Blurry Box Encryption Scheme and Why it Matters to Industrial IoT
3 . Code modification 4 . Insertion of traps , i . e ., program code which is not functionally required , but can lock the keys 5 . Selection of code variants in a secure element hardware 6 . State behavior of decryption hardware
5.2 PROTECTION AGAINST COUNTERFEITING
Using the mechanisms above – and storing cryptographic keys in unclonable , secure hardware – provides protection against counterfeiting . According to a survey by German engineering federation VDMA published in 2016 8 , 90 % of industrial machine vendors are affected by product piracy – half of them by the counterfeiting of entire machines . Dr . Festge , president of VDMA ( Verband Deutscher Maschinen- und Anlagenbau , Mechanical Engineering Industry Association ), said “ As data is becoming the lifeblood of commercial value creation , counterfeiters and product pirates will be taking the same route . Simply copying the nuts and bolts or discrete circuitry will not be enough for them . They will be targeting digital designs , the software running on our machines , and the data stored in our databases .”
5.3 PROTECTION AGAINST TAMPERING
Pieces of machinery are increasingly brought to life by software . It is the software operating the device that enables functions and features , making it essential that only genuine , not manipulated program code from authorized parties can be executed . Protected code cannot be tampered with and can execute secure mechanisms for software updates and upgrades .
5.4 BENEFITS OF SOFTWARE LICENSING
By shifting the added value from hardware to software , vendors can benefit from cheaper logistics and production . Devices , machines , and software are deployed in identical versions for all users . Only the individual licensing decides how the vendor ’ s product can be used in practice . License deployment is unique for each product or user , but also highly automated through integration in ERP systems like SAP or ecommerce platforms .
More important than cost reduction are the opportunities this creates for expanding one ’ s target group by tailoring solutions to each customer ’ s needs and configuring product features via licensing . Furthermore , an app-store-like concept can be introduced to seize new post-sales opportunities or recurring revenue streams in the form of pay-per-use or subscription models and more . This helps vendors increase their revenues over their products ’ lifetime , gives users more flexibility , and reduces upfront investments .
The security goals and possible benefits of these solutions are illustrated in these use cases .
8
Steffen Zimmermann , “ Study on Product Piracy 2016 ,” VDMA , April 2016 ( http :// pks . vdma . org / article / - / articleview / 13069313 )
- 14 - June 2016