EP3732913A1 - Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement - Google Patents

Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement

Info

Publication number
EP3732913A1
EP3732913A1 EP18830160.0A EP18830160A EP3732913A1 EP 3732913 A1 EP3732913 A1 EP 3732913A1 EP 18830160 A EP18830160 A EP 18830160A EP 3732913 A1 EP3732913 A1 EP 3732913A1
Authority
EP
European Patent Office
Prior art keywords
integrity monitoring
monitoring data
control unit
tamper
recording
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP18830160.0A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP3732913A1 publication Critical patent/EP3732913A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/008Registering or indicating the working of vehicles communicating information to a remotely located station
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/20Countermeasures against jamming
    • H04K3/22Countermeasures against jamming including jamming detection and monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K2203/00Jamming of communication; Countermeasures
    • H04K2203/30Jamming or countermeasure characterized by the infrastructure components
    • H04K2203/36Jamming or countermeasure characterized by the infrastructure components including means for exchanging jamming data between transmitter and receiver, e.g. in forward or backward direction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint

Definitions

  • the invention relates to a control unit and method for mani pulationsgecrypttes detection of réellesconcesrelevan th integrity monitoring data.
  • IT security mechanisms to protect products, such as devices (e.g., controllers, Internet of Things (IoT) devices), device components or software components, from tampering and / or reverse engineering.
  • Cryptographic IT security mechanisms are already in use, for example, in smart devices, for example in the IoT, cyber-physical systems, power engineering automation systems or production systems, industrial engineering and other systems.
  • security in the context of the present description essentially refers to the security or security, confidentiality and / or integrity of data as well as their transmission and also security, trust and / or access integrity to appropriate data. Authentication in the case of data transmissions or access to data also belongs to the term "security” as used in the context of the present description.
  • a module can hereby be designed as a hardware and / or functional unit that software and / or firmware The function can be executed for example by means of a processor and / or a memory unit for storing program instructions.
  • Tamper-proof in the present description goes beyond the term "security”.
  • security not only the mentioned cryptographic or security methods are used. but also ensures reliable data transmission against attacks or external access from outside.
  • Industrial equipment e.g. Controllers, field devices, IoT devices or IoT gateways use a plurality of cryptographic keys, e.g. to authenticate, to protect the integrity of stored data and program code, to verify and decrypt firmware updates, and to protect the integrity and, if necessary, the confidentiality of configuration and configuration data.
  • said devices may be provided with a data interface which may be wired as well as a wireless interface, e.g. A WLAN, a Bluetooth or an NFC interface (NFC: Near Field Communication) be designed and set up. With the help of this data interface, the device can be connected to a network or communicate with other devices.
  • radio-based transmission techniques can be used here (eg safety over WLAN such as, for example, pro fi safe, WiMax, cloud robotics, GSM, UMTS, LTE, 5G, vehicle-2 X communication for autonomous vehicles or autonomous driving, radio-based train protection ETCS).
  • radio-based positional information PVT: position, velocity, time
  • GPS satellite navigation system
  • Galileo Beidou
  • Glon ass a satellite navigation system
  • black box recorders or juridical recorders in safety-critical or operational safety-critical systems (ie securing the functionality of trains, airplanes, rail vehicles, etc.) in order to capture data during operation and store tamper evidence. As a result, the accident can be explained after an accident.
  • These are also referred to as Train Event Recorder, Flight Data Recorder or generally Event Da ta Recorder. In airplanes it is possible to record the communication in the cockpit (cockpit voice recorder).
  • a faulty transmission can be recorded to a Radio Block Center (RBC).
  • RBC Radio Block Center
  • An error in the message sequence, inconsistent messages, or even a radio link error may be detected. This mainly applies to the checking of timestamps and the correct formatting of messages.
  • So-called intrusion detection systems (W) IDS can be used to detect attacks on a (radio) network.
  • radio technology it is possible to digitize a received signal and to evaluate a section of the received signal as a so-called radio snippet or snapshot.
  • EP 17180526.0 has already proposed an integrity check in the automation system in which it is checked whether the integrity of the production machines was met during the production of a product.
