• 8/21/2013

Secure embedded systems

Keeping hackers out of the boiler-room

Earlier this year, a security loophole was identified in a mini combined heat and power (CHP) system of a large heating manufacturer. The system is designed to allow remote control and maintenance via the Internet, but it turned out that the network was also wide open to hackers. Cars, planes and industrial systems are increasingly being controlled by computer systems. At the same time, they are networking more and more with their environment. To protect these highly sensitive systems against attacks, researchers from Technische Universität München (TUM) have embarked on the SIBASE research project together with partners from industry and research.

Physical interventions and measurements can extract confidential information from embedded systems.
Physical interventions and measurements can extract confidential information from embedded systems. (Photo: M.Pehl/TUM)

The unusual feature of CHP systems is the fact that they produce both heat and electricity, which is fed into the public grid. A number of mini CHP systems in detached houses can now be interconnected via the Internet to create virtual power plants with an impressive rating. The downside is that this makes them vulnerable to IT attacks. Hackers would be able to turn the controls up or down, which could lead to frost or heat damage. This is just one example of networked industrial systems targeted by the Industry 4.0 strategy initiated by the German government. Equally problematic would be attacks on cars, planes or even systems like telemedicine installations. All of these machines contain embedded systems, which have an impact beyond the realm of bits and bytes; they control things in the real, material world.

To protect these networked systems, while also safeguarding know-how, intellectual property and privacy, researchers from TUM and their partners from the Sicherheitsnetzwerk München (Munich Security Network) set up the SIBASE project. The aim is to create a security kit for safeguarding embedded systems.

Building blocks for secure embedded systems

When designing embedded systems, hardware and software development must be closely interlinked. This means that care must be taken from the very first step to ensure that neither the hardware nor the software contain any security loopholes. As part of the SIBASE approach, researchers first explore secure IT architectures before implementing the hardware and software layers. This involves linking special hardware security elements with secure operating systems by means of unique fingerprints.

The findings will then be mapped to demo systems and trialed in automotive, avionic, industrial and electromobility applications. In order to check how secure their systems actually are in the real world, the project partners research new attacks and then secure their systems against these risks. To accelerate time-to-development for these secure systems, TUM researchers are working on special security design tools. The end result will be a complete kit of hardware and software elements, test methods and tools to make the networked systems of the future more secure.

The SIBASE research project for secure embedded systems is a collaboration between TUM (project lead), research partner Fraunhofer AISEC, and the companies EADS, genua, Giesecke & Devrient, Infineon Technologies AG, Mixed Mode, Sysgo and Siemens. The EUR 14.5 million project is being funded by the German Federal Ministry of Education and Research (BMBF) over a period of three years.

Prof. Dr.-Ing. Georg Sigl
Technische Universität München
Institute for Security in Information Technology
T: +49 89 289-28250
E: sigl@tum.de
W: www.sec.ei.tum.de

Technical University of Munich

Corporate Communications Center

Back to list