Periodic Reporting for period 1 - X5 bitworker (X5 bitworker - The Copying System for the Internet of Things and Industry 4.0)
Reporting period: 2016-12-01 to 2017-05-31
Problem/issue: Increasing digitalisation enables the settling of new features, the satisfying of (individual) customer needs (mass customisation) and competitive advantages provided by the integrated software. But it demands solutions for challenges like security issues, remote support over the product life cycle, updates and upgrades of the products. Resulting of the trends towards Industry 4.0 and Internet of Things (IoT) and the increased importance of software, production companies need error free and secure recording processes to integrate software and data carriers into the final product. They further need to protect their software against data theft, industrial spy or hacking attacks throughout the whole life cycle of the product.
Importance for society: It was proven that Internet-connected cars can be compromised, as well. That hackers can carry out any number of malicious activities, including taking control of the entertainment system, unlocking the doors or even shutting down the car in motion. Machinery only provides faulty operation, but the source of error cannot be identified and the machine owner finally has to give up, maybe even sell the whole company to a competitor. Manipulation, reproduction, misuse of remote support or unintentional access of the customer not only cause fault but may turn into threats to existence for the producing company. Security strategies that consider the production lines as well as the whole life cycle of products over long term periods are needed.
Overall objective: X-Net Technology GmbH has developed X5 bitworker (X5) as a solution for secure, simple and error-free recording of customised mass data in form of 1:1 copies to assemble data carrier containing individual data into the products and to enable unique encryption during just-in-time production and over the whole product life cycle. X5 is therefore dedicated to protect software of products and know how of companies producing this software and to secure the production of data carrier containing these software components. Further on, X5 is designed to handle the complex requirements of producing companies and considers secured communication, authentication and encryption. Combination of software and hardware components allow individualisation of security strategies and enable the production of 1:1 copies in-line or outsourced to third party manufacturers and the integration of secure life cycle management strategies.
Importance for society: It was proven that Internet-connected cars can be compromised, as well. That hackers can carry out any number of malicious activities, including taking control of the entertainment system, unlocking the doors or even shutting down the car in motion. Machinery only provides faulty operation, but the source of error cannot be identified and the machine owner finally has to give up, maybe even sell the whole company to a competitor. Manipulation, reproduction, misuse of remote support or unintentional access of the customer not only cause fault but may turn into threats to existence for the producing company. Security strategies that consider the production lines as well as the whole life cycle of products over long term periods are needed.
Overall objective: X-Net Technology GmbH has developed X5 bitworker (X5) as a solution for secure, simple and error-free recording of customised mass data in form of 1:1 copies to assemble data carrier containing individual data into the products and to enable unique encryption during just-in-time production and over the whole product life cycle. X5 is therefore dedicated to protect software of products and know how of companies producing this software and to secure the production of data carrier containing these software components. Further on, X5 is designed to handle the complex requirements of producing companies and considers secured communication, authentication and encryption. Combination of software and hardware components allow individualisation of security strategies and enable the production of 1:1 copies in-line or outsourced to third party manufacturers and the integration of secure life cycle management strategies.
Potential partner companies for distribution and support of X5 were identified in the industrial sectors manufacturer of data carrier and microcontroller and provider of on demand solutions. As know how of the market, of processes in industrial environments and of IT security are necessary and integrations of solutions have to be realised, provider of on demand solutions were contacted first. Initial negotiations took place to proof potential collaboration and a first project was identified. Further preparation is ongoing to fix this strategic cooperation for distribution and support of X5.
Economic viability was assessed through several activities: In a workshop, the strategic business fields were defined. Further on, the most relevant countries were segmented by means of 5 forces Porter analysis. According to the relevant company size, a desktop research was executed to rate and prove the identified branches and countries. Using Canvas Business Model, value proposition, customer segments and channels were identified as basis for further sales planing and to identify communication models and key partners. SWOT and competitor analysis were executed. As a result, the initial market entry, the distribution channels, the communications strategy including market awareness and the schedule for a roll-out according to the waterfall strategy were defined. A detailed sales and operations plan points out expectable revenues as well as needed skills and resources for fast market uptake.
In the marketing and sales strategy, measures to reach full commercialisation were identified. Speeches held at federation of industries, cluster initiatives and networks helped to identify requirements and to support dissemination and exploitation of X5. X5 solutions will be presented at platforms, conferences and trade fairs dealing with IT security, Industry 4.0 and IoT and automation of production. The communication strategy will focus on security for producing companies.
