Secure communication thanks to the V-ZUG PKI from SCS

High Level Software Information Security

Digitalisation opens up new business opportunities. These new opportunities also bring new challenges. Appliances are exposed to the dangers of the Internet and must be protected accordingly. SCS has designed a comprehensive public key infrastructure for V-ZUG. It ensures secure communication between devices on the Internet of Things.

  • Problem definition

    The manufacturer V-ZUG AG networks its household appliances to offer its customers additional benefits. Special attention is paid to security. Unauthorised persons must not be able to access the appliances and their controls.

  • SCS solution

    Together with V-ZUG, SCS has developed a public key infrastructure (PKI). With a PKI, communication is encrypted and digitally signed. This ensures that a message actually comes from an authorised participant and is not forged.

  • Added value

    Thanks to the PKI, V-ZUG IoT appliances can communicate securely with the cloud. This enables the subsequent purchase of new services, e.g. a new wash cycle for the washing machine. V-ZUG can also guarantee that only trained technicians have access to the appliances. This ensures a competent service.

Project insights

All IoT-capable household appliances produced by V-ZUG are equipped with a digital certificate. To make this possible, SCS has set up a public key infrastructure for V-ZUG.

The V-ZUG PKI developed by SCS is integrated into the production of V-ZUG’s IoT-enabled household appliances. As a result, all appliances are equipped with individual and harmonised digital certificates. This forms the basis for securing the appliances and their communication.

The V-ZUG PKI was also integrated into the internal IT landscape of V-ZUG AG. This includes the digital signing of new firmware versions for household appliances. The digital signature ensures that no counterfeit malware gets into circulation.

SCS carried out a proof of concept to ensure smooth project implementation and integration into the IT landscape. All important aspects of the project were checked in advance, thereby minimising the risks in the project.

As the V-ZUG PKI became a core component of the entire IT landscape, SCS developed a holistic security concept. In addition to technical security measures, this also included administrative issues for the operation of the V-ZUG PKI, a detailed authorisation concept and the development of secure work processes. Affected employees were trained by SCS on the basis of the developed security concept.

Overview of the commissioning of V-ZUG appliances in worldwide use. The IOT manufacturer, in this case V-ZUG, obtains a valid certificate from the PKI when manufacturing the appliance. The appliance is delivered with this digital certificate. Customers can put the V-ZUG appliance into operation and connect securely to the V-ZUG IoT cloud (V-ZUG Home).

The root certification authority (root CA) forms the centrepiece of the V-ZUG PKI. It is responsible for providing the digital certificates and digitally signing them. The Root CA was set up and secured in accordance with current security recommendations (based on security standards from ISO/IEC-27002). SCS also developed a concept for the secure storage of the Root CA.

SCS regularly checks the processes and carries out periodic audits of the systems, access authorisations and work processes.

In the event of an unforeseen event that affects the operation of the V-ZUG PKI, SCS has drawn up a disaster recovery plan. This emergency plan ensures that the V-ZUG PKI is up and running again in the shortest possible time.

Further advantages made possible by the V-ZUG PKI:

  • Value-added services can be activated on individual household appliances
  • Updates are secured by code signing
  • Service interfaces are activated for maintenance personnel in a targeted and time-limited manner

Related projects

Visual inspection of railway wagons

Is the block brake worn? How thick is the pantograph contact strip? Is an incorrectly fitted screw coupling hanging down? In future, SBB's "Visual ... More

Smart Meter Toolkit

According to the Electricity Supply Ordinance, the grid operator must enable the end customer to receive real-time measurement data from the smart ... More

SRF media archive

The media archive for Swiss Radio and Television SRF enables journalists to access archive material dating back to the 1950s and send the image and ... More

IOBnet – Exchange platform for ophthalmologists

The IOBnet platform offers ophthalmologists the opportunity to exchange anonymised cases with experts at any time. By creating the platform, SCS is ... More

Cloud platform for medical measurement data

The spirometry devices from ndd Medizintechnik AG make a significant contribution to the early detection of lung diseases. Their measurement data is ... More
Show all projects
Jérôme Stettler Digital transformation How can I help you?