Ebook: Security and Embedded Systems

Technological advances have led to wide deployment and use of embedded systems in an increasing range of applications, from mobile phones to car, plane and spacecraft and from digital id's to military systems in the field. Many of these applications place significant security requirements and have led to significant research activity in the area of security and embedded systems, due to the limited resources of conventional embedded systems. This emerging research area is of great importance to a large number of public and private organizations, due to their desire to deploy secure embedded systems in the field.

The NATO Advanced Research Workshop on “Security and Embedded Systems” constitutes one of the first international efforts to emphasize the importance of this emerging technical field and to provide a forum for presentations and participation of leading researchers in the field. Its objectives were to present the technologies and open problems of the emerging area of security and embedded systems, to present the latest research results in all aspects of security in embedded systems, and, finally, to provide a roadmap of the technology for the future. Considering the main directions of research in the field, we organized the workshop in 3 main areas: (i) foundations of security and embedded systems, (ii) secure embedded computing systems and (iii) telecommunications and network services. The program included 23 papers, covering all main areas with strong research and tutorial contributions from a wide range of participants from industry and academia. In these proceedings, we include all papers by the contributors to the workshop.

We thank the members of the Organizing Committee of the workshop: J. Dockal (University of Defence, Czech Republic), V. Gorodetsky (Russian Academy of Sciences, Russia), J. Henkel (University of Karlsruhe, Germany) and W. Wolf (Princeton University, USA). Their contributions and participation in this effort as well as their experience have led to a very successful program for the workshop, which was enjoyed by all participants. Finally, we thank Mr. Kyriakos Stefanidis for his invaluable help and support in the organization of the workshop.

Based on the results of the workshop and the interest of the attendants, we strongly believe that this effort should be followed up by additional workshops and conferences in the future, focusing on security and embedded systems.

D.N. Serpanos, University of Patras, Greece; R. Giladi, Ben Gurion University, Israel

The information conversion method based on the nonlinear dynamic systems theory is proposed. It includes the initial open text transformation into hypersymbols of the symbolic dynamics. Under respective system states set Markov partition such an information conversion ensures strict one-to-one conformity with the initial text and can't be reduced to any traditional additive composition of information and random signals or block based encryption. The report includes a qualitative consideration of an information conversion method.

An effective method of game based dynamic analysis of disturbances in security of systems and their preservation by elaboration of optimal strategies that can meet the requirements to embedded systems is presented. The results of preliminary experiments in strengthening intrusion protection strategies by expert knowledge and arguments in conceptual strategy knowledge simulation are discussed for further applications.

In this paper, we present architectural enhancements for ensuring secure execution of programs on embedded processors. The primary motivation behind this work is that software attacks often originate from unknown vulnerabilities in trusted programs. We propose two techniques to achieve secure program execution. They include (i) hardware-assisted monitoring of a trusted program's control flow to detect deviant control flow, and (ii) hardware-assisted validation of a program's data properties that may be violated in the event of an attack. Experiments show that the proposed architecture can be very effective in preventing a wide range of security threats.

The process of performing a Side Channel Attack is generally a computationally intensive task. By employing a number of simple optimisations the data analysis phase of the attack can be greatly improved. In this paper we will describe some of these improvements and show in the context of DES when attacked using Kocher's classic DPA [1], that a 97% reduction in data processing can be achieved.

In this paper we investigate security properties like authentication and secrecy. We express a security protocol in a process algebra called Spi calculus. We describe Needham-Schroeder public key protocol in Spi, and give some results regarding its authentication and secrecy. Finally we present some verification procedures for the authentication protocols described in Spi calculus.

Development of innovative mechanisms for protection of Intellectual Property (IP) is a necessary and important activity in modern computing systems. Many parties participate in creation and distribution of protected property, such as creators, distributors, manufacturers, vendors, providers and the end-users. There have been various mechanisms for IP protection deployed already, but we need to reconsider some of them or deploy new ones, taking in advantage new trends and technologies. Embedded systems can be used as means to protect IP and implement DRM mechanisms into larger general purpose systems or into mobile consumer devices, like PDAs, mobile phones and mobile players, which are quite constrained environments. In this paper, we investigate and summarize existing methods to protect IP with the use of embedded systems.

