Abstract
Embedded devices have permeated into our daily lives and significant day-to-day mundane tasks involve a number of embedded systems. These include smart cards, sensors in vehicles and industrial automation systems. Satisfying the requirements for trusted, reliable and secure embedded devices is more vital than ever before. This urgency is also strengthened further by the potential advent of the Internet of Things and Cyber-Physical Systems. As our reliance on these devices is increasing, the significance of potential threats should not be underestimated, especially as a number of embedded devices are built to operate in malicious environments, where they might be in the possession of an attacker. The challenge to build secure and trusted embedded devices is paramount. In this paper, we examine the security threats to embedded devices along with the associated prevention mechanisms. We also present a holistic approach to the security and trust of embedded devices, from the hardware design, reliability and trust of the runtime environment to the integrity and trustworthiness of the executing applications. The proposed protection mechanisms provide a high degree of security at a minimal computational cost. Such an agnostic view on the security and trust of the embedded devices can be pivotal in their adoption and trust acquisition from the general public and service providers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Trusted Computing Group (TCG) is the culmination of industrial efforts that included the Trusted Computing Platform Association (TCPA), Microsoft’s Palladium, later called Next Generation Computing Base (NGSCB), and Intel’s LaGrande. All of them proposed how to ascertain trust in a device’s state in a distributed environment. These efforts were combined in the TCG specification that resulted in the proposal of TPM.
References
FIPS 140–2: Security Requirements for Cryptographic Modules, May 2005. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model, Part 2: Security Functional Requirements, Part 3: Security Assurance Requirements, August 2006. http://www.commoncriteriaportal.org/thecc.html
GlobalPlatform: GlobalPlatform Card Specification, Version 2.2, March 2006
GlobalPlatform Device: GPD/STIP Specification Overview. Specification Version 2.3, GlobalPlatform, August 2007
Trusted Computing Group, TCG Specification Architecture Overview. revision 1.4, The Trusted Computing Group (TCG), Beaverton, Oregon, USA, August 2007. http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf
GlobalPlatform Device Technology: Device Application Security Management - Concepts and Description Document Specification, April 2008
ARM Security Technology: Building a Secure System using TrustZone Technology. White Paper PRD29-GENC-009492C, ARM (2009)
Java Card Platform Specification: Classic Edition; Application Programming Interface, Runtime Environment Specification, Virtual Machine Specification, Connected Edition; Runtime Environment Specification, Java Servlet Specification, Application Programming Interface, Virtual Machine Specification, Sample Structure of Application Modules, May 2009. http://java.sun.com/javacard/3.0.1/specs.jsp
GlobalPlatform Device Technology: TEE System Architecture. Specification Version 0.4, GlobalPlatform, October 2011
Inquiry into Counterfeit Electronic Parts in the Department of Defense Supply Chain. Online, September 2012. http://www.levin.senate.gov/download/?id=24b3f08d-02a3-42d0-bc75-5f673f3a8c93
Winning the Battle Against Counterfeit Semiconductor Products. Online, August 2013. http://www.semiconductors.org/clientuploads/Product
Agency, D.A.R.P.: Darpa baa06-40, a trust for integrated circuits, May 2013. https://www.fbo.gov/index?s=opportunity&mode=form&id=db4ea611cad3764814b6937fcab2180a&tab=core&_cview=1
Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 296–310 (2007)
Akram, R.N., Markantonakis, K., Mayes, K.: Firewall mechanism in a user centric smart card ownership model. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 118–132. Springer, Heidelberg (2010)
Akram, R.N., Markantonakis, K., Mayes, K.: Application-binding protocol in the user centric smart card ownership model. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 208–225. Springer, Heidelberg (2011)
Akram, R.N., Markantonakis, K., Mayes, K.: Cross-platform application sharing mechanism. In: Wang, H., Tate, S.R., Xiang, Y. (eds.) 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2011). IEEE Computer Society, Changsha, November 2011
Akram, R.N., Markantonakis, K., Mayes, K.: Building the bridges - a proposal for merging different paradigms in mobile NFC ecosystem. In: Xie, S. (ed.) The 8th International Conference on Computational Intelligence and Security (CIS 2012). IEEE Computer Society, Guangzhou, November 2012
Akram, R.N., Markantonakis, K., Mayes, K.: A secure and trusted channel protocol for the user centric smart card ownership model. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2013). IEEE Computer Society, Melbourne (2013)
