Multi-Agent Based Software Licensing Model for

Multi-Agent Based Software Licensing Model for Embedded Systems Goran Horvat, Damir Šoštarić and Drago Žagar Department of Communications Faculty of Electrical Engineering, J. J. Strossmayer University of Osijek Kneza Trpimira 2b, 31000 Osijek, Croatia {goran.horvat,damir.sostaric,drago.zagar}@etfos.hr

Abstract. Recent growth of the embedded system industry, both in size and complexity, resulted in numerous advantages for the consumer equipment and a few problems for the system designers. One of the problems is the software licensing problem in complex embedded systems. The fact that today’s embedded systems are evolved into fairly large and complex systems presents the need to effectively manage the embedded software functionality, without the need to recompile and rewrite the firmware components. This problem can be avoided by using fully functional software accompanied by a licensing agent to enforce the license permissions granted to an end user. The licensing agent enforces the permissions stored in encrypted license file located on a Secure Digital memory data card. Another advantage is the fact that the permissions can be updated remotely using a license distribution agent located at the manufacturer’s server and uploaded through Ethernet or Internet. Licensing agents applied to various embedded systems have the ability to communicate with other licensing agents and license distribution agent in order to exchange and verify supplied licenses. This paper proposes the software licensing agent model and implements the licensing agent in the existing laboratory based embedded system. Keywords: embedded system, software licensing, licensing agent, XTEA, encryption, license distribution.

1

Introduction

An embedded system refers to a specialized computer system that focuses on application, software and hardware customization and strict requirement in terms of functionality, reliability, cost effectiveness and volume and power efficiency. According to [1], semiconductor and embedded industry is projected to bloom from $3.25 billion in 2005 to $43.7 billion by 2015. With such attractive growth statistics, the field of embedded systems presents an interesting area of research. In today consumer equipment embedded systems have evolved into fairly large and multipurpose devices that incorporate versatile functions [2]. This evolution presents another problem to the embedded system designers: how to offer a customized embedded system to the end user without the need for additional firmware customizaadfa, p. 1, 2011. © Springer-Verlag Berlin Heidelberg 2011

tion, which presents a costly solution for the end user (since the entire firmware has to be rewritten). A more elegant and cost effective solution is the design of fully functionally embedded system, while dynamically managing and delivering functionality according to the user requirements. This feature enables the user to dynamically expand or reduce the functionality by the means of a single license file. In order to effectively monitor and manage the systems functionality on the fly, this paper proposes the use of a multi-agent architecture. The idea is to integrate licensing agents into embedded systems in order to monitor all license limitation and permissions. The agent observes the embedded system and acts upon the permissions and restrictions stored in a license file. The licensing agent interacts with other licensing agents in the vicinity throughout Ethernet commutation in order to verify the integrity of a license file and to acquire new licenses. When a license update is due, the license distribution agent situated on the manufacturer server distributes the licenses to the licensing agents in embedded systems thorough Ethernet LAN and/or Internet connection. Licensing agents have the ability to interact with each other in order to verify the integrity of the license files and to assure the distribution of the license files to all licensing agents. The license distribution agent interacts with licensing agents in embedded systems to ensure the integrity of the license files. The work in this paper could be described as a novel approach in functionality managing in embedded systems using licensing procedure and multi agent framework support. To ensure the license integrity from pirating an encryption algorithm was applied to protect the license data. The used encryption algorithm is the eXtended Tiny Encryption Algorithm (XTEA), designed and optimized for microcontroller embedded system use [3]. The means of storing the license file can vary whereas this paper proposes storage using standard micro Secure Digital memory card (microSD). The license file stored on memory card can be accessed and updated remotely by a licensing agent using Ethernet interface [4]. This paper will demonstrate the implementation of the proposed agent using laboratory based embedded device, alongside with the microSD data card for license file storage. Also the encryption algorithm will be analyzed using cryptanalysis in purpose of determining the strength of the encryption. In the following section the XTEA algorithm will be depicted and analyzed regarding weaknesses and use as a cipher function for license management. Further on, in Section 3 the licensing model is defined while Section 4 describers the functionality of the proposed agent and the advanced implementation of the proposed agent. Section 5 displays the test results of this system regarding the embedded device implementation while Section 6 gives the conclusion.

