New embedded S



Download 1.14 Mb.
Page1/31
Date conversion17.10.2016
Size1.14 Mb.
  1   2   3   4   5   6   7   8   9   ...   31

SPD node technologies assessment

()

Document No.



Security Classification

Date


/nSHIELD/ETH/D3.1/A

CO

31.04.2012


Project no: 269317



description: c:\users\tronol\desktop\nshield003.png
new embedded Systems arcHItecturE for multi-Layer Dependable solutions

Instrument type: Capability Project


Priority name: Embedded Systems
SPD node technologies assessment
For the

nSHIELD-project
Deliverables D3.1
Partners that have contributed to the work:
IPS Sistemi Programmabili, Eurotech Group, Italy

Integrated Systems Development, Greece

Telcred, Sweden

Swedish Institute of Computer Science, Sweden

Technical University of Crete, Greece

T2 Data AB, Sweden

Fundacíon Tecnalia Research & Innovation, Spain

University of Genova, Italy

Università di Udine, Italy

Acorde Technologies, Spain

SESM, Italy

Security Evaluation Analysis and Research Lab, Hungary

Industrial Systems Institute / ATHENA RC , Greece

THYIA Tehnologije, Slovenia



Selex Galileo, Italy

Project co-funded by the European Commission within the Seventh Framework Programme (2007-2012)

Dissemination Level

PU

Public




PP

Restricted to other programme participants (including the Commission Services)




RE

Restricted to a group specified by the consortium (including the Commission Services)




CO

Confidential, only for members of the consortium (including the Commission Services)

x



Document Authors and Approvals

Authors

Date

Signature

Name

Company

Paolo Azzoni

ETH







Stefano Gosetti

ETH







George Dramitinos

ISD







Carlo Pompili

TELC







Bharath Siva Kumar

TELC







Christian Gehrmann

SICS







Oliver Schwarz

SICS







Mudassar Aslam

SICS







Hans Thorsen

T2D







Paolo Gastaldo

UNIGE







Alessio Leoncini

UNIGE







Chiara Peretti

UNIGE







Daniele Caviglia

UNIGE







Daniele Grosso

UNIGE







Luca Noli

UNIGE







Iñaki Eguia

TECNALIA







Eider Iturbe

TECNALIA







Harry Manifavas

TUC







Alexandros Papanikolaou

TUC







Konstantinos Fysarakis

TUC







Georgios Hatzivasilis

TUC







Dimitrios Geneiatakis

TUC







Konstantinos Rantos

TUC







Lorena de Celis

AT







David Abia

AT







Antonio Abramo

UNIUD







Mirko Loghi

UNIUD







Antonio di Marzo

SESM







Antonio Bruscino

SESM







Kyriakos Stefanidis

ATHENA RC







Spase Drakul

THYIA







Gordana Mijić

THYIA







Ljiljana Mijić

THYIA







Nastja Kuzmin

THYIA







Balazs Berkes

S-LAB







Francesco Cennamo

SG







Luigi Trono

SG







Reviewed by







Name

Company



































































Approved by







Name

Company





















Applicable Documents

ID

Document

Description

[01]

