Universal reference architecture for secure cloud-based automation
by Witali Bartsch
In the first part of our article series, which is published in the renowned scientific journal "atp magazin" (http://ojs.di-verlag.de/index.php/atp_edition/article/view/2428), we have coined the term "Symbiotic Security". This is based on an ideal system architecture in which all components such as hardware, software or networks and processes play out their respective strengths in order to maximize the overall achievable system security.
The increasing importance of cloud computing, secure and reliable automation technology and the intended independence from certain hardware platforms have led us to the realize that there is gap between the providers of cloud environments and the manufacturers of embedded systems, which today are commonly known as IoTs. This inconsistency is primarily caused by the technical and largely unresolved problem of the initial registration of (IoT) devices.
Automated model for the initial registration of IoT nodes
Therefore, in the context of this article, we first outline the basics of this problem and then present a non-invasive solution in the sense of an extension of the usual reference architecture in the cloud, especially with regard to IoT. This way we achieve an automated model for the bilaterally authenticated and encrypted initial registration of IoT nodes.
In order to apply a consistent automation approach at the level of cryptographic key management, we rely on the zero knowledge methodology and thus get rid of the policy of prefabricated keys, which has been strongly criticized for some time and which is used primarily by the leading hardware manufacturers.
Our choice of the target platform for the reference implementation fell on a particular cloud solution (Microsoft Azure). However, the overall idea depicted here is universally applicable given the strong similarity between major cloud platforms.
Information about the article
If you want to read more about IoT safety, write to us. We will be happy to send you the article as a PDF file.