2

XTEA cipher as an encryption algorithm

In order to ensure license integrity and to secure the license file upon transferring through network, this paper proposes the use of an encryption algorithm. When choosing an appropriate encryption algorithm for implementation, several aspects has to be taken into consideration. The simplicity of the implementation is the key feature

when choosing an appropriate algorithm. The security of the algorithm and its cryptanalysis features are of paramount importance when deciding upon a cipher. One cipher that incorporates all the prerequisites is the Extended Tiny Encryption Algorithm (XTEA) [3].

- Addition modulo 232 - Multiplication modulo 232 Fig. 1. A Feistel rounds of XTEA

The block cipher TEA (Tiny Encryption Algorithm) was designed by Wheeler and Needham in 1994 as a short C language program that would run safely on most machines. It achieves high performance by performing all its operations on 32bit words, using only exclusive-or, addition modulo 232, multiplication modulo 232 and shifts. TEA has a simple Feistel structure, but uses a large number (i.e. 64) of rounds to achieve the desired level of security [5]. However, taking advantage of its simple key schedule, in 1997 Kelsey, Schneier and Wagner described a related-key attack. To secure TEA against related-key attacks, Needham and Wheeler presented an extended version of TEA in 1997, known as XTEA, which retains the original objectives of simplicity and efficiency [6]. Figure 1 shows one Fiestel round of XTEA cipher. The simplicity of the algorithm is seen from the low complexity of the Fiestel network structure [3]. In order to implement the cipher into embedded system, Fiestel encoder and decoder must be designed using ANSI C programming language. Flowchart of the implemented code is shown in Fig. 2. Encipher

Decipher

delta=0x9E3779B9

delta=0x9E3779B9 Sum = num_runds*delta

i < num rounds

i < num rounds

True

True

+ Fiestel round

- Fiestel round

sum = sum + delta

sum = sum - delta

+ Fiestel round

False

- Fiestel round

i++

i++

Store

Store

End

End

False

Fig. 2. Flowchart for XTEA Encipher and Decipher functions

The cipher consists of addition, multiplication and shift operators modulo 2 32, presenting a simple to implement algorithm in low cost low power embedded systems

[3]. Further on, the question that arises is the security of the algorithm. According to [8], the best cryptanalysis for XTEA is a related-key differential attack. The stated attack can break 32 out of 64 rounds of XTEA, requiring 2 20.5 chosen plaintexts and a time complexity of 2115.15, which demonstrates the strength of the mathematical algorithm. However, there are attack techniques that target the physical implementation rather than the algorithm itself [9]. When sampled at high rates and examined in more detail, power waveforms can reveal the key bits [9]. The impact of these attacks is emphasized giving the fact that the attacker is in possession of the device. This presents a security problem in implementing the proposed algorithm. This problem can be overcome using several methods which bring the implementation of this algorithm back to focus. One method is based on using specifically designed and secures integrated circuits (micro-controllers) [10]. The problem using this method is inability to implement the encryption in the existing embedded systems. This can be avoided using second method, according to [11]. The method uses smart random code injection to mask power analysis based side channel attacks. Finally, the problem of reading device’s firmware forcefully (to acquire the encryption key) can be avoided using read and write protection applied to the application part of the memory.

3

Licensing model for Embedded System

In order to effectively manage the functionality of the embedded system, a license based approach must be taken. Software licensing is any procedure that lets an enterprise or user purchase, install, and use software on a machine or network in accordance with a software vendor’s licensing agreement [12, 13]. All software licensing aims to protect both the vendor’s investment by minimizing the risk of hard piracy and the enterprise’s investment by minimizing the risk of auditing fines from soft piracy. This term used in computer applications can be easily applied to embedded system licensing, due to the fact that the embedded system’s firmware is a software component. Having this in mind, standard licensing models can be applied to suit the needs for the embedded system. On the other hand, the field of embedded software licensing is generally undefined. Related work referring to this topic is poorly represented in the literature and does not present any specific solutions for managing embedded system functionality using a licensing procedure. A review of the software licensing in embedded system is presented in [12] where certain fundamental aspects of embedded software licensing are presented. The main problem presented is the convergence of the embedded system and personal computers where the embedded systems are becoming more like PC and vice versa. On the other hand, the author states that the “Consumers will be hurt by licensing embedded software”, which in turn presents a solid claim. However, with the right method of implementation of the licensing method, and the right security conisation the consumers can only benefit from software licensing. In the end, by encompassing both software and hardware components in the licensing management,

