Deploying Robust IIoT Security: Hardware Trust Anchors & Infineon Solutions

As safety and reliability become paramount in IIoT deployments, the industry now demands that the highest level of trust be baked into the very silicon that powers devices.

Historically, security controls were applied at the PC or gateway level, but today the most effective defense is to embed trust anchors directly in hardware—right down to the sensors that feed data into the system.

Below we map the IIoT security landscape, beginning with chip‑level solutions that can be integrated into a wide range of devices.

Infineon
Infineon’s OPTIGA family of hardware security controllers combine secure key storage, cryptographic libraries, and integration tools in a single silicon solution. The controllers allow engineers to add robust security without overhauling their system architecture.

For lightweight authentication, the Trust B product is ideal for edge devices and “dumb” sensors that simply relay data. Its smaller cryptographic key sizes support use cases such as authenticating spare parts or batteries.

Trust E meets the security needs of feature‑rich devices that require a higher security posture. It offers a turnkey solution with an embedded OS, applet, host‑side integration support, and up to 3 kB of non‑volatile memory.

The industry’s high‑end solution is the OPTIGA Trust X. Built on elliptic‑curve cryptography (ECC) with 256‑bit keys, AES‑128, and SHA‑256 hashing, the discrete hardware security module protects data and processes through mutual authentication, secure communication, data‑store protection, lifecycle management, secure updates, and platform integrity checks. It provides up to 10 kB of user memory.

Infineon OPTIGA family of security controllers. (Source: Infineon)

Steve Hanna, senior principal engineer at Infineon, explains that Trust X is engineered for environments where the main CPU lacks full‑power capabilities, offloading asymmetric and symmetric cryptography to the chip.

Two of the world’s largest industrial equipment manufacturers now deploy Infineon’s security chips across IIoT gateways and endpoints. “Industrial IoT is a complete system, so you need to address the endpoint, the gateway, and the cloud,” Hanna said. “Our chips are designed for easy integration into both on‑premise gateways and cloud‑based architectures. The gateway is an ideal choke point to implement security without touching the edge, so our customers are integrating security chips into both gateways and endpoints.”

This article, along with “Designer’s Guide to IIoT Security,” is part of a Special Project — The Day When the Industrial IoT Gets Hacked .