George Hatzivasilis

Lightweight Cryptography for Embedded Systems A Comparative Analysis

As computing becomes pervasive, embedded systems are deployed in a wide range of domains, including industrial systems, critical infrastructures, private and public spaces as well as portable and wearable applications. An integral part of the functionality of these systems is the storage, access and transmission of private, sensitive or even critical information. Therefore, the confidentiality and integrity of the resources and services of said devices constitutes a prominent issue that must be considered during their design. There is a variety of cryptographic mechanisms which can be used to safeguard the confidentiality and integrity of stored and transmitted information. In the context of embedded systems, however, the problem at hand is exacerbated by the resource-constrained nature of the devices, in conjunction with the persistent need for smaller size and lower production costs. This paper provides a comparative analysis of lightweight cryptographic algorithms applicable to such devices, presenting recent advances in the field for symmetric and asymmetric algorithms as well as hash functions. A classification and evaluation of the schemes is also provided, utilizing relevant metrics in order to assess their suitability for various types of embedded systems.

A survey of lightweight stream ciphers for embedded systems

Pervasive computing constitutes a growing trend, aiming to embed smart devices into everyday objects. The limited resources of these devices and the ever-present need for lower production costs, lead to the research and development of lightweight cryptographic mechanisms. Block ciphers, the main symmetric key cryptosystems, perform well in this field. Nevertheless, stream ciphers are also relevant in ubiquitous computing applications, as they can be used to secure the communication in applications where the plaintext length is either unknown or continuous, like network streams. This paper provides the latest survey of stream ciphers for embedded systems. Lightweight implementations of stream ciphers in embedded hardware and software are examined as well as relevant authenticated encryption schemes. Their speed and simplicity enable compact and low-power implementations, allow them to excel in applications pertaining to resource-constrained devices. The outcomes of the International Organization for Standardization/International Electrotechnical Commission 29192-3 standard and the cryptographic competitions eSTREAM and Competition for Authenticated Encryption: Security, Applicability, and Robustness are summarized along with the latest results in the field. However, cryptanalysis has proven many of these schemes are actually insecure. From the 31 designs that are examined, only six of them have been found to be secure by independent cryptanalysis. A constrained benchmark analysis is performed on low-cost embedded hardware and software platforms. The most appropriate and secure solutions are then mapped in different types of applications. Copyright

A review of lightweight block ciphers

Embedded systems are deployed in various domains, including industrial installations, critical and nomadic environments, private spaces and public infrastructures. Their operation typically involves access, storage and communication of sensitive and/or critical information that requires protection, making the security of their resources and services an imperative design concern. The demand for applicable cryptographic components is therefore strong and growing. However, the limited resources of these devices, in conjunction with the ever-present need for smaller size and lower production costs, hinder the deployment of secure algorithms typically found in other environments and necessitate the adoption of lightweight alternatives. This paper provides a survey of lightweight cryptographic algorithms, presenting recent advances in the field and identifying opportunities for future research. More specifically, we examine lightweight implementations of symmetric-key block ciphers in hardware and software architectures. We evaluate 52 block ciphers and 360 implementations based on their security, performance and cost, classifying them with regard to their applicability to different types of embedded devices and referring to the most important cryptanalysis pertaining to these ciphers.

Lightweight Password Hashing Scheme for Embedded Systems

Passwords constitute the main mean for authentication in computer systems. In order to maintain the user-related information at the service provider end, password hashing schemes PHS are utilized. The limited and old-fashioned solutions led the international cryptographic community to conduct the Password Hashing Competition PHC. The competition will propose a small portfolio of schemes suitable for widespread usage until 2015. Embedded systems form a special application domain, utilizing devices with inherent computational limitations. Lightweight cryptography focuses in designing schemes for such devices and targets moderate levels of security. In this paper, a lightweight poly PHS suitable for lightweight cryptography is presented. At first, we design two lightweight versions of the PHC schemes Catena and PolyPassHash. Then, we integrate them and implement the proposed scheme --- called LightPolyPHS. A fair comparison with similar proposals on mainstream computer is presented.

