Smart Chip for the IoT

Terafence has proven that cyber protection need not be based on software alone but can also come in the form of hardware: a smart chip. The result is a solution with military grade level of security at a reasonable price, meeting the cyber security requirements of devices connected to the Internet, as part of the IoT revolution

Tech development
Nimrod Erez

IMA, an Italian multinational firm, had a problem. The company, which manufactures complete production lines for processing and packaging various consumer products, mainly for the pharmaceutical industry, was not granted approval by its customers to connect its automatic machines to the Internet without installing a sufficiently strong security system. IMA's machines are used mainly for pharmaceuticals, therefore a break-in into the system, and thereby changes in its mode of operation, can have life threatening consequences. Yet, connecting to the Internet was essential for streamlining processes, improving service, and extracting the huge information stored in thousands of machines installed around the world (Industry 4.0). But the cost of the required protection, for each and every company machine, was prohibitive. IMA was looking for a solution that would be both highly effective and reasonably priced. After a global technology survey, they discovered the Israeli company, Terafence, and found out that cyber protection need not be based only on software, but can also be achieved by hardware, using a smart chip. An inquiry conducted by IMA revealed that Terafence's product had been tested from every angle and was found to be impossible to break into. IMA ordered penetration testing by 7Layes, Horizon Security, and SSE (a partner of Siemens). They challenged the chip for a long period, failed to break into it, and at the end of the testing, officially certified that the Terafence technology is immune and unbreakable. IMA could afford the product, which has a significantly lower price tag than the other cyber protection solutions. With Terafence protecting all its machines, IMA received approval from its customers to connect the machines to the Internet.

The IMA Group is just one of many customers that, in the past year, have been exposed to Terafence's innovative security products. "It all started in 2014, when I began to understand that the IoT revolution, the Internet of Things, would expand to enormous proportions. “Today we are already talking about an estimated 200 billion devices that will be connected to the Internet,” recalls company founder, Hezi Erez, who also serves as its CEO. “It is obvious that cyber security for these devices will be essential, and I mean crucial to the point of life saving at times."

Pini Huber
Pini HuberNatalie Kadosh

"A hacker may, for example, connect to the computer controlling a swimming pool, raise the concentration of hydrochloric acid in the water, and cause severe burns to everyone swimming in it," adds Pini Huber, the company's SVP for global sales. “We also realized that the required protection would not only be challenging to install, but also expensive. Everyone who is subject to regulation or is at high risk needs high-quality cyber protection, but only few can afford the high prices asked by the prominent companies on the market."

Hezi Erez
Hezi ErezAtractive

"My idea,” says Erez, “was to produce a solution that will provide military grade security at the cost of a standard sensor. This goal guided me in the direction of developing a chip that could eventually be manufactured at a cost of only a few dollars. We are definitely moving toward such a product. We developed a communication chip that allows information to be sent to the cloud, without any possibility of penetrating it. Within this framework, we are disproving two accepted truisms: one is that Internet connection is synonymous with hazard; the other is that information security is expensive.”

 The chip controls the flow of information

Terafence security technology uses a smart box that combines hardware and software. One product, MBsecure Plus, protects infrastructures installations and processes; another, Vsecure, protects security cameras. The smart unit bridges between the IoT device and its Internet connection. The solution actually interrupts the communication between the device and the Internet and instead transmits it by means of the box itself, introducing one connection for inbound information and a second, separate connection for outbound information. It differentiates the two types of data flow, so that sending information to the cloud and receiving information from it become separate operations. This allows commands to be transmitted to the device in a particularly secure manner. The company calls this method a smart air gap data flow control and claims that it provides a higher level of security than do customary firewall and data diode products. "Imagine that they improved the firewall so that now it checks by hardware the integrity of every single bit. Using a combination of an “internal data diode” technology and a unique set of rules, the Terafence device keeps out anyone who is not legit”, says Erez.

What's the trick?

