1. How do wearable devices and sensor technologies solve each other's market constraints bottlenecks?
Set micro-network news (Reporter/Aki) In recent years, with the continuous improvement of people's living standards and the continuous improvement of living conditions, people are paying more and more attention to the quality of life. Wearable devices also appear at this time, and the market is even more However, after years of development, wearable devices have continued to evolve, but there are still few products that can attract people. The entire wearable device market seems to be in a state of 'high, low, not good', and the product value is far from Meet the needs of consumers.
What is limiting the development of the wearable device industry? If these problems are not solved, the wearable device will still be difficult to achieve large growth in the future, and may even become a secondary entry for data collection.
Wearable devices are not growing enough
According to the latest 2018 Wearable Sensor Industry Technology Report published by the China Research Institute, since 2016, global wearable device shipments and revenues have grown at an annual rate of 13%, with revenue growth. The scale has reached nearly 35 billion US dollars / year.
This is mainly due to the continuous development of major manufacturers, the growing variety of wearable devices, the maturity of product technology, the continuous improvement of user experience and the continuous decline in product prices. These factors are attracting consumers to constantly update and purchase new products. Wearable device.
However, it is worth noting that the growth rate of the wearable device market has decreased slightly compared with the previous five years, and the subsequent development momentum is a bottleneck.
This development bottleneck is mainly reflected in the following aspects:
First, from the global wearable device brand shipments. Although the top five institutions accounted for more than 50% of the market share of the trend has not changed. But compared with 2015, in addition to Xiaomi and Samsung, Apple, Fitbit and other manufacturers The market share has dropped slightly.
Secondly, the overall investment fever of the wearable industry has declined. According to data released by the China Research Institute, from 2015 to 2017, the number of investment and financing in the wearable industry has dropped from 145 to 77, a drop of 46%. The amount also dropped from 4.73 billion yuan to 3.12 billion yuan, a drop of 34%.
So what is the crux of the bottleneck in the wearable market?
What is the crux of the development of the wearable market?
From the beginning of the birthable device, it appeared as an accessory device of the smart phone. Although the functions after the change are constantly changing, for smart bracelets and smart watches, many functions are still inseparable from the support of mobile phones, even Part of the function is the expansion of smartphones.
This makes the wearable device itself a non-critical consumer electronics product, especially for AR/VR devices.
According to the research report of the Research Institute, the market prospects of wearable devices are inseparable from the consumers' willingness to use. For non-rapid wearable devices, the convenience and functionality of products have become the main factors determining consumption. factor.
Since consumers are more likely to wear wearable devices related to wrists, arms, fingers, head and waist, we found that in 2016, the market share of global wearable device segment products was basically the same as that of consumers. The willingness to wear is consistent. This trend will not change in the future.
According to Gartner's forecast, smart watches and smart bracelets will still occupy a large market share in 2021, and the revenue and shipment share of head-mounted displays will increase, following the smart watches.
This also shows that how to improve the convenience and functionality of wearable devices will be the key to determining the future market development of the wearable device market. This also puts forward the development of wearable devices and related technologies. High requirements, especially in the core component of the wearable device – the sensor.
Sensors and wearable devices complement each other
Depending on the product, the sensor plays a different role in the wearable device. However, it is undeniable that the function and performance of the wearable device are inseparable from the support of the sensor core technology.
In general, the sensor's high integration and diversified measurement can integrate more monitoring functions for wearable devices; new material development and application of sensors, development of flexible wearable sensors can improve the wearability of wearable devices; Reduced power consumption can also improve the endurance of wearable devices.
It can be said that the convenience and functionality that we mentioned before in the development of the wearable market are inextricably linked with the core components of the sensor.
Therefore, the report of the China Research Institute pointed out that sensors can bring new interactions to wearable devices, innovative and interesting applications, better user experience, sensor volume, quality, power consumption, reliability, stability, etc. Wearable device user experience, wear comfort and power consumption have a very important impact. Even human-computer interaction experience, intelligent sensing technology, flexible electronic technology, etc. are inseparable from the development of sensing technology.
On the other hand, wearable devices also place higher demands on the development of sensors.
In terms of the convenience required by wearable devices, this requirement puts higher demands on the signal acquisition and chip fusion of the sensors in the device, especially in terms of performance, power consumption, volume and solution integrity. The equipment is very different and the overall requirements are more demanding.
At present, the potential development direction of sensor-sensing devices for sensors mainly has the following requirements:
First of all, highly integrated and diversified measurement. The increasing functionality of wearable devices requires the integration of more sensors, but the wearable devices are limited in size. How do you increase the sensor while keeping the volume constant? This requires sensors. Highly integrated for more detail.
