EP3732913A1 - Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement - Google Patents
Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnementInfo
- Publication number
- EP3732913A1 EP3732913A1 EP18830160.0A EP18830160A EP3732913A1 EP 3732913 A1 EP3732913 A1 EP 3732913A1 EP 18830160 A EP18830160 A EP 18830160A EP 3732913 A1 EP3732913 A1 EP 3732913A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- integrity monitoring
- monitoring data
- control unit
- tamper
- recording
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C5/00—Registering or indicating the working of vehicles
- G07C5/008—Registering or indicating the working of vehicles communicating information to a remotely located station
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04K—SECRET COMMUNICATION; JAMMING OF COMMUNICATION
- H04K3/00—Jamming of communication; Counter-measures
- H04K3/20—Countermeasures against jamming
- H04K3/22—Countermeasures against jamming including jamming detection and monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04K—SECRET COMMUNICATION; JAMMING OF COMMUNICATION
- H04K2203/00—Jamming of communication; Countermeasures
- H04K2203/30—Jamming or countermeasure characterized by the infrastructure components
- H04K2203/36—Jamming or countermeasure characterized by the infrastructure components including means for exchanging jamming data between transmitter and receiver, e.g. in forward or backward direction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/79—Radio fingerprint
Definitions
- the invention relates to a control unit and method for mani pulationsgecrypttes detection of réellesconcesrelevan th integrity monitoring data.
- IT security mechanisms to protect products, such as devices (e.g., controllers, Internet of Things (IoT) devices), device components or software components, from tampering and / or reverse engineering.
- Cryptographic IT security mechanisms are already in use, for example, in smart devices, for example in the IoT, cyber-physical systems, power engineering automation systems or production systems, industrial engineering and other systems.
- security in the context of the present description essentially refers to the security or security, confidentiality and / or integrity of data as well as their transmission and also security, trust and / or access integrity to appropriate data. Authentication in the case of data transmissions or access to data also belongs to the term "security” as used in the context of the present description.
- a module can hereby be designed as a hardware and / or functional unit that software and / or firmware The function can be executed for example by means of a processor and / or a memory unit for storing program instructions.
- Tamper-proof in the present description goes beyond the term "security”.
- security not only the mentioned cryptographic or security methods are used. but also ensures reliable data transmission against attacks or external access from outside.
- Industrial equipment e.g. Controllers, field devices, IoT devices or IoT gateways use a plurality of cryptographic keys, e.g. to authenticate, to protect the integrity of stored data and program code, to verify and decrypt firmware updates, and to protect the integrity and, if necessary, the confidentiality of configuration and configuration data.
- said devices may be provided with a data interface which may be wired as well as a wireless interface, e.g. A WLAN, a Bluetooth or an NFC interface (NFC: Near Field Communication) be designed and set up. With the help of this data interface, the device can be connected to a network or communicate with other devices.
- radio-based transmission techniques can be used here (eg safety over WLAN such as, for example, pro fi safe, WiMax, cloud robotics, GSM, UMTS, LTE, 5G, vehicle-2 X communication for autonomous vehicles or autonomous driving, radio-based train protection ETCS).
- radio-based positional information PVT: position, velocity, time
- GPS satellite navigation system
- Galileo Beidou
- Glon ass a satellite navigation system
- black box recorders or juridical recorders in safety-critical or operational safety-critical systems (ie securing the functionality of trains, airplanes, rail vehicles, etc.) in order to capture data during operation and store tamper evidence. As a result, the accident can be explained after an accident.
- These are also referred to as Train Event Recorder, Flight Data Recorder or generally Event Da ta Recorder. In airplanes it is possible to record the communication in the cockpit (cockpit voice recorder).
- a faulty transmission can be recorded to a Radio Block Center (RBC).
- RBC Radio Block Center
- An error in the message sequence, inconsistent messages, or even a radio link error may be detected. This mainly applies to the checking of timestamps and the correct formatting of messages.
- So-called intrusion detection systems (W) IDS can be used to detect attacks on a (radio) network.
- radio technology it is possible to digitize a received signal and to evaluate a section of the received signal as a so-called radio snippet or snapshot.
- EP 17180526.0 has already proposed an integrity check in the automation system in which it is checked whether the integrity of the production machines was met during the production of a product.
- a method of cryptographically protected monitoring for example, in EP 17188718.5 already Wenig least one component of a device or system V or proposals have been, wherein a block chain-based cryptographic specific monitoring function, in particular a watchdog (councils Ge, container virtual machines) provided.