Deeply networked systems are formed when embedded computing systems gain connectivity to each other and to larger enterprise systems. New functionality also brings new survivability challenges, including security across the embedded/enterprise interface. Addressing the needs of deeply networked system survivability is an open challenge that will require new approaches beyond those used for enterprise systems.

Watermarking is the insertion of information into a host data, for a variety of applications, including ownership identification, authentication, and to provide additional functionalities. We review here some of the recent works on multimedia watermarking, focusing on (1) watermarking binary images, (2) watermarking curves, and (3) image communication.

Multimedia systems become increasingly ambient and as such require compact, lightweight, low power etc. designs that were not major constraints in earlier desktop-based systems. At the same time, DRM (Digital Rights Management) is playing an important role in the multimedia industry and hence requires copyright protection.

In this paper we introduce our Cypress platform that is tailored to provide solutions to these issues. Specifically, the platform addresses as the first approach of its kind the combined data/code compression and their encryption in a unified architecture.

Let f(x) be a certain cryptographic function and let g, g: Im(f) → {true, false}, be an integrity test saying whether a particular value of f(x) fits into predefined integrity boundaries or not. The “Test and Repeat” paradigm is then characterized by the following pseudocode: repeat let y = f(x) until g(y) = true. On a first look, it may seem like a kind of best programming practice that can only improve overall security of the module. Especially, an architect can see it as a rather strong countermeasure against attacks based on computational faults – so called fault attacks. In this article, however, we will show that such a practice can induce particular cryptographic weaknesses. Therefore, it cannot be regarded as a general security improvement. Especially, it can even increase a vulnerability to the fault attacks. Its usage in cryptographic modules shall, therefore, undergo a proper cryptanalysis before being actually deployed.

Many papers and articles attempt to define or even quantify privacy, typically with a major focus on anonymity. We propose new means of describing (obviously only observable) characteristics of a system to reflect the role of contexts for profiling – and linking – users with actions in a system. We believe this approach should allow for evaluating privacy in large data sets.

Poorly written software can pose a serious security risk. Applications designed for embedded processors are especially vulnerable, as they tend to be written in lower-level languages for which security features such as runtime array bounds checking are typically not included. The problem is exacerbated by the fact that these potentially insecure embedded applications are widely deployed in a variety of high-risk systems such as medical devices, military equipment, and aerospace systems. These observations motivate additional research into embedded software security. In this paper, we present a compiler module and reconfigurable architecture for verifying the integrity of embedded programs. Our architecture prevents several classes of program flow attacks, as opposed to many current approaches which tend to address very specific software vulnerabilities. We demonstrate the correctness and feasibility of our approach with an FPGA-based prototype implementation that is effective in protecting applications with minimal performance overhead.

The diverse nature of European border defence is challenged by an equally diverse array of threats ranging from terrorists to drug smugglers, arms dealers, illegal explosives, and human traffickers. Moreover, political and societal developments have created a fluid security environment, where risks and vulnerabilities are more diverse and less visible. In this paper, we address the main Research & Technology initiatives at International and European Level and identify a number of research areas where innovative, technology-driven developments may provide short-term solutions. Aiming to enhance security of Greek and European citizens, HAI actively participates in a number of international forums, and invests in research activities. However, the only guaranteed way to preserve homeland security is to apply a universal, inspired, political, societal and educational programme, that will reduce the gap between countries, nations and closed, ideological groups.