the possibility of pirating and copying the devices could be reduced, alongside with numerous advantages towards the consumer (end user). According to [12], variety of licensing models exists than could be applied to the embedded system licensing, depending on the designers policy. In this paper a combination of Packaged (Single license purchased for a single user or machine), Subscription based (License purchased for some time period) and Utility-based (Customer charged according to time product is used) is proposed. This paper proposes a licensing method based on an encrypted license file stored on standard microSD data card, accessed by a licensing agent. The license file is formatted in standard configuration file (*.ini) before the encryption takes place.

Fig. 3. Unencrypted license file form

As seen in Fig. 3 the unencrypted license file can be opened using a standard text editor and is encoded in standart text format. The file is composed of several sections, where the first section named Company incorporates basic company data and only serves the function of vividly representing the company where the license is installed. The second section Licence contains basic data for license management such as LicenceID, Software Version. Also, this section contains important data such as HardwareID, on behalf of which the license is linked to a specific hardware. This HardwareID is composed of production lot number, wafer number and wafer coordinates of the specific silicone chip. This uniquely identifies the chip thus eliminating the possibility of license cloning. HardwareID field can be extended to a form that a single license file supports several embedded systems (hardware ID’s), thus simplifying the licensing on large systems. Further on, the defined ValidTo and ValidFrom field represents the Subscriptionbased licensing model where the license is purchased for some time period [12]. Accordingly, when the license expires the embedded device loses its functionality completely or to a certain degree (depending on the programming). The section named Modules defines additional device functionality for an embedded system, whereas the last section implements the license integrity check in a form of a check string; 16bit CRC string. The primary reason for using check string in unencrypted license file is to circumvent the problems of shuffling or tampering with a portion of the encrypted license file.

After the license file is composed in its unencrypted form, the XTEA encryption is performed and the data is secured. The used encryption key is arbitrary and it is suggested to alter the key depending on the production lot or other factors, minimizing the possibility of piracy. The key scheduling is performed by the manufacturer and the license distribution agent. Generated keys alongside with HardwareID’s and user credentials are stored in manufacturer’s data base and inside embedded system firmware. When a distribution agent needs to deliver a new license to an embedded system (or a group of embedded systems), it will encrypt the license using stored key located in database. Upon delivery, the licensing agent in embedded system will decrypt the license using encryption key stored in the non-volatile memory (protected from reading). It is important to state that for the Subscription-based licensing model the main prerequisite is the existence of the Real Time Clock (RTC) module, to ensure time reference.

4

Using multi-agent architecture in software licensing

This paper proposes the use of a multi-agent system in order to perform software licensing on remote embedded systems using Licensing agents (Fig. 4). The licensing agents are situated in embedded system and are responsible for enforcing the license permissions and limitations. The licensing agents have the ability to communicate with the other licensing agents in the local network. On the other hand, on the license server a License distribution agent is located whose main purpose is to distribute and verify the license integrity on to licensing agents located in embedded systems. The agents communicate through Ethernet interface or through Internet. 4.1

Licensing agent – Embedded system

The licensing agent integrated into the embedded system encompasses the ability to: decode the encrypted data stored as a license file, understand the stated permissions and limitations proposed by the license and to enforce the desired permissions and limitations. Also, the agent needs to have the ability to communicate with other agents in vicinity, and to communicate with License distribution agent. In a case where a direct link to the License distribution agent is not possible, the agent will establish connection through other licensing agents, in order to relay the message. The proposed agent observes the running software with the accompanied modules. If the flow of the software is diverted to a software module banned from use by the license file (e.g. additional printer module not supported by license) the agent will bypass the unsupported module and resume normal work. If the agent detects error in time reference (tampering), it will contact other agents and correct the malicious attempt. Consequently, if a new license is being distributed from the manufacturer, the license distribution agent (located in the license server, Fig. 4) will contact Licensing agent and deliver a new updated encrypted license file (directly or via other agent).

