Endress+Hauser sets standards in Internet security
by David Fleschen
The Cryptography Working Group of the Internet Standards Organization IETF (Internet Engineering Task Force) has selected the CPace protocol developed by Endress+Hauser as the recommended method for use in Internet standards. After extensive security analyses, the CPace protocol emerged as the winner from a competition with submissions from employees of well-known companies.
Secure access to field devices is a top priority for operators in all branches of the process industry. Modern plants contain hundreds to thousands of measurement and control devices, which increasingly need to be accessed remotely. In addition, field devices must be installed, checked or maintained regularly. The secure password-based authentication of users, especially in the case of devices with digital data interfaces, plays a special role today.
Security despite user-friendly password lengths
Endress+Hauser's security experts identified the need for additional protection for Bluetooth communication in industrial environments and designed a solution called CPace. CPace belongs to the class of PAKE (password-authenticated key exchange) procedures. It is also used in the German identity card, among other things, to largely decouple the cryptographic security level from the password length. CPace offers the advantage that the performance of even the smallest field devices is sufficient to protect the devices and thus the industrial plants in the best possible way against cyber attacks. At the same time, the solution meets with high acceptance among users, since the security level is achieved even without long passwords.
"We were looking for our own solution to create a secure connection with the devices, because previous methods with an adequate security level for industrial applications were ruled out due to limited resources. A password check would have meant a login delay of two minutes or more," says Endress+Hauser project manager Dr. Björn Haase.
CPace makes it difficult for attackers
The security of Endress+Hauser's PAKE-based solution with Bluetooth technology was already confirmed in 2016 by a review of the Fraunhofer Institute for Applied and Integrated Security (AISEC). The protection level of the Endress+Hauser security layer, whose core component has now been selected for use in the Internet environment, was rated "high".
Source: Endress + Hauser, Photo: Fotolia