In networked agricultural machinery, digital identities offer new possibilities for secure communication. Trustworthy digital identities from a public key infrastructure (PKI) protect against manipulation and enable efficient lifecycle management and long-term protection against unauthorised access.
The challenge: trust in connected agriculture
Agriculture has long been digitalised. Modern agricultural machinery is connected to backend systems, evaluates operational and field data, receives over-the-air updates, and it is planned for machines from different manufacturers to communicate with each other. As in other areas of the economy, measures to increase cybersecurity are therefore necessary.
Networking significantly increases the attack surface for unauthorised access and manipulation. A key challenge is establishing a trust relationship between communication partners and the digital identity required for this. The secure approach is to use digital certificates from a public key infrastructure (PKI). This allows the trustworthiness of the communication partner to be verified, ensuring that only authorised devices can interact. Without appropriate security solutions, data can be falsified and machine functions manipulated. One example: the unauthorised remote control of agricultural machinery.
In addition, the increasing number of networked machines requires efficient lifecycle management to keep certificates and identities up to date throughout the entire period of use. Manual processes are error-prone and time-consuming. They would significantly slow down operations, as staff would be tied up with constant maintenance, failed certificate renewals or control tasks.
The solution: PKI as the basis for secure machine communication
Agricultural machinery manufacturer CLAAS, together with its IoT partner secunet Security Networks AG, has developed and built a secure and efficient PKI that helps to protect networked agricultural machinery against unauthorised access and other possible attacks. Concepts and processes were jointly defined, but the technical solution was also configured and implemented.
The CLAAS application is based on a software solution called ‘eID PKI Suite’ from secunet, which automatically generates digital identities in the form of X.509 certificates for machines. A PKI is based on asymmetric cryptography. A pair of two related keys is used: on the one hand, the so-called public key, which is accessible to everyone, and on the other hand, a private key, which is kept secret and remains on the machine. The public key encrypts data or verifies digital signatures. The private key decrypts data or generates signatures.
The ‘eID PKI Suite’ from secunet is used on-premises at CLAAS to maintain full control over the keys. The solution is based on hardware security modules that ensure the highest level of trustworthiness. During production, the PKI generates an individual certificate for each agricultural machine that is linked to the serial number. This gives it a birth certificate that uniquely confirms its identity and links the public key to the machine. This enables an exact assignment between the physical device and the digital identity, so that networked agricultural machines can communicate securely with each other and with the backend. Crucially, the suite supports standardisable processes and protocols, ensuring automation, security, scalability and transparency.
Communication and fleet management
To strengthen both secure communication and fleet management, CLAAS integrates its PKI solution into platforms such as CLAAS connect. It delivers protected data and enables analyses that allow farmers to make better decisions. The solution meets legal requirements through GDPR-compliant data collection. This enables those responsible to reliably secure precise telemetry data, GPS information, harvest data and other sensor data.
The secunet solution is suitable for many industries, such as automotive or smart metering.
The result: long-term stability and efficiency
A public key infrastructure (PKI) from secunet offers a scalable and future-proof solution for digital agriculture and other economic sectors. Machines can be reliably authenticated via the certificates from the PKI, which makes unauthorised interventions more difficult and prevents costly manipulation. The construction of a PKI with secunet consists on the one hand of the customer-specifically adaptable software solution ‘eID PKI Suite’ and on the other hand of processes and concepts.
New possibilities open up, such as the proactive provision of spare parts, more precise control of the harvest or comprehensive analyses to optimise agricultural processes, which can improve economic efficiency.
The standardisation of processes also facilitates future cross-manufacturer collaboration. In the long term, a networked ecosystem can emerge in which different machines from different manufacturers work together in a trusted manner.