Secure Fieldbus Communication

Secure Fieldbus Communication

A field report on DICE, MQTT, Secure Boot and PKI

Typical core questions in the field of IIoT, embedded devices and fieldbus level are, for example, "Who can I trust", "Why should I trust" or "Can I still trust?


This is particularly true when communication does not take place exclusively in sealed-off cells. Because as soon as communication channels to the open world exist, these are subject to uncontrollable influences. In addition to technical inadequacies, participants can also sneak into the communication, for example. This can happen intentionally, in the form of an attack, or unintentionally, through incorrect addressing.

This is particularly the case in wired fieldbuses, where it can lead to malfunctioning of the machines and plant components involved and to process errors. Often, however, such defects are only detected after a not inconsiderable damage has already occurred. One way to counteract this is to use the DICE technology of the Trusted Computing Group.

In this case, devices and firmware receive a unique ID that can be checked remotely. Based on this ID, the identity of the devices can be unambiguously determined at runtime and the change in the firmware can be communicated to the communication partners in a non-repudiable manner. In this way, intentional and unintentional misconfigurations can be detected and firmware updates can be communicated to all parties involved in a trustworthy manner.


In order to demonstrate the applicability of this technology for industrial safety, controllers and software from SYS TEC electronic and software from the partner infoteam Software AG will be brought together. In the course of implementation, Secure Boot and a PKI were set up on the edge controller to provide autonomous secure communication on a field bus. When designing the software solution, great importance was attached to a fieldbus-neutral architecture. The reference implementation for MQTT can also be transferred to other protocols such as CANopen or Modbus.


In the upcoming series of lectures, the cooperation partners will report on their experiences on the way to a secure connection. In particular, the focus here will be on practical implementation, with a high level of security and simple handling.


21.10.2020 | IoT Conference |

01.12.2020 | ESE Congress |