MEMSEC - Embedded Memory Security Unit for Automotive Test Systems

Securing Memory in Manufacturing Systems. Valuable production data is often not adequately protected. An intelligent firmware protection mechanism is developed to prevent manipulations.

Short Description

Program code and configuration data are significant assets in modern ICT-based manufacturing systems. The effort for the development of firmware/software is often in the range of dozens of person years. Also stored and processed configuration and production data are typically trade secrets and a loss would lead to a significant commercial impact.
Although the value of the assets is high, the protection of both data and code in today's manufacturing systems is often very limited.

The situation in the area of monitoring and controlling of supply infrastructures (e.g., water, gas, district heating) is similar. The secure interconnection of distributed ICT-based measurement and control systems is essential to ensure the undisturbed operation of these public supply grids.

MEMSEC addresses this pressing security problem. The focus is on the protection of software and data in memory against local attackers. Furthermore, strong authentication mechanisms and secure communication between systems and service personnel are considered.

The use cases considered in MEMSEC are automotive test systems, which are a typical example of an ICT-based manufacturing system. Like in many systems, the existing software has mostly been written without considering security. The goal of MEMSEC is to research a hardware memory security unit which enables reuse of existing software.

This unit can be integrated between the CPU and the memory of the system and serves as security anchor of the system.

The following security features are targeted:

  • Transparent protection of code and data using low-latency hardware encryption
  • Strong external authentication and isolation mechanisms for privileged and non-privileged code and data
  • Securing the communication link

The novel approach of such a unit combines properties of an encryption engine, of a trusted platform module (TPM), and of a memory management unit (MMU). Goal of the research project is to determine the full potential of this combination. Finally, the unit will be integrated into a prototype.