When the user credit card information is connected with the facility HVAC system, the security of edge and embedded processing becomes the main influencing factor of the system structure. There are many ways to enhance the security of data storage environment, but none of them is foolproof.

History shows that security tiering is the best way to protect valuable information or assets. Fortress and Castle designs are great examples of security layering that improves as others approach valuable items. As we all know, in the case of data leakage of a national retail chain store in the United States in 2013, hackers invaded the web application in the HVAC system of one store to obtain credit card information.

So what does this have to do with microcontrollers? In the industrial system, micro controller is very important to the industrial Internet of things (i-iot). In order to pursue higher plant output and efficiency, decision-making is pushed close to the process point, which is also called edge processing. Joins are inherent in this deployment. The connected equipment is the entrance and the first line of defense of the virtual castle or factory.

After a vulnerability occurs, the usual immediate response is to over strengthen each layer of the defense to ensure that all entry points are equally secure. It is not feasible to improve the software security for the remote sensor powered by fieldbus and supporting microcontroller due to the processing limitation. Security must be designed to fit the function of the sensor to avoid unnecessary cost and complexity.

For the edge processor, architecture optimization is the key to increase the defense ability without damaging the process control of the processor. Many decisions have to be made to build a system on a single chip (SOC), a multi chip module (MCM), or an analog microcontroller. Do you want to protect the data link or the processor? Both accomplish the same task, but have different effects on the system.

Data link security requires software overhead and often affects data speed and quality of connection service (QoS). Typical security protocols use encryption, which increases the burden of processor resources. The increased resource requirements are not consistent with those for remote sensors that perform simple tasks. Data security encryption needs frequent updates, and may affect factory output because the sensor gets the update patch offline.

Protecting the processor’s security is another way to expand with the development of the system and the increase of threats. For a multiprocessor SOC or MCM, a coprocessor can be added to perform join and security functions at a small cost. This approach isolates the process control processor (application processor), while the coprocessor provides security and manages connections. With the emergence of artificial intelligence (AI) variants in the field of neural networks, small neural networks (NN) can be used on coprocessors to provide a security barrier against unwanted intruders. Small NN can act as a remote sentry and present in different ways according to different threat levels, which is a kind of Digital Camouflage. It can also be updated on a regular basis without compromising the process controller, thus maintaining process control limits and standards. To optimize power management, you can put the sentry / communication processor in deep sleep mode when it is not in use, so that the application processor can run freely.

The current packaging technology provides a variety of options for deploying flexible MCM, with built-in security and sentinel / communication processor, analog interface to maintain the accuracy of the sensor, and application processor to keep the factory running. It can be considered as a node with simulation and Security + MCU. MCM uses the best technology for each job in the edge processor node and can be assembled from standard products.

Data security is the key to customer trust. If implemented cleverly, it can resist invasion and save castle’s cost.

Leave a Reply

Your email address will not be published.