TA

nSHIELD Technical Annex





















Modification History

Issue

Date

Description

Draft A

01/03/2012

First ToC

Draft B

20/03/2012

First partners contribution

Draft B v.0.2

22/03/2012

Partners contribution

Draft B v.0.3

14/04/2012

Further contribution and sections update

Prefinal v.0.4

16/04/2012

New partner contributions and integration

Final v0.5

24/04/2012

Sections update

Final v0.6

27/04/2012

Update sections: 2, 3.4.1, 3.4.2. 5

Final v0.7

28/04/2012

Update sections: 2, 3, 6

Final v0.8

29/04/2012

Update sections: 1, 3

Final v1.0

31/04/2012

Final review


Contents

1.Introduction 9

1.1The technology assessment 9

1.2Nodes definitions 10

1.3Document contents 12

2.SDR/Cognitive Enabled node 13

2.1SDR/cognitive technology foundation 13

2.2Micronode and nSHIELD node definition 14

2.3SPD Wireless Sensor Networks 15

2.4The CEN system description 16

2.4.1Pervasive Systems 16

2.4.2SDR/Cognitive functionalities for CEN systems 17

2.4.2.1SDR definitions 18

2.4.2.1.1Embedded SDR system solution 19

2.4.2.2Cognitive radio 19

2.4.2.2.1Different interpretation of SDR 20

2.4.2.2.2Types of adaptable radios 21

2.4.2.2.3Networking capabilities of CENs 22

2.4.2.2.4A SPD-WSN composed of CENs 23

2.4.3SPD considerations for CENs 23

2.5Intrinsically secure ES firmware 23

2.6Power supply protection 25

2.6.1State of the art 25

2.6.2Relationship with pSHIELD 26

2.6.3References 26

2.7Dependable and Secure Firmware 26

2.7.1References 27

3.Micro/Personal Node 27

3.1Micro Node SPDs from Related EU Projects 27

3.1.1Trusted Platform Module (TPM) 27

3.1.2Complex Programmable Logic Devices (CPLDs) 28

3.1.3Virtualization 28

3.1.4Dependability 29

3.1.5Cryptography 29

3.1.6References 29

3.2Smartcards for security services: Authentication Example in the context of nSHIELD 30

3.2.1Overview 30

3.2.2Communication with smartcards 31

3.2.3Smart card file system and data “storage” 32

3.2.4Secure services with smart cards 33

3.2.5Using smartcards for security services: Authentication Example in the context of nSHIELD 33

3.2.6References 35

3.3SPD and node power consumption 35

3.4SPD based on Face and Voice Verification 36

3.4.1Biometric Face Recognition 37

3.4.1.1Introduction 37

3.4.1.2Design of Data Set and Challenge Problem 38

3.4.1.3Description of the Data Set 39

3.4.1.4Description of Experiments 42

3.4.1.5Baseline Performance 43

3.4.1.6The Eigenface technique 47

3.4.2Voice Verification 53

3.4.2.1Description of the VD algorithm 53

3.4.2.2Evaluation of performance 54

3.4.2.3Algorithm based on Wavelet Packet Transform and Voice Activity Shape 55

3.4.2.4Algorithm based on Discrete Wavelet Transform and Teager Energy Operator 59