Secondly, new materials and flexible wearable sensors. Because of the human body structure, how to better fit the human body to the human body is also a future exploration. Realize the high resolution, high sensitivity and fastness of flexible wearable electronic sensors. Response, low cost manufacturing and complex signal detection remains a big challenge.
Third, reduce sensor power consumption and increase endurance. Improve product endurance and low-energy product development. The key technologies are mainly to improve battery energy density and environmental energy acquisition. It seems that the most likely solution is still high energy density. Rechargeable electrochemical cell, which will make the sensor have a long standby and use time under the premise of minimizing the volume. Wireless charging is hopeful to become the next reliable source of energy. However, a new breakthrough in battery technology Previously, wearable devices could only increase the battery life of the device by selecting a backup battery, reducing the power consumption of the sensor.
Finally, the future development of the wearable device industry requires the stimulation of new application points. Users have put forward new requirements for the deep information mining function of products, and the demand for wearable biosensors has gradually increased. Wearable biosensors are already in medicine. There are important applications, but strictly speaking they have not yet reached the level of ideal automatic detection. It is foreseeable that in the next few years, consumer devices will integrate a wider range of biosensors, such as measuring blood oxygen, blood pressure and blood sugar. Horizontal spectral sensors, as well as skin resistance sensor sensors that determine sweat levels and pH values.
It is not difficult to see that the wearable device market and the sensor market are two complementary markets. The current development of the wearable device market has encountered bottlenecks, and it is urgent to seek breakthroughs in convenience and functionality. This breakthrough requires sensor support. Realization. While the sensor market is gradually saturated in the traditional sensor market, the wearable market will become the next new growth point.
In the future, as wearable devices move toward multi-functional integration, sensors will have tremendous opportunities in the market for high integration, low power consumption and flexible wearable sensors, biosensors, etc. (Proofreading/Lechuan)
2. The sensing system is connected to the line. The edge intelligent 謢IIoT node is secure;
IoT system attacks have repeatedly made headlines in the media, constantly revealing network, edge nodes, and security loopholes with doorway devices. Embedded sensing systems are an important part of the industrial Internet of Things, once the security risks of networking are greatly improved, but the nodes Communication between the two is necessary, therefore, the maintenance of node security is particularly important.
Recently, the Mirai botnet virus infected more than 2.5 million IoT nodes, using the default password to change the vulnerability, and waiting for the device to execute the Telnet server. Mirai can also initiate a blocking service attack, making a large proportion of the server network worldwide. Access is forced to break. The Reaper botnet exploits the software's defense vulnerabilities to spread itself to the software, attacking more than 1 million IoT devices. A networked fish tank allows hackers to invade the casino's network and steal 10GB of software. Data. Many hackers use smart TV to engage in spying and surveillance activities.
Embedded sensor systems have only recently begun to be networked, and their access portals have begun to be exposed to the Internet. As part of the Industrial Internet of Things (IIoT), these sensors have lost the experience of web servers in an aggressive environment over the past 20 years. Evolution, so the industry began to observe that various common attacks occurred in these systems in the 1990s and earlier. The life cycle of IIoT systems is usually longer than traditional computers, and some devices will continue to run for decades after deployment. For a long time, but I don't know when it will be maintained.
The configuration of the server and the PC is complex enough to perform the action of secure resource provision. In contrast, the power consumption and processing power of the IIoT node are usually low, so it is difficult to free up the power budget to implement security measures. The security itself is a trade-off. And the cost of R&D must also be considered. Although the cost of industrial IoT is generally higher than that of the consumer IoT, there are still cost challenges in terms of expansion. If security is neglected, the product may face potential attacks after deployment. Impact, these aftermath costs will eventually return to the user, can not be avoided.
Sensors and actuators allow industrial IoT devices to interact with the real world. Cyber attacks are mostly limited to data loss. However, industrial IoT intrusion attacks make it easier for hackers to penetrate the real world than in the past.
These attacks have the potential to cause physical damage. In the industrial Internet of Things field, a single failure can cause millions of dollars worth of industrial processes to shut down or even destroy, or lead to life-threatening conditions.
Networking brings attack risk Node security must be considered
Industrial IoT devices are mostly connected to a network, usually the Internet. However, such links also expose them to the risk of attack, just like epidemics, through infection with other machines, so that the virus can Dissemination. The way the system interacts with the outside world can be the gateway to attack. The reason why attackers can interact with the system is because they have networked pipes. So the first question facing system design security is: Is it really necessary to connect to the network? Once connected to the network, the security risks will rise straight.
