As the manufacturing industry adopts digitized operations and the industrial internet of things (IIoT), sensitive data and online systems become increasingly vulnerable to theft and manipulation. SecureAmerica Institute (SAI) partners at The University of Texas at Dallas (UT Dallas) are building a trusted execution environment to thwart bad actors and enable end-to-end data protection in smart manufacturing environments as part of SAI’s nationwide initiative to empower a secure domestic manufacturing base.
With the rise of the IIoT (interconnected sensors, instruments and other devices networked together through computer applications), smart factories are using IIoT technology to automate and monitor manufacturing processes, and controlling these processes using networks or web interfaces outside of the workplace. As this control moves from analog to digital, it becomes more vulnerable to attacks.
Think of this process like unlocking a door. Physical locks require keys for access, but with smart manufacturing technology, doors to online systems and data can be unlocked by simply using a smartphone. This is why both hardware and software protection are needed.
“Our project focuses on protecting data generated by IIoT devices so attackers cannot eavesdrop on or steal data from smart factories or manipulate smart manufacturing processes,” said Dr. Chung Hwan Kim, assistant professor in UT Dallas’s department of computer science.
Bad actors may try and extract data from a manufacturing entity to form an attack that targets specific components of a system or process. Once sensitive data is collected, an attack is deployed through a compromised cloud network or unauthorized network access.
A well-executed attack could have catastrophic ramifications for U.S. national security. For example, if the targeted industrial base is a nuclear factory, attackers may attempt to destroy the power plant or take control of operations. But, if data and machine communications are routed through a trusted execution environment, the security around it becomes much more difficult to penetrate.
“With the recent advancement of hardware technologies, we can actually create a black box within each IIoT device (known as a trusted execution environment),” Kim said. “We then place the program that uses the protected data in the black box. This program and data are invisible from outside and isolated from possible attacks. Any new data generated by IIoT technology will go into this black box, and transferred to the cloud through a cryptographically secure channel.”
The UT Dallas team has already produced two different prototypes of their trusted execution environment with plans to keep expanding the project.
“The entire lifetime of sensor data can be placed into the black box using this hardware technology,” Kim continued. “The necessary program code will then run in the black box so manufacturers can safely use the protected sensor data.”
“IIoT devices are becoming prolific as low-cost distributed data sources to support the modern digital manufacturing enterprise. These devices often rely on small, low-cost computing without robust security,” said Dr. Darrell Wallace, SAI deputy director and chief technology officer. “This project offers an end-to-end data protection approach that enhances the security of these devices and serves the SAI mission to enhance the robustness of domestic manufacturing.”