- control unit comprising at least one processor arranged to carry out the following steps:
- a system equipped with a reliability-critical function can be a device, automation system / system, vehicle, etc.
- the integrity monitoring preferably follows at runtime of the system.
- the recording may also include logging into a so-called log file.
- the operational safety relevant function can be an accident message or sending an emergency / alarm / warning signal / message.
- Operational safety-critical functions are implemented on IT-based systems, in particular in autonomous driving and cloud robotics, and using radio transmission (eg 5G Cloud Robotics). Since it is possible that a deliberate manipulation of a Equipment or radio transmission in the event of an accident and caused or influenced the accident.
- a further development of the invention provides that the processor is furthermore set up to output the recorded and / or stored integrity monitoring data in order to initiate an evaluation thereof on the basis of a preserved alarm and / or warning information, which is due to execution of the safety-critical function has been sent out.
- Integrity monitoring data may be recorded and / or stored during operation of the system.
- the integrity monitoring data may also include system control commands.
- a development of the invention provides that the integrity monitoring data also write at least one property of the radio signal of the radio transmission and / or a digitized section (snippet or snapshot) of the radio signal.
- a further development of the invention provides that the recording and / or storage of the integrity monitoring data by means of a cryptographic checksum is tamper-protected or is.
- a development of the invention provides that the recording and / or storage of the integrity monitoring data by means of an attestation (time stamp, counter value) is manipulation-protected or is protected against tampering.
- a further development of the invention provides that the control unit is configured as an application locally arranged in the system, as a cloud and / or server service arranged outside the system.
- a further development of the invention provides that for manipulation-protected recording and / or storage of the integrity monitoring data, these are written or writable in a cryptographically saved log file.
- a further development of the invention provides that for manipulation-protected detection of the integrity monitoring data, these are set as a transaction in a blockchain data structure.
- a block chain or block chain is generally understood to mean a database whose integrity (backup against subsequent manipulation) is stored by storing the one-way radio value, also called a hash value, of the preceding data block or block or link in the respectively following one, ie by cryptographic chaining. is secured.
- a transaction record protected in the blockchain comprises general program code in which conditions can be defined at the time of creation and evaluated at run time, so that certain transactions in a given amount may be made to a particular recipient or several recipients Not. The transaction can be executed using the transaction record.
- Another aspect of the invention is a method comprising the following steps:
- a computer program comprising program code which can be executed by at least one processor and which causes the at least one processor to execute the method according to the invention and its embodiment.
- the computer program may be run on a device of the aforementioned kind or stored as a computer program product on a computer-readable medium.
- a variant of the computer program (product) with program commands for configuring a creation device for example a 3D printer, a computer system or a production machine suitable for the production of processors and / or devices may be.
- the method and computer program (products) can be formed accordingly from the developments / embodiments of the aforementioned device and its developments / embodiments.
- the figure shows schematically an environment in which a safety-critical system is used.
- a system equipped with a safety-critical function can be a device, an automation system / system, be stuff etc.
- Operational safety-critical functions are implemented on IT-based systems, in particular for autonomous driving and Cloud Robotics, and using radio transmission (eg 5G Cloud Robotics).
- Reliable wireless transmission in the broader sense does not only include procedures that are robust under disturbances and in which QoS (Quality of Service) parameters are tried to be adhered to. It is also important to be able to recognize and react to disturbances.
- QoS Quality of Service
- IDS Intrusion Detection Systems
- Integrity Monitoring are usually not enough.
- a security integrity monitoring information (integrity monitoring data), which recorded by radio transmission by means of a monitoring unit or device M and integrated into an event data recorder ER (event data recorder) integrated into the control unit according to the invention tamper-evident recorded and / or stored. This makes it possible, in the event of an accident, to detect a manipulated device, a manipulated data transmission, a disruption of a radio transmission.
- the captured security integrity information may follow the include:
- a device security health check i. Checking the integrity of program code and / or configuration data during runtime or during operation of the device.
- radio / radio area information concerning signal quality (signal strength, bit error rate, channel estimation (channel estimation), determined "jamming" information, ie derived information on interferers, type of interferer raw radio snippets (digitized baseband signal) or a continuous digitized baseband signal.
- Event Data Recorder can be called locally as a special hardware appliance, i. a combination of hardware, possibly firmware and software, be realized and has a processor P.
- a cloud EC e.g. a central cloud or a so-called edge cloud.
- the integrity monitoring data is provided by a cryptographic checksum to the Event Data Recorder. It can be e.g. to be an attestation (e.g., a device attesting that its Device Health Check is "OK").
