D. Bothe, N. Pohlmann, A. Puesche, S. Sachweh:,
„Concept of a Life-Cycle Management with Tamper Resistant Distributed Cyber-Physical Systems”.
In Proceedings of the “Smart Energy 2018 Conference”,
In this paper we will provide an overall concept of a life-cycle management targeting software components in the field of cyberphysical systems (CPS) from their Internet of Things (IoT) components to the back-end infrastructure. It combines the software development with the operational life-cycle and depicts a high level view on secured update mechanisms with hardware supported security features. We will describe a secure way of commissioning CPS devices within a critical infrastructure, up to decommissioning these components, respecting given privacy laws
to prevent unwanted data recovery before destruction.
Cyber-physical systems (CPS) are part of our infrastructure and are
commonly incorporated in smart energy grids, water management, pipelining, industrial manufacturing and medical systems. CPS are a combination of physical, mechanical and computational components that represent a real world entity, e.g. heating pumps or wind turbines . This is accomplished by incorporating sensors and actuators to process domain specific data. CPS that communicate over untrusted networks such as the Internet contain Internet of Things (IoT) components for communication . Managing and monitoring CPS in a large distributed system is a mandatory task to guarantee certain levels of service quality and availability. Unfortunately, each IoT component of a CPS is prone to attacks if not properly protected. Weak communication channels and hardware tampering can disrupt a CPS in its functionality and even fall victim to false data injection (FDI) which can lead to information hiding in actuator states. Before CPS were openly communicating over the internet, they were commonly bound to local networks, which was regarded as properly safe, due to access restrictions and highly specialized hardware.
Sophisticated attacks like the Stuxnet Worm could still target highly
specialized systems in critical high-security infrastructures. With smart
building automization becoming more popular in private and business
environments, CPS are playing an even more important role in every part of modern life. As CPS reflect physical entities, any digital threats that may arise during operation can have a definite impact on the real world . To distribute such systems, it is important to gain an overview on all aspects of their lifecycle from development to manufactoring and finally releasing it into production. Besides security and safety aspects of CPS, data protection laws are coupled with the requirement list for CPS, as they become part of
households and business facilities alike. In this paper we will provide a concept for securely commissioning CPS into a large distributed infrastructure including considerations of data protection aspects while using hardware based security to ensure data integrity.