The best way to protect your system is to avoid connecting it to the network, or to connect to a closed network. Many mission IoT devices are connected to the network, simply because they have Internet access, but behind the Internet. There is not much purpose. Does the benefit of device networking be countered by the accompanying security risks? In addition, any old systems that interact with these connected devices will also be at risk.
In many cases, there are many networks and nodes that can be secured without external links, but they need to coexist with the old existing networks, but the security of these old networks is far less than the new system.
This creates a new problem, the weakest security risk of this kind of defense, beyond the scope of the industrial IoT system. In this case, the industrial IoT system in the network must also protect itself.
Node security considerations
Confidentiality:
Protecting data will not be disclosed to unauthorized people, such as those who launch deceptive attacks.
Identification:
Use a digital certificate to verify the corresponding identity between the two machines.
Safe boot:
The ROM boot program stores the verification data of the second stage boot loader.
. Security Firmware Update:
Only accept the program code authorized by the manufacturer.
Authorization:
Only real nodes are allowed to access the network.
Integrity:
Protect data from being altered.
Statistics:
Proper statistics, number of nodes, and timestamps help prevent human access to the IIoT network.
. Secure communication:
Various encryption communication protocols can be built into low power nodes.
Availability:
Make sure users only access when they need it.
Can not refuse:
Ensure that real communication requirements cannot be denied.
Reliable:
Even in an electronic environment full of interference, access operations are still reliable.
Figure 1 The fake node makes the gateway mistakenly think it is a known node.
System isolation to block malware transmission
Separating systems from each other not only reduces the path of attack, but also limits the spread of malware. Some systems do not need to be linked to other systems exposed to the network, so these systems can be isolated. For high-risk systems, Consider setting up a separate or closely monitored network and separating it from other networks. Under ideal conditions, critical systems should be completely isolated from the outside world.
Connected car infotainment systems expose vehicles to new types of attack techniques that have never been seen before. The main engine control unit (ECU) and infotainment system are completely unrelated, so there should be no way for the outside world to The ECU interacts. Although the general vehicle design uses two CAN buses to isolate the most critical system from other parts, there are ways to link through some methods. It is still possible for the outside world to penetrate one of them, and then Take control of another system. If these networks are completely isolated, the risk of penetration can be greatly reduced from possible fatality to lower damage.
Confidential information edge is handled safely
Many mission IoT systems connect to cloud servers, which in addition to processing the information sent from the device, and manage these devices. As the number of devices continues to expand, the cloud has become more and more difficult to cope with such a large device. So many systems began to move processing work out to the Internet's edge of the IIoT device, in order to reduce the data traffic sent to the cloud.
We usually think of data as an asset. The data is digested and then transferred, and then we find the patterns hidden from the huge data set. However, the data collected at the beginning but not yet processed is usually not very useful, but for For hackers, this data is quite useful. Sensitive data can become a target for hackers, and thus become a burden. The collected data should be filtered first, leaving only the parts that are needed, and the rest should be as fast as possible. Deletion. This approach not only improves security, but also increases the usefulness of collecting data. It is important to identify potentially confidential information and completely remove or limit its storage.
Data is processed immediately at the edge of the network, and the amount of data that is transmitted to the cloud and exposed to the cloud is reduced. The more data that is generated by the edge, the harder it is to maintain its confidentiality. Each additional new node will have more A potential vulnerability to data outflows will increase the number of attacks.
Limiting sensitive data to the edge of the network can limit the number of attack gates. Confidential data is especially useful. If confidential data is blocked at the edge of the network, the possibility of being stolen will be reduced. Take the parking space sensor as an example. After processing the image, a binary signal is sent to inform that the parking space is occupied, and the streaming video is not returned, so that it is not necessary to transmit large but unnecessary image data. This method can reduce the load on the receiving server, and the hacker also It is not possible to monitor by means of interception of video. Similar to consumer IoT systems, industrial IoT systems must also maintain information on patents and confidentiality, including:
Patent algorithm
. Embedded firmware
Customer information
Financial information
. Asset location
. Device usage mode
Competitive intelligence
. Pipes connected to larger networks
Some industrial IoT devices still lack sufficient power and performance to cope with the need to process data at the edge of the network. So another topology emerges. This is the Fog mode close to the ground, which is in the cloud. Mode with the edge system. In Fog mode, the edge node will first link to the gateway, which will receive the data and perform some processing operations, and then pass the result to the cloud. A gateway may link multiple IIoT devices. Gateways do not have to be battery-powered, so they have a higher power budget for processing power, and their cost is higher than resource-constrained IIoT devices.
