Secure communication thanks to the V-ZUG PKI from SCS

High Level Software Information Security

Digitalisation enables new business opportunities. These new opportunities also bring new challenges. The devices are exposed to the dangers of the Internet and must be protected accordingly. SCS has designed a comprehensive public key infrastructure for V-ZUG. It ensures secure communication of the devices in the Internet of Things.

  • Problem

    The manufacturer V-ZUG AG networks its household appliances to offer its customers additional benefits. Special attention is paid to security. Unauthorised persons must not be able to access the appliances and their controls.

  • Solution SCS

    Together with V-ZUG, SCS has developed a public key infrastructure (PKI). With a PKI, communication is encrypted and digitally signed. This ensures that a message actually comes from an authorised participant and is not forged.

  • Added value

    Thanks to the PKI, the V-ZUG IoT devices can communicate securely with the cloud. This enables the subsequent purchase of new services, e.g. a new wash cycle for the washing machine. In addition, V-ZUG can guarantee that only trained technicians have access to the devices. This ensures competent service.

Project insights

All IoT-enabled household appliances produced by V-ZUG are equipped with a digital certificate. To make this possible, SCS has set up a public key infrastructure for V-ZUG.

The V-ZUG PKI developed by SCS will be integrated into the manufacture of V-ZUG's IoT-enabled household appliances. This provides all appliances with individual and coordinated digital certificates. This forms the basis for securing the appliances and their communication.

The V-ZUG PKI was also integrated into the internal IT landscape of V-ZUG AG. Among other things, this is for digitally signing new firmware versions of the household appliances. The digital signature ensures that no counterfeit malware enters circulation.

For smooth project implementation and integration into the IT landscape, SCS carried out a proof-of-concept. All important aspects of the project were tested in advance and the risks in the project were minimised as a result.

Since the V-ZUG PKI has become a core component of the entire IT landscape, SCS developed a holistic security concept. In addition to technical security measures, this also includes administrative topics for the operation of the V-ZUG PKI, a detailed authorisation concept and the development of secure work processes. Affected employees were trained by SCS on the basis of the developed security concept.

Overview of the commissioning of V-ZUG appliances in use worldwide. The IOT manufacturer, in this case V-ZUG, obtains a valid certificate from the PKI when manufacturing the appliance. The appliance is delivered with this digital certificate. Customers can commission the V-ZUG appliance and connect securely to the V-ZUG IoT cloud (V-ZUG Home).

The core of the V-ZUG PKI is the root certification authority (root CA). It is responsible for the provision of digital certificates and the digital signing of these. The root CA was set up and secured in accordance with currently applicable security recommendations (based on security standards from ISO/IEC-27002).

SCS regularly checks the processes and periodically carries out an audit of the systems, access authorisations and work processes.

In the event of an unforeseen event that affects the operation of the V-ZUG PKI, SCS has drawn up a so-called disaster recovery plan. This emergency plan ensures that the V-ZUG PKI is up and running again in the shortest possible time.

Further advantages made possible by the V-ZUG PKI:

  • Value-added services on individual household appliances can be activated
  • Updates are secured by code signing
  • Service interfaces are activated for maintenance personnel in a targeted manner and for a limited period of time

Related projects

Visual control of railroad wagons

Is the block brake worn? How thick is the collector shoe of the pantograph? Is an improperly installed screw coupling hanging down? The ... learn more

SRF media archive

The media archive for Swiss radio and television SRF enables journalists to access archive material dating back to the 1950s ... learn more

IOBnet - Exchange platform for ophthalmologists

The IOBnet platform offers ophthalmologists the possibility to exchange anonymized cases with experts at any time. With the creation ... learn more

Cloud platform for medical measurement data

The spirometry devices from ndd Medizintechnik AG make a significant contribution to the early detection of lung diseases. Their measurement data are always ... learn more

SDAT data hub for the Swiss electricity industry

The data hub simplifies and standardises market communication. For the company Swisseldex AG, an amalgamation of various ... learn more
Show all projects
Jérôme Stettler Digital Transformation How can I help you?