MeSeCCS 2014 Abstracts


Full Papers
Paper Nr: 2
Title:

SPD-driven Smart Transmission Layer based on a Software Defined Radio Test Bed Architecture

Authors:

Kresimir Dabcevic, Lucio Marcenaro and Carlo S. Regazzoni

Abstract: Cognitive Radio as a technological breakthrough and enabler for concepts such as Opportunistic Spectrum Access and Dynamic Spectrum Access has so far received significant attention from the research community from a theoretical standpoint. In this work, we build upon the theoretical foundation and present an implementation of a Software Defined Radio/Cognitive Radio platform, with the feature under particular interest being the so-called Smart Transmission Layer. Smart Transmission Layer is a feature developed within the currently ongoing nSHIELD project, whose goal is establishing new paradigms for Security, Privacy and Dependability (SPD) of the future embedded systems. The role of the SPD-driven Smart Transmission Layer is providing reliable and efficient communications in critical channel conditions by using adaptive and flexible algorithms for dynamically configuring and adapting various transmission-related parameters. The implementation was done on the test bed consisting of two Secure Wideband Multi-role - Single-Channel Handheld Radios (SWAVE HH) coupled with the powerful proprietary multi-processor embedded platforms, and the corresponding auxiliaries. Several case studies were performed, namely: remote control of the radios, analysis of the installed waveforms, interference detection, and spectrum sensing using a quasi-real-time energy detector. A roadmap towards the future implementation aspects using the test bed was set.

Paper Nr: 3
Title:

A Meta-heuristically Optimized Fuzzy Approach towards Multi-metric Security Risk Assessment in Heterogeneous System of Systems

Authors:

Iñaki Eguia and Javier Del Ser

Abstract: Security measurement of complex systems is a challenging task since devices deployed over the so-called System of Systems (SoS) are extremely heterogeneous and hence imply an interoperability effort in order to enable a common resilient security measurement language. Moreover, systems demand more features beyond security concept, require to preserve privacy and claim for dependable structures in order to seek a holistic and aggregated security and safety view. This paper addresses this need by capitalizing the availability of multiple security metrics through an hybrid meta-heuristic fuzzy aggregation and composition approach that takes into account the expertise compiled by the security manager, towards the generation of visual dashboards reflecting the SPD (Security, Privacy and Dependability) risk status of the system at hand.

Paper Nr: 4
Title:

Measured Firmware Deployment for Embedded Microcontroller Platforms

Authors:

Samuel Weiser, Ronald Toegl and Johannes Winter

Abstract: While Embedded Systems are small hardware systems, much added value is often created through the inclusion of specialized firmware. One specific challenge is the secure distribution and update of application specific software. Using a Trusted Platform Module we implement measured firmware updates on a low resource embedded micro-controller platform. We show that it is feasible to ensure both, confidentiality of the update and authenticity of the device for which the update was intended. Furthermore a Trusted Boot mechanism enforces integrity checks during startup to detect malicious code before it is executed. While recent literature focuses on high-performance micro-controller systems or FPGA platforms, our proof-of-concept only requires an 8-bit low-cost off-the-shelf micro-controller.

Paper Nr: 5
Title:

ULCL - An Ultra-lightweight Cryptographic Library for Embedded Systems

Authors:

George Hatzivasilis, Apostolos Theodoridis , Elias Gasparis and Charalampos Manifavas

Abstract: The evolution of embedded systems and their applications in every daily activity, derive the development of lightweight cryptography. Widely used crypto-libraries are too large to fit on constrained devices, like sensor nodes. Also, such libraries provide redundant functionality as each lightweight and ultra-lightweight application utilizes a limited and specific set of crypto-primitives and protocols. In this paper we present the ULCL crypto-library for embedded systems. It is a compact software cryptographic library, optimized for space and performance. The library is a collection of open source ciphers (27 overall primitives). We implement a common lightweight API for utilizing all primitives and a user-friendly API for users that aren’t familiar with cryptographic applications. One of the main novelties is the configurable compilation process. A user can compile the exact set of crypto-primitives that are required to implement a lightweight application. The library is implemented in C and measurements were made on PC, BeagleBone and MemSic IRIS devices. ULCL occupies 4 – 516.7KB of code. We compare our library with other similar proposals and their suitability in different types of embedded devices.

Paper Nr: 6
Title:

Embedded Systems Security Challenges

Authors:

Konstantinos Fysarakis, George Hatzivasilis, Konstantinos Rantos, Alexandros Papanikolaou and Charalampos Manifavas

Abstract: In a world of pervasive computing, embedded systems can be found in a wide range of products and are employed in various heterogeneous domains. The abovementioned devices often need to access, store, manipulate and/or communicate sensitive or even critical information, making the security of their resources and services an important concern in their design process. These issues are further exacerbated by the resource-constrained nature of the devices, in conjunction with the ever-present need for smaller size and lower production costs. This paper aims to provide an overview of the challenges in designing secure embedded systems, covering both node hardware and software issues, as well as relevant network protocols and cryptographic algorithms. Moreover, recent advances in the field are identified, highlighting opportunities for future research.

Paper Nr: 7
Title:

MEFORMA Security Evaluation Methodology - A Case Study

Authors:

Ernő Jeges, Balázs Berkes, Balázs Kiss and Gergely Eberhardt

Abstract: Even software engineers tend to forget about the fact that the burden of the security incidents we experience today stem from defects in the code – actually bugs – committed by them. Constrained by resources, many software vendors ignore security entirely until they face an incident, or are tackling security just by focusing on the options they think to be the cheapest – which usually means post-incident patching and automatic updates. Security, however, should be applied holistically, and should be interwoven into the entire product development lifecycle. Eliminating security problems is challenging, however; while engineers have to be vigilant and find every single bug in the code to make a product secure, an attacker only has to find a single remaining vulnerability to exploit it and take control of the entire system. This is why security evaluation is so different from functional testing, and why it needs to be performed by a well-prepared security expert. In this paper we will tackle the challenge of security testing, and introduce our methodology for evaluating the security of IT products – MEFORMA was specifically created as a framework for commercial security evaluations, and has already been proven in more than 50 projects over twelve years.