Secure communication thanks to the V-ZUG PKI from SCS
Digitalisation enables new business opportunities. These new opportunities also bring new challenges. The devices are exposed to the dangers of the Internet and must be protected accordingly. SCS has designed a comprehensive public key infrastructure for V-ZUG. It ensures secure communication of the devices in the Internet of Things.
-
Problem
The manufacturer V-ZUG AG networks its household appliances to offer its customers additional benefits. Special attention is paid to security. Unauthorised persons must not be able to access the appliances and their controls.
-
Solution SCS
Together with V-ZUG, SCS has developed a public key infrastructure (PKI). With a PKI, communication is encrypted and digitally signed. This ensures that a message actually comes from an authorised participant and is not forged.
-
Added value
Thanks to the PKI, the V-ZUG IoT devices can communicate securely with the cloud. This enables the subsequent purchase of new services, e.g. a new wash cycle for the washing machine. In addition, V-ZUG can guarantee that only trained technicians have access to the devices. This ensures competent service.
Project insights
All IoT-enabled household appliances produced by V-ZUG are equipped with a digital certificate. To make this possible, SCS has set up a public key infrastructure for V-ZUG.
The V-ZUG PKI developed by SCS will be integrated into the manufacture of V-ZUG's IoT-enabled household appliances. This provides all appliances with individual and coordinated digital certificates. This forms the basis for securing the appliances and their communication.
The V-ZUG PKI was also integrated into the internal IT landscape of V-ZUG AG. Among other things, this is for digitally signing new firmware versions of the household appliances. The digital signature ensures that no counterfeit malware enters circulation.
For smooth project implementation and integration into the IT landscape, SCS carried out a proof-of-concept. All important aspects of the project were tested in advance and the risks in the project were minimised as a result.
Since the V-ZUG PKI has become a core component of the entire IT landscape, SCS developed a holistic security concept. In addition to technical security measures, this also includes administrative topics for the operation of the V-ZUG PKI, a detailed authorisation concept and the development of secure work processes. Affected employees were trained by SCS on the basis of the developed security concept.
The core of the V-ZUG PKI is the root certification authority (root CA). It is responsible for the provision of digital certificates and the digital signing of these. The root CA was set up and secured in accordance with currently applicable security recommendations (based on security standards from ISO/IEC-27002).
SCS regularly checks the processes and periodically carries out an audit of the systems, access authorisations and work processes.
In the event of an unforeseen event that affects the operation of the V-ZUG PKI, SCS has drawn up a so-called disaster recovery plan. This emergency plan ensures that the V-ZUG PKI is up and running again in the shortest possible time.
Further advantages made possible by the V-ZUG PKI:
- Value-added services on individual household appliances can be activated
- Updates are secured by code signing
- Service interfaces are activated for maintenance personnel in a targeted manner and for a limited period of time