No chance for manipulated software

It's every software vendor's nightmare: their programs and apps are tampered with by hackers, so users unknowingly install malware on their computers with the software. The best way to prevent this is to use a forgery-proof digital signature. Siemens is now making it available company-wide with a new service. 

In our highly interconnected world, authenticity is a great challenge. Who is really behind this e-mail? Can I install this driver without hesitation? Is the smart electricity meter in my home safe from attacks? Digital signatures offer protection. They ensure that software, firmware of devices or license files cannot be manipulated and prove that they originate authentically from Siemens.

 

Nevertheless, there are security gaps. "This can happen if the keys required for the digital signature are not stored securely," explains Hendrik Brockhaus, who heads the PKI research group in the global Siemens Research Corporate Technology (CT). To enable developers to sign their software before delivery, key material is stored on computers that are easier to spy on than the servers in the Trust Center, or it is stored in the cloud, where it is accessible to all developers and can also be hacked. The Certification Authority Browser Forum (CAB), in which large Internet companies and software manufacturers are represented, has therefore decreed that key material may only be issued on hardware, such as a smart card. With a signature key on a smartcard, a single developer can sign simpler software solutions, e.g. for the office area, on his computer. But what about large build farms that create industrial software?

If someone tries to change a firmware or program, the digital signature is destroyed.

High security center for the keys

"The development of a high-security signature service that can be used to digitally sign industrial software, firmware, services and products is very complex," explains Brockhaus. "Now, in addition, software is usually developed by globally distributed, networked teams. There is no point in a person having a smartcard with which they can digitally sign the program". Siemens CT has therefore set up a digital signature service that has been launched with more than ten pilot customers for Siemens products and solutions and is operated company-wide by the IT service department in the Siemens Trust Center.

 

It can now be proven that signed programs actually originate only from Siemens and have not been modified by third parties. "If someone tries to change a firmware or program, the digital signature is destroyed," explains Stefan Seltzsam, head of the Security Architecture research group. The core of the new service is an in-house high-security center where the signature keys are stored as securely as the U.S. gold reserves in Fort Knox once were.

 

The new service relieves the developers of a great deal of responsibility: "Previously, in addition to their tasks, they had to store and manage the signature keys securely, for example by managing expiration dates and renewals," explains Christopher Schmid from the research team.

"Birth certificates" for devices

Siemens set up the high-security trust center 20 years ago for the PKI of personal certificates on the Siemens employee ID card. When the researchers transferred the first service of the PKI product (PPKI), the certificate management service, to regular operation, the existing infrastructure was used. All security certificates required for secure online authentication and proof of authorship for programs are generated and managed here. With the help of PPKI, "birth certificates" are also generated on new devices such as controllers, which can thus authenticate themselves on the Internet of Things at any time and without any doubt. Factories such as Siemens Elektronikwerk Amberg (EWA) install this "birth certificate" on their assemblies during production. The same applies to the production of GP products such as Sensformer. In networked applications with other devices on the Internet of Things, assemblies and products can be identified and authenticated without a doubt.

 

Now the digital signature service is added. Key material is now used to sign products and software in order to be able to guarantee users that they will not receive any manipulated software.

Criminal trade in stolen certificates

"Smartcards are already relatively secure but cannot be used for cloud-based build farms. If key material is stored in files, they can fall into the hands of hackers and the keys stored in them can be misused," Seltzsam explains. In the so-called dark web, such stolen certificates are traded at high prices. To prevent this from happening for products and solutions digitally signed by Siemens, all certificate keys are stored centrally in hardware security modules. These are special storage and computing units that are operated in the high-security center. Only a few people working on the four-eyes principle have access. The developers have access via a secure network connection and can sign their software solutions without any effort using a signing program.

 

Digital signatures can also be used to protect the security of licenses: When the device boots, for example a controller, it verifies the digital signature of the license file. This file contains information about which modules of the software were paid for. Only these are then activated.

 

Until now, PPKI services have only been used in the company itself. In the future, however, it is also conceivable to protect third-party systems with Siemens services. "Of course, the big Internet companies such as Google are at the technological forefront, but Siemens has a big lead in the industrial sector," explains Uwe Blöcher of CT. As part of CCT Cybersecurity, Siemens researchers are working with the business units to develop new technologies to defend against hacker attacks. "PPKI services will experience an immense growth boom," predicts Blöcher. After all, the fight against cybercrime can only be fought with technologies of the highest standard.

2019-10-16

Subscribe to our Newsletter

Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.