  • a method of cryptographically protected monitoring for example, in EP 17188718.5 already Wenig least one component of a device or system V or proposals have been, wherein a block chain-based cryptographic specific monitoring function, in particular a watchdog (councils Ge, container virtual machines) provided.
  • control unit comprising at least one processor arranged to carry out the following steps:
  • a system equipped with a reliability-critical function can be a device, automation system / system, vehicle, etc.
  • the integrity monitoring preferably follows at runtime of the system.
  • the recording may also include logging into a so-called log file.
  • the operational safety relevant function can be an accident message or sending an emergency / alarm / warning signal / message.
  • Operational safety-critical functions are implemented on IT-based systems, in particular in autonomous driving and cloud robotics, and using radio transmission (eg 5G Cloud Robotics). Since it is possible that a deliberate manipulation of a Equipment or radio transmission in the event of an accident and caused or influenced the accident.
  • a further development of the invention provides that the processor is furthermore set up to output the recorded and / or stored integrity monitoring data in order to initiate an evaluation thereof on the basis of a preserved alarm and / or warning information, which is due to execution of the safety-critical function has been sent out.
  • Integrity monitoring data may be recorded and / or stored during operation of the system.
  • the integrity monitoring data may also include system control commands.
  • a development of the invention provides that the integrity monitoring data also write at least one property of the radio signal of the radio transmission and / or a digitized section (snippet or snapshot) of the radio signal.
  • a further development of the invention provides that the recording and / or storage of the integrity monitoring data by means of a cryptographic checksum is tamper-protected or is.
  • a development of the invention provides that the recording and / or storage of the integrity monitoring data by means of an attestation (time stamp, counter value) is manipulation-protected or is protected against tampering.
  • a further development of the invention provides that the control unit is configured as an application locally arranged in the system, as a cloud and / or server service arranged outside the system.
  • a further development of the invention provides that for manipulation-protected recording and / or storage of the integrity monitoring data, these are written or writable in a cryptographically saved log file.
  • a further development of the invention provides that for manipulation-protected detection of the integrity monitoring data, these are set as a transaction in a blockchain data structure.
  • a block chain or block chain is generally understood to mean a database whose integrity (backup against subsequent manipulation) is stored by storing the one-way radio value, also called a hash value, of the preceding data block or block or link in the respectively following one, ie by cryptographic chaining. is secured.
  • a transaction record protected in the blockchain comprises general program code in which conditions can be defined at the time of creation and evaluated at run time, so that certain transactions in a given amount may be made to a particular recipient or several recipients Not. The transaction can be executed using the transaction record.
  • Another aspect of the invention is a method comprising the following steps:
  • a computer program comprising program code which can be executed by at least one processor and which causes the at least one processor to execute the method according to the invention and its embodiment.
  • the computer program may be run on a device of the aforementioned kind or stored as a computer program product on a computer-readable medium.
  • a variant of the computer program (product) with program commands for configuring a creation device for example a 3D printer, a computer system or a production machine suitable for the production of processors and / or devices may be.
  • the method and computer program (products) can be formed accordingly from the developments / embodiments of the aforementioned device and its developments / embodiments.
  • the figure shows schematically an environment in which a safety-critical system is used.
  • a system equipped with a safety-critical function can be a device, an automation system / system, be stuff etc.
  • Operational safety-critical functions are implemented on IT-based systems, in particular for autonomous driving and Cloud Robotics, and using radio transmission (eg 5G Cloud Robotics).
  • Reliable wireless transmission in the broader sense does not only include procedures that are robust under disturbances and in which QoS (Quality of Service) parameters are tried to be adhered to. It is also important to be able to recognize and react to disturbances.
  • QoS Quality of Service
  • IDS Intrusion Detection Systems
  • Integrity Monitoring are usually not enough.
