TUM Logo

Evaluation of Secure Zero Touch Provisioning for Industrial Bootstrapping

Evaluation of Secure Zero Touch Provisioning for Industrial Bootstrapping

Supervisor(s): Sebastian Peters, Adrian Reuter
Status: inprogress
Topic: Others
Author: Pedram Fardzadeh
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Master Thesis, (Bachelor Thesis)

Evaluation of Secure Zero Touch Provisioning for Industrial Bootstrapping

Motivation and Task
Assume you ship 1000 networked devices to your customer’s production facility. How do you securely
provide them with individual configurations and certificates within the customer’s PKI? A solution
concept to avoid excessive manual intervention is called secure bootstrapping.
The Secure Zero Touch Provisioning (SZTP) protocol is such a method for securely deploying and
configuring network devices. Its usage so far is focusing rather on the IT networking industry. This
thesis will evaluate its application for industrial environments and production systems (OT/IIoT/IACS).
This includes the setup of an SZTP testbed, either at the industrial production line at Fraunhofer
AISEC or in a separate network with test devices. The testbed will allow for security testing of the
implementation, evaluating its maturity status and conformity with security considerations from RFC
8572 (and partially RFC 8995, RFC 8366, IEEE 802.1AR, and other SotA recommendations from
literature). The protocol’s features and restrictions shall further be evaluated against the requirements
of the industrial cyber-security standard ISA/IEC 62443. A comparison to an existing similar setup
involving the competitor protocol BRSKI (Bootstrapping Remote Secure Key Infrastructures) shall be
drawn. Finally, SZTPs suitability as a bootstrapping solution for industrial environments is concluded.
Keywords: PKI, X.509, 802.1AR, SZTP, ISA/IEC 62443, BRSKI, OT, IIoT, IACS


Prerequisites
The following list of prerequisites is neither complete nor binding but shall give you an impression of
the expertise required for the topic:


• Self-initiative and the ability to work systematically and in a self-directed way
• Knowledge of IT security, ideally experience with PKIs
• Programming experience, e.g., Python, Go; on environments like Raspberry Pi, etc.
• First experiences with (the security of) automated and interconnected industrial environments


would be ideal but are not a must.

Please attach a current grade sheet and CV to your application so that we can assess your
qualification.


Contact

Adrian Reuter,  Sebastian N. Peters

E-Mail: adrian.reuter@aisec.fraunhofer.de

E-Mail: sebastian.peters@aisec.fraunhofer.de


Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security
Lichtenbergstraße 11, 85748 Garching near Munich, Germany
https://www.aisec.fraunhofer.de