Who's Copying Your Machine?

Fraunhofer AISEC Advises Companies on How to Protect Their Products and IT Services From Unlawful Attacks on Their Proprietary Rights

By Joe Feeley

A while back, I posted on our Machine Builder Forum about work done by Germany's Fraunhofer Research Institution for Applied and Integrated Security (AISEC) to protect machine and equipment builders from counterfeiters.

We've had input from the institute in previous articles, so I thought I'd go back to the source and find out what else they have to say about this. In our case, this relates mainly to the control systems and any proprietary code therein.

SEE ALSO: Eaton's Online CBA Tool Helps Identify Counterfeit Electrical Products

"Most companies have absolutely no idea just how easily their products can be copied," says Bartol Filipovic, the institution's head of the Product Protection department. Fraunhofer AISEC advises companies on how best to protect their products and IT services from unlawful attacks on their proprietary rights.

The institution says that in the world of industrial machines, there are forgeries of almost everything from housing design to instruction manuals. German machine tools are a particular target. They reinforce what most of us would agree with: The most critical elements are those that give a product its intrinsic value, such as electronic circuits and software that constitute its distinctive characteristics. This makes embedded systems with measurement, control or signal-processing functions prime targets for forgers.

So, what's the best way to protect yourself? "One option is to install cryptographic devices that encrypt the data stored within the machine," Filipovic reports. "These devices generate the corresponding decryption key based on the duration of electrical signals on the microchip. The signals emitted by other chips, even those from the same production batch, will be of a slightly different duration, rendering the key unusable."

Another option is hardwired control units. "Purpose-built chips make it extremely difficult for offenders to rip the software and run it using standard chips built into product imitations," Filipovic reports. "However, it is possible for companies to safeguard computer programs without the need for special hardware; for instance, by adopting obfuscation techniques."

AISEC says its aim is to buy companies time. "Companies that have implemented AISEC recommendations enjoy at least five to 10 years relief from attacks by counterfeiters," they say. "This time lead is crucial for companies to protect their expensive investments. The technological know-how required to manufacture industrial goods does not go out of date as quickly as that for consumer goods, making it thoroughly worthwhile for forgers to copy a machine even if it has been on the market for five years." So the premise is that forgers would be wasting their time attacking products equipped with the latest protection methods.

"I'm not aware of a single case where someone has successfully broken through our safeguards," Filipovic says.