Secure communication thanks to the V-ZUG PKI from SCS
Digitalisation opens up new business opportunities. These new opportunities also bring new challenges. Appliances are exposed to the dangers of the Internet and must be protected accordingly. SCS has designed a comprehensive public key infrastructure for V-ZUG. It ensures secure communication between devices on the Internet of Things.
-
Problem definition
The manufacturer V-ZUG AG networks its household appliances to offer its customers additional benefits. Special attention is paid to security. Unauthorised persons must not be able to access the appliances and their controls.
-
SCS solution
Together with V-ZUG, SCS has developed a public key infrastructure (PKI). With a PKI, communication is encrypted and digitally signed. This ensures that a message actually comes from an authorised participant and is not forged.
-
Added value
Thanks to the PKI, V-ZUG IoT appliances can communicate securely with the cloud. This enables the subsequent purchase of new services, e.g. a new wash cycle for the washing machine. V-ZUG can also guarantee that only trained technicians have access to the appliances. This ensures a competent service.
Project insights
All IoT-capable household appliances produced by V-ZUG are equipped with a digital certificate. To make this possible, SCS has set up a public key infrastructure for V-ZUG.
The V-ZUG PKI developed by SCS is integrated into the production of V-ZUG’s IoT-enabled household appliances. As a result, all appliances are equipped with individual and harmonised digital certificates. This forms the basis for securing the appliances and their communication.
The V-ZUG PKI was also integrated into the internal IT landscape of V-ZUG AG. This includes the digital signing of new firmware versions for household appliances. The digital signature ensures that no counterfeit malware gets into circulation.
SCS carried out a proof of concept to ensure smooth project implementation and integration into the IT landscape. All important aspects of the project were checked in advance, thereby minimising the risks in the project.
As the V-ZUG PKI became a core component of the entire IT landscape, SCS developed a holistic security concept. In addition to technical security measures, this also included administrative issues for the operation of the V-ZUG PKI, a detailed authorisation concept and the development of secure work processes. Affected employees were trained by SCS on the basis of the developed security concept.
The root certification authority (root CA) forms the centrepiece of the V-ZUG PKI. It is responsible for providing the digital certificates and digitally signing them. The Root CA was set up and secured in accordance with current security recommendations (based on security standards from ISO/IEC-27002). SCS also developed a concept for the secure storage of the Root CA.
SCS regularly checks the processes and carries out periodic audits of the systems, access authorisations and work processes.
In the event of an unforeseen event that affects the operation of the V-ZUG PKI, SCS has drawn up a disaster recovery plan. This emergency plan ensures that the V-ZUG PKI is up and running again in the shortest possible time.
Further advantages made possible by the V-ZUG PKI:
- Value-added services can be activated on individual household appliances
- Updates are secured by code signing
- Service interfaces are activated for maintenance personnel in a targeted and time-limited manner