Although the Fog mode rises due to the expansion problem, security also plays a certain role. The gateway device can help protect vulnerable edge nodes. These nodes are too limited to protect themselves, but a certain degree of protection is better than no defense at all. It can be used to help manage all the nodes underneath, but not directly manage each node. Fog mode can also cooperate with IIoT's event response, while avoiding disruption of service interruption. For example, Wian operations can be done through interaction with the gateway. In response, there is no need to shut down the production line responsible for mission-critical tasks.
Figure 2 Various types of malicious code that may infect industrial IoT systems
Resource supply and deployment challenges are steep
The most serious challenges of the Industrial Internet of Things include the deployment and management of a very large number of devices. The widespread industrial Internet of Things system, the most criticized, is difficult to set up and set up. Plus the extremely long life of IIoT Cycle, after the system is built by a certain team, after years of operation, it may be transferred to another team for support.
The IIoT system is weak by default because of the weak authentication mechanism. As we saw in the Mirai corpse network, most users never log into the industrial IoT device to set them, or even not at all. Know that settings should be made. Most IIoT users think that the device can be used immediately after unpacking. The system should be safe by default. This type of device should be set but the user never performs the setting. From then on, it maintains the predicted state at the factory. The most common mistake is the default password with very weak protection.
In the field of industrial Internet of Things, the network edge gets the most attention, but you must not ignore the cloud or the server in the system. Test the common vulnerabilities of the server, such as cross-site description instructions, SQL injection attacks, cross-site counterfeiting, etc. In addition, you have to study the API to find out the vulnerabilities and ensure that the software running on the server can install patches in time.
Data transmitted over the network must be properly protected, otherwise it may be intercepted and maliciously tampered. A secure translation protocol such as TLS or SSH should be used to protect the transmitted data. Ideally, the data should be end-to-end. Full protection.
The boundaries of industrial IoT are often blurred. IIoT sensor nodes are usually scattered around the boundaries of the network. The general approach is to enter the larger industrial network through a fixed gateway. Implement appropriate for these devices connected to the network. Identity verification helps prevent malicious third parties from tampering with the data being transferred.
To protect the network from transmitting data, it involves the use of secure communication protocols. The best practice is to use a standard communication protocol known to be secure. We can use IEEE 802.1AE MACsec to provide security mechanisms on the Ethernet LAN. Risks of wireless local area networks Higher because they are easier to access and the signals spread around. WPA2 provides security for wireless networks that comply with the IEEE 802.11 standard. Wireless IIoT solutions typically use the low-power IEEE 802.15.4 standard, which provides a full set of standards. Secure communication protocol. However, these are all Layer 2 communication protocols, and only provide protection for transmission traffic within the local area network.
Protected traffic must be forwarded to environments outside the LAN, such as over the Internet, requiring a higher level of communication protocol to provide end-to-end coverage. Security is generally used to protect traffic on the Internet and to provide End-to-end security protection. TLS uses TCP technology, and many IoT devices use UDP protocol for communication. In addition, DTLS (data element transport layer security) is commonly used to transmit data through UDP protocol. Networked devices are limited in terms of power and memory, but most restricted applications require only a few steps to build TLS. Even with more restrictive devices, the IETF has begun to develop a restricted application communication. Protocol (CoAP) new communication protocol.
Sensing node build protection against endpoint device security
Protecting the data in transit is not only important but necessary, but many attacks are more often locked to endpoint devices. Interfaces connected to the network must be enhanced to compensate for various defense gaps. One of the IIoT defenses is to construct directly on the sensor node device. Protection mechanism. This approach provides the first layer of critical defense because the device no longer relies on the corporate firewall as its sole protection mechanism. This is especially important for enterprise mobile devices and IIoT sensors deployed in remote locations.
The security solution for the IIoT device must provide adequate protection against various network attacks. In addition to ensuring that the device firmware is not tampered with, such solutions must protect the data stored in the device; protect incoming and outgoing data. Communication; and cyber hackers who can detect and reward any attempt to penetrate. The only way to achieve this is to include security planning at an early stage of design.
For embedded devices, there will never be a universal security solution. The solution on the market provides a generic framework for OEMs. However, a complete security framework must consider protecting specific devices, networks, and the entire system. The core functions required. They must be flexible enough to customize the solution for any specific needs while ensuring the inclusion of critical security features.
