New embedded S

Dependable and Secure Firmware

Download 1.14 Mb.
Size1.14 Mb.
1   2   3   4   5   6   7   8   9   ...   31

2.7Dependable and Secure Firmware

A secure node requires a dependable firmware which is the foundation block for a trusted node. Several mechanisms have been proposed for safeguarding integrity of a system’s software, such as applying a sequence of integrity checks, namely a chain of trust [2], during the firmware execution process where the integrity of every piece of code is checked prior to being executed. Yin proposed in [1] a multi-backup architecture where multiple copies in the form of backups of the firmware in question can be used to safeguard against modified or corrupted firmware due to malicious attacks or system failures.

The integrity of the firmware shall also be protected during upgrades or revisions typically performed for correcting flaws or for adding functionality. The process might be exploited by adversaries to poison the system with their own malicious code. A method for auditing firmware integrity is proposed in [3]. A static kernel is used for recording an “unbroken sequence of application firmware revisions installed on the system”, whereas a signed version of this audit log can be provided for attestation purposes.

Advanced security features have also been proposed to protect against firmware unauthorized access and modifications such as the host-based intrusion detection mechanism proposed in [4] in order to protect against malicious code such as rootkits [5]. A key measure in this deployment of secure mechanisms is the protection of the mechanism itself from being attacked and obsolete.

Contemporary web connected embedded systems may even become subject to advanced web-based attacks, like the cross-site scripting attack which can be used against embedded systems to poison the firmware [6]. A malicious script can be injected in the pages stored on an embedded device and, when executed, can become the vehicle to install a modified firmware on the device.


  1. H. Yin, H. Dai, and Z. Jia, Verification-based Multi-backup Firmware Architecture, an Assurance of TrustedBoot Process for the Embedded Systems, Proceedings of 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11.

  2. H. Lohr, A.-R. Sadeghi, and M. Winandy, “Patterns for secure boot and secure storage in computer systems,” International Conference on Availability, Reliability and Security, pp. 569–573, 2010.

  3. M. Lemay, CA. Gunter. “Cumulative attestation kernels for embedded systems”. 14th European Symposium on Research in Computer Security, ESORICS 2009. Lecture Notes in Computer Science 2009, LNCS (5789), pp.655-70.

  4. A. Cui, SJ. Stolfo. “Defending embedded systems with software symbiotes”. 14th International Symposium on Recent Advances in Intrusion Detection Systems. Lecture Notes in Computer Science 2011. LNCS(6961) pp.358-77.

  5. Vasisht, V.R., Lee, H.-H.S.: “Shark: Architectural support for autonomic protection against stealth by rootkit exploits”. In: MICRO, pp. 106–116. IEEE Computer Society, Los Alamitos (2008)

  6. B. Bencsáth, L. Buttyán, T. Paulik. XCS based hidden firmware modification on embedded devices. 2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011, pp.327.

3.Micro/Personal Node

3.1Micro Node SPDs from Related EU Projects

3.1.1Trusted Platform Module (TPM)

A significant area of WSN-related security research aims at utilizing TPM hardware and adapting it to the specific needs of resource constrained applications. Such a TPM-related subject is that of implementing the Direct Anonymous Attestation (DAA) scheme specified by the Trusted Computing Group (TCG). [1] provides a detailed report on the implementation of the aforementioned functionality is provided, as well as suggestions for improvements. Moreover, in [2] an anonymous authentication scheme based on an optimized version of DAA is presented, aimed at resource-constrained mobile devices. Functionality includes secure devices authentication, credential revocation as well as anonymity and non-traceability of said devices against service providers. On the subject of TPMs, research has also focused on the security extensions of mobile platforms for hosting Mobile Trusted Module (MTM) functionality. Both software-based and hardware-based MTMs are examined in [3], and respective techniques for dynamic loading of TPM commands are proposed, aiming to alleviate the performance issues arising from the security facilities of mobile platforms. In [5] the server side of Trusted Computing functionality is examined, aiming to provide anonymous and trustworthy service for users, even counteracting certain insider attacks, which the proposed scheme is able to detect.

3.1.2Complex Programmable Logic Devices (CPLDs)

Another approach to WSN node security is based on the use of low cost, low energy consumption Complex Programmable Logic Devices (CPLDs). A platform which embeds a CPLD in a standard WSN node is presented in [6], resulting in increased performance of a sensor node by a significant factor as well as a considerable reduction in power consumption. This concept is further expanded in [7] and [8] where various networking and security protocols are implemented on the aforementioned platform and real-world performance compared to existing schemes.


Virtualization is a feature that research has shown it adds to the overall security of the system, in various ways. Firstly, it seems to be a remedy for facing the severe security challenges that mobile devices have, given that they are usually targeting a completely open setup [8]. In addition, efficient virtual machines have successfully been implemented in microkernel based systems, thus enabling the reuse of arbitrary operating systems [9]. The overhead imposed on the kernel growth was rather marginal and the overall performance was found to be similar to other virtual machine implementations. An analysis on how and to which degree recent x86 virtualization extensions can influence the response times of a real-time operating system that hosts virtual machines was performed in [10]. In [11] it was shown that a thin and rather simple virtualization layer can add to the overall system’s security, as it provides fewer options for attack to a potential adversary. What is more, this approach was found to exhibit significantly better performance, compared to contemporary full virtualization environments. Finally, regarding the way virtual machines should be implemented, it is claimed in [12] that their construction should follow the principle of incremental complexity growth. Namely, additional functionality should not be included in the trusted computing base of a component if the benefits it offers are less than the drawbacks due to larger risk for introduced bugs and errors. Such an approach can be efficiently implemented and it was able to achieve high throughput and good real-time performance.