"Once we burn the chip, there’s no IP address in the hardware algorithm, no MAC address, and no CPU," Huber explains. "The product is connected to the Internet but is transparent to it; the protected unit has no identification that would allow access to it. Even if the hacker somehow obtained the IP of the device he wants to hack into, he cannot use it, since his communication passes through our box, which is the tangible representation for anybody trying to reach it through the Internet. “We build into the box two virtual environments that mimic the opposite side, providing full imitation and tracking of the opposite side. Therefore, when a hacker tries to break in, he receives no answer whatsoever”. To use a metaphor, it is similar to a burglar running into a wall with no windows, no doors, and no cracks. The communication chip controls the direction of the information flow and decides how information is passed to and from the protected object, as determined by customer requirements and needs. If suspicion arises, it can disconnect the communication altogether and isolate the device. In other situations, it can decide to reverse the direction of information flow and at the same time continue to maintain first-class security. "If, for example, a fire breaks out in the factory, there’s an immediate need to operate the sprinklers. In such a case, a secure and dedicated communication is defined from the cloud or the control room to the device to allow emergency or any other operator-controlled activity," Erez explains.

MBsecureNimrod Erez

"It is important to remember that the right mix combines a maximum level of security with continuous, efficient, and safe operation of machines" Huber adds. "For cases like this, as well as others, it is also possible to define, in advance, concealed secured channels that can be activated only after identity confirmation of particularly high level, such as the dual identification that banks use."

 Secured remote control

Product development took about four years. This year, we started selling the product.  The price of the common solution is within the range of a few thousand dollars, depending on the version required. We support OEM projects, as well as installations of the type mentioned above. Terafence currently targets three markets: infrastructure, home medical equipment (telemedicine), and Industry 4.0, today's smart industry that uses robotic production lines. IoT components are present in all these devices that, by definition, must be always connected to the Internet and therefore require a strong and reliable secure connection that hackers cannot penetrate and sabotage. The main challenge is that these devices must send requests to the Internet and receive corresponding responses. This mode of operation provides an opening for hostile elements to respond in place of the entity that is expected to do so. "The very fact that you allow entry into the device means that the device is wide open, even if you have installed a firewall," Erez notes. "Our solution provides secure remote monitoring, which has the required level of protection, and at the same time, upgrade the performance of the production line with the ability to safely transfer all the required information from the numerous devices to the sophisticated analysis tools, usually residing in the cloud. The product, called a4Gate, is unique in the world, allowing connection of any online device or production line to a designated control/analysis unit. Within this framework, our challenge was to enable maintenance, information enhancement, and data reception in the cloud, without providing an opening for hacking into any of these channels."

a4Gate for Industry4.0
a4Gate for Industry4.0

Is corona a factor in the success of the product?

Erez: "The pandemic certainly boosted the need for our solution, as today there’s a better realization of the importance of connecting medical devices to the Internet and, consequently, the security issues became of prime importance. Today, in view of the spread of corona, hospitals became places of high infection potential, so physicians prefer that patients do not get there, unless there is no other alternative. It’s best that patients remain at home and have consultations online. Even if one makes a hospital appointment, it may be problematic keeping it because there is no certainty when the next shutdown will come into effect, or when restrictions will be tightened. The medical world has found remote treatment solutions, but they depend on the use of the Internet and its level of security. Here, Terafence provides a simple solution integrated with the patient's end-product. Its installation ensures that neither party is harmed by external intervention, that information is passed safely to the attending physician, and if necessary, it makes it possible to perform updates, device calibration, and the like, with maximum security. In addition, strangely enough, the corona also affects the likelihood of terrorist activity. In times of closure, a terrorist who wants to damage a certain infrastructure faces greater difficulties in carrying out a physical terrorist activity, say, near a water pump. In view of this as well as other issues, the ultimate solution today is to initiate cyber attacks remotely. This mode of action forces the entities that maintain infrastructures to protect themselves better than ever, and by now, they understand this. For example, the Jordan Valley Water Association transmits the data related to the activity of the infrastructure to the cyber center of the Ministry of Energy using our system. We equipped them with our box that enables continuous, simple, and efficient transfer of industrial data to the cyber center. The connection has been working smoothly for a year now, with zero glitches or break-ins. We are currently working on solutions that ensure continuous monitoring of toxic gas emissions for the Ministry of the Environment. In this case, the need is for safe, one-way transfer of the sensor data, without any possibility of manipulating the data or the control network."

What are your sales expectations?

Huber: "We started selling the product this year. We have sold more than 1,000 units, and there are additional orders waiting for delivery in the US, Europe, Japan, India, and elsewhere. The company works together with many distributors and integrators in Israel and worldwide. Our goal is to sell tens of thousands of units in the coming years and reach revenues of several tens of millions of dollars in the next two years. Accordingly, we are expanding and are currently recruiting new employees."