License Server (manufacturer)

Multi-agent arhitecture

Database (Keys, HardwareID)

Embedded System License distribution agent

Internet E ad xte dit nd io Lic na l p ens er e m wit is sio h ns

Licensing Agent

Ethernet Licensing Agent

Embedded System

End User / Manager

Company

Fig. 4. Multi-agent system – software licensing model

After receiving the license file, the agent performs the license check in the following manner: First, the encrypted license decrypted using incorporated XTEA decryption algorithm with provided key (Fig. 1). After the decrypted license is presented in its original form (Fig. 3) the agent checks the integrity via CRC. Next on, HardwareID number and subscription-based fields are verified against device HardwareID and RTC. Finally, the additional module support is parsed and examined. After the license if verified with other licensing agents (e.g. by hashing unencrypted license file), the file is stored on microSD data card. This completes the licensing procedure upon receiving new license or upon system startup. If there was an error during licensing procedure (e.g. wrong HardwareID or expired time period) the agent will halt the device and the device will not be functional. The interaction protocol of the multi-agent system is shown in Fig.5. The LA defines the licensing agents situated in various embedded systems whereas the License distribution agent is located in the main licensing server. License Distribution LDA / License distrubution

LA 1/Licensing

LA 2/Licensing

LA 3/Licensing

Deliver License File Deliver License File License Recieved License Recieved

License Verification

Is License Valid License Valid

License Not Valid

Is License Valid License Valid

License Not Valid

Forward License License Recieved

Is License Valid License Valid

License Not Valid

Fig. 5. AUML Diagram of the Multi-agent System

4.2

License distribution agent – License server

In order to effectively distribute the licenses to the end users (e.g. companies, factories etc.) the proposed solution is the license distribution agent. The agent is located on the embedded system manufacture’s server (Licensing server) and its primary purpose is delivering and verifying licenses on remote embedded systems. The main prerequisite to enable the agent to distribute the license files is the knowledge of all existing embedded systems and licensing agents implemented. This primarily means that all existing agents must be in contact with the license distribution agent through Internet connection (e.g. Cloud based communication). Second, the agent must have access to the database where all the embedded system’s data are stored, such as: primarily XTEA encryption keys written upon production and Company name, CompanyID etc. (Fig.3). Once an agent is in possession of this data, it can dynamically recreate license files and deliver them to the desired embedded system. To give an example (Fig.4), an end user requests an extension of the currently running licenses (to add additional support and to extend the license validation) to the licensing server (WEB shop based or by contacting manufacturer). Once a request is verified (the funds deposited etc.) the License distribution agent will be notified. The agent will then request the encryption key and other required parameters form the database and create new license file. Further on, it will contact the specific Licensing agent where the update is necessary and relay the encrypted license. Once all the licensing agents have decrypted and verified the license file (against each other and license distribution agent), the license becomes valid.

5

Implementation and testing of the licensing agent

In order to effectively test the proposed licensing agent, an existing laboratory model of an embedded system was adopted. The used embedded system is an access control system that utilizes Atmel’s AVR XMEGA micro-controller, RTC module, Ethernet module and touch-screen TFT LCD. Embedded system

ZigBee Coordinator Licensing Agent

XMega

Ethernet Controller

LAN

Database microSD

Fig. 6. Laboratory model access control system

However, the problem that arises is how to implement a software agent in low cost low power 8bit micro controller, representing the embedded system. The implementation of an agent into an embedded system requires the existence of Embedded Operating System (EOS) [16]. The used embedded system lacks the main prerequisite for an

agent that is the existence of an Embedded Operating System. Accordingly, the implementation of a licensing agent was carried out using interrupt subroutine that embodies the function of a licensing agent. Another thing to note is that this implementation of the agent is incorporated into the existing firmware compiled using Mikroelektronika’s ANSI C compiler for AVR named MikroC. Figure 4 displays the used embedded system. Interesting fact to examine of the proposed licensing agent is the overhead that this implementation induces in the existing firmware. To display the induced overhead a statistical analysis of the firmware was performed before and after implemented method.

Fig. 7. Induced code overhead for RAM and ROM

The cumulative amount of induced overhead in this implementation is 1994byte for ROM memory and 1122byte for RAM memory. If the induced overhead is inspected regarding the ROM and RAM size of a microcontroller, the induced ROM overhead is 1.5% and induced RAM overhead is 13.8%. The use of precompiled libraries for microSD card support will significantly increase the overhead if the existing code does not use these libraries by default.

