Welcome to Ewon's Blog

Discover how Ewon solutions can turn your IIoT ambitions into reality!

Hardware root of trust: what and why?

by | May 03, 2021

With Ewon Cosy+, HMS Networks launches a new generation of remote access routers which take IIoT cybersecurity to the next level. The combination of the industrial cloud Talk2M with the Cosy+ and its built-in Hardware Security, allows users to securely access industrial equipment from anywhere and do commissioning, troubleshooting and programming online.

The Internet of Things is the interconnection of billions of devices between them or through clouds. These fleets of connected systems exchange tremendous amounts of data and their alteration or leakage have both impact in retail (IOT) and industrial (Industrial IOT) worlds. 

What IOT devices do? They collect, they process, they transmit data. And we all know it, “data“ is the new Eldorado. As a consequence, it also attracts ‘bad guys’. 
Moreover, a typical IOT infrastructure involves several layers: Network, Application, Cloud; each one extending the attack surface.

This being said, we immediately see the ideal target that these "things" represent for hackers in terms of threat on the usual triad consisting of Confidentiality, Integrity and Availability. 

A non secured device can be counterfeited, used to leak or modify data, as a bridge to go deeper in a network or as part of a larger scale attack (DDOS).

The authentication, encryption or signature mechanisms provided by asymmetric cryptography help developers to provide secure communications and authentication processes between connected objects. Those mechanisms help also to protect embedded firmware and software from non-wanted modification.

Nowadays, it appears essential to implement authentication, encryption, and signature mechanisms not only between connected objects, but also between the electronic components of the objects themselves. IoT and Industrial IoT must be secured by design.
Information must be able to be exchanged confidentially between components, and each component must be able to ensure that the information it receives from the previous one is legitimate. This chain of trust is the only way to be sure that no "hacker" has interfered in the communication chain. 

Again, we identify the added value of asymmetric cryptography: confidentiality, integrity, authenticity. If such cryptography is involved, it is therefore necessary that some secrets are stored and protected in the device.

This is the task of the root of trust. This is the fundamental building block for secure storage and cryptographic operations. To make it intrinsically reliable, a hardware implementation is required (Hardware Root of Trust) which makes it immune to malware attacks. Where lines of code, OS and user interface may be altered, the data engraved in the silicon is resistant to change.

An Hardware Root of Trust brings security to the core of the hardware, and each level can rely on the security of the previous one. So the Hardware can trust the HROT and the firmware can rely on this credible hardware and is trusted by the operating system. Finally, the user interface is based on an Operating System in which it, in turn, has confidence.

This Hardware Root Of Trust can in particular be assigned to a Secure Element type chip which can on one hand store information in a secure and immutable (non-modifiable) manner, and on the other hand. perform cryptographic operations (generation of random numbers, encryption, decryption, signature, etc.). An encrypted channel ensures the secure communication between the Secure Element and the main processor. 

At Ewon, the security of our remote solutions is at the heart of our concerns. This is why the new generation of COSY, the COSY+ has been designed from its conception with an embedded Secure Element that ensures the Hardware Root Of Trust.

Ewon rely on NXP's proven experience in the field of secure processors and has selected an OS independently certified according to the Common Criteria (CC) of Level 6 Enhanced (EAL 6+) of the Evaluation Assurance Level (EAL) assessment.

The integration of the Secure Element provides Ewon with a Root Of Trust at the integrated circuit level and makes the Cosy+ a state-of the art IIoT system with edge to cloud security capabilities right out of the box.

Want to know more about the Cosy+ ? Just click here

 


Industrial Routers

Ewon Industrial Routers for Easy and Secure Connectivity

Enjoy the benefits of on-demand remote access, collect and aggregate industrial operations data locally or centrally in the cloud.
Your machine portal

Web Dashboard: M2Web

The free white label web portal of Talk2M providing secure mobile access to your remote HMI, web server, PC and panels.
Remote Access VPN client

Smart VPN Client: Ewon eCatcher

The Talk2M Remote Connectivity software enabling you to connect within a high secure environment to all your devices.
Connectivity as a Service

Industrial Cloud: Ewon Talk2M

Discover Talk2M, a scalable, reliable, and fully redundant Industrial Cloud.