KEYnote 27 English - Spring 2014 - Page 8

KNOW-HOW ExProtector The world is changing. Smaller, connected computers are used more and more around us. They are pushing out the old proprietary solutions in all technical aspects of industry and even in our everyday lives. Wibu-Systems offers manufacturers and users simple-to-use tools to protect their systems and know-how. The market for embedded systems continues to grow. Controllers that used to rely on specific and dedicated functions are being replaced with powerful and versatile computers, independent systems with the familiar traits that we all know from desktop PCs. Besides CPU and RAM, they come with flash memory storage, sometimes displays, network ports, and typically a number of USB ports. These systems tend to operate with specialized versions of common desktop operating systems like Linux, Windows Embedded, or VxWorks, with the newest kid on the block being Android, which has become a favorite for many small-scale systems. The routers that most people use for internet access are one type of such embedded systems, but smartphones and tablet computers can also be considered embedded devices. On a larger scale, modern cars come with a multitude of similar systems. In the manufacturing industry, machines work with PLCs. Building controls, CCTV cameras, automatic doors, traffic lights, smart meters, and even airliner avionics rely on embedded 8 systems. In essence, all these disparate technologies use a similar architecture. The devices need to be programmed, maintained, and increasingly supervised, and controlled from the outside. The interfaces used for that purpose employ common standards: Local access relies on USB or Bluetooth; in networks, the systems can be reached by their IP address, using Ethernet, WLAN, or industrial field busses. With all of these components increasingly interconnected with each other and with standard operating systems used for versatile and powerful platforms, new avenues are also open for attack and intrusion that the former proprietary systems without network or USB access did not offer potential perpetrators. Targets Attacks usually have one of two purposes: the theft or the manipulation of software and data. The victims can be the producers of the Ex system or machine, or their users. The reasons behind these attacks can be attributed to one of four categories: A  Theft of the know-how of the plant manufacturer (control software, type of implementation, possible exploits) B  Theft of the know-how of the plant operator (formulas, process parameters, log files) C  Manipulation of the operating data by the system operator to hide any improper usage, make illicit warranty claims, or tamper with the records for pay-by-use models. D  Sabotage by disgruntled workers, competitors, or secret services. The highest-profile historical incident in this respect is the Stuxnet attack.