- the attestation preferably comprises a timestamp or a counter value, so that the actuality is verifiable.
- the acquired information can be set to a secure log or as a transaction in a blockchain data structure or a distributed ledger data structure.
- device integrity certificates DA and radio integrity measurement data RA are detected and recorded as part of the integrity monitoring data in an event data recorder and / or recorded and / or stored in order to be available for any required evaluation.
- the Event Data Recorder can also be implemented as an application (app) in an Edge Cloud.
- an Edge Cloud an application (app) in an Edge Cloud.
- a conventional cloud can be used instead of an edge cloud, or local control and recording of integrity monitoring data can take place in a physically or logically separated control network, not shown in the figure.
- Computer-readable memories are, for example, volatile memories such as caches, buffer or RAM, as well as nonvolatile memories such as removable data carriers, hard disks, etc.
- the functions or steps described above may be in the form of at least one instruction set in / on a computer-readable memory.
- the functions or steps are not bound to a specific instruction set or to a specific form of instruction sets or to a specific storage medium or to a specific processor or to specific execution schemes and may be due to software, firmware, microcode, hardware, processors, integrated circuits etc. be carried out alone or in any combination.
- various processing strategies can be used, for example serial processing by a single processor or multiprocessing or multitasking or parallel processing, etc.
- the instructions can be stored in local memories, but it is also possible to store the instructions on a remote system and access them via network.
- processor central signal processing
- Control unit or “data evaluation means” as used herein includes processing means in the broadest sense, ie For example, servers, general-purpose processors, graphics processors, digital signal processors, application specific integrated circuits (ASICs), programmable logic circuits such as FPGAs, discrete analog or digital circuits, and any combinations thereof, including all other processing means known to those skilled in the art or developed in the future.
- Processors can consist of one or more devices or devices or units. Be a processor of several devices, these can be designed or configured for parallel or sequential processing or Ausrete tion of instructions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18157606.7A EP3528524A1 (fr) | 2018-02-20 | 2018-02-20 | Unité de commande et procédé de détection protégée contre la manipulation de données de surveillance de l'intégrité en relation avec la sécurité du fonctionnement |
PCT/EP2018/084387 WO2019161958A1 (fr) | 2018-02-20 | 2018-12-11 | Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3732913A1 true EP3732913A1 (fr) | 2020-11-04 |
Family
ID=61526539
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18157606.7A Withdrawn EP3528524A1 (fr) | 2018-02-20 | 2018-02-20 | Unité de commande et procédé de détection protégée contre la manipulation de données de surveillance de l'intégrité en relation avec la sécurité du fonctionnement |
EP18830160.0A Withdrawn EP3732913A1 (fr) | 2018-02-20 | 2018-12-11 | Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18157606.7A Withdrawn EP3528524A1 (fr) | 2018-02-20 | 2018-02-20 | Unité de commande et procédé de détection protégée contre la manipulation de données de surveillance de l'intégrité en relation avec la sécurité du fonctionnement |
Country Status (4)
Country | Link |
---|---|
US (1) | US20210084497A1 (fr) |
EP (2) | EP3528524A1 (fr) |
CN (1) | CN111713123A (fr) |
WO (1) | WO2019161958A1 (fr) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102021202528A1 (de) | 2021-03-16 | 2022-09-22 | Siemens Mobility GmbH | Bahntechnikgerät für eine bahntechnische Anlage und Verfahren zu deren Betrieb |
DE102021209579A1 (de) * | 2021-08-31 | 2023-03-02 | Siemens Aktiengesellschaft | Verfahren zum Betrieb eines Automatisierungssystems mit mindestens einem Überwachungsmodul und Attestierungseinrichtung |
WO2023031131A1 (fr) * | 2021-08-31 | 2023-03-09 | Siemens Aktiengesellschaft | Procédé de fonctionnement d'un système d'automatisation comprenant au moins un module de surveillance et dispositif d'attestation |
