A few years ago we had a security breakdown at our company. It was never solved but we became extremely vigilant after that. We had a donut stolen. There were donuts reserved for a special occasion and one went missing. The perpetrator of this dastardly crime was never found (murder mystery novel to follow).
The issues may not be that serious at your office but security has become top of mind over the last few years. As a manufacturing professional, you will need to know some things about security in general and embedded security in particular. The following is a glossary of the most basic set of terms you’ll need to be conversant on the subject of embedded security.
Authentication – The process by which to verify who is the sender. Usually that means to validate the sender’s X509 certificate, and verify that the certificate is currently valid and was signed by a reputable and trusted Certificate Authority.
Authorization –The process of validating access to a resource. Once a sender is authenticated, the sender must be granted access to resources in the receiver. Authorization can be accomplished using a list of trusted names, a username and password, or any other reliable mechanism.
Certification Authority (CA) – An organization that creates and distributes Digital Certificates. The CA creates the public and private keys that are associated with the certificate owner. The CA often encrypts a portion of the certificate with its private key (signs it) to provide assurance to anyone in the future that the CA did create the certificate. Of course, sending a certificate to a receiver is only effective if the CA is known by the receiver to be an honest and reputable certificate provider.
Digital Certificates – A sequence of data bytes that functions like your driver’s license. The Digital Certificate verifies that you are who you say you are. There are many components to a Digital Certificate, including the name of the algorithm of the organization that created it, the public key of the owner, and the dates it is valid. X.509 refers to the most popular certificate standard. You will often encounter the term “X509 Certificates.” You will also encounter the term “DER Certificates,” which refers to a method for encoding certificates as a binary series of bytes.
Digital Signature – Also called “signing.” A digital signature is a small series of bytes that are the result of processing some larger series of bytes through an algorithm. The resulting smaller series of bytes are encrypted with the owner’s private key. The receiver can verify that the true owner signed the document by decoding the encrypted result using the owner’s public key and validating the result using the same algorithm the sender used. Signing a document or message guarantees the integrity of the portion of the message signed with the owner’s private key.
Private Key – A key that an owner keeps private and never releases to anyone else.
Public Key – A key that an owner makes available to everyone who requests it.
Public Key Encryption – Encrypting a document or message means to process a series of bytes and creating a result that cannot be decoded without the receiver’s public key. The sender processes the clear text message though an algorithm using the public key of the receiver. The clear text can only be revealed by decrypting the message using the private key of the receiver, thus guaranteeing complete confidentiality.
Public Key Infrastructure (PKI) – Technically, this is a set of hardware, software and policies needed to manage certificates, keys, access lists, and the keys used in public key encryption. In the world of manufacturing automation, PKI simply refers to a system in which every device has two keys, a public key and a private key.
RSA –A very popular public key cryptography algorithm. RSA refers to the initials of the three designers of the algorithm. RSA with various size key lengths is used in OPC UA and other popular and secure protocols.
SHA – A series of public key cryptography algorithms published by the National Institute of Standards and Technology (NIST). SHA algorithms are also used in OPC UA to sign and encrypt messages.
Stay tuned; over the next several months, I’ll be regularly publishing more information you need to understand embedded security. Watch for more in RTA blog posts, articles in the RTA “Best Darn Newsletter” and the RTA page on LinkedIn.