Embedded systems exhibit a significant number of soft errors, the correction of which imposes equally significant hardware and real-time overhead. For improving embedded systems’ dependability, the authors of [13] proposed an approach for classifying errors according to their relevance and the impact of their correction to the system that exploited application knowledge. As a result, the imposed correction overhead was reduced.


An overview of the time and energy overhead that popular cryptographic primitives impose on various popular types of wireless sensor nodes is presented in [1]. Whenever strong encryption is required or rather resource-constrained devices, elliptic-curve cryptography (ECC) is always a strong candidate. In [14] the finite fields are being investigated for suitability for performing ECC on the ATmega128 microcontroller and it turns out that binary fields are most preferable when efficient implementations are required.

An interesting security scheme for WSN that provides transparent security is proposed in [15]. This scheme is effectively a lightweight CBC-X mode cipher that is able to provide encryption/decryption and authentication all in one. Consequently, it exhibits significant energy gains of about 50-60%, compared to TinySec.


  1. P. Trakadas, Th. Zahariadis, H.C. Leligou, S. Voliotis, “Analyzing Energy and Time Overhead of Security Mechanisms in Wireless Sensor Networks,” 15th International Conference on Systems, Signals and Image Processing (IWSSIP 2008), Bratislava, Slovak Republic, June 25-28, 2008.

  1. K. Dietrich, J. Winter, G. Luzhnica and S. Podesser – “Implementation Aspects of Anonymous Credential Systems for Mobile Trusted Platforms” - CMS 2011,Oct 19-21, 2011 Ghent, Belgium.

  2. L. Chen, K. Dietrich, H. Löhr, A-R. Sadeghi, . Wachsmann, J. Winter - "Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices" - Accepted for the 13th Communications Security Conference (ISC 2010), October 25-28, 2010, Boca Raton, Florida, USA.

  3. K. Dietrich, J. Winter - "Towards Customizable, Application Specific Mobile Trusted Modules" - Accepted for the fifth Annual Workshop on Scalable Trusted Computing (ACM CCS STC), Oct. 4-8, 2010, Chicago, USA.

  4. A. Böttcher, B. Kauer and H. Härtig, “Trusted Computing Serving an Anonymity Service”, Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications, March 2008.

  5. P. Christou, K. Kyriakoulakos, E. Sotiriadis, K. Papadopoulos, G-G. Mplemenos and I. Papaefstathiou, "Low-Power Security Modules optimized for WSNs", 16th International Workshop on Systems, Signals and Image Processing (IWSSIP), Chalkida Greece, June 2009.

  6. G-G. Mplemenos, P. Christou and I. Papaefstathiou, “Using Reconfigurable Hardware Devices in WSNs for Accelerating and Reducing the Power Consumption of Header Processing Tasks” IEEE Advanced Network and Telecommunication Systems (ANTS), India, 14-16 December 2009.

  7. G-G. Mplemenos, K. Papadopoulos, A. Brokalakis, G. Chrysos, E. Sotiriades, I. Papaefstathiou, “RESENSE: Reconfigurable WSN Nodes”, The Second Wireless Sensing Showcase (WiSiG Showcase 09), National Physical Laboratory, July 2009, London, UK.

  8. Jörg Brakensiek, Axel Dröge, Martin Botteck, Hermann Härtig, Adam Lackorzynski, “Virtualization as an enabler for Security in Mobile Devices”, IIES '08 Proceedings of the 1st workshop on Isolation and integration in embedded systems, April 2008.

  9. Michael Peter, Henning Schild, Adam Lackorzynski, Alexander Warg, “Virtual Machines Jailed – Virtualization in Systems with Small Trusted Computing Bases”, Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems, March 2009.

  10. H. Schild, A. Lackorzynski, and A. Warg, “Faithful Virtualization on a Real-Time Operating System”, Proceedings of the Eleventh Real-Time Linux Workshop, pages 237–243, Dresden, Germany, 2009.

  11. Udo Steinberg and Bernhard Kauer, “NOVA: A Microhypervisor-Based Secure Virtualization Architecture”, Proceedings of the 5th European conference on Computer systems (EuroSys '10), 2010.

  12. S. Liebergeld, M. Peter, and A. Lackorzynski, “Towards Modular Security-Conscious Virtual Machines”, Proceedings of Twelfth Real-Time Linux Workshop, Nairobi, Kenya, October 2010.

  13. Andreas Heinig, Michael Engel, Florian Schmoll, and Peter Marwedel, “Using application knowledge to improve embedded systems dependability”, In Proceedings of the Workshop on Hot Topics in System Dependability (HotDep 2010), Vancouver, Canada, October 2010. USENIX Association.

  14. Anton Kargl and Stefan Pyka and Hermann Seuschek, “Fast Arithmetic on ATmega128 for Elliptic Curve Cryptography”, IACR Cryptology ePrint Archive, 2008.

  15. Shiqun Li, Tieyan Li, Xinkai Wang, Jianying Zhou and Kefei Chen, "Efficient Link Layer Security Scheme for Wireless Sensor Networks", Journal of Information And Computational Science, Vol.4, No.2,pp. 553-567, June 2007.

Download 1.14 Mb.

Share with your friends:
1   2   3   4   5   6   7   8   9   ...   31

The database is protected by copyright © 2024
send message

    Main page