Bosch Rexroth's ctrlX OS Cybersecurity - Certificate Management

Описание: This video explains the Certificate Management integrated in the ctrlX OS (operating system)
used with ctrlX CORE products.

We cover some basic background on certificates and then do a live demonstration of setting up a remote certificate authority to issue certificates to the ctrlX CORE. We then show you how to use a certificate to establish a trusted HTTPS connection between the ctrlX CORE and our Web browser as a client.

ctrlX OS is Cyber Resilience Act ready and certified per IEC 62443-4-2, which specifies security features and functions for individual IACS products (components).
Link: https://apps.boschrexroth.com/microsi...

Video Topics:
00:09 Introduction
00:45 Cryptography review
science of securing messages offering services
Confidentiality / Authenticity / Integrity / Non-repudiation of origin and delivery / Access control
02:14 Symmetric encryption
fast
Ceaser Cipher
AES (Advanced Encryption Standard)
04:37 Asymmetric Encryption
private key and public key via Certificate
needs more computation power
RSA (Rivest–Shamir–Adleman)
For encryption, digital signatures, key exchange
Diffie-Hellman (DH)
Specifically for key exchange (to establish a shared secret).
ECC (Elliptic Curve Cryptography)
Similar security to RSA with shorter keys, used for signatures (ECDSA) and key exchange (ECDH).
06:40 Certificates overview – digital ID card
Certificate Authority (CA)
common root of trust
provide identity verified public keys
09:05 ctrlX OS Web UI – Certificates
connection is not private because Certificate Authority in browser invalid
Settings – Security – Certificates & Keys
Certificate store: Node-RED, Data Layer, Web server, SSH, Network security, …
11:35 Establishing trusted HTTPS connection
between ctrlX CORE web server and our browser as a client
Certificate store: Web server
configure a remote certificate authority (CA)
Manage PKIs (Public Key Infrastructure)
SCEP Simple Certificate Enrolment Protocol server address and port
SCEP options for key renewal
PKCS (Public Key Cryptography Standards)
15: 39 Create new web server certificate - webserver_custom_cert.pem
ctrlX CORE stores certificates & keys on TPM2.0 chip (Trusted Platform Module)
Certificate enrollment via PKI, the SCEP server in this example
Create new key to match SCEP server - webserver_custom_key.pem
ctrlX devices require the device’s IP address under “Subject alternative name”
SSH connection to SCEP server
Useful features for a secure connection to the browser client.
Certificate renewal
Revocation list
21:18 Restart ctrlX CORE to serve new web server certificate
21:41 Install certificate authority into web browser client Google Chrome
Settings – Privacy and security – Security – Manage certificates
custom local certificate installation, import
22:49 Verify connection
Display custom web server certificate served by ctrlX CORE
Full HTTPS, TLS encrypted communication between ctrlX CORE and Google Chrome
23:26 Conclusion
Applications installed on the ctrlX Operating System
can integrate into the certificate store system
utilize the TPM 2.0 chip on the ctrlX CORE hardware
additional information and documentation at
Bosch Rexroth SDK GitHub
ctrlX Automation Community
R911411572 ctrlX OS on ctrlX DRIVEplus CORE X - Secure Configuration Manual

Visit and join the ctrlX AUTOMATION to access
https://community.boschrexroth.com/ct...
Getting Started videos
e-Learning portal with free training
Store – download ctrlX APPs
How-to – technical notes
Forum – information exchange on many topics
Device Portal – securely connect and monitor your ctrlX CORE
Docs – access the latest online documentation
Configurator – online tool to select all components and software for a ctrlX system
EPLAN Generator – get PDF and edz files of ctrlX hardware
GitHub – get access to software development kits (SDKs) and open source code
Download ctrlX software

Product documentation, go to
https://bit.ly/39Kgx64 and search for “en ctrlX”

Full playlist at:
   • ctrlX AUTOMATION