Hardware-security technologies for industrial IoT: TrustZone and security controller

The transition from product-centric to service-centric business models presents a major challenge to industrial automation and manufacturing systems. This transition increases Machine-to-Machine connectivity among industrial devices, industrial controls systems, and factory floor devices. While initiatives like Industry 4.0 or the Industrial Internet Consortium motivate this transition, the emergence of the Internet of Things and Cyber Physical Systems are key enablers. However, automated and autonomous processes require trust in the communication entities and transferred data. Therefore, we study how to secure a smart service use case for industrial maintenance scenarios. In this use case, equipment needs to securely transmit its status information to local and remote recipients. We investigate and compare two security technologies that provide isolation and a secured execution environment: ARM TrustZone and a Security Controller. To compare these technologies we design and implement a device snapshot authentication system. Our results indicate that the TrustZone based approach promises greater flexibility and performance, but only the Security Controller strongly protects against physical attacks. We argue that the best technology actually depends on the use case and propose a hybrid approach that maximizes security for high-security industrial applications. We believe that the insights we gained will help introducing advanced security mechanisms into the future Industrial Internet of Things.