  • a security integrity monitoring information (integrity monitoring data), which recorded by radio transmission by means of a monitoring unit or device M and integrated into an event data recorder ER (event data recorder) integrated into the control unit according to the invention tamper-evident recorded and / or stored. This makes it possible, in the event of an accident, to detect a manipulated device, a manipulated data transmission, a disruption of a radio transmission.
  • the captured security integrity information may follow the include:
  • a device security health check i. Checking the integrity of program code and / or configuration data during runtime or during operation of the device.
  • radio / radio area information concerning signal quality (signal strength, bit error rate, channel estimation (channel estimation), determined "jamming" information, ie derived information on interferers, type of interferer raw radio snippets (digitized baseband signal) or a continuous digitized baseband signal.
  • Event Data Recorder can be called locally as a special hardware appliance, i. a combination of hardware, possibly firmware and software, be realized and has a processor P.
  • a cloud EC e.g. a central cloud or a so-called edge cloud.
  • the integrity monitoring data is provided by a cryptographic checksum to the Event Data Recorder. It can be e.g. to be an attestation (e.g., a device attesting that its Device Health Check is "OK").
  • the attestation preferably comprises a timestamp or a counter value, so that the actuality is verifiable.
  • the acquired information can be set to a secure log or as a transaction in a blockchain data structure or a distributed ledger data structure.
  • device integrity certificates DA and radio integrity measurement data RA are detected and recorded as part of the integrity monitoring data in an event data recorder and / or recorded and / or stored in order to be available for any required evaluation.
  • the Event Data Recorder can also be implemented as an application (app) in an Edge Cloud.
  • an Edge Cloud an application (app) in an Edge Cloud.
  • a conventional cloud can be used instead of an edge cloud, or local control and recording of integrity monitoring data can take place in a physically or logically separated control network, not shown in the figure.
  • Computer-readable memories are, for example, volatile memories such as caches, buffer or RAM, as well as nonvolatile memories such as removable data carriers, hard disks, etc.
  • the functions or steps described above may be in the form of at least one instruction set in / on a computer-readable memory.
  • the functions or steps are not bound to a specific instruction set or to a specific form of instruction sets or to a specific storage medium or to a specific processor or to specific execution schemes and may be due to software, firmware, microcode, hardware, processors, integrated circuits etc. be carried out alone or in any combination.
  • various processing strategies can be used, for example serial processing by a single processor or multiprocessing or multitasking or parallel processing, etc.
  • the instructions can be stored in local memories, but it is also possible to store the instructions on a remote system and access them via network.
  • processor central signal processing
  • Control unit or “data evaluation means” as used herein includes processing means in the broadest sense, ie For example, servers, general-purpose processors, graphics processors, digital signal processors, application specific integrated circuits (ASICs), programmable logic circuits such as FPGAs, discrete analog or digital circuits, and any combinations thereof, including all other processing means known to those skilled in the art or developed in the future.
  • Processors can consist of one or more devices or devices or units. Be a processor of several devices, these can be designed or configured for parallel or sequential processing or Ausrete tion of instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne une unité de commande (ER) comprenant au moins un processeur (P) conçu pour exécuter les étapes consistant : à acquérir, sans manipulation frauduleuse, des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement, relatives à un système (ID1 à ID5) qui est équipé d'une fonction critique en termes de sécurité de fonctionnement et qui est ou qui peut être relié à un réseau de communication par radiotransmission (5G). Les données de surveillance d'intégrité décrivent une surveillance d'intégrité du système et des accès par des tiers à la radiotransmission, et à enregistrer et/ou stocker, sans manipulation frauduleuse, les données de surveillance d'intégrité à des fins d'évaluation en cas d'utilisation de la fonction pertinente en termes de sécurité de fonctionnement.
EP18830160.0A 2018-02-20 2018-12-11 Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement Withdrawn EP3732913A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP18157606.7A EP3528524A1 (fr) 2018-02-20 2018-02-20 Unité de commande et procédé de détection protégée contre la manipulation de données de surveillance de l'intégrité en relation avec la sécurité du fonctionnement
PCT/EP2018/084387 WO2019161958A1 (fr) 2018-02-20 2018-12-11 Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement

