine access to the company network and thus to sensitive business data is established - this can mean considerable financial losses for the damaged company.

Against this backdrop, fourteen companies from German industry and seven research institutions and universities came together in July 2015 under the umbrella of IUNO (see box) to jointly develop secure IT solutions for typical issues in automated production. Substantial results are now available and the participants are currently in the process of reflecting these using four Industry 4.0-relevant scenarios from the manufacturing industry as examples. The ultimate aim is to provide companies with a 'toolbox' of generally applicable solutions for the challenges of IT security in industrial applications, which can be used as a blueprint for a secure Industry 4.0.

New business models for data

One sub-project of IUNO is the technology data marketplace: Operators will be able to use it, for example, to purchase the technology data they need for their machines via the web with a needs-based license.

© Trumpf machine tools

One of the four use cases considered within the framework of IUNO is the so-called 'technology data marketplace' with a focus on the topic of secure data. The background: What is already almost commonplace in most sectors is still virtually unused in industry - the introduction of new distribution channels for efficient and more cost-effective production. As things stand today, technology data, for example, has to be determined at great expense by the operator of a machine tool, depending on the material.

In future, the technology data marketplace should make it possible to exchange the technology data required for machining processes such as laser cutting on the basis of a cross-factory platform. The idea is essentially based on existing marketplaces, such as an e-book store. Ultimately, a machine operator should be able to use the marketplace to acquire cost-effective technology data - with a license tailored to their needs - for their machine, which is necessary for production with a machine tool. The decisive factor for feasibility is that the data cannot be read out without authorization at any point in the process.

Based on the idea of the technology data marketplace, a future business model could look like this: If the machine operator purchases a machine tool from the machine manufacturer, he is only provided with a basic scope of technology data for standard applications upon delivery. If boundary conditions such as raw material, required process quality or machining speed change during the processing of individual customer orders, adjustments or even new technology data records are required. This data usually has to be created on the basis of numerous tests. This results in high costs for companies in terms of time and material consumption. In the vision of Industry 4.0, the required technology data could soon be found via a cloud-based marketplace, licensed as required and used on the machine. Alternatively, the machine operator could develop the required technology data set themselves and offer it for sale to other operators via the platform.

In order to make this complex construct more comprehensible, the technology data marketplace was implemented as an example within the framework of a demonstrator that can be seen live at the upcoming Hannover Messe (see subpage 'Trade fair demo beverage mixer'). The following sections describe the underlying concepts in detail. Several components are interlinked:

Secure data

The core of trust is the secure storage and transmission of technology data. During the development of the marketplace, the various attack vectors were therefore identified and appropriate countermeasures implemented. Specifically, a multi-layered encryption concept was developed in close cooperation with the project partner Wibu-Systems. The central component of the concept is a hardware security module (HSM) on the machines. This is used to check the authenticity of the machines and license the technology data. In addition, a separate encryption is based on the licensing to prevent the technology data from being used by external systems. The technology data is encrypted with the machine manufacturer's public key. Only the manufacturer's control software is in possession of the corresponding private key. This software is in turn protected against unauthorized readout with the help of AxProtector from Wibu-Systems, as it is completely encrypted and can only be decrypted at runtime in conjunction with a valid license in the existing license dongle.

Defense in Depth

The architecture of the technology data marketplace: Tasks are divided into individual components that are secured against each other. Not every component is directly accessible from the Internet.

© Trumpf machine tools

Much of the security in the technology data marketplace is generated by its architecture. With the defense-in-depth method, functions are consistently separated, layers are separated from each other and secured against each other. In the event of an intrusion, only individual components are affected. The marketplace is therefore made up of various micro-services, each of which runs in an encapsulated environment. Communication takes place exclusively via secure and precisely defined REST web interfaces. Whitelisting enforces precise data transfer and counteracts misuse through manipulated data records. Only the outermost layer of the marketplace can be accessed via the internet.

Security by design

To avoid security gaps during development, the central functions are additionally secured at database level. This procedure guarantees that function calls are only possible with the appropriate authorization and that sensitive data cannot be accidentally leaked. In addition, the individual components were always developed with the TOP 10 risks of the Open Web Application Security Project (OWASP) in mind.

OAuth 2.0

All data access in the marketplace is secured through the use of the open protocol OAuth 2.0. On the one hand, the identity of the user can be established and, on the other, the user determines which data operations are possible with their data in the marketplace. OAuth 2.0 also makes it possible to outsource user and rights management to a separate component.

