The cryptography working group within the Internet Engineering Task Force (IETF; Fremont, Calif.; www.ieft.org) standards organization has chosen the CPace protocol — developed by Endress + Hauser AG (Reinach, Switzerland; www.endress.com) — as a recommended method for use in internet security standards. After undergoing extensive security analyses, the CPace protocol emerged as the winner in a competition among submissions from developers at several well-known companies.
Secure access to field instruments is of the highest priority for operators across all branches of the chemical process industries (CPI). Modern plants contain hundreds or thousands of measurement and control instruments that must be accessed remotely with growing frequency. These field instruments also have to be installed, monitored or serviced on a regular basis. Secure password-based user authentication plays a special role today, especially when devices with digital interfaces are involved.
In order to utilize Bluetooth communications technology in industrial environments, security experts at Endress+Hauser identified a need for additional protection. The result was the development of a solution called CPace (composable password-authenticated connection establishment), which belongs to the class of PAKE (password-authenticated key exchange) methods. Among other things, PAKE technology is used with the German electronic ID cards as a means of largely decoupling the cryptographic security level from the length of the password. The advantage of CPace is that the processing power of even the smallest of field instruments is sufficient to provide devices, and thus the industrial systems, with the best level of protection against cyberattacks. At the same time, CPace enjoys a high degree of acceptance among users, because the desired level of security can be achieved without relying on long passwords.