Concept of Smart Building Cyber-physical Systems Including Tamper Resistant Endpoints - Prof. Dr. Norbert Pohlmann

D. Bothe, I. Kunold, M. Niemeyer, N. Pohlmann, A. Puesche, S. Sachweh:,
„Concept of Smart Building Cyber-physical Systems Including Tamper Resistant Endpoints”.
In Proceedings of the “IEEE CANDO-EPE 2018 – IEEE International Conference and Workshop in Óbuda on Electrical and Power Engineering”,
Hungary, Budapest 2018 

Cyber-physical systems (CPS) and their Internet oft hings (IoT)components are repeatedly subject to various attack stargeting weaknesses in their firmware. For that reason emergesan imminent demand for secure update mechanisms that notonly include specific systems but cover all parts of the criticalinfrastructure. In this paper we introduce a theoretical conceptfor a secure CPS device update and verification mechanism and provide information on handling hardware-based security incorporating trusted platform modules (TPM) on those CPS devices. We will describe secure communication channels by state of the art technology and also integrity measurement mechanisms to ensure the system is in a known state. In addition, a multi-level fail-over concept is presented, ensuring continuous patching to minimize the necessity of restarting those systems

In modern internet landscapes, innovations in the internet ofthings (IoT) and cyber-physical systems (CPS) sector keep onsprouting. According to [1], nearly 20 percent of organizations encountered at least one IoT-based attack in the recent three years and the forecast predicts a growth in expenses to implement endpoint security from $240 million in 2016 to$631 million in 2021. Observing this development in the IoT and CPS market, the near future will sculpt those IoT and CPS landscapes with device automation gaining more ground in technology driven living environments.
CPS are a combination of physical and computational components and present a reflection of a real world entity, incorporating sensors and actuators to process domain specific data while building a network of interacting elements. CPS that are connected to other CPS or any remote party contain IoT components [2] that communicate over untrusted networks.

…