Why does the oscilloscope need cryptography support?
Rohde & Schwarz RTO2044 Oscilloscope with Ethernet and LXI Support
In June 2019, the non-profit LXI Consortium (LAN eXtensions for Instruments) selected GlobalSign as the “identity provider” for LXI-compliant devices, and made the proprietary IoT Identity Platform an almost integral part of the security protocol . What does this mean for the free standard LXI? And why do digital testimonials in general for measurement technology?
For starters, a few words about the LXI standard itself.
LXI standard
LXI (LAN eXtensions for Instruments) is an industry standard for instrumentation. As written on the official website , it was developed by a consortium of leading manufacturers and users of instrumentation, created in September 2004. Now it has over 50 members. The consortium includes leading companies in the industry, including the founders - Agilent Technologies and other manufacturers like Tektronix, Rohde & Schwarz, Keithley Instruments, Racal Instruments and Yokogawa.
The LXI specification is based on the well-established Ethernet standard and describes the interoperability of any LXI device, regardless of manufacturer, which removes device compatibility issues. Equipment with LXI support means high I / O speeds, the absence of racks and interface cables and modern software, which determines the effectiveness of the standard.
The official website describes the differences from their predecessors: “Unlike VXI and PXI, which are strictly limited by the size of the racks, the LXI standard contains only recommendations to adhere to IEC specifications. Modules in the width or half the width of a standard rack are convenient for placing boards and are functional without the need for racks. The LXI interface allows you to connect desktop devices to the front panel, rack-less modules without a panel, individual measuring devices, including built-in, desktop and wall. The LXI standard differs from PXI and VXI in that each module or device in the system has its own power supply, cooling, start-up system, anti-jamming and Ethernet interface. Thus, individual LXI equipment modules can be used independently of the system.
The LXI interface is a logical replacement for the GPIB interfaces. The Ethernet standard builds on the power of the computer industry and surpasses the capabilities of GPIB. The use of point-to-point packet transmission or broadcasting, combined with high data rate and flexibility in the choice of transmission medium, determine LAN as the transmission network for future devices. ”
To send event messages, the LXI standard provides special messages on the network (LXI Event Messages) over UDP (broadcast) or TCP (address) protocols. Multicast IP address 224.0.23.159 and server port 5044 are reserved for them. LXI Event Messages are divided into three groups: defined by the standard, defined by the device developer and determined by the system installer (user).
Device Identification through IoT Identity Platform
At first glance, it seems that cryptography is not related to the work of control and measuring equipment. But if you look at the big picture, the situation looks different. A modern oscilloscope or any other device no longer works offline, but connects to the network and exchanges packets from the PC as a network device. IoT devices are one of the entry points for a potential hacker attack. Under the guise of such a device, attackers can transfer arbitrary packets to a computer. Therefore, the main tasks are reliable identification of devices and ensuring the authenticity of their traffic.
Recognizing this, the LXI consortium first formed a Security Working Group to review internal policies and consider standards from other organizations such as NIST, UL CAP, IIC Industrial Internet Consortium and OWASP, which are related to cybersecurity for industrial test systems. They identified and researched potential security providers to find the right combination of technology and expertise. Finally, the working group listened to the views of the consortium members.
After research, the consortium chose GlobalSign as the “device identity provider-of-choice”. GlobalSign is responsible for protecting all LXI-compatible devices, and PKI-based IoT Identity Platform is integrated as part of the security protocol.
“For a standardization organization, choosing the right security solution was critical to maintaining our reputation for excellence and reliability,” said Steve Shink, chairman of the board of the LXI Consortium. “GlobalSign worked closely with the security working group to identify our problems, propose solutions, and then implement our vision accordingly.”
Members of the LXI Consortium produce more than 4,000 products from more than 300 families. The proposed solution protects certified equipment and web servers in the entire chain, from the production phase to deployment on the client’s network.
The solution, which provides unique identification in the network of devices that do not have a fully qualified domain name (FQDN), was developed together with a technology partnerbeame.io . He specializes in cryptographic systems for the unique identification and assignment of the necessary FQDNs, which allow initialization of device identification on each device.
IoT Identity Platform- A flexible and scalable new generation platform from GlobalSign, which allows you to manage the credentials of billions of different types of IoT devices. The IoT Identify platform supports the complete life cycle of device identification, from initial initialization (both existing devices and deployed from scratch) to continued maintenance and the final decommissioning of the IoT device or transfer of ownership of it. The system involves assigning a unique identifier to each device / endpoint in order to pass online authorization throughout the entire service life, confirming its authenticity and integrity, thereby reliably interacting with other devices, services and users.
IoT security begins with PKI
Today you have the opportunity to join many IoT developers who care about the security of their devices.
You can always contact us: info-ru@globalsign.com, +7 499 678 2210.