In industrial automation, technical processes are controlled and monitored by means of computers. In terms of communications, the field devices, such as sensors and actuators, are connected to control computers via a field-bus. In general, the field bus has real-time capability.
An essential demand to field-bus systems is error safety when transmitting information between field devices and control computers. In industrial automation, it must be guaranteed when controlling and monitoring technical processes that no danger occurs for humans and the environment in case of a faulty operation of the field-bus system. For this reason, field-bus systems usually operate according to what is referred to as fail-safe principle according to which the field-bus system is switched to a safe state in case of failure of important components. In order to guarantee that the data exchange between the field devices and the control computers does not take place in a falsified or at least recognizably falsified manner when such safety-relevant control functions are carried out, so-called safety measures are implemented on the field-bus. It is the objective of the safety measures taken in this context to uncover errors with a high probability during transmission of user data in order to minimize the danger undetected errors may cause. The focus of such safety measures are particularly random errors occurring during data transmission.
As a safety measure, the communication subscribers in the field-bus system usually carry out a check-sum routine (e.g. cyclic redundancy check—CRC) in which a check sum is calculated from the user data prior to data transmission which is then transmitted in a data package, e.g. together with the user data. In order to ascertain an error-free data transmission, a corresponding calculation method is applied to the received user data and to the received check sum on the receiving side. The result of the calculation shows whether an unfalsified data transmission has taken place.
Another issue which increasingly occurs apart from the necessity to uncover random errors during data transmission is protecting the integrity of the information transmitted in the field-bus system against attacks. It is the objective of what is referred to as security measures to specifically protect the information against unauthorized modifications. Moreover, the further security measures frequently serve to safeguard confidentiality of the data against unauthorized reading. For this purpose, cryptographic methods are usually applied in order to safeguard the information against attacks. In order to provide a rapid data exchange between the communication subscribers in field-bus systems for carrying out real-time tasks, symmetrical cryptographic methods may be used in which a plurality of communication subscribers uses the same key.
Due to the different objectives of error control and information security, the safety or, respectively, security measures in field-bus systems are usually developed and realized independently from each other. When combining safety and security methods, however, the problem occurs that the routines influence each other and thus cannot completely achieve the protective objectives. For safety measures in field-bus systems, the so-called black-channel principle is usually applied in which the communication subscribers each comprise an error-safety layer which entirely disregards the transmission behaviour on the field bus and, as the case may be, the security measures carried out on the field bus, resulting in that potential impacts on the quality are not adequately considered in the verification routines.
When considering errors within the framework of safety measures, the field-bus is furthermore considered to be a binary symmetrical channel on which signs are falsified independently from one another and with the same probability so that the probability of a faulty transmission of the sign 1 is as high as a faulty transmission of the sign 0. A security layer in which the data are encrypted or, respectively, decrypted, however, changes the communication channel in such a way that the assumption of a binary symmetrical channel does not entirely apply anymore. Since encrypting usually aims for a pseudorandom equal distribution of the encrypted data, the problem may occur that the deterministic criteria required for safety measures, such as the Hamming distance, cannot be observed any longer. The Hamming distance indicates how may signs in a set of data have at least to be falsified so that an unrecognized falsification may occur at all with regard to the safety measures.
In field-bus systems, a consistency of the safety measures in the field-bus system has to be guaranteed all the way from the transmitter to the receiver. If the security measures are during transmission carried out prior to the safety measures in the communication subscribers of the field-bus system, said security measures would have to be safeguarded by further safety measures, such as additional redundancies, in order to guarantee an error control.
It is in principle not possible to additionally fulfil the security demands by means of the safety measures or, vice versa, to realize the safety demands by means of the security measures. The safety measures, in which a check sum is determined for the user data and then transmitted and verified by the receiver, may impede manipulation of the transmitted data. However, it is in general still possible for an attacker to adapt the check sum to manipulated user data so that the security demands cannot be met by the safety measures. Vice versa, an endeavour may be made to fulfil the safety demands by means of the security measures since even random mistakes may be detected with a certain probability. However, these security measures do not meet the safety demands since the deterministic error detection criteria are not fulfilled.
US 2007/0061674 A1 discloses a data transmission in which a security measure is embedded into a safety measure by first carrying out a CRC check and then an encrypting process in the transmitting communication subscriber, whereas in the receiving communication subscriber the decrypting process is carried out prior to the CRC check. US 2003/0223585 A1 and DE 10 2010 033 229 A1 disclose data transmission methods in which an encrypting process as well as an authentication in order to safeguard data integrity are carried out as security measures.