
Hello everyone! Today we are going to discuss a high-end topic: the data security issues in microcontrollers and PLC systems. This is a significant problem in reality, as data security is a critical matter in the era of the Internet of Things!
What is an encryption algorithm?
First, we need to clarify what an encryption algorithm is. Simply put, an encryption algorithm scrambles the original data using mathematical formulas and rules, turning it into a string of unreadable gibberish. This prevents bad actors from spying on or altering our data. Only those who know the encryption key can revert the gibberish back to the original data. It’s like putting data in an invincible invisible cloak.
Why do microcontrollers/PLC systems need encryption?
Today’s microcontrollers and PLC systems are no longer closed small systems. They often connect with other devices and systems through networks and buses. If data is intercepted and stolen during transmission, it could lead to disastrous consequences! For instance, production data from a factory could be leaked to competitors, confidential documents could be tampered with by hackers, or even the entire system could be invaded and destroyed! Therefore, we must protect the data of microcontrollers and PLC systems, putting on an impregnable “invisible cloak”.
What types of encryption algorithms are there?
Encryption algorithms can be divided into three mainstream types: symmetric encryption, asymmetric encryption, and hash algorithms.
- Symmetric encryption algorithms: The same key is used for both encryption and decryption, such as the well-known AES algorithm. The advantage is that it is fast, suitable for microcontrollers. The disadvantage is that key distribution can be cumbersome.
- Asymmetric encryption algorithms: Different keys are used for encryption and decryption (one public key and one private key), such as the RSA algorithm. The advantage is convenient key distribution, while the disadvantage is high computational overhead and longer processing time.
- Hash algorithms: These are not used for encryption but to generate a “fingerprint” of the message. The result of a hash algorithm can verify the integrity of the data. The SHA256 algorithm is a common hash algorithm.
In fact, microcontrollers and PLC systems more commonly use symmetric encryption algorithms because they have limited resources and low computing power, which cannot handle the high computational demands of asymmetric encryption. Furthermore, for closed factory networks, key distribution is not a significant issue.
How does the AES encryption algorithm work?
AES, or Advanced Encryption Standard, is arguably the most widely used symmetric encryption algorithm today. Its working principle is to divide plaintext into small blocks and then scramble each block through a series of substitutions, shifts, and XOR operations, ultimately producing ciphertext. This process also involves a key, which interacts with the data in each round of computation.
Specifically, AES has three key lengths: 128 bits, 192 bits, and 256 bits; the longer the key, the stronger the encryption. For example, the 128-bit AES divides plaintext into 16 bytes (128 bits) data blocks and undergoes 10 rounds of iterative encryption, with each round containing a series of byte substitutions, row shifts, column mixing, and round key addition operations. Finally, a 16-byte ciphertext block is produced. During decryption, the same operations are performed in reverse order.
It is important to note that the security of the AES algorithm depends not only on the algorithm itself but also on the proper generation and management of keys. Therefore, when using AES encryption on microcontrollers or PLCs, we must pay special attention to the storage location of keys and encryption functions to prevent them from being hacked or read.
How do microcontrollers and PLCs implement AES encryption?
Now that we have discussed the principles, how can we practically apply the AES encryption algorithm in microcontrollers and PLC systems?
For microcontrollers, many mainstream platforms have AES encryption libraries provided by developers that can be directly called. For example, STM32, AVR, PIC, etc. When using them, you only need to include the header file, initialize the key, input plaintext, and call encryption and decryption functions. The core code is just a few lines, making it easy to implement.
For PLCs, AES encryption is generally implemented using instructions or function blocks provided by the PLC itself. The specific instructions may differ slightly among different PLC models, but the principles are similar. For instance, Siemens’ S7-1200 has a built-in CRYPT_CPUi instruction that can perform various modes of AES encryption operations. We just need to correctly call it in the program and pass in the key, encryption mode, and other parameters.
Of course, besides using existing libraries or instructions, if you are an expert, you can implement the AES encryption algorithm from scratch on a microcontroller/PLC using C/C++ code. However, that is indeed a significant project requiring very specialized cryptographic knowledge, which I, as a beginner, cannot handle…
What should be noted about encryption algorithms?
While using encryption algorithms to protect data security is very important, we should not be complacent!
- The security of the key is undoubtedly the most critical factor. You must safeguard the key properly to prevent it from leaking! Consider encrypting the key for storage and only decrypting it for use at runtime.
- The encryption mode must also be set appropriately. We typically use different encryption modes such as ECB, CBC, and CTR. For example, the CBC mode can enhance the security of the ciphertext.
- Performance overhead must be reasonably estimated. For resource-constrained microcontrollers or PLC systems, the CPU and memory overhead of encryption should not be overlooked.
- If you implement the encryption algorithm yourself, ensure that you check the correctness and security of the code to avoid exploitation.
Of course, in addition to using algorithms for encryption, the overall security design of our microcontrollers and PLC systems should not be ignored: network isolation, access control, security protocols, vulnerability patching… This is like putting a bulletproof vest on the entire system!
Alright, that’s all for today’s discussion on data security in microcontrollers and PLC systems. Finally, here’s an exercise for you: implement an AES-128 encryption program on your familiar microcontroller or PLC platform to encrypt a segment of ASCII plaintext data and verify whether the encryption result is correct. If you encounter any questions, feel free to reach out to me for assistance! No keychains will be given, but I wish you all great coding skills!