Publications (1)

Publication Number Publication Date
EP3732913A1 true EP3732913A1 (fr) 2020-11-04

Family

ID=61526539

Family Applications (2)

Application Number Title Priority Date Filing Date
EP18157606.7A Withdrawn EP3528524A1 (fr) 2018-02-20 2018-02-20 Unité de commande et procédé de détection protégée contre la manipulation de données de surveillance de l'intégrité en relation avec la sécurité du fonctionnement
EP18830160.0A Withdrawn EP3732913A1 (fr) 2018-02-20 2018-12-11 Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP18157606.7A Withdrawn EP3528524A1 (fr) 2018-02-20 2018-02-20 Unité de commande et procédé de détection protégée contre la manipulation de données de surveillance de l'intégrité en relation avec la sécurité du fonctionnement

Country Status (4)

Country Link
US (1) US20210084497A1 (fr)
EP (2) EP3528524A1 (fr)
CN (1) CN111713123A (fr)
WO (1) WO2019161958A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021202528A1 (de) 2021-03-16 2022-09-22 Siemens Mobility GmbH Bahntechnikgerät für eine bahntechnische Anlage und Verfahren zu deren Betrieb
DE102021209579A1 (de) * 2021-08-31 2023-03-02 Siemens Aktiengesellschaft Verfahren zum Betrieb eines Automatisierungssystems mit mindestens einem Überwachungsmodul und Attestierungseinrichtung
WO2023031131A1 (fr) * 2021-08-31 2023-03-09 Siemens Aktiengesellschaft Procédé de fonctionnement d'un système d'automatisation comprenant au moins un module de surveillance et dispositif d'attestation
CN113726820A (zh) * 2021-11-02 2021-11-30 苏州浪潮智能科技有限公司 数据传输系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8595831B2 (en) * 2008-04-17 2013-11-26 Siemens Industry, Inc. Method and system for cyber security management of industrial control systems
KR101072277B1 (ko) * 2009-08-31 2011-10-11 주식회사 아나스타시스 실시간 데이터 무결성 보장 장치 및 방법과 이를 이용한 블랙박스 시스템
DE102011076350A1 (de) * 2011-05-24 2012-11-29 Siemens Aktiengesellschaft Verfahren und Steuereinheit zur Erkennung von Manipulationen an einem Fahrzeugnetzwerk
US9166730B2 (en) * 2013-09-26 2015-10-20 Ford Global Technologies, Llc RF jamming detection and mitigation system
US20150191151A1 (en) * 2014-01-06 2015-07-09 Argus Cyber Security Ltd. Detective watchman
EP3149597B1 (fr) * 2014-06-02 2019-10-02 Bastille Networks, Inc. Detection et attenuation electromagnetique de menace en internet des objets

Also Published As

Publication number Publication date
EP3528524A1 (fr) 2019-08-21
WO2019161958A1 (fr) 2019-08-29
CN111713123A (zh) 2020-09-25
US20210084497A1 (en) 2021-03-18

Similar Documents

Publication Publication Date Title
WO2019161958A1 (fr) Unité de commande et procédé pour acquérir sans manipulation frauduleuse des données de surveillance d'intégrité pertinentes en termes de sécurité de fonctionnement
EP3207683B1 (fr) Procédé et dispositif de détection de données exempte de répercussions
EP1959606B1 (fr) Unité de protection
DE102005018301B4 (de) Datenübertragungsvorrichtung
DE112018005458T5 (de) Systeme und Verfahren für eine kryptografisch garantierte Fahrzeugidentität
EP3137363B1 (fr) Vérification de l'authenticité d'une balise
DE102011084254A1 (de) Kommunikationssystem für ein Kraftfahrzeug
EP3026640A1 (fr) Procede de preparation de donnees d'un vehicule automobile, procede d'evaluation de donnees d'au moins un vehicule et procede de surveillance de la circulation
DE102004016548A1 (de) Verfahren und Anordnung zur Überwachung der Ladung einer Transporteinrichtung
WO2004066219A1 (fr) Procede et dispositif de transmission de donnees mobile
EP3756172B1 (fr) Dispositif pour la multiplication et la sécurisation de données d'un système d'enregistrement de déplacements dans le trafic ferroviaire
DE102018208201A1 (de) Anordnung und Verfahren zum Verändern des Inhalts eines Wurzelzertifikatsspeichers eines technischen Geräts
EP2490183A1 (fr) Appareil de véhicule, réseau ad hoc et procédé pour un système de péage routier
DE102018212657A1 (de) Verfahren und Vorrichtung zum Erkennen von Unregelmäßigkeiten in einem Rechnernetz
DE102021208459A1 (de) Verfahren zur authentischen Datenübertragung zwischen Steuergeräten eines Fahrzeugs, Anordnung mit Steuergeräten, Computerprogramm und Fahrzeug
DE102018008006A1 (de) Verfahren zur Aufzeichnung von Fahrzeugdaten
DE10350647A1 (de) Verfahren und Anordnung zur mobilen Datenübertragung
EP3541038A1 (fr) Procédé et dispositif de transmission de données protégée de manière cryptographique entre un premier appareil et un second appareil
DE102017219987C5 (de) Vorrichtung und Verfahren zur effizienten und kostensparenden Erfassung von Ordnungswidrigkeiten, Straftaten und/oder der verursachenden Personen
DE102016210423A1 (de) Verfahren und Vorrichtung zum Übertragen von Daten
DE102022210717A1 (de) Verfahren für ein Fahrzeug, Computerprogramm, Vorrichtung und Fahrzeug
EP4278627A1 (fr) Procédé, programme informatique, support de stockage lisible par ordinateur et système pour fournir des informations à protéger qui concernent un véhicule de transport de passagers
EP4315751A1 (fr) Procédé et système de détection d'une attaque informatique sur un véhicule à l'aide d'un procédé d'apprentissage profond
DE102019211787A1 (de) Verfahren und Kommunikationseinrichtung zur Datenübertragung zwischen Netzwerken, insbesondere mit unterschiedlicher Sicherheitsanforderungen
EP3786030A1 (fr) Procédé et équipement de localisation d'un véhicule à l'aide de la technologie uwb

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20200727

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20220110

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20220521