Skip to main content
SpringerLink
Log in

A Security Architecture for Reconfigurable Networked Embedded Systems

  • Published:
International Journal of Wireless Information Networks Aims and scope Submit manuscript

Abstract

Nowadays, networked embedded systems (NESs) are required to be reconfigurable in order to be customizable to different operating environments and/or adaptable to changes in operating environment. However, reconfigurability acts against security as it introduces new sources of vulnerability. In this paper, we propose a security architecture that integrates, enriches and extends a component-based middleware layer with abstractions and mechanisms for secure reconfiguration and secure communication. The architecture provides a secure communication service that enforces application-specific fine-grained security policy. Furthermore, in order to support secure reconfiguration at the middleware level, the architecture provides a basic mechanism for authenticated downloading from a remote source. Finally, the architecture provides a rekeying service that performs key distribution and revocation. The architecture provides the services as a collection of middleware components that an application developer can instantiate according to the application requirements and constraints. The security architecture extends the middleware by exploiting the decoupling and encapsulation capabilities provided by components. It follows that the architecture results itself reconfigurable and can span heterogeneous devices. The security architecture has been implemented for different platforms including low-end, resource-poor ones such as Tmote Sky sensor devices.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Tarek F. Abdelzaher, Brian M. Blum, Q. Cao, Y. Chen, D. Evans, J. George, S. George, L. Gu, Tian He, S. Krishnamurthy, L. Luo, Sang Hyuk Son, Jack Stankovic, R. Stoleru, and Anthony D. Wood, Envirotrack: Towards an environmental computing paradigm for distributed sensor networks. In Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS’04), pp. 582–589, Tokyo, Japan, 23–26 March 2004.

  2. I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. Wireless sensor networks: a survey. Computer Networks, Vol. 38, No. 4, pp. 293–422, 2002.

    Article  Google Scholar 

  3. K. H. Årzén, A. Bicchi, G. Dini, S. Hailes, K. H. Johansson, J. Lygeros, and A. Tzes, A component-based approach to the design of networked control systems, European Journal of Control, Vol. 13, pp. 261–279, 2007.

    Article  Google Scholar 

  4. G. Baliga and P. Kumar, A middleware for control over networks. In Proceedings of the 44th IEEE Conference on Decision and Control, 2005.

  5. H. Chan and Adrian Perrig. Security and privacy in sensor networks, IEEE Computer, Vol. 36, No. 10, pp. 103–105, 2003.

    Google Scholar 

  6. Haowen Chan, V. D. Gligor, A. Perrig, and G. Muralidharan, On the distribution and revocation of cryptographic keys in sensor networks, IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 3, pp. 233–247, 2005.

    Article  Google Scholar 

  7. Chipcon AS, CC2420–2.4GHz IEEE 802.15.4/ZigBee-ready RF Transceiver, http://www.chipcon.com

  8. Paolo Costa, Geoff Coulson, Cecilia Mascolo, Luca Mottola, Gian Pietro Picco, and Stefanos Zachariadis, Reconfigurable component-based middleware for networked embedded systems, International Journal on Wireless Information Systems, Vol. 14, No. 2, pp. 149–162, 2007.

    Article  Google Scholar 

  9. Paolo Costa, Geoff Coulson, Cecilia Mascolo, Gian Pietro Picco, and Stefanos Zachariadis, The RUNES middleware: a reconfigurable component-based approach to networked embedded systems. In Proceedings of the 16th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC’05), Vol. 2, pp. 806–810, Berlin, Germany, 11–14 September, 2005.

  10. G. Dini and I. M. Savino, S2rp: a secure and scalable rekeying protocol for wireless sensor networks. Proceedings of the 3rd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS’06), pp. 457–466, 9–12 October 2006.

  11. A. Dunkels, B. Gronvall, and T. Voigt, Contiki – a lightweight and flexible operating system for tiny networked sensors. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN’04), pp. 455–462, Washington, DC, USA, 16–18 November 2004.

  12. Adams Dunkels, Björn Grönvall, and Thiemo Voigt, Contiki—a lightweight and flexible operating system for tiny networked sensors. In 29th Annual IEEE International Conference on Local Computer Networks (LCN’04), pp. 455–462, Tampa, FL, USA, 16–18 November 2004.

  13. P. K. Dutta, J. W. Hui, D. C. Chu, and D. E. Culler, Securing the deluge network programming system. In Proceedings of the 5th International Conference on Information Processing in Sensor Networks, pp. 326–333. ACM, 2006.

  14. Laurent Eschenauer and Virgil D. Gligor, A key-management scheme for distributed sensor networks. In CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pp. 41–47, New York, NY, USA. ACM, 2002.

  15. Chien-Liang Fok, Gruia-Catalin Roman, and Chenyang Lu, Agilla: a mobile agent middleware for self-adaptive wireless sensor networks. ACM Transactions on Autonomous and Adaptive Systems, Vol. 4, No. 3, 2009.

