Srivaths Ravi
Anand Raghunathan
Abstract
Many modern electronic systems---including personal computers, PDAs, cell phones, network routers, smart cards, and networked sensors to name a few---need to access, store, manipulate, or communicate sensitive information, making security a serious concern in their design. Embedded systems, which account for a wide range of products from the electronics, semiconductor, telecommunications, and networking industries, face some of the most demanding security concerns---on the one hand, they are often highly resource constrained, while on the other hand, they frequently need to operate in physically insecure environments.Security has been the subject of intensive research in the context of general-purpose computing and communications systems. However, security is often misconstrued by embedded system designers as the addition of features, such as specific cryptographic algorithms and security protocols, to the system. In reality, it is a new dimension that designers should consider throughout the design process, along with other metrics such as cost, performance, and power.The challenges unique to embedded systems require new approaches to security covering all aspects of embedded system design from architecture to implementation. Security processing, which refers to the computations that must be performed in a system for the purpose of security, can easily overwhelm the computational capabilities of processors in both low- and high-end embedded systems. This challenge, which we refer to as the "security processing gap," is compounded by increases in the amounts of data manipulated and the data rates that need to be achieved. Equally daunting is the "battery gap" in battery-powered embedded systems, which is caused by the disparity between rapidly increasing energy requirements for secure operation and slow improvements in battery technology. The final challenge is the "assurance gap," which relates to the gap between functional security measures (e.g., security services, protocols, and their constituent cryptographic algorithms) and actual secure implementations. This paper provides an introduction to the challenges involved in secure embedded system design, discusses recent advances in addressing them, and identifies opportunities for future research.
- AES Algorithm (Rijndael) Information. Available at http://csrc.nist.gov/encryption/aes/rijndael.]]Google Scholar
- Anderson, R. and Kuhn, M. 1996. Tamper Resistance---A Cautionary Note. Available at http: //www.cl.cam.ac.uk/users/rja14/tamper.html.]]Google Scholar
- Anderson, R. and Kuhn, M. 1997. Low cost attacks on tamper resistant devices. In IWSP: International Workshop on Security Protocols. Lecture Notes on Computer Science. 125--136.]] Google ScholarDigital Library
- Arbaugh, A., Farber, D. J., and Smith, J. M. 1997. A secure and reliable bootstrap architecture. In Proceedings of IEEE Symposium on Security and Privacy. 65--71.]] Google ScholarDigital Library
- ARM SecurCore. Available at http://www.arm.com.]]Google Scholar
- Best, R. M. 1981. Crypto Microprocessor for Executing Enciphered Programs. U.S. patent 4,278,837.]]Google Scholar
- Blaze, M. 1993. A cryptographic file system for UNIX. In Proceedings of the ACM Conference on Computer and Communications Security. 9--16.]] Google ScholarDigital Library
- Boneh, D., DeMillo, R., and Lipton, R. 2001. On the importance of eliminating errors in cryptographic computations. Cryptology 14, 2, 101--119.]]Google ScholarDigital Library
- Burke, J., McDonald, J., and Austin, T. 2000. Architectural support for fast symmetric-key cryptography. In Proceedings of the International Conference on ASPLOS. 178--189.]] Google ScholarDigital Library
- Carman, D. W., Krus, P. S., and Matt, B. J. 2000. Constraints and Approaches for Distributed Sensor Network Security. Tech. rep. #00-010, NAI Labs, Network Associates, Inc., Glenwood, MD.]]Google Scholar
- Certicom Corp. Security Builder. Available at http://www.certicom.com/.]]Google Scholar
- Certicom and Texas Instruments Inc. 2003. Wireless Security: from the inside out. Available at http://focus.ti.com/pdfs/vf/wireless/certicom_ti_wp.pdf.]]Google Scholar
- Chess, B. 2002. Improving computer security using extended static checking. In Proceedings of the IEEE Symposium on Security and Privacy. 148--161.]] Google ScholarDigital Library