6

Conclusion

This paper demonstrates an effective way of implementing licensing in embedded systems using multi-agent architecture. The main advantage is flexible managing of the device functionality depending on the future requirements through license support. This paper describes a secure way of encrypting and transferring a license file using easy to implement XTEA cipher. Also, the security issues regarding the cryptanalysis and piracy was addressed and concluded that through various security mechanisms this model can be additionally secured. The proposed multi-agent system ensures that the licensing process is carried out without the need for intervention in using software agents. With the use of license distribution agent, new licenses can be automatically generated; encrypted using existing key stored in the database and deployed using licensing agents situated on embedded systems. The licensing agents have the ability to communicate with other, thus providing a verification of the transmitted license. With this social component the agents can detect and correct abnormal behavior caused by malicious attackers. The proposed agent system was implemented partially as a solution for lack of EOS in the tested embedded system. The licensing agent was implemented using standard ANSI C programming language and interrupt subroutines, to mimic the ef-

fect of multi threading. Also, the interaction with other software agents was not analyzed and is left for future work and testing. Regarding the induced code overhead to the tested embedded system, it can be stated that the induced overhead of 1.5% is negligible. Future work involves improving this licensing agent in the direction of using hardware based crypto modules (e.g. integrated hardware AES module). Also, the implementation of the proposed agent in embedded system containing EOS is recommended, alongside with establishing communication with other agents and implementing license distribution agent in license server. The testing of the overall system is suggested alongside with security and performance analysis.

References 1. Parab, J., Shinde, S.A., Shelake, V.G., Kamat, R.K., Naik, G.M. “Practical Aspects of Embedded System Design using Microcontrollers” , Springer 2008, XXII, 150 p. 2. Karsai, G.; Massacci, F.; Osterweil, L.J.; Schieferdecker, I.; , "Evolving Embedded Systems" Computer , vol.43, no.5, pp.34-40, May 2010 3. Marko Pavlin, "Encription using low cost microcontrollers", Proc. of MIDEM - Society for Microelectronics, Electronic Components and Materials, cop. 2006, pp. 189-194 4. G. Horvat, D. Žagar, D. Šoštarić, “Ethernet Data Accessing Method for a Micro-controller Embedded Systems”, Kando Conference, Science in Practice Budapest 2011. 5. David J. Wheeler, Roger M. Needham, “TEA, a Tiny Encryption Algorithm” The Computer Laboratory, Cambridge University, 1994 6. Jiqiang Lu, „Cryptanalysis of Block Ciphers“; Technical Report RHUL–MA–2008–19, Department of Mathematics Royal Holloway, University of London, 2008 7. Electronic Equipment Manufacturer MikroElektronika (http://www.mikroe.com) 8. Lu Jiqiang, "Related-key rectangle attack on 36 rounds of the XTEA block cipher", International Journal of Information Security, Vol: 8 (1): 1–11, 2009 9. Knežević M., Rožić V., Verbauwhede I. , “Design Methods for Embedded Security”, TELFOR Journal, Vol.1, No. 2, 2009, ISSN 1821-3251 10. Atmel Corporation, www.atmel.com, Accessed: January 2012. 11. Ambrose, J.A.; Ragel, R.G.; Parameswaran, S.; , "A smart random code injection to mask power analysis based side channel attacks" Proc. of IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis 2007 5th, pp.51-56 12. Ferrante, D., "Software Licensing Models: What's Out There?" IT Professional , vol.8, no.6, pp.24-29, Nov.-Dec. 2006, ISBN: 1520-9202 13. Koopman, P.,“Embedded Software Licensing?”, Carnegie Mellon University, Oct 2000. 14. Jens-Peter Kaps, “Chai-Tea, “Cryptographic Hardware Implementations of xTEA”, Proc. of the 9th International Conference on Cryptology in India, Kharagpur, India 15. Russell, Stuart J.; Norvig, Peter (2003), “Artificial Intelligence: A Modern Approach (2nd ed.)”, Upper Saddle River, New Jersey: Prentice Hall, ISBN 0-13-790395-2 16. Ma Xinglu; Qu Yingjie; , "Research on Embedded Agent System Architecture" Embedded Software and Systems Symposia, 2008. ICESS Symposia '08. International Conference on , vol., no., pp.142-145, 29-31 July 2008 17. Nwana, H.S. “Software Agents: An Overview”. Knowledge Engineering Review, Vol.11, No.3, 205-244, Cambridge University Press 1996.