Write protection mode helps system recovery after infection
In the medical field, the disinfection of surgical tools is essential, in addition to allowing the tools to be reused, and to avoid the spread of disease. High-pressure steam sterilizer is the standard equipment for disinfection, it is fast in the high-pressure environment through ultra-high temperature steam The appliance is sterilized to destroy all bacteria and return the equipment to a good condition. The surgeon's used scalpel can be reused after such a disinfection procedure.
Reverting to a known good state after the system is infiltrated is more important than having the system defend against all attacks. A resilient system can recover quickly and resume operation with full confidence.
Once the system is infected, how do you want to eliminate the infection? When the system is infected, the state of the system is changed in some unknown way. The remotely launched infiltration will control the processor and then put new malicious code into the system. Usually Malicious code can tamper with or replace the firmware, allowing the system to operate in different ways. Once this happens, the processor can no longer be trusted.
Embedded systems are often designed to be difficult to recover reliably from the infiltrated state. The only way to disinfect the system and make sure the system is completely harmless is to copy all non-volatile memory data to an external reader. Then verify the content of the original firmware, if it is determined that it has not been tampered with, then write the original content. Most of the system design can not have the above functions.
One way to protect the integrity of the system is to provide write protection for the non-volatile memory in the physical way of the machine switch. When the switch is switched to write-protect mode, the memory provides physical protection through the hardware. Memory control Moved out of the processor, so that if the hacker can't physically touch the device, he can't write the permanent malicious code to the memory remotely. It can only connect to the device through the Internet but can't actually touch the device. For hackers, this method can block most of these types of hackers for a long time. Firmware updates usually take a long time to execute. When the firmware needs to be updated, the user can switch the switch to allow memory writes. Mode, Authorization Updater, switch to write protection mode as soon as the update is complete.
Many devices also use non-volatile memory to store data that needs to be overwritten. In a highly secure system, another non-volatile memory chip is used to store the data, but the program is not stored. Although the hacker may break into the system. Write malicious data into this memory and use software bugs, so the system should thoroughly analyze and test in advance, no matter what data is stored in the memory, the system will not be compromised. Adding additional memory chips will increase the cost, but Some flash memory is available on the market to allow users to set certain areas to prevent writing, and the rest of the area still allows data to be written.
Figure 3 Man-in-The-Middle will insert a malicious access point (Access Point) between the node and the gateway.
Safe boot process prevents unauthorized software installation
Safe boot prevents unauthorized software from being loaded into the device during the device boot process. Secure boot is the starting point for the trust chain. Secure boot is the first boot process (Bootloader), slave read-only non-volatile Memory boot. The only work of this boot timing is to verify the authenticity of the second boot process. The second boot process is usually more complicated, it may be stored in the overwrite flash, and the boot process is repeated. It will verify the operation based on the trusted source. Whether the system and the loaded program are valid.
An IIoT node with secure boot and secure firmware update ensures that the device's authorized program code is not tampered with or infused with malicious code. This prevents the device from being permanently placed into malware or programs. The device will only run. Without tampering, you will not be able to boot.
Secure boot procedures often rely on digital signatures to protect the authenticity of the program code. Device OEMs use their own private key to sign the program code image when they assemble. The code is then verified by the OEM's public key. signature.
In addition, the program code also uses a symmetric translation mechanism to protect the program code with a message authentication code (MAC), but the device must store the private key, but this also risks theft. In terms of computing, use MAC is an easier way.
Although secure booting improves security, it can sometimes impose excessive restrictions on end users because it prevents users from changing the software executing on the device or is unable to execute their own software. Depending on the application, the user may need to be more More flexible, and able to set the way to protect the boot, so that they can trust their own program code.
Security firmware update, similar to secure boot, will verify that the new program code image is signed by the OEM when upgrading the program. If the downloaded image is invalid, the program code will be discarded and the upgrade program will be aborted. Accept a valid image, and the authenticated firmware will be stored in the device's memory.
Assuming that defense vulnerabilities will eventually be discovered, plan ahead and plan how to resolve these vulnerabilities once they are discovered or unfortunately infiltrated. Usually a path is required for software updates or patches to be installed on the device to patch the vulnerabilities. The update program needs to be properly executed to avoid becoming another attack path, allowing hackers to load malicious code into the device. Just to install patches to allow the outside world to access the device through the network, the risks are often avoided. risks of.
Figure 4 Physically writes the protected firmware, which is only released when the update is performed. This method can effectively protect the integrity of the device.
