Security Systems: A Flaw in the Central System

Security systems are supposed to monitor and protect property, processes and investments. They do this by using sensors:

• In optical, quasi-optical (radio, infra-red, temperature) and acoustic frequencies, 

• For Mass, 

• For physical values (e.g. speed, acceleration), 

• For chemical values (e.g. concentration) etc. 

The data gathered by the sensors are transmitted to so-called nerve centres where electronics – largely based on digital processors with freely programmable software – are interpreted. The human – as the most expensive resource – will generally only be notified when the technology has identified deviations that lie outside externally specified values.

The weakness in these systems exists in the hardware of the processors. Practically all standard makes of these hardware components are based on an architecture that has existed for around eighty years. The software that has been "stretched over" this architecture can compensate for some, but not all, of the deficiencies that adhere to these systems. Even multiple systems which monitor each other and offer each other redundancies can be "switched off" by malware attacks. The most important deficiency is the non-existent separation between instructions (for the hardware to carry out) and data (information to be worked with) in the database. The resulting muddle leads to the high success rate of hacking attempts that are being reported more and more often. These attacks usually run along these lines: instructions disguised as data are channelled into the computer over an interface (internet, modem, external drives) to be carried out by the processors.

In this field, hacking attempts could be carried out in order to:

• Provoke false alarms 

• Supress real alarms 

• Mask targeted manipulation of protected property 

• Inflict damage or 

• Cause panic. 

Even just the failure of an alarm to sound or the triggering of a false alarm must be seen as a hacking success. The level of sensor data processing at which the harmful effect is felt is irrelevant.

A new hardware architecture, which demands and supports a clean and thorough separation between the data categories that exist in the system, could remedy these issues. This is achieved by the technology described here. It prevents files or programs from being:

• "stolen" 

• "planted" or 

• Manipulated without involving the operator: 

With the help of software functions, the hardware also has the potential to curtail the data abuse, even when the authorised user is attempting it.

This hardware architecture is patented and won a prize in the "Hardware" category at the competition "INNOVATION PRIZE – IT 2015".

IT security "Made in Germany" - further information available from friedhelm.becker2@t-online.de.