Akram, R.N., Markantonakis, K., Mayes, K.: Recovering from lost digital Wallet. In: Xiang, F.G.M., Ruj, S. (eds.) The 4th IEEE International Symposium on Trust, Security, and Privacy for Emerging Applications (TSP 2013). IEEE CS, Zhangjiajie, November 2013
Akram, R.N., Markantonakis, K., Mayes, K.: Remote Attestation Mechanism based on Physical Unclonable Functions. In: Zhou, C.M., Weng, J. (eds.) The 2013 Workshop on RFID and IoT Security (RFIDsec 2013 Asia). IOS Press., Guangzhou, November 2013
Akram, R.N., Markantonakis, K., Mayes, K.: Remote attestation mechanism for user centric smart cards using pseudorandom number generators. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 151–166. Springer, Heidelberg (2013)
Allen, F.: Control flow analysis. In: Proceedings of a Symposium on Compiler Optimization, pp. 1–19. ACM, New York, July 1970. http://doi.acm.org/10.1145/800028.808479
Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Chakravarthi, S., Krishnan, A., Reddy, V., Machala, C., Krishnan, S.: A comprehensive framework for predictive modeling of negative bias temperature instability. In: 42nd Annual 2004 IEEE International Reliability Physics Symposium Proceedings, pp. 273–282 (2004)
Commerce, U.D.O.: Defense industrial base assessment: Counterfeit electronics. Technical report, Bureau of Industry and Security, Office of Technology Evaluation, January 2010. http://www.bis.doc.gov/defenseindustrialbaseprograms/osies/defmarketresearchrpts/final_counterfeit_electronics_report.pdf
Cowan, C., Pu, C., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7, SSYM 1998, pp. 5–5. USENIX Association, Berkeley (1998). http://dl.acm.org/citation.cfm?id=1267549.1267554
Éluard, M., Jensen, T.: Secure Object Flow Analysis for Java Card. In: CARDIS 2002: Proceedings of the 5th Conference on Smart Card Research and Advanced Application Conference, pp. 11–11. USENIX Association, Berkeley (2002)
Fink, A.: Markov Models for Pattern Recognition. Springer, Heidelberg (2008)
Force, D.S.B.T.: High performance microchip supply, May 2013. http://www.acq.osd.mil/dsb/reports/ADA435563.pdf
Frantzen, M., Shuey, M.: Stackghost: hardware facilitated stack protection. In: Proceedings of the 10th Conference on USENIX Security Symposium - Vol. 10. SSYM 2001, USENIX Association, Berkeley (2001). http://dl.acm.org/citation.cfm?id=1251327.1251332
Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM conference on Computer and Communications Security, CCS 2002, pp. 148–160. ACM, New York (2002)
Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), pp. 641–646. IEEE (2009)
Forney, Jr., D.F.: The Viterbi Algorithm: a personal history. CoRR abs/cs/0504020 (2005)
Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12, pp. 21–21. USENIX Association, Berkeley (2003). http://portal.acm.org/citation.cfm?id=1251353.1251374
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Koushanfar, F., Sadeghi, A.R., Seudie, H.: EDA for secure and dependable cybercars: challenges and opportunities. In: 2012 49th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 220–228 (2012)
LeCroy, T.: Teledyne LeCroy website, February 2013. http://www.teledynelecroy.com
Lieberman, J.I.: The national security aspects of the global migration of the u.s. semiconductor industry, May 2013. http://www.fas.org/irp/congress/2003_cr/s060503.html
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, 2nd edn. Addison-Wesley Longman, Amsterdam (1999)
Msgna, M., Markantonakis, K., Mayes, K.: The B-side of side channel leakage: control flow security in embedded systems. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 288–304. Springer, Heidelberg (2013)
Msgna, M., Markantonakis, K., Naccache, D., Mayes, K.: Verifying software integrity in embedded systems: a side channel approach. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 261–280. Springer, Heidelberg (2014)
Rabiner, L.: A tutorial on Hidden Markov Models and selected applications in speech recognition. Proc. IEEE 77(2), 257–286 (1989)
Rankl, W., Effing, W.: Smart Card Handbook, 3rd edn. Wiley, New York (2003)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Sere, A.A., Iguchi-Cartigny, J., Lanet, J.L.: Automatic detection of fault attack and countermeasures. In: Proceedings of the 4th Workshop on Embedded Systems Security, WESS 2009, pp. 71–77. ACM, New York (2009)
Wei, S., Nahapetian, A., Potkonjak, M.: Robust passive hardware metering. In: International Conference on Computer-Aided Design (ICCAD), 7–10 November 2011, pp. 802–809. IEEE (2011)
Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing embedded security on dual-virtual-CPU systems. IEEE Des. Test Comput. 24, 582–591 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Markantonakis, K., Akram, R.N., Msgna, M.G. (2015). Secure and Trusted Application Execution on Embedded Devices. In: Bica, I., Naccache, D., Simion, E. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2015. Lecture Notes in Computer Science(), vol 9522. Springer, Cham. https://doi.org/10.1007/978-3-319-27179-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-27179-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27178-1
Online ISBN: 978-3-319-27179-8
eBook Packages: Computer ScienceComputer Science (R0)