- Clarke, E. M., Jha, S., and Marrero, W. 1998. Using state space exploration and a natural deduction style message derivation engine to verify security protocols. In Proceedings of the IFIP Working Conference on Programming Concepts and Methods.]] Google ScholarDigital Library
- Computer Security Institute. 2002 Computer Crime and Security Survey. Available at http://www.gocsi.com/press/20020407.html.]]Google Scholar
- Counterpane Internet Security, Inc. Available at http://www.counterpane.com.]]Google Scholar
- Detlefs, D. L., Leino, K., Nelson, G., and Saxe, J. 1998. Extended Static Checking. Tech. rep., Systems Research Center, Compaq Inc.]]Google Scholar
- CryptocellTM. Discretix Technologies Ltd. Available at http://www.discretix.com.]]Google Scholar
- Discretix Technologies Ltd. Available at http://www.discretix.com.]]Google Scholar
- DPA PATENTS. U.S. Patents Nos. 6,278,783; 6,289,455; 6,298,442; 6,304,658; 6,327,661; 6,381,699; 6,510,518; 6,539,092; 6,640,305; and 6,654,884. Available at http://www.cryptography.com/technology/dpa/licensing.html.]]Google Scholar
- ePaynews---Mobile Commerce Statistics. Available at http://www.epaynews.com/statistics/mcommstats.html.]]Google Scholar
- FIPS PUB 140-2. Security Requirements for Cryptographic Modules. Available at http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf.]]Google Scholar
- Gentry, C. and Szydlo, M. 2002. Cryptanalysis of the revised NTRU signature scheme. In Proceedings of EUROCRYPT. 299--320.]] Google ScholarDigital Library
- Goh, E., Shacham, H., Modadugu, N., and Boneh, D. 2003. SiRiUS: Securing remote untrusted storage. In Proceedings of the ISOC Network and Distributed Systems Security (NDSS) Symposium. 131--145.]]Google Scholar
- Hess, E., Janssen, N., Meyer, B., and Schutze, T. 2000. Information leakage attacks against smart card implementations of cryptographic algorithms and countermeasures. In Proceedings of the EUROSMART Security Conference. 55--64.]]Google Scholar
- HIFN Inc. Available at http://www.hifn.com.]]Google Scholar
- Hoglund, G. and McGraw, G. 2004. Exploiting Software: How to Break Code. Pearson Higher Education.]] Google ScholarDigital Library
- Howard, M. and LeBlanc, D. 2002. Writing Secure Code. Microsoft Press.]] Google ScholarDigital Library
- IEEE Standard 802.11. LAN/MAN Standards Committee of the IEEE. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification.]]Google Scholar
- Infineon Technologies. SLE 88 family. http://www.infineon.com.]]Google Scholar
- Intel Corp. 2000. Enhancing Security Performance through IA-64 Architecture. Available at http://developer.intel.com/design/security/rsa2000/itanium.pdf.]]Google Scholar
- IPSec Working Group. Available at http://www.ietf.org/html.charters/ipsec-charter.html.]]Google Scholar
- Internet Streaming Media Alliance. Available at http://www.isma.tv/home.]]Google Scholar
- Karri, R. and Mishra, P. 2002. Minimizing energy consumption of secure wireless session with QoS constraints. In Proceedings of the International Conference on Communications. 2053--2057.]]Google Scholar
- Kelsey, J., Schneier, B., Wagner, D., and Hall, C. 1998. Side channel cryptanalysis of product ciphers. In Proceedings of the ESORICS'98. 97--110.]] Google ScholarDigital Library
- Kiriansky, V., Bruening, D., and Amarasinghe, S. 2002. Secure execution via program sheperding. In Proceedings of the 11th USENIX Security Symposium.]] Google ScholarDigital Library
- Kommerling, O. and Kuhn, M. G. 1999. Design principles for tamper-resistant smartcard processors. In Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard '99). 9--20.]] Google ScholarDigital Library
- Kocher, P., Jaffe, J., and Jun, B. 1999. Differential power analysis. Advances in Cryptology---CRYPTO'99. Lecture Notes in Computer Science, vol. 1666. Springer-Verlag, Berlin, 388--397.]] Google ScholarDigital Library
- Kocher, P., Lee, R., McGraw, G., Raghunathan, A., and Ravi, S. 2004. Security as a new dimension in embedded system design. In Proceedings of the Design Automation Conference. 753--760.]] Google ScholarDigital Library
- Kocher, P. C. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. Advances in Cryptology---CRYPTO'96. Lecture Notes in Computer Science, vol. 1109. Springer-Verlag, Berlin, 104--113.]] Google ScholarDigital Library
- Kuhn, M. 1997. The TrustNo 1 Cryptoprocessor Concept. CS555 Report, Purdue University. Available at http://www.cl.cam.ac.uk/ mgk25/.]]Google Scholar