4.Power Node 64

4.1Power Node SPD – Surveillance and anti-tampering 64

4.1.1References 65

4.2System of Embedded System - SoES 66

4.3Power node for Avionics System 69

4.3.1Current System Configuration 70

4.3.2Distributed configuration 71

5.Dependable self-x Technologies 73

5.1Introduction 74

5.1.1Applications 74

5.1.2Literature 75

5.1.3State of the art 78

5.1.4The Wireless Sensor Network specific example 80

5.1.5Market solutions 81

5.1.6References 84

5.2Countermeasures against Distributed Denial of Service Attacks 85

5.2.1Introduction 85

5.2.2Traceback 86

5.2.3Evaluation 91

5.2.4References 92

5.3Automatic Access Control 93

5.3.1Proposed approaches 94

5.3.2Important Attributes 95

5.3.3References 96

5.4Quality of service in Embedded Systems 96

5.4.1QoS Adaptation: first approach for Self-X technologies 96

5.4.2Research projects for reconfiguration and self x technologies 97

5.4.3Self-x technologies analysis nSHIELD layers 98

5.4.4SLAs contributing to Self technologies 102

6.Cryptographic technologies 103

6.1Cryptographic Functionalities for SPD Node 103

6.1.1Symmetric and asymmetric cryptography 103

6.1.2Elliptic Curve Cryptography for CMPNs 105

6.1.3Cryptographic Technologies 105

6.1.3.1Asymmetric cryptography for low cost nodes 107

6.1.4Main Topics to be covered by Task 3.5 108

6.2Hardware and Software Crypto Technologies in Relevant EU Projects 109

6.2.1References 111

6.3Cryptography functionalities: An Overview 112

6.3.1Lightweight Cryptography (State of the Art) 112

6.3.1.1Block Ciphers 114

6.3.1.2Stream Ciphers 114

6.3.1.3Hash Functions 115

6.3.1.4Selection Criteria 115

6.3.1.5nSHIELD: proposed solutions 116

6.3.2Asymmetric Cryptography (State of the Art) 116

6.3.2.1Traditional Public Key Cryptosystems Comparison 117

6.3.2.2Alternative Public Key Cryptography (APKC) 118

6.3.3Dependable Authentic Key Distribution (State of the Art) 119

6.3.3.1The Basic Scheme 119

6.3.3.2Location-independent key distribution schemes 120

6.3.3.3Location-dependent key distribution schemes 121

6.3.3.4nSHIELD: proposed solutions 121

6.4SPDs (from pSHIELD to nSHIELD) 122

6.5Elliptic Curve Cryptography 128

6.5.1Theoretical Foundations 128

6.5.1.1Finite Fields 132

6.5.1.2Prime Fields 134

6.5.1.3Binary Fields 135

6.5.2Elliptic Curves 135

6.5.3Protocols 142

6.5.3.1ElGamal - Message Encryption 144

6.5.3.2Massey-Omura (Shamir’s no-key protocol) - Message Encryption 145

6.5.3.3KMOV - Message Encryption 145

6.5.3.4Demytko - Message Encryption 146

6.5.3.5Proxy blind signature scheme 147

6.5.3.5.1Proposed Protocol 148

6.5.3.5.2Proxy blind multi-signature scheme 149

6.5.3.5.3Security properties 149

6.5.4Implementation of Elliptic Curve Cryptosystems 150

6.5.4.1Implementation Issues 151

6.5.4.2State of the Art 152

6.5.4.3Recommended Curves: NIST 152

6.5.4.4Recommended Curves: SECG 153

6.5.5Known Attacks against Elliptic Curve Cryptosystems 157

6.5.6ECC Applications 160

6.5.6.1Smart cards 161

6.5.6.2PDAs 161

6.5.7ECC in Software Trusted Platform Module (TPM) 161

6.5.7.1SW-TPM Implementation 162

6.5.7.2Measurement results 163

6.5.7.3User applications with SW-TPM 166

6.5.8Electromagnetic analysis ECC on a PDA 167

6.5.8.1Differential analysis in the frequency domain 168

6.5.9ECC in wireless sensors 169

6.5.10Improvements in ECC for resource-constrained devices 170

6.5.10.1Key agreement protocol for mobile devices on elliptic curve cryptosystem 171

6.5.11Comparison: ECC vs. Others Alternative Cryptography for Resource-Constrained Devices 173

