Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems."— Presentation transcript:

1 Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems Vanderbilt University A joint work with Matthew Eby, Janos Mathe, Jan Werner, Taojun Wu, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Akos Ledeczi

2 Outline Introduction Challenge Approach Two Projects –Experiment Platform for Model-based Secure Embedded System Design –Application-Driven Testbed for Wireless Sensor Network Security Analysis and Design

3 Introduction Embedded systems –Low end: cellphones, PDAs, sensors, smartcards –High end: routers, home appliances They are –Interactive with physical world –Pervasive in our daily life –Essential for national critical infrastructure Currently embedded systems are migrating –From proprietary solutions to open standard –From standalone systems to networked environments Increasing concern of security threats in embedded systems

4 Challenge Security solutions developed in the context of desktop- based operating systems and networks –Cryptography, –Secure network protocol –Etc. Designing secure embedded systems faces unique challenges –Embedded system design is a systems-software co-design problem needs to meet cross-cutting requirements in terms of performance and physical constraints –Securing embedded systems involves more issues than what are addressed for desktop computing Resource constraint Development model and environment Applying existing security mechanisms as the additions of functional features is insufficient to secure embedded systems

5 Approach Our approach –security consideration as an integral part throughout the design process, –security design to be validated over the software and system platforms. This talk will present two experimental platforms –Plant control system –Wireless sensor network Secure embedded system design needs to be validated using the experimental platforms

6 Experimental Platform for Model-Based Secure Embedded System Design

7 Overview Model-based Approach to Embedded System Design Integrate Security into Model-based Approach Experiment Platform Architecture Demonstration System

8 Model-based Approach Models facilitate formal analysis, verification, validation and generation of embedded systems Functional Models Component Models Componentized Model Platform Model Deployment Model Generators (Interpreters) Composition Platform (e.g.: AADL) HW/SW Architecture (Windows, Linux) Source Files (e.g.: SimuLink, Hand crafted code, etc.)

9 Integrate Security into Models Generators (Interpreters) Secure Composition Platform (e.g.: AADL security extension) Hardware, OS service (e.g.: Kernel partition) Source Files (e.g.: SimuLink, Hand crafted code, etc.) Security Extension examples Role Based Access Control Secure Links Fair Exchange Functional Model Component Model Secure Componentized Model Platform Model Deployment Model Security extension Security service Secure Component Structure Model Security policy

10 Advantages Advantages to integrate security into model-based embedded system development –Introducing security at design level –Verifying required security properties using explicit security models –Consistent and automatic configuration of security services offered by the operating system –Investigating design tradeoffs between performance and security properties

11 An Example based on AADL AADL (Architectural Analysis and Design Language –SAE Aerospace Standard (AS5506) –provide a standard interface and environment for system designers to model, analyze and generate embedded system code. AADL Components AADL Metamodel

12 AADL Security Extension An example security mechanism Role-based Access Control Objects – subject to access control Operations – execution of some functions on objects Permissions – approval to perform operation on RBAC protected object Roles – job with assigned authority and responsibility Users – human being, machine, network or agent requesting operation on objects Security Extension Metamodel

13 Platform Security Service Modeling Security Service Providers OS (ex: Linux, LynxOS, WinCE) HW (ex: Space Partitioning, Memory protection) Services of different applications (ex: Web Browser Based Authentication) Partition in OS Platform Security Models with sufficient detail enable Code Generators to access Platform Specific Security Services Theoretical Security Concepts (Platform Independent) Security Requirements of a System Existing Security Solutions Provided Different Platforms Security Capabilities of a Platform Mapping between requirements and underlying capabilities ( Ideally requirements are the subset of the capabilities ) Platform Security Service Model -- Abstracts out security properties of the platform that are essential for the design flow

14 Software Architecture with Security Extension Embedded Hardware Target Real-Time Operating System AADL Runtime System Application Software Component Application Software Component Application Software Component Embedded Hardware Target Real-Time Operating System OS Security Extension App AADL Runtime System Application Software Component AADL Runtime System Application Software Component AADL Runtime System Application Software Component API AADL Execution Environment AADLExtended AADL

15 Experimental Platform Architecture 10/100BASE-T or 802.11b Plant Simulator Data Acquisition Board (DAQ) Embedded System Board Embedded System Board Embedded System Board The Data Acquisition Board interfaces plant simulation with embedded system boards The Plant Simulator acts as the physical environment in which the embedded system would run The embedded system boards run distributed control algorithms

16 Implementing Systems on Platform The experimental platform facilitates “Hardware”-in- the-Loop testing of controllers. High fidelity plant simulations behave just as the actual physical environment would. Controllers can run on various operating systems with different security designs. Code for controllers is generated based on security models for the embedded system