The architecture of the marketplace

The core component of the system is the so-called MarketplaceCore. This is where the central functions for data trading are implemented and the database containing the technology data and transaction processing is connected. This component does not know any details about the traded data. A second layer then translates between the generic data format in MarketplaceCore and the application. In the implemented case, this is a website for creating the data and a REST API for connecting machines.

In conjunction with the 'Payment Service' and 'License Central', the MarketplaceCore implements the process for purchasing a license. The 'Authentication Service', which is connected by all participants based on OAuth 2.0, serves as the central instance for authenticating participants and authorizing data access.

The payment system

In order to represent the use case of technology data trading in a consistent manner, the integration of payment processing is essential. The security of the data against unauthorized access to unencrypted data is already ensured by the measures described above. Bitcoin technology, the digital P2P payment system based on blockchain technology, was used to investigate how license trading can be implemented using the pay-per-use principle. The payment system was implemented in the Bitcoin Testnet to ensure that the demonstrator is independent of price fluctuations. This differs from the well-known Bitcoin currency only in the lack of real value, but not technically. At the demonstrator machine - i.e. the beverage mixing machine - an end customer can now pay for their beverage using a Bitcoin wallet and the machine pays the marketplace for the usage license. The marketplace takes its commission and keeps the rest for the licensor. As soon as the Bitcoin transactions have taken place, a usage license for the required recipe is issued for the machine and the machine can start production.

The actual Bitcoin processing was encapsulated in the PaymentService component, which can be found in the marketplace and on the machine. This ensures that payments are tracked, informs the services using it about the receipt of payment and thus abstracts Bitcoin transactions and their special features.

By using Bitcoin in the demonstrator, payment could ultimately be implemented elegantly and transparently. However, the process behind it can also be easily adapted to other payment methods.

Preparing machines for the marketplace

Finally, the question arises as to how machines can be prepared for a connection to a technology data marketplace.

The first core functionality is the secure handling of data. As soon as it has been decrypted with an existing license, the data is inevitably available unencrypted in the machine for a brief moment. The machine manufacturer must then ensure that the data is available unencrypted for as short a time as possible, is never stored permanently and is securely overwritten after use. If the data volumes become too large or processes take too long, as is the case with 3D printing, for example, it may make sense to only store part of the required data in unencrypted form and only decrypt data piece by piece.

All components of the demonstrator - including its source code - are open source and published under the GNU General Public License 3.0 on Github (https://github.com/IUNO-TDM). We will shortly be presenting the three other use cases of IUNO in detail:

• Customized production (secure processes)
• Remote maintenance of production facilities (secure services)
• Visual security control center (secure networking)

Authors:
Manuel Beuttler is a software developer at Trumpf Werkzeugmaschinen and is responsible for the web services in the project;
Marcel Ely Gomes is a software developer at Trumpf Werkzeugmaschinen and is responsible for the database in the project;
Christian Görg is a software developer at Trumpf and is responsible for payment via the blockchain and for the control software in the project.

Beverage mixer trade fair demo

Safety in liquid form: For demonstration purposes, cocktail recipes are traded in the marketplace and produced using machines developed for this purpose.

© Trumpf machine tools

What still sounds abstract to industry participants will be illustrated to visitors to the Hannover Messe by a drinks mixing machine. The demonstrator contains all the functions of the cloud-based technology data marketplace and illustrates how data protection can be guaranteed at all times. A market participant develops a beverage whose recipe is offered for use on the marketplace in encrypted form. Analogous to the selection of the required technology data, the trade fair visitor can now choose their desired drink on a cloud-based marketplace. After ordering the drink, the machine acquires a license from the marketplace, which is used to decode the encrypted drink recipe once by the control system of the drink mixing machine and prepare it in front of the visitor's eyes. The recipe for the drink cannot be viewed at any time and unauthorized use or disclosure of the data is therefore impossible.

The partners of IUNO

IUNO is the national reference project for IT security in Industry 4.0 funded by the Federal Ministry of Education and Research (BMBF). The total project volume amounts to 33 million euros. The partners of IUNO are: Accessec, Bosch Rexroth, Bosch Software Innovations, DFKI, Duravit, Escrypt, Fraunhofer AISEC, Fraunhofer IESE, Fraunhofer SIT, Homag, Infineon Technologies, Nobilia Werke, Phoenix Contact, Robert Bosch, Siemens, Trumpf Werkzeugmaschinen, TU Darmstadt, TU Munich, University of Kassel, Volkswagen, Wibu-Systems. Homag is responsible for coordinating the project. Further information can be found on the project page on the Internet.