6.5.12Commercial Products Embedding Elliptic Curve Cryptography 176

6.5.13Hardware implementations of Elliptic Curve Cryptography 178

6.5.14nSHIELD technology challenges 178

6.6Cryptographic Key Management and the Controlled Randomness Protocol 179

6.6.1Introduction 179

6.6.2Protocol Description 180

6.6.3Advantages of CRP 181

6.7Electronic Devices for Security Applications 181

6.7.1Secure Microcontrollers 182

6.7.2External cryptographic modules 183

6.7.3Secure elements in mobility 184

6.8Trusted computing technologies 186

6.8.1Background 186

6.8.2Attacks against TPM protected platforms 187

6.8.3Scenario for secure boot 188

6.8.4Scenario for TPM as cryptographic module 188

6.8.5nSHIELD technology challenges 189

6.9Anti-tamper Technologies 189

6.10Physical Attacks and Defences 191

7.Impact on the normal behavior: 191

8.Level of physical access to the internals of the chips: 192

8.1.1Passive Attacks 192

8.1.1.1Reverse engineering of circuitry 192

8.1.1.1.1Decapsulation 192

8.1.1.1.2Deprocessing 192

8.1.1.1.3Optical Reverse Engineering 193

8.1.1.1.4Probe needles on data buses 193

8.1.1.2Side Channel Analysis 193

8.1.1.2.1Power consumption 193

8.1.1.2.2Simple Power Analysis (SPA) 194

8.1.1.2.3Differential Power Analysis (DPA) 194

8.1.1.2.4Correlation Power Analysis (CPA) 194

8.1.1.2.5Countermeasures against power analysis attacks 195

8.1.1.2.6Electromagnetic Radiation/Photo Emission Analysis 195

8.1.1.2.7Timing Analysis 196

8.1.2Active Attacks 196

8.1.2.1Attacks aiming to modify the circuit layout 196

8.1.2.1.1Focused Ion Beam (FIB) 196

8.1.2.1.2Hardware backdoors 197

8.1.2.2Physical Fault Injection Attacks 197

8.1.2.2.1Microprobing 198

8.1.2.2.2Light and X-Ray, Electromagnetic Radiation 198

8.1.2.2.3Tampering with the temperature of the chip 199

8.1.2.2.4Tampering with the external clock frequency 199

8.1.2.2.5Power Glitching 199

8.1.3Passive and Active Combined Attacks (PACA) 200

8.2Secure Hardware implementation and testing guidelines 200

8.2.1Physical protection of the chip 200

8.2.1.1Multi-layering 200

8.2.1.2Protective Layer 200

8.2.1.2.1Active Shield 201

8.2.1.2.2Passive Shield 201

8.2.1.2.3Other protection measures 201

8.2.1.3Unmarking, remarking and repackaging 201

8.2.2Obfuscating the design 202

8.2.2.1Glue logic 202

8.2.2.2Memory Encryption 202

8.2.2.3Bus scrambling 202

8.2.3Further Protection Measures 203

8.2.3.1Physically Unclonable Functions (PUF) 203

8.2.3.2Unique Chip ID 205

8.2.3.3Sensors 205

8.2.3.4Further design guidelines 206

8.2.4Risk analysis 206

8.2.4.1Preparation and scoping 207

8.2.4.2Threat modeling 207

8.2.5Testing guidelines 210

8.2.5.1Security audit 211

8.2.5.2Security testing 211

8.2.6Testing techniques 212

8.2.6.1Code review 212

8.2.6.2Penetration testing 213

8.2.6.3Manual run-time verification 213

8.2.6.4Automated security testing 213

8.3References 213

9.SPD Node independent technologies 227

9.1Authorization framework for SPD nodes 227

9.2Secure execution environment and trusted virtual domains for nano, micro and power nodes 227

9.2.1Existing technologies 228

9.2.1.1Isolation 228

9.2.1.2Monitoring and Trust 229

9.2.2The role of secure execution and trusted domains in nSHIELD 231

9.2.3References 231



Figures

Tables


Acronyms


AFR Automatic Firmware Recovery

ECC Elliptic Curve Cryptography

ESs Embedded Systems

HLR High Level Requirements

IPv4 Internet Protocol version 4

IPv6 Internet Protocol version 6

IPSec Internet Protocol Security

LPC Low Pin Count, TPM bus interface

SRS System Requirements and Specification

SNMP Simple Network Management Protocol

SOA Service-oriented Architecture

SOAP Simple Object Access Protocol

SPD Security Privacy Dependability

SPDT Security Privacy Dependability Trust

TPM Trust Platform Module

QoS Quality of Service

W3C World Wide Web Consortium

WSDL Web Services Description Language

XML Extensible Markup Language


  1   2   3   4   5   6   7   8   9   ...   31


The database is protected by copyright ©ininet.org 2016
send message

    Main page