Secure and Customizable Software Applications in Embedded Networks. Fritz Praus ..... The idea is to reasonably combine the advantages and extend the ...
Secure and Customizable Software Applications in Embedded Networks Fritz Praus, Thomas Flanitzer, Wolfgang Kastner∗ Vienna University of Technology Institute of Computer Aided Automation Automation Systems Group Treitlstraße 1-3, A-1040 Vienna, Austria {fpraus, tflanitzer, k}@auto.tuwien.ac.at
Abstract Improved technology and economically feasible costs allow a widespread deployment of embedded systems in various application domains – ranging from integration into cars, industrial automation up to building automation. A sophisticated security architecture considering the challenging constraints on these systems and providing secure communication, secure software as well as physical security is needed. This paper presents an approach to allow untrusted, possible (intentional) malicious software to be executed securely on a low end embedded system. A proof of concept and an evaluation for a building automation system is given.
solve these new challenges a coherent security architecture providing defense in depth – including protocol security, digital right management (DRM), intrusion detection, physical security and most important a secure software execution environment – is required. In the EN domain typically the approach exists to customize generic “template” network nodes with application specific hardware. Universally designed base platforms consisting of microcontrollers and network interfaces are used in conjunction with application specific components (e.g., switches, temperature sensors) to form a particular system. Similarly, the software is split into a generic operating system or system software providing basic functionality and a (customizable) user application (UA) dealing with the specific hardware.
1. Introduction Security in embedded networks (EN) is getting more and more important, due to their widespread deployment in nearly all aspects of our daily life. Embedded Systems (ES) ranging from high-end devices such as PDAs or cell phones to low-end systems like networked transducers, often deal with sensitive information where protection against various attack scenarios is desireable or even obligatory. Typical security requirements are identification (i.e., user validation), resource access (i.e., network and I/O access only if the device is authorized), communication (i.e., authentication, confidentiality, integrity, freshness), storage of sensitive information (i.e., confidentiality and integrity), content security (i.e., usage restrictions of digital content) and availability (i.e., performing intended functions) [8]. A trivial adaption of cryptographic algorithms, security protocols and technologies established in the information technology domain to EN is, however, not easily possible due to different constraints such as: open (wireless) transmission medium, operation in hostile environment, the processing gap, the battery gap and costs [18]. To ∗ The work presented in this paper was funded by FWF ¨ (Osterreichischer Fonds zur F¨orderung der Wissenschaftlichen Forschung; Austrian Science Foundation) under the project P19673.
1-4244-1506-3/08/$25.00 ©2008 IEEE
Such a two level concept on the one hand allows rapid innovation and implementation but on the other hand may impose security risks. Malicious, erroneous or compromised UAs may be uploaded long after device deployment and may tamper with the device software to attack an EN. In this paper a reasonable combination and extension to established concepts supporting the development of secure ES software is presented. The outcome is a secure and customizable UAs’ environment targeted to work with low end ES featuring microcontrollers of limited memory (>8)&0xFF; //store memory address send[2]=( i n t )ptr&0xFF; //store memory address f o r (i=0;i