Televic Rail want to create secure embedded systems in Train environments. To create secure devices, every step during the complete lifecycle of the device need to be secured. This involves a secure production (producing devices), secure commissioning (customer specific installation of hardware and software in train environment), secure maintenance of devices, secure updates, secure decommissioning of devices…
To create a secure setup, a Public Key Infrastructure (PKI) for Televic Rail can help a lot. This infrastructure makes is possible to create and manage digital certificates (TLS certificates).
Examples of certificates on embedded systems which could be needed in a secure environment are:
Device certificates are certificates which need to be stored securely on embedded systems (secure storage). These certificates can guarantee - in each phase of the lifecycle of a device – to users or to other systems which are communicating with the device, it the device is a trusted device (which is produced by Televic)
Application certificates are certificates which are used by software services, for example a webserver which can provide HTTPS communication on a webinterface / REST interface, mTLS certificates between microservices on train devices
SSH certificates are application certificates used for the SSH service. This service is used for maintenance interaction (read log files, start software / firmware updates, …), based on the permissions of this user, actions can be executed on embedded systems
Software license files could be certificates which need to be available on the embedded device to start the application (license check)
User certificates are client certificates which are used to authenticate users to an application. This can be a user certificate for example for a customer, for an engineer from televic, for an external party. Based on the user certificate, certain actions/commands can be executed
The goal of this thesis would be
To do research about PKI, existing solutions
To design a complete secure certificate management system which contains
The setup of a PoC Public Key Infrastructure which can create certificates based on the requirements
A secure application in front of the PKI (remote access needed) which gives the user of the application only strict access to interact with the PKI, based on permissions (configurable)
Speciality: Security, Software, Linux
Nature of the work
Level: Master
Specialty: Embedded Software, Software
Type of work: Research: 40%, Implem.: 40%, Experim.: 20%
Location: Televic, University
Type of activities: Design, Implementation, Literature study, Programming