- Lahiri, K., Raghunathan, A., and Dey, S. 2002. Battery-driven system design: A new frontier in low power design. In Proceedings of the Joint Asia and South Pacific Design Automation Conference/International Conference on VLSI Design. 261--267.]] Google ScholarDigital Library
- Lee, R. B., Shi, Z., and Yang, X. 2001. Efficient permutations for fast software cryptography. IEEE Micro 21, 6 (Dec.), 56--69.]] Google ScholarDigital Library
- Lee, R. B. 1996. Subword parallelism with Max-2. IEEE Micro 16, 4 (Aug.), 51--59.]] Google ScholarDigital Library
- Lie, D., Thekkath, C. A., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J. C., and Horowitz, M. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS). 168--177.]] Google ScholarDigital Library
- Lowe, G. 1998. Towards a completeness result for model checking of security protocols. In Proceedings of the 11th Computer Security Foundations Workshop.]] Google ScholarDigital Library
- Menezes, A. J. 1993. Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Boston, MA.]] Google ScholarDigital Library
- Messerges, T. S., Dabbish, E. A., and Sloan, R. H. 2002. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 5 (May), 541--552.]] Google ScholarDigital Library
- Mobile Electronic Transactions Ltd. 2001. MeT PTD Definition (version 1.1). Available at http://www.mobiletransaction.org/.]]Google Scholar
- SmartMIPS. Available at http://www.mips.com.]]Google Scholar
- MPEG Open Security for Embedded Systems (MOSES). Available at http://www.crl.co.uk/projects/moses/.]]Google Scholar
- Moving Picture Experts Group (MPEG). Available at http://mpeg.telecomitalialab.com.]]Google Scholar
- Necula, G. C. and Lee, P. 1996. Proof-Carrying Code. Tech. Rep. CMU-CS-96-165, Carnegie Mellon University.]]Google Scholar
- NTRU Communications and Content Security. Available at http://www.ntru.com.]]Google Scholar
- Open Mobile Alliance (OMA). Available at http://www.wapforum.org/what/technical.htm.]]Google Scholar
- OpenIPMP. http://www.openipmp.org.]]Google Scholar
- OpenSSL Project. Available at http://www.openssl.org.]]Google Scholar
- Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., and Culler, D. E. 2002. SPINS: Security protocols for sensor networks. Wireless Netw. 8, 5, 521--534.]] Google ScholarDigital Library
- PolyFuel, Inc. Available at http://www.polyfuel.com.]]Google Scholar
- Potlapally, N., Ravi, S., Raghunathan, A., and Jha, N. K. 2003. Analyzing the energy consumption of security protocols. In Proceedings of the International Symposium on Low Power Electronics & Design. 30--35.]] Google ScholarDigital Library
- Potlapally, N., Ravi, S., Raghunathan, A., and Lakshminarayana, G. 2002a. Optimizing public-key encryption for wireless clients. In Proceedings of the IEEE International Conference on Communications. 1050--1056.]]Google Scholar
- Potlapally, N., Ravi, S., Raghunathan, A., and Lakshminarayana, G. 2002b. Algorithm exploration for efficient public-key security processing on wireless handsets. In Proceedings of Design, Automation, and Test in Europe (DATE) Designers Forum. 42--46.]]Google Scholar
- Point-to-Point Protocol (PPP), RFC 1661. The Internet Engineering Task Force. Available at http://www.ietf.org/rfc/rfc1661.]]Google Scholar
- Point-to-Point Tunneling Protocol (PPTP), RFC 2637. The Internet Engineering Task Force. Available at http://www.ietf.org/rfc/rfc2637.]]Google Scholar
- Quisquater, J. J. and Samyde, D. 2002. Side channel cryptanalysis. In Proceedings of the SECI. 179--184.]]Google Scholar
- Rankl, W. and Effing, W. Smart Card Handbook. John Wiley and Sons, New York.]] Google ScholarDigital Library
- Ravi, S., Raghunathan, A., and Chakradhar, S. 2004. Tamper resistance mechanisms for secure embedded systems. In Proceedings of the International Conference on VLSI Design. 605--611.]] Google ScholarDigital Library
- Ravi, S., Raghunathan, A., Potlapally, N., and Sankaradass, M. 2002. System design methodologies for a wireless security processing platform. In Proceedings of the ACM/IEEE Design Automation Conference, 777--782.]] Google ScholarDigital Library
- Reid, P. 2003. Biometrics and Network Security. Prentice Hall PTR, Englewood Cliffs, NJ.]] Google ScholarDigital Library
- Rosing, M. 1998. Implementing Elliptic Curve Cryptography. Manning Publications Co.]] Google ScholarDigital Library
- Safenet Inc. Safenet EmbeddedIPTM. Available at http://www.safenet-inc.com.]]Google Scholar
- Schneier, B. 1996. Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley and Sons, New York.]] Google ScholarDigital Library