  16. S. Graham and P. Kumar, editors. In Proceedings of PWC 2003: Personal Wireless Communication, Vol. 2775 of Lecture Notes in Computer Science, pp. 458–475, Chapter Convergence of Control, Communication, and Computation. Springer, Berlin, 2003.

  17. J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. E. Culler, and K. Pister, System Architecture Directions for Networked Sensors. In Proceedings of the 9th Symposium on Architectural Support to Programming Languages and Operating Systems (ASPLOS’00), pp. 93–104, Cambridge, MA, USA, November, 2000.

  18. J. W. Hui and D. Culler, The dynamic behavior of a data dissemination protocol for network programming at scale. In Proceedings of the 2nd ACM Conference on Embedded Networked Sensor Systems (SenSys’04), pp. 81–94, Baltimore, MD, USA, 03–05 November 2004.

  19. Chris Karlof, Naveen Sastry, and David Wagner. Tinysec: a link layer security architecture for wireless sensor networks. In Proceedings of the 2nd ACM Conference on Embedded Networked Sensor Systems (SenSys’04), pp. 162–175, Baltimore, MD, USA, 3–5 November 2004.

  20. Philip Koopman, Embedded system security, IEEE Computer, Vol. 37, No. 7, pp. 95–97, 2004.

    MathSciNet  Google Scholar 

  21. Lamport, L., Password authentication with insecure communication, Communications of the ACM, Vol. 24, No. 11, pp. 770–772, 1981.

    Article  MathSciNet  Google Scholar 

  22. LAN/MAN Standards Committee of the IEEE Computer Society, IEEE Standard for Information technology – Telecommunications and information exchange between systems – Local and metropolitan area networks – Specific requirements – Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low Rate Wireless Personal Area Networks (LR-WPANs), September 2006, revision of 2006.

  23. P. Levis and D. E. Culler, Matè: a Tiny Virtual Machine for Sensor Networks. In Proceedings of the 10th ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), pp. 85–95, San Jose, CA, 5–9 October 2002.

  24. P. Levis, S. Madden, D. Gay, J. Polastre, R. Szewczyk, A. Woo, E. Brewer, and D. Culler, The emergence of networking abstractions and techniques in Tiny OS. In Proceedings of the 1st Symposium on Networked System Design and Implementation (NSDI’04), pp. 1–14, San Francisco, CA, USA, 2004.

  25. Donggang Liu and Peng Ning, Multilevel μtesla: broadcast authentication for distributed sensor networks, ACM Transaction on Embedded Computing Systems, Vol. 3, No. 4, pp. 800–836, 2004.

    Article  MathSciNet  Google Scholar 

  26. Ting Liu and Margaret Martonosi, Impala: a middleware system for managing autonomic, parallel sensor systems. In Proceedings of the Ninth ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP’03), San Diego, CA, USA, 11–13 June 2003.

  27. Samuel R. Madden, Michael J. Franklin, Joseph M. Hellerstein, and Wei Hong, TinyDB: an acquisitional query processing system for sensor networks, ACM Transactions on Database Systems, Vol. 30, No. 1, pp. 122–173, 2005.

    Article  Google Scholar 

  28. David J. Malan, Matt Welsh, and Michael D. Smith, Implementing public-key infrastructure for sensor networks, ACM Transactions on Sensor Networks, Vol. 4, No. 4, pp. 1–23, 2008.

    Article  Google Scholar 

  29. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, Boca Raton, 1996.

    Google Scholar 

  30. Mohammad M. Molla and Sheikh Iqbal Ahamed, A survey of middleware for sensor network and challenges. In Proccedings of 2006 International Conference on Parallel Processing—Workshops, pp. 228–233, Columbus, OH, 14–18 August 2006.

  31. Moteiv. Tmote Sky, http://www.moteiv.com.

  32. National Institute of Standards and Technology, FIPS PUB 180-1: Secure Hash Standard. National Institute for Standards and Technology, Gaithersburg, MD, USA, April 1995.

  33. National Institute of Standards and Technology (NIST), SKIPJACK and KEA Algorithm Specifications, 1998.

  34. Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and Doug J. Tygar, SPINS: security protocols for sensor networks. In Proceedings of the Seventh Annual International Conference on Mobile Computing and Networks, pp. 189–199, Rome, Italy, 16–21 July 2001.

  35. Adrian Perrig, John Stankovic, and David Wagner, Security in wireless sensor networks, Communications of the ACM, Vol. 47, No. 6, pp. 53–57, 2004.

    Article  Google Scholar 

  36. Neeli R. Prasad and Mahbubul Alam, Security framework for wireless sensor networks, Wireless Personal Communications, Vol. 37, No. 3–4, pp. 455—469, 2006.

    Article  Google Scholar 

  37. S. Ravi, A. Raghunathan, and S. T. Chakradhar, Tamper resistance mechanisms for secure, embedded systems. In VLSI Design, 605 pp. IEEE Computer Society, Washington, DC, USA, 2004.