Secure communication protocol to prevent eavesdropping
Most engineers associate security with communication protocols like SSL/TLS, SSH, and IPsec, because secure communications have long been added to many embedded devices. However, this is only part of the security threat, and other attacks will provide new Permeation pathways. Many IIoT sensor nodes operate in a low-power configuration. However, such low-power processors do not support the best options, such as TLS or IPSec. For the construction of security devices, secure communication protocols are provided. A good starting point. They are designed to protect against packet eavesdropping, man-in-the-middle attacks, Replay Attacks, and unauthorized people trying to communicate with nodes.
Small IIoT edge sensor devices typically use wireless network protocols such as ZigBee, Bluetooth Low Energy (BLE), and other wireless and mesh topologies. These communication protocols all have a certain level of security built in, but their protection is relatively biased. Weak. Many vulnerabilities are made public, and sophisticated hackers are well aware. Micro IIoT devices typically use very low-cost, low-power processors that do not support TLS or IPSec. For small edge devices, DTLS running TLS on the UDP protocol can be used to protect communications.
Physical attack multi-lock front-end sensing
Physical attacks lock the actual network edge hardware nodes or gateways of the IIoT system. Such attacks may involve intrusion front-end sensors. These attacks usually require physical contact with the system, but they may also limit the efficiency of the IIoT hardware. Hackers will tamper with the nodes. Control sensors or other devices in the IIoT environment. After they succeed, they may take out confidential data and write firmware code from the source to the system. Using a policy of injecting malicious nodes, hackers can deploy malicious nodes in legitimate nodes. Mixed into the IIoT network.
To help protect against these attacks, many hardware is pre-prepared at design time. With the pilot, exposed copper vias or unused connectors, anyone can easily perform physical detection. This type of design should be used as little as possible. Completely deprecated.
Screen printing on the surface of the hardware often lists the details of the component, allowing potential hackers to get more information, so it should be removed if it is not really necessary. Although this increases system complexity, it is industrially compliant. The coating not only blocks the hardware from contacting the component, it also adds extra steps to prevent others from directly detecting the electronic components on the board.
Any embedded non-volatile memory content should be encrypted and the contents of the component should be overwritten. The interface between the microcontroller and the DSP device should be placed in the buried circuit layer of the PCB. Even if it needs to be retrieved The contents of the embedded memory, the data of the encryption and verification program, will also make the outflow content uninterpretable.
Manufacturers usually add debugging or testing to the hardware. These are usually serial or JTAG, can contain; access and control most systems. Make sure these links are turned off during production or added protection, because light It is not enough to reserve Debug Headers. Those who are not bothered can solder the link points on the pins themselves. If you need to keep these interfaces while the device is being manufactured, you must verify these interfaces before you can use them. Password protection should be provided, but also to ensure that users can set a high-protection password.
Random number generation challenges
The translation function usually requires some type of random number generator (RNG). It is necessary to make the production key difficult to predict through random random numbers, or never repeat. Entropy due to lack of resources and disorder state (Entropy) Therefore, for embedded systems with limited resources, it is a great challenge to generate random numbers.
Many embedded systems face low entropy, which can lead to catastrophic penetration, such as the Taiwan National ID smart card. Researchers have found that many smart cards generate keys for connectivity from the same numbers due to lack of disorder. Therefore, despite the use of a powerful random number generator, the outside world can crack the password. In a similar situation, in 2012, the researchers found that the RSA key issued by the public key server uses a weakly generated random number generator, resulting in Others have a way to crack the password.
To verify the strength of RNG, it is very difficult or even impossible. The previous RNG design is very special, and the outside world knows very little about it. However, in recent years, the design of the robust and random number generator is Formal analysis has accumulated considerable progress.
The current robust RNG design usually has three phases. It includes an entropy source to provide Raw Entropy; an Entropy Extractor to make the entropy appear evenly distributed; and an expansion phase to augment a small amount of available entropy.
The first stage is the source of entropy, which may be some source of physical noise, such as frequency jitter or thermal noise. Some processors, such as the ADI Blackfin DSP, provide a random number generator for the hardware that can be used to generate entropy.
The random number used to translate the secret must be statistically uniform. The amount of deviation (Bias) of all entropy sources must be consistent, and this deviation must be eliminated before the application is applied. The method is to use an entropy extractor. High Entropy is used to obtain a non-uniformly distributed input, and then a high-entropy uniform distribution output is produced. However, the cost of this method is a certain degree of entropy loss (Entropy Loss), because the entropy extractor requires high input of entropy. Over-output. Therefore, it is necessary to collect more bits from the entropy source, and then extract a smaller high-entropy number, which is used as a seed and input to the translation-safe virtual random number generator.