Within the sales planning the technological feasibility of concept was proven. The waterfall strategy for market entry was favoured over sprinkler strategy, as this enables an optimally adapted communication strategy and a standardised approach towards potential customers. Further on, growth can be handled easier as staff is continuously built up. Production and inventory strategies were achieved.
The result of the performed work is a feasibility report including a business plan, which is available on the project website of X5 bitworker.
Economic viability was assessed through several activities: In a workshop, the strategic business fields were defined. Further on, the most relevant countries were segmented by means of 5 forces Porter analysis. According to the relevant company size, a desktop research was executed to rate and prove the identified branches and countries. Using Canvas Business Model, value proposition, customer segments and channels were identified as basis for further sales planing and to identify communication models and key partners. SWOT and competitor analysis were executed. As a result, the initial market entry, the distribution channels, the communications strategy including market awareness and the schedule for a roll-out according to the waterfall strategy were defined. A detailed sales and operations plan points out expectable revenues as well as needed skills and resources for fast market uptake.
In the marketing and sales strategy, measures to reach full commercialisation were identified. Speeches held at federation of industries, cluster initiatives and networks helped to identify requirements and to support dissemination and exploitation of X5. X5 solutions will be presented at platforms, conferences and trade fairs dealing with IT security, Industry 4.0 and IoT and automation of production. The communication strategy will focus on security for producing companies.
Within the sales planning the technological feasibility of concept was proven. The waterfall strategy for market entry was favoured over sprinkler strategy, as this enables an optimally adapted communication strategy and a standardised approach towards potential customers. Further on, growth can be handled easier as staff is continuously built up. Production and inventory strategies were achieved.
The result of the performed work is a feasibility report including a business plan, which is available on the project website of X5 bitworker.
The core purpose of X5 is to provide solutions for secure, simple and error-free recording of customised mass data in form of 1:1 copies to assemble data carrier containing individual data into the products and to enable unique encryption and just in time production. During the work performed, this purpose turned out to be highly relevant for security in Industry of Things (IoT), meaning the product itself as well as the recording of the software needed for each product. Even though IoT products require security considerations, available solutions mainly consider single points of view. Encryption is e.g. standardised for a charge of products – if one gets hacked, all other products of the same charge can easily be accessed and rebuilt, too. At the same time, management fears high costs and changes of production when extensive security applications have to be installed and argues that others also use the same methods and are as insecure as the own products. They disregard that the integration of software affects not only the data itself but also the product and the production. A well-thought-out strategy for integrating data carrier in the product is needed that enables additional functionalities like the provision of product features enabled during the life cycle of the product.
X5 not only enables unique encryption for each software part of a product through the automated execution of 1:1 copies integrated in production lines. It also provides added value through protected communication and data transfer from data sources to X5 and further on to flash media. The integration of authentication scenarios for safe and unambiguous assignment affects the communication of user with a device as well as machine-to-machine communication. Open source tools for encryption and standard cryptographic algorithms are used and give necessary transparency in the functionality. Combinations of software encryption with hardware characteristics avoid copying of contents. Commandeering a large number of internet-connected devices to serve as helpers for attacks are excluded as each device would have to be hacked separately. Individual components and the necessary key to decrypt during life span of the product are developed by product owner themselves. API security is essential for protecting the integrity of data transition between devices and back-end systems to ensure that only authorised devices, developers and applications are communicating with these APIs.
X5 not only enables unique encryption for each software part of a product through the automated execution of 1:1 copies integrated in production lines. It also provides added value through protected communication and data transfer from data sources to X5 and further on to flash media. The integration of authentication scenarios for safe and unambiguous assignment affects the communication of user with a device as well as machine-to-machine communication. Open source tools for encryption and standard cryptographic algorithms are used and give necessary transparency in the functionality. Combinations of software encryption with hardware characteristics avoid copying of contents. Commandeering a large number of internet-connected devices to serve as helpers for attacks are excluded as each device would have to be hacked separately. Individual components and the necessary key to decrypt during life span of the product are developed by product owner themselves. API security is essential for protecting the integrity of data transition between devices and back-end systems to ensure that only authorised devices, developers and applications are communicating with these APIs.