Advancement in computer and communication technologies have resulted in an explosive growth in embedded systems. The market and users requirements have been rapidly changing and diversified. Under these evolving situations, the assurance to keep the continuous system operation of embedded systems is becoming more and more important. The Autonomous Decentralized System (ADS) has been proposed for resolving the on-line property to achieve the step-by-step expansion, maintenance and fault-propagation prevention for high-assurance. This architecture is effective to improve the reliability and reduce the development cost and product cycle time to market by data-driven mechanism. Moreover, the technologies have been applied in the IC card system for train fare-collection and the mobile network platform for intelligent transport service system.

In this paper, we presented vulnerabilities and countermeasures for em- bedded processors. Among all kinds of vulnerabilities and external attacks, we are most interested in power attacks, which infer program behavior from observing power supply current into an embedded processor core, are important forms of security attacks. In this work, we addressed a novel approach against the power attacks, i.e., Dynamic Voltage and Frequency Switching (DVFS). Results showed that this method hides processor state with 27% energy reduction and 16% time overhead for DES encryption and decryption algorithms. Furthermore, system leakage power, as an obstacle to power attacks in the future technology, was studied. Results showed that leakage power scaling makes the power analysis really difficult to be carried out and leaves crypto embedded processors secure without any kind of overheads.

The paper analyses state of the art in modeling and simulation of attacks against computer networks and presents authors' experience in applying multi-agent technology for attack simulation. The suggested approach for attack simulation is realized via automatic imitation of distributed computer network attacks on different levels of detail. The paper describes three attack simulation tools: Agent-Based Attack Simulator, Active Vulnerability Assessment System and Agent-Based Simulator of Distributed Denial of Service (DDoS) Attacks.

This paper describes solution of practical problem how to change CADS (Data network of Army of Czech Republic) to be utilizable for own secure video-conferencing system. The entire configuration for intranet VPNs was practically tested.

This paper presents multi-agent intrusion detection system (IDS) operating based on asynchronous data streams arriving from multiple heterogeneous sources. IDS is composed of many structured specialized classifiers each trained to detect attacks of a fixed class. Alerts produced by classifiers having the same specialization and operating in different feature representation spaces are correlated at the upper layer. The top-layer classifier solves intrusion detection task: it combines heterogeneous alerts produced at a previous layer. The paper describes IDS architecture and emphasizes the reusability of some solutions used in the developed IDS. The implemented multi-agent IDS is capable to detect three classes of attacks, DoS, Probe and U2R using input traffic.

Home and building automation systems are becoming mainstream. Homeowners and building managers can now orchestrate and monitor applications and services. These systems are based on embedded systems distributed in the building and in all the controlled devices. However, embedded systems and their interconnection infrastructure, plus the ability to communicate with these systems remotely pose a serious security threat. While viruses in a PC or cellular phone can be inconvenient, a virus or Trojan horse in building functions can become a serious problem, and even prove fatal. This paper models and analyses these systems and proposes security model and measures, based on the security components from what we term as the zPnP approach [11], to make home and building automation systems safer.

This paper describes REWARD, a novel routing algorithm for wireless sensor networks. The algorithm is adjustable and can wage counter attacks against either single black holes or teams of malicious nodes. The proposed routing technique is suitable for network nodes that can tune their transmit power. REWARD forwards packets using geographic routing. The algorithm utilizes two types of broadcast messages, MISS and SAMBA, to organize a distributed data base for detected black hole attacks. The method has different levels of security which can be set according to the local conditions. In order to determine the effectiveness of REWARD we developed ANTS, a simulation environment which models the operation of a wireless sensor network.

In this paper we report on the current status of the security of GSM (generation 2.5). We review main attacks on GSM, and present an improvement for withstanding reception errors.

Telecommunications fraud and Electronic Crime is moving from the fix networks (PSTN, ISDN) towards the mobile networks (GSM, 3G-UMTS, WiFi, WiMax, Blue-tooth, etc) and the content. Mobile phones are now becoming targets of malicious code, like the PCs are already, as of many years ago. When mobile phones are used as tools for value added services, the risk is obvious. Security countermeasures embedded in those systems are the only solution, against all those threats and risks.