- SFC Smart Fuel Cell AG. Available at http://www.smartfuelcell.com.]]Google Scholar
- SSL 3.0 Specification. Available at http://wp.netscape.com/eng/ssl3/.]]Google Scholar
- Stallings, W. 1998. Cryptography and Network Security: Principles and Practice. Prentice Hall, Englewood Cliffs, NJ.]] Google ScholarDigital Library
- STMicroelectronics Inc. ST19 Smart Card Platform Family. Available at http://www.st.com.]]Google Scholar
- Suh, G. E., Clarke, D., Gassend, B., van Dijk, M., and Devadas, S. 2003. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the International Conference on Supercomputing (ICS '03). 160--171.]] Google ScholarDigital Library
- Texas Instruments Inc. OMAP Platform. Available at http://focus.ti.com/omap/docs/omaphomepage.tsp.]]Google Scholar
- TLS Working Group. Available at http://www.ietf.org/html.charters/tls-charter.html.]]Google Scholar
- U.S. Department of Commerce. 1999. The Emerging Digital Economy II. Available at http: //www.esa.doc.gov/508/esa/TheEmergingDigitalEconomyII.htm.]]Google Scholar
- WAP Forum. 2002. Wireless Application Protocol 2.0. Technical White Paper. Available from http://www.wapforum.org.]]Google Scholar
- World Wide Web Consortium. 1998. The World Wide Web Security FAQ. Available at http://www.w3.org/Security/faq/www-security-faq.html.]]Google Scholar
- York, R. 2003. A New Foundation for CPU Systems Security. ARM Limited. Available at http://www.arm.com/armtech/TrustZone?OpenDocument.]]Google Scholar
Index Terms
- Security in embedded systems: Design challenges
Recommendations
Security challenges in embedded systems
Special section on ESTIMedia'12, LCTES'11, rigorous embedded systems design, and multiprocessor system-on-chip for cyber-physical systemsEmbedded systems security is a significant requirement in emerging environments, considering the increasing deployment of embedded systems in several application domains. The large number of deployed embedded systems, their limited resources and their ...
Security as a new dimension in embedded system design
DAC '04: Proceedings of the 41st annual Design Automation ConferenceThe growing number of instances of breaches in information security in the last few years has created a compelling case for efforts towards secure electronic systems. Embedded systems, which will be ubiquitously used to capture, store, manipulate, and ...
Energy Measurement and Analysis of Security Algorithms for Embedded Systems
GREENCOM '11: Proceedings of the 2011 IEEE/ACM International Conference on Green Computing and CommunicationsEnergy and security are hot topics for real-time embedded systems. However, little traditional research consider the two factors together, which leaves a great challenge to guarantee the security of embedded applications running under battery-powered ...
Reviews
Jeff Ellis Smith
Ravi et al. present security-related challenges ("gaps"), unique to embedded system design (namely, security processing, power, tamper resistance, and assurance gaps), with associated descriptions of recent security advances, and opportunities for more research. After a brief introduction, discussing the importance and uniqueness of the embedded security challenges, an enumeration of security requirements, concepts, and design challenges are given. The heart of this paper is the section on security processing requirements and architecture, starting with a popular secure sockets layer (SSL) protocol, and processing workload example. The gap associated with state-of-the-art processing is presented with respect to secure processing architecture and battery management examples. The next "tamper resistance and assurance gap" presents an overview of both logical and physical attacks on an embedded system, covering topics such as fault induction, and timing and power analysis. Finally, two case studies are presented: the OMAP 1610 processor, addressing the security processing gap for wireless handsets, and the ARM TrustZone, for thwarting software attacks. This paper provides a good overview of some of the security issues for commercial embedded systems. The figures-covering processing requirements for SSL, energy consumption data for ciphers, and evolution of security protocols-were particularly useful in visualizing secure embedded processing trends. There are secure embedded challenges for defense systems-namely, MILS, covert channels, data separation, and so on-that would make a good complement to this paper. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments