Updatable security for long-life Industry 4.0 and ICT systems


Keeping security hardware at the state of the art over the long term

Innovative updating mechanisms for keeping hardware secure over the long term

Karlsruhe, Germany – Connected machines and ICT systems require security mechanisms that are more robust than ever before and remain so for the long life common with industrial hardware. Withstanding attacks over the long-term means keeping the protections at the state-of-the-art through updates. Researching and assessing such updatable security mechanisms was the objective of the joint ALESSIO project. The project partners are presenting the results today at the VDMA Forum at SPS, the leading trade fair for the automation industry.

Under the leadership of Infineon Technologies AG, the Fraunhofer Institute for Applied and Integrated Security (AISEC), Giesecke+Devrient Mobile Security GmbH, Siemens AG, the Technical University of Munich, and WIBU-SYSTEMS AG have been developing chip-based solutions and prototypes for connected computer applications and embedded systems since 2016. ALESSIO is supported by around €3.9 million in funding from Germany’s Federal Ministry of Education and Research (BMBF) and is scheduled to end on 31 December 2019.

Secure information and communication structures for connected manufacturing

Every new connected device is a potential gateway for cyber-attacks. Sensitive company data and information could be captured and abused for further attacks. This is why reliable protection for security-critical information in devices relies on a combination of software and hardware. While software can still be modified at a later point, hardware or a security chip, once integrated, is protected from being remotely manipulated. Security chips could be imagined as a highly protected safe zone in which data and security-related information are stored, safely away from the software. Nevertheless, there must also be ways to update this secure zone itself, since attack vectors and methods may change over time.

The partners on the ALESSIO project were able to show that updatable security solutions can be achieved with two different technical approaches, using either chip-based secure elements with updatable software or an updatable secure element implemented in programmable logic devices known as FPGAs (field-programmable gate array), in which hardware components can be securely updated during runtime. Both options enable ICT networks and data to stay secure and security-related data to be managed efficiently over the long term.

Oliver Winzenried, CEO and founder of WIBU-SYSTEMS AG, is proud of the progress made by Wibu-Systems and its partners: “Ever since we started using smart card security controllers in our products, we have been committed to offering firmware updates for patching vulnerabilities or adding functions and features. ALESSIO has come up with an innovative process for these updates that uses secure cryptographic schemes with new algorithms. This represents a real gain in security for a longer working life of our hardware.”


About Fraunhofer AISEC

Fraunhofer Institute for Applied and Integrated Security AISEC is one of the internationally leading institutions for applied research in the field of cyber security. More than 100 highly qualified employees work on tailor-made security concepts and solutions for companies and the public sector to improve the competitiveness of customers and partners. These include solutions for increased data security and protection against cybercrime such as industrial espionage and sabotage attacks. The spectrum includes embedded and hardware security, automotive and mobile security as well as security solutions for industry and automation. In addition, in its state-of-the-art test laboratories Fraunhofer AISEC offers the opportunity to evaluate the security of connected and embedded systems, hardware and software products as well as web-based services and cloud services.

About Giesecke+Devrient Mobile Security GmbH

Giesecke+Devrient Mobile Security GmbH is a mobile security technology company headquartered in Munich, Germany. The company is part of the subgroup Giesecke+Devrient Mobile Security of the worldwide Giesecke+Devrient group. Giesecke+Devrient Mobile Security has a workforce of 5,300 employees and generated sales of EUR 868 m in the 2018 fiscal year. More than 40 sales and partner offices as well as 20+ certified production and personalization sites and data centers ensure customer proximity worldwide.

About Infineon

Infineon Technologies AG is a world leader in semiconductor solutions that make life easier, safer and greener. Microelectronics from Infineon is the key to a better future. In the 2019 fiscal year (ending 30 September), the Company reported sales of €8.0 billion with around 41,400 employees worldwide. Infineon is listed on the Frankfurt Stock Exchange (ticker symbol: IFX) and in the USA on the over-the-counter market OTCQX International Premier (ticker symbol: IFNNY).


Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for more than 170 years. The company is active around the globe, focusing on the areas of power generation and distribution, intelligent infrastructure for buildings and distributed energy systems, and automation and digitalization in the process and manufacturing industries. Through the separately managed company Siemens Mobility, a leading supplier of smart mobility solutions for rail and road transport, Siemens is shaping the world market for passenger and freight services. Due to its majority stakes in the publicly listed companies Siemens Healthineers AG and Siemens Gamesa Renewable Energy, Siemens is also a world-leading supplier of medical technology and digital healthcare services as well as environmentally friendly solutions for onshore and offshore wind power generation.

About TU München

The Technical University of Munich (TUM) is one of Europe’s leading research universities, with around 550 professors, 42,000 students, and 10,000 academic and non-academic staff. Its focus areas are the engineering sciences, natural sciences, life sciences and medicine, combined with economic and social sciences. TUM acts as an entrepreneurial university that promotes talents and creates value for society. In that it profits from having strong partners in science and industry. It is represented worldwide with the TUM Asia campus in Singapore as well as offices in Beijing, Brussels, Cairo, Mumbai, San Francisco, and São Paulo. Nobel Prize winners and inventors such as Rudolf Diesel, Carl von Linde, and Rudolf Mößbauer have done research at TUM. In 2006, 2012, and 2019 it won recognition as a German "Excellence University." In international rankings, TUM regularly places among the best universities in Germany.

To top