Rohde & Schwarz RTO2044 oscilloscope with Ethernet and LXI support

In June 2019, the non-profit LXI Consortium (LAN eXtensions for Instruments) chose GlobalSign as an “identity provider” for devices compatible with the LXI standard, and the proprietary IoT Identity Platform was made almost an integral part of the security protocol. What does this mean for the free standard LXI? And why is there a digital certificate for measuring and measuring equipment?

For a start, a few words about the LXI standard itself.

LXI standard

LXI (LAN eXtensions for Instruments) is the industry standard for instrumentation. As written on the official website , it was developed by a consortium of leading manufacturers and users of test equipment, created in September 2004. Now it has more than 50 members. The consortium includes leading companies in the industry, including the founders - Agilent Technologies and other manufacturers such as Tektronix, Rohde & Schwarz, Keithley Instruments, Racal Instruments and Yokogawa.
')
The LXI specification is based on a well-established Ethernet standard and describes the interoperability of any LXI devices, regardless of manufacturer, which eliminates problems associated with device compatibility. LXI-enabled equipment includes high I / O rates, lack of crates and interface cables, and advanced software that determines the effectiveness of the standard.

The official website describes the differences from its predecessors: “Unlike VXI and PXI, which are strictly limited by the size of the crate, the LXI standard only contains recommendations to follow the IEC specifications. Modules in width or half the width of a standard rack are convenient for placing boards and are functional without the need to use crate. The LXI interface allows you to connect desktop devices with the front panel, rack modules without a panel, separate measuring devices, including built-in, desktop and wall-mounted. The LXI standard differs from PXI and VXI in that each module or device in a system has its own power supply, cooling, start-up system, noise protection, and an Ethernet interface. Thus, individual LXI hardware modules can be used independently of the system.

The LXI interface is a logical replacement for GPIB interfaces. The Ethernet standard is based on the power of the computer industry and exceeded the capabilities of GPIB. The use of point-to-point or broadbanding packet transmission in combination with a high data transfer rate and flexibility in the choice of transmission medium determine the choice of LAN as a transmission network for future devices. "

To transmit event messages, the LXI standard provides for special network messages (LXI Event Messages) over UDP (broadcast) or TCP (addressable) protocols. The multicast IP address 224.0.23.159 and the server port 5044 are reserved for them. LXI Event Messages are divided into three groups: defined by the standard, defined by the device developer, and defined by the system installer (user).

Device Identification via the IoT Identity Platform

At first glance, it seems that cryptography is not related to the work of measuring and control equipment. But if you look at the whole picture, the situation looks different. A modern oscilloscope or any other device no longer works offline, but connects to the network and exchanges packets with a PC as a network device. IoT devices are one of the entry points for a potential hacker attack. Under the guise of such a device, attackers can send arbitrary packets to a computer. Therefore, the main tasks are reliable identification of devices and ensuring authenticity of their traffic.

Recognizing this, the LXI consortium first formed a Security Working Group to review internal policies and review standards from other organizations such as NIST, UL CAP, IIC Industrial Internet Consortium, and OWASP related to cybersecurity for industrial test systems. They identified and researched potential security providers to find the right combination of technology and expertise. Finally, the working group listened to the views of the consortium members.

After research, the consortium chose GlobalSign as the “identity provider” (device identity provider-of-choice). GlobalSign is responsible for protecting all LXI-compliant devices, and the PKI-based IoT Identity Platform is integrated as part of the security protocol.

“For the standardization organization, choosing the right security solution was crucial to maintaining our reputation as excellence and reliability,” said Steve Shink, chairman of the LXI Consortium. “GlobalSign worked closely with the security working group to identify our problems, propose solutions, and then realize our vision accordingly.”

LXI Consortium members produce more than 4,000 products from more than 300 families. The proposed solution protects certified equipment and web servers in the entire chain, from the production phase to deployment in the client's network.

The solution, which provides a unique identification in the network of devices that do not have a fully qualified domain name (FQDN), was developed together with the technology partner beame.io . He specializes in cryptographic systems for unique identification and assignment of the required FQDN, which allow initialization of device identification on each device.

IoT Identity Platform is a flexible and scalable platform of the new generation from GlobalSign, which allows you to manage the credentials of billions of different types of IoT devices. The IoT Identify platform supports the full life cycle of device identification, ranging from initial initialization (both existing devices and deployable from scratch) to continuous maintenance and final decommissioning of the IoT device or transfer of ownership of it. The system assumes the assignment of a unique identifier to each device / end point in order to undergo online authorization throughout its lifetime, confirming its authenticity and integrity, thereby reliably interacting with other devices, services and users.

---

Internet of things security starts with PKI

Today you have the opportunity to join the many developers of the Internet of things that care about the security of their devices.
You can always contact us: info-ru@globalsign.com, +7 499 678 2210.