CN113726820A (zh) * | 2021-11-02 | 2021-11-30 | 苏州浪潮智能科技有限公司 | 数据传输系统 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8595831B2 (en) * | 2008-04-17 | 2013-11-26 | Siemens Industry, Inc. | Method and system for cyber security management of industrial control systems |
KR101072277B1 (ko) * | 2009-08-31 | 2011-10-11 | 주식회사 아나스타시스 | 실시간 데이터 무결성 보장 장치 및 방법과 이를 이용한 블랙박스 시스템 |
DE102011076350A1 (de) * | 2011-05-24 | 2012-11-29 | Siemens Aktiengesellschaft | Verfahren und Steuereinheit zur Erkennung von Manipulationen an einem Fahrzeugnetzwerk |
US9166730B2 (en) * | 2013-09-26 | 2015-10-20 | Ford Global Technologies, Llc | RF jamming detection and mitigation system |
US20150191151A1 (en) * | 2014-01-06 | 2015-07-09 | Argus Cyber Security Ltd. | Detective watchman |
EP3149597B1 (fr) * | 2014-06-02 | 2019-10-02 | Bastille Networks, Inc. | Detection et attenuation electromagnetique de menace en internet des objets |
-
2018
- 2018-02-20 EP EP18157606.7A patent/EP3528524A1/fr not_active Withdrawn
- 2018-12-11 CN CN201880089839.3A patent/CN111713123A/zh active Pending
- 2018-12-11 US US16/970,246 patent/US20210084497A1/en not_active Abandoned
- 2018-12-11 WO PCT/EP2018/084387 patent/WO2019161958A1/fr unknown
- 2018-12-11 EP EP18830160.0A patent/EP3732913A1/fr not_active Withdrawn
Also Published As
Publication number | Publication date |
---|---|
EP3528524A1 (fr) | 2019-08-21 |
WO2019161958A1 (fr) | 2019-08-29 |
CN111713123A (zh) | 2020-09-25 |
US20210084497A1 (en) | 2021-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019161958A1 (fr) | Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement | |
EP3207683B1 (fr) | Procédé et dispositif de détection de données exempte de répercussions | |
EP1959606B1 (fr) | Unité de protection | |
DE102005018301B4 (de) | Datenübertragungsvorrichtung | |
DE112018005458T5 (de) | Systeme und Verfahren für eine kryptografisch garantierte Fahrzeugidentität | |
EP3137363B1 (fr) | Vérification de l'authenticité d'une balise | |
DE102011084254A1 (de) | Kommunikationssystem für ein Kraftfahrzeug | |
EP3026640A1 (fr) | Procede de preparation de donnees d'un vehicule automobile, procede d'evaluation de donnees d'au moins un vehicule et procede de surveillance de la circulation | |
DE102004016548A1 (de) | Verfahren und Anordnung zur Überwachung der Ladung einer Transporteinrichtung | |
WO2004066219A1 (fr) | Procede et dispositif de transmission de donnees mobile | |
EP3756172B1 (fr) | Dispositif pour la multiplication et la sécurisation de données d'un système d'enregistrement de déplacements dans le trafic ferroviaire | |
DE102018208201A1 (de) | Anordnung und Verfahren zum Verändern des Inhalts eines Wurzelzertifikatsspeichers eines technischen Geräts | |
EP2490183A1 (fr) | Appareil de véhicule, réseau ad hoc et procédé pour un système de péage routier | |
DE102018212657A1 (de) | Verfahren und Vorrichtung zum Erkennen von Unregelmäßigkeiten in einem Rechnernetz | |
DE102021208459A1 (de) | Verfahren zur authentischen Datenübertragung zwischen Steuergeräten eines Fahrzeugs, Anordnung mit Steuergeräten, Computerprogramm und Fahrzeug | |
DE102018008006A1 (de) | Verfahren zur Aufzeichnung von Fahrzeugdaten | |
DE10350647A1 (de) | Verfahren und Anordnung zur mobilen Datenübertragung | |
EP3541038A1 (fr) | Procédé et dispositif de transmission de données protégée de manière cryptographique entre un premier appareil et un second appareil | |
DE102017219987C5 (de) | Vorrichtung und Verfahren zur effizienten und kostensparenden Erfassung von Ordnungswidrigkeiten, Straftaten und/oder der verursachenden Personen | |
DE102016210423A1 (de) | Verfahren und Vorrichtung zum Übertragen von Daten | |
DE102022210717A1 (de) | Verfahren für ein Fahrzeug, Computerprogramm, Vorrichtung und Fahrzeug | |
EP4278627A1 (fr) | Procédé, programme informatique, support de stockage lisible par ordinateur et système pour fournir des informations à protéger qui concernent un véhicule de transport de passagers | |
EP4315751A1 (fr) | Procédé et système de détection d'une attaque informatique sur un véhicule à l'aide d'un procédé d'apprentissage profond | |
DE102019211787A1 (de) | Verfahren und Kommunikationseinrichtung zur Datenübertragung zwischen Netzwerken, insbesondere mit unterschiedlicher Sicherheitsanforderungen | |
EP3786030A1 (fr) | Procédé et équipement de localisation d'un véhicule à l'aide de la technologie uwb |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20200727 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20220110 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20220521 |