Microsoft engineers are working on a new project with the code name TCPS – short for Trusted Cyber Physical Systems – to provide a hardened system for securing Internet of Things (IoT) and Industrial Control Systems (ICS) devices.

Hannover Messe 2018, a trade fair for industrial technology, which took place last week.

TCPS is a Three-Component System

According to Microsoft, TCPS systems are designed to use three elements to trap and block intrusions.

The first is a hardware-level Trusted Execution Environments (TEEs) such as Intel SGX, ARM TrustZone and SecureElements. Such systems are based on processors and are hardware-separated areas of modern CPUs that provide sensitive information

When low-resource-consuming ICS or IoT devices are not communicating with the computer With the support of a hardware-level TEE component, enterprises should adopt one provide a so-called "brownfield gateway," an intermediate point that passes all commands from upstream devices to IoT devices, sensors, actuators, or security control systems. Server / host (supporting a TEE)

The second component a graphical user interface (GUI) to appear on a trusted terminal designated by Microsoft as a "secure acknowledgment terminal" employee

Whenever a TEE gateway receives a command to perform certain operations, a prompt appears on the trusted terminal. No code is executed unless it receives the approval of the human operator.

When the operator acknowledges an operation, the TEE will cryptographically sign the command, which will then be forwarded for use by the rest of the system.

But when a command to execute came out of nowhere, the operator can easily detect when malware tries to interact with IoT / ICS systems and block the attempt before it can do any harm.

The third and final component of Microsoft's TCPS is a cloud-based platform that can be used for deployment, key management, certification authority, patch management and tamper-proof logging. Because it's a Microsoft project, Azure will be the default solution.

TCPS is designed to protect "data in progress"

Typically, good IoT and ICS systems use different security features to protect data in transit (data that switches between devices – such as HTTPS encryption) and data at rest (Data stored on a device – such as cryptographic file signatures).

According to Microsoft, the purpose of its new TCPS project is to add support for the last missing piece in IoT and ICS system design – data protection in execution – by using TEEs similar to those used on desktops and laptops ,

Microsoft cited recent attacks with the Trisis / Triton malware as the reason why it began to work on TCPS. This malware was used in a cyberattack last year when hackers purposely damaged security systems in an Aramco gas and oil factory to cause an explosion that could lead to physical damage and even loss of life

For more details on Microsoft's new TCPS project, see this 18-page white paper .

Source link


Please enter your comment!
Please enter your name here