Use sputum to initiate penetration
Almost all IIoT nodes must work with some type of embedded firmware or algorithm. Functionally, if there are no obvious problems when executing the requirements, the firmware will run smoothly. But all software There are always certain bugs or defects, so usually a small percentage of abnormal operating conditions are allowed, but such conditions can lead to security problems. For example, 99.99% error-free firmware rarely causes any Operational problems. But this error rate of only 0.01% can still be exploited by hackers to make 100% of the operation of a particular node completely ineffective. Many software bugs arise from complexity, but for any system that performs practical tasks, Complexity is an inevitable feature. Software bugs and vulnerabilities must exist in all systems.
Safety must be taken into account from the very beginning of the system design. Safety should be part of the design process, not the work done at the end of the project. Security is not a security feature; it is a control risk. The security design methodology is developed for any IIoT system. Words are essential.
Existing security design strategies still apply. Use threat model analysis to identify various risks, then select appropriate risk suppression strategies; find the entry points of the system to explore high-risk areas in the system. Most attacks are transparent. Through the external interface, the design content should be reviewed to discover security vulnerabilities. At the same time, the unknown data should be handled carefully and all inputs should be verified. The verification and security protection should not be limited to the entry point. Deep defense is also crucial, which means once the external The protective layer is broken, and each of the other protective layers has its necessity.
Many processors offer different levels of privileges. For example, ARM has Trustzone and ADI Blackfin DSP provides a user-level closed mode, as well as a privileged execution mode. Most program code should be executed with minimal privileges, so that the most important code is in privileged mode. Implementation. The security requirements of the IIoT device must take into account the aftermath of security failures, such as the likelihood of an attack, the main attack path, and the cost of building a security solution.
Figure 5 uses a small defect to force the system to fail 100% of the time
More safety design process requirements
Many of these proposals not only conflict with each other, but also contradict other design goals of the system. Providing security usually involves some sort of trade-off, usually between cost, function, or use of functions. Some trade-offs are quite effective but The cost is very low, but some are costly but have little return. The security needs must be balanced with the other requirements of the design. In the security design process, appropriate judgments should be made based on the nature of the application.
To help protect IIoT, ADI has introduced several processors that provide hardware-based security enhancements to help break the functional limits of edge nodes. The ADF7023 RF low-power transceiver provides internal AES encryption, uses the ISM band, and supports many Different modulation mechanisms.
The embedded transceiver in the ADuCM3029 provides AES and SHA-256 hardware acceleration and a real random number generator with SRAM memory with multiple parity protection. ADSP-BF70X Blackfin series digital signal processor for security Key storage and fast and secure boot provide embedded programmatic memory, providing a high level of assurance that the system will return to a known good state after being infiltrated.
The Rollback protection mechanism in Blackfin DSP works with hardware-style purely incremental counters to allow firmware to be upgraded and patched when a defensive vulnerability occurs. Coupled with the immutability of key storage, users can Construct strong and resilient edge nodes. In addition, Blackfin DSP also provides a decrypted hardware accelerator; a hardware-based real random number generator; isolated privileged and non-privileged code execution modes, memory management units, and the ability to limit DMA channels Access, allowing the system to run a power-saving and secure DSP in a low-cost parallel mode.
(The authors are all working at ADI) New Electronics
3. Integrate multiple communication standards to achieve machine networking IIoT and then innovate business models
To achieve industrial field equipment supervision and preventive maintenance, it is a key to improve the communication infrastructure of the plant. If this vision is realized, OEM manufacturers can remotely monitor the equipment sold and make advances before the equipment is shut down. Good maintenance work.
Equipment supervision and preventive maintenance is an important part of Industry 4.0, and it is also a market that many manufacturers are very optimistic about. To truly realize this vision, we need the assistance of communication infrastructure. First, because the communication protocols used in the current industrial plant equipment are quite diverse, How to integrate is a big challenge. If data data is expected to be sent to the cloud for data analysis or to establish an artificial intelligence (AI) model, the biggest problem for many SME owners is the lack of human and budget operating private cloud architecture. However, information security for public clouds is also reserved.
Zhang Jiaheng (Figure 1), global product manager of NXP's Digital Network Division, pointed out that if the equipment supervision solution can be effectively used, it will not only prevent the equipment from failing, but also improve the capacity stability. It can greatly save maintenance costs. Therefore, network technology, processing technology, user interface technology and security technology are indispensable.
Figure 1 Zhang Jiaheng, global product manager of NXP's Digital Network Division, pointed out that if the equipment supervision solution can be effectively used, the maintenance cost of the manufacturer can be greatly saved.
