A secure hardware module and system concept for local and remote industrial embedded system identification

Smart maintenance constitutes an essential concept in Industry 4.0, where industrial devices report their maintenance status to remote back end systems and thus predictive maintenance can be intelligently scheduled and carried out locally at the affected device. This status data must be securely assignable to the claimed device identities when transmitted remotely. Furthermore, during the actual maintenance task, the service technician must be able to trustworthily identify the correct target device. Unfortunately, current systems typically lack cryptographic authentication and a secure storage for the required credentials, causing identity impersonation as a major threat. In this paper we present a secure NFC-enabled hardware module for industrial embedded systems with a secure identity, enabling local identification by means of the proximity based contact-less technology Near Field Communication (NFC), and remote identification via a contact-based interface, thus helping to prevent device impersonation attacks, device clones and human errors on device identification. A proof of concept utilizing an Infineon security controller capable of elliptic curve cryptography demonstrates the concepts feasibility.