  38. S. Ravi, A. Raghunathan, P.C. Kocher, and Hattangady S. Security in embedded systems: design challenges, ACM Transactions on Embedded Computing Systems, Vol. 3, No. 3, pp. 461–491, 2004.

  39. R. L. Rivest, The RC5 encryption algorithm. In B. Preenel, editor, Proceedings of the 2nd International Workshop on Fast Software Encryption, Vol. LNCS 1008, pp. 86–96, Leuven, Belgium. Springer, Berlin, 14–16 December 1994.

  40. Kay Römer, Oliver Kasten, and Friedemann Mattern, Middleware challenges for wireless sensor networks. Mobile Computing and Communications Review, Vol. 6, No. 4, pp. 59–61, 2002.

    Article  Google Scholar 

  41. RUNES Consortium. Reconfigurable Ubiquitous Networked Embedded Systems (RUNES), European Commission, 6th Framework Programme, contract number IST-004536, http://www.ist-runes.org

  42. Stefan Schmidt, Holger Krahn, Stefan Fischer, and Dietmar Watjen, A security architecture for mobile wireless sensor networks. In Proceedings of the European Workshop on Security in Ad-hoc and Sensor Networks (ESAS’04), pp. 166–177, Lecture Notes in Computer Science No. 3313, Heidelberg, Germany, 6 August 2004. Springer, Berlin, 2005.

  43. Hannu Sikkilä, Mikael Soini, Petri Oksa, Lauri Sydänheimo, and Markku Kivikoski, Kilavi wireless communication protocol for the building environment-security issues. In Proceedings of the IEEE Tenth International Symposium on Consumer Electronics (ISCE’06), pp. 1–6, St. Petersburg, Russia, 28 June–01 July 2006.

  44. B. Sinopoli, C. Sharp, Schenato L., S. Schaffert, and S. Sastry, Distributed control applications within sensor networks, Proceedings of the IEEE, Vol. 91, No. 8, pp. 1235–1246, 2003.

    Article  Google Scholar 

  45. Michael N. K. Soini, Jana Van Greunen, Jan M. Rabaey, and Lauri T. Sydänheimo, Beyond sensor networks: Zuma middleware. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC 2007), pp. 4318–4323, Hong Kong, 2007.

  46. Eduardo Souto, Germano Guimarães, Glauco Vasconcelos, Mardoqueu Vieira, Nelson S. Rosa, Carlos André Guimarães Ferraz, Eduardo Souto Judith Kelner, Germano Guimarães, Glauco Vasconcelos, Mardoqueu Vieira, Nelson S. Rosa, Carlos André Guimarães Ferraz, and Judith Kelner, Mires: a publish/subscribe middleware for sensor networks, Personal and Ubiquitous Computing, Vol. 10, No. 1, pp. 37–44, 2006.

  47. Miaomiao Wang, Jiannong Cao, Jing Li, and Sajal K. Das, Middleware for wireless sensor networks: a survey, Journal of Computer Science and Technology, Vol. 23, No. 3, pp. 305–326, 2008.

    Article  Google Scholar 

  48. Yang Yu, Bhaskar Krishnamachari, and Viktor K. Prasanna, Issues in designing middleware for wireless sensor networks, IEEE Network, Vol. 18, No. 1, pp. 15–21, 2004.

    Article  Google Scholar 

  49. Sencun Zhu, Sanjeev Setia, and Sushil Jajodia, Leap+: efficient security mechanisms for large-scale distributed sensor networks, ACM Transactions on Sensor Networks, Vol. 2, No. 4, pp. 500–528, 2006.

    Article  Google Scholar 

  50. Zigbee alliance website, http://www.zigbee.org/en/index.asp.

Download references

Acknowledgements

This work has been partially supported by CHAT, “Control of Heterogeneous Automation Systems: Technologies for scalability, reconfigurability and security,” funded by the European Commission under FP7 with contract number INFSO-ICT-224428; CONET, the Cooperating Objects Network of Excellence funded by the European Commission under FP7 with contract number FP7-2007-2-224053; and by Cassa di Risparmio di Pisa, Lucca e Livorno.

Author information

Authors and Affiliations

  1. Dipartimento di Ingegneria dell’Informazione: Elettronica, Informatica, Telecomunicazioni, University of Pisa, Via Diotisalvi 2, 56100, Pisa, Italy

    Gianluca Dini

  2. Divisione Difesa, Spazio e Ambiente, Elsag Datamat S.p.A., Via Laurentina 760, 00143, Rome, Italy

    Ida Maria Savino

Authors
  1. Gianluca Dini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ida Maria Savino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gianluca Dini.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dini, G., Savino, I.M. A Security Architecture for Reconfigurable Networked Embedded Systems. Int J Wireless Inf Networks 17, 11–25 (2010). https://doi.org/10.1007/s10776-010-0116-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10776-010-0116-y

Keywords

Search

Navigation