17 Putting things Together! 10/100BASE-T or 802.11b Plant Simulator Data Acquisition Board (DAQ) Embedded System Board Embedded System Board Embedded System Board Automatic Code Generation and Deployment Reference The process of AADL code generation

18 Results Real-Time Simulation of Three Tank Fluid Transfer System With I/O register protection only the tank control process has permission to write to I/O channels Model-Based approach can map desired security properties to underlying platform services such as POSIX capabilities (e.g. CAP_SYS_RAWIO)

19 Application-Driven Testbed for Secure Wireless Sensor Network Design

20 Dirty Bomb Detection & Localization Stadium with Sensors Deployed Google Earth Illustration of Localization System Automatic Camera Feed ~12 Static XSM Motes (positions known ) Guard moves with an XSM Mote, tracked by RIPS technology

21 Architecture Rad level servlet and camera glue code Tracking service and user interface Nextel/ Internet Mote network Camera control node (Linux) Jumbotron controller VGA to NTSC adapter Rad detector, mobile phone mote Internet

22 System Vulnerabilities Rad level servlet and camera glue code Tracking service and user interface Nextel/ Internet Mote network Camera control node (Linux) Jumbotron controller VGA to NTSC adapter Rad detector, mobile phone mote Internet Mac/Link Network Application/Service Physical Jamming Bogus tracking results Tracking command Spoofing Battery consumption attack MAC DoS Eavesdropping Packet dropping Mis-forwarding ID spoofing Forging routing Information Disclosing/modifying /replaying tracking results Sensor network vulnerabilities Traditional network/system vulnerabilities Denial of Service Attack Information disclosing/modification/replaying Address Spoofing etc..

23 Security Issues in Sensor Networks Security IssuesMechanisms Jamming Physical Mac/Link Network addressing routing forwarding MAC DoS Eavesdropping Address spoofing Forge routing information Drop/forward to wrong neighbor Release/modify content Msg Auth Code Application /Service Encryption Secure Routing Source Authentication Link Level Encryption Attach Detection User ID spoofing User Authentication

24 Peer Authentication Scheme Objective –Provide efficient, effective, and flexible peer sensor authentication Basic Idea –Symmetric-key based (SkipJack in TinySec) –Each sensor node has a different set of keys through a pre-key distribution scheme –Multiple MACs are generated for each message from a sensor node –MACs are verified at the receiver sensor using its common keys with the sender

25 A Simple Example A D B C 1 4 2 3 A D B C D C B C C I am C You are not C, since you don’t have key 3 You are not C, since you don’t have key 2 I know you are not me. Sensors A, B, C, D have different combination of overlapping keys: A: 1, 4 B: 1, 2 C: 2, 3 D: 3, 4 Sensor A pretends to be C, appends message authentication code (generated with key 1 & 4) to outgoing messages

26 Implementation and Results We implement the peer authentication scheme as a component (MultiMAC) under TinyOS (based on SkipJack in TinySec) Measurement Results –Computation time: 5.3 ms; – Verification time: < 0.1 ms, 1.3~1.4 ms or 2.5 ms, if receiver has 0, 1 or 2 keys in common with sender. Demonstration Video –Windows MediaWindows Media

27 Summary Security is an increasing concern in embedded system design Using a model-based approach, security can be considered as an integral part through design process Experiment platforms are critical to validate security designs

28 Thank you very much! Questions?

Download ppt "Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems."

Similar presentations

Operating System Structures

Operating System Structures
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Overview: Chapter 7  Sensor node platforms must contend with many issues  Energy consumption  Sensing environment  Networking  Real-time constraints.

Overview: Chapter 7  Sensor node platforms must contend with many issues  Energy consumption  Sensing environment  Networking  Real-time constraints.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.

DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.
Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.

Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Virtualization and the Cloud

Virtualization and the Cloud
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
EMBEDDED SYSTEMS G.V.P.COLLEGE OF ENGINEERING Affiliated to J.N.T.U. By By D.Ramya Deepthi D.Ramya Deepthi & V.Soujanya V.Soujanya.

EMBEDDED SYSTEMS G.V.P.COLLEGE OF ENGINEERING Affiliated to J.N.T.U. By By D.Ramya Deepthi D.Ramya Deepthi & V.Soujanya V.Soujanya.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Jaeki Song ISQS6337 JAVA Lecture 16 Other Issues in Java.

Jaeki Song ISQS6337 JAVA Lecture 16 Other Issues in Java.

Similar presentations

Ads by Google