As a result, manufacturers have introduced various industrial IoT gateways (IIoT Gateways) to integrate multiple communication protocols and comply with international security standards to maintain information security. After industrial equipment networking, not only manufacturers themselves can create With the new business model, more operators will enter the industry 4.0 market with the perspective of management consultants.
Multi-communication standard integration Production management efficiency increased by 20%
The purpose of on-site equipment supervision is to reduce the downtime of machine equipment, improve production efficiency and predict problems early. However, in the current Taiwan manufacturing site, more than 80% of the manufacturers need to import each on the old machine. Sensing equipment. Lin Changhan (Fig. 2), vice president of the Asia-Pacific Division of MOXA, explained that the demand of most manufacturers is to add sensors to existing equipment, through vibration, temperature, speed, and power consumption. 4. Data and production efficiency, machine health comparison, use data collection to find regularity.
Figure 2: Lin Changhan (left), assistant manager of the MOXA Asia Pacific Division, explained that the demand of most manufacturers is to add sensors to existing equipment and use data collection to find out the regularity. The picture shows the project director Wang Jinsheng and the right side of the project. Manager Chen Jianming.
Therefore, in the process of promoting industrial networking, the biggest import problem lies in the type of machine and the brand is too many. Even the machines of the same brand at different times may use different communication standards, and integration is very difficult. Lin Chongji, deputy general manager of the IoT Intelligentization Integration Division of the Technology Industry, pointed out that the biggest challenge now is whether it is a manufacturing owner, an integrator or a equipment supplier. On the other hand, a wide variety of PLCs, CNC The integration of robots and IPC controllers is also a big problem.
Therefore, MOXA cooperated with the strategy committee to launch the chameleon integration system to integrate the communication protocol of the on-site machine. It can also combine the central map control system to store and analyze historical data, so that users can understand the productivity of the machine. Easy to enter the field of Industry 4.0. NEXCOM also launched the IAT2000 Cloud Intelligent Integration System to integrate online standards for various industries and brands of control equipment.
At present, in many traditional factories in Taiwan, the practice of environmental monitoring is often dependent on the intuition and experience of the master. Therefore, when the equipment is connected to the network and the data is reflected in the battle room billboard, many production unit supervisors are very surprised. The gap between data and experience. Lin Chongji pointed out that after the traditional factory has been properly networked, it is estimated that the production and management efficiency of the plant can be increased by at least 20%.
IEC62443 protects the public
Information security has become a hot topic in recent years due to numerous device networking requirements. Zhang Jiaheng pointed out that the integration of OT and IT increases the risk of security threats to the network. Therefore, it is necessary to establish a new barrier to ensure system integrity. Keep data sharing shared. Device manufacturers must first ensure the security of the processing platform in the device. NXP assists manufacturers in ensuring that the system only executes licensed software and implements secure links with other systems. These systems must be securely authorized and regularly updated. And prevent tampering with hardware and software.
Chen Jianming, project manager of MOXA's integrated marketing department, shared that many customers prefer a private cloud architecture for security reasons. However, only large-scale vendors have sufficient labor costs to maintain private clouds. Considering that the public cloud architecture will be chosen, but the trust of the public cloud security is not high.
Therefore, the system integrator (SI) has begun to follow the international standard specification such as IEC62443, which is also the implementation principle for the locking of the industrial control system. The standard specification will be considered at three levels: First, whether the equipment safety function meets the requirements, The second is whether the external network architecture is secure. Finally, whether the company's management policies are safe. If you consider these three points, you can achieve a fairly level of information security.
Digital signal acquisition is the first step in transformation
In the supervision and application of industrial field equipment, the installation of sensors is also a very important part. Sun Zhiqiang (Fig. 3), general manager of Schneider Electric's industrial automation division in Taiwan, believes that the cost of sensing equipment with communication function has been compared with the traditional The testing equipment is quite close, and the introduction mode of field equipment is also very mature. It is recommended that many small and medium-sized manufacturers in Taiwan start importing.
Figure 3 Sun Zhiqiang, general manager of Schneider Electric's industrial automation division in Taiwan, believes that the cost of sensing equipment with communication functions is quite close to that of traditional sensing equipment.
Taiwan's Bosch Rexroth factory automation sales associate Chen Junlong (Figure 4) also believes that the first step in transforming intelligent manufacturing must first digitize the signal of the equipment machine. Although only a sensor is added, the collected digital information Can be used to analyze and feed back to the production line.
Figure 4 Taiwan's Bosch Rexroth factory automation sales associate Chen Junlong believes that the first step in transforming intelligent manufacturing is to digitize the signal of the equipment machine. <