Machine and equipment assets are engineered to perform particular tasks as part of a business process. For example, assets can include, among other things and without limitation, industrial manufacturing equipment on a production line, drilling equipment for use in mining operations, wind turbines that generate electricity on a wind farm, transportation vehicles, and the like. As another example, assets may include devices that aid in diagnosing patients such as imaging devices (e.g., X-ray or MRI systems), monitoring equipment, and the like. The design and implementation of these assets often takes into account both the physics of the task at hand, as well as the environment in which such assets are configured to operate.
Low-level software and hardware-based controllers have long been used to drive machine and equipment assets. However, the rise of inexpensive cloud computing, increasing sensor capabilities, and decreasing sensor costs, as well as the proliferation of mobile technologies, have created opportunities for creating novel industrial and healthcare based assets with improved sensing technology and which are capable of transmitting data that can then be distributed throughout a network. As a consequence, there are new opportunities to enhance the business value of some assets through the use of novel industrial-focused hardware and software.
As assets such as controllers for industrial control systems (ICS) are programmed with sensitive data (SD), it may be desirable or necessary to protect such sensitive data during production at potentially untrusted third-party system (e.g., an untrusted contracted manufacturer (CM) facility). Sensitive data includes, but is not limited to, secret key material (e.g., symmetric cryptographic key such as an Advanced Encryption Standard (AES) key) or credentials (e.g., private/public keypair) used to establish a hardware-based Root-of-Trust (RoT) that uses encryption and authentication to protect a software stack against tampering, information leakage, or misuse.
In a conventional way of secure provisioning of secrets, a Diffie-Hellman key exchange (DH) protocol is utilized which allows two parties that have no prior knowledge of each other to establish a shared secret key over an insecure communication channel. DH key-exchanges are traditionally prone to man-in-the-middle attacks and thus sensitive information are prone to interception. Concerns include data leakage, either by accident or by malicious intent, which can lead to loss of sensitive data and financial loss. Therefore, one challenge facing organizations is how to provision sensitive data without risking its exposure.