SecRoute: End-to-end secure communications for wireless ad-hoc networks

Railways constitute a main means of mass transportation, used by public, private, and military entities to traverse long distances every day. Railway control software must collect spatial information and effectively manage these systems. Wireless sensor networks (WSNs) are an attractive solution to cover the area along-side the railway routes. In-carriage WSNs are also studied in cases of dangerous cargo transportation. The secure communication of all these devices becomes important as successful attacks can harm the railways business operation or cause serious injuries and deaths. This paper presents SecRoute - an end-to-end secure communications scheme for wireless ad hoc networks. The scheme implements mechanisms for cryptographic communication, trusted-based routing, and policy-based access control. SecRoute and alternative schemes are modelled on the NS-2 network simulator and a comparative analysis is conducted, indicating that the proposed scheme provides enhanced protection. A proof of concept of SecRoute is deployed on real embedded platforms and exhibits good overall performance, demonstrating that attacks on the route and carriage WSNs are effectively countered.

RT-SPDM: Real-Time Security, Privacy and Dependability Management of Heterogeneous Systems

The need to manage embedded systems, brought forward by the wider adoption of pervasive computing, is particularly vital in the context of secure and safety-critical applications. This work presents RT-SPDM, a framework for the real-time management of devices populating ambient environments. The proposed framework utilizes a formally validated approach to reason the composability of heterogeneous embedded systems, evaluate their current security, privacy and dependability levels based on pre-defined metrics, and manage them in real-time. An implementation of Event Calculus is used in the Jess rule engine in order to model the ambient environment context and the rule-based management procedure. The reasoning process is modeled as an agents behavior and applied on an epistemic multi-agent reasoner for ambient intelligence applications. Agents monitor distinct embedded systems and are deployed as OSGi bundles to enhance the real-time management of embedded devices. A Service Oriented Architecture is adopted, through the use of the Devices Profile for Web Services standard, in order to provide seamless interaction between the frameworks entities, which exchange well-formed information, determined by the OASIS CAP standard. Proof-of-concept implementations of all entities are developed, also investigating user-friendly GUIs for both the front-end and back-end of the framework. A preliminary performance evaluation on typical embedded devices confirms the viability of the proposed approach.

Lightweight authenticated encryption for embedded on-chip systems

ABSTRACT Embedded systems are routinely deployed in critical infrastructures nowadays, therefore their security is increasingly important. This, combined with the pressing requirement of deploying massive numbers of low-cost and low-energy embedded devices, stimulates the evolution of lightweight cryptography and other green-computing security mechanisms. New crypto-primitives are being proposed that offer moderate security and produce compact implementations. In this article, we present a lightweight authenticated encryption scheme based on the integrated hardware implementation of the lightweight block cipher PRESENT and the lightweight hash function SPONGENT. The presented combination of a cipher and a hash function is appropriate for implementing authenticated encryption schemes that are commonly utilized in one-way and mutual authentication protocols. We exploit their inner structure to discover hardware elements usable by both primitives, thus reducing the circuit’s size. The integrated versions demonstrate a 27% reduction in hardware area compared to the simple combination of the two primitives. The resulting solution is ported on a field-programmable gate array (FPGA) and a complete security application with input/output from a universal asynchronous receiver/transmitter (UART) gate is created. In comparison with similar implementations in hardware and software, the proposed scheme represents a better overall status.

SCOTRES: Secure Routing for IoT and CPS

Wireless ad-hoc networks are becoming popular due to the emergence of the Internet of Things and cyber-physical systems (CPSs). Due to the open wireless medium, secure routing functionality becomes important. However, the current solutions focus on a constrain set of network vulnerabilities and do not provide protection against newer attacks. In this paper, we propose SCOTRES—a trust-based system for secure routing in ad-hoc networks which advances the intelligence of network entities by applying five novel metrics. The energy metric considers the resource consumption of each node, imposing similar amount of collaboration, and increasing the lifetime of the network. The topology metric is aware of the nodes’ positions and enhances load-balancing. The channel-health metric provides tolerance in periodic malfunctioning due to bad channel conditions and protects the network against jamming attacks. The reputation metric evaluates the cooperation of each participant for a specific network operation, detecting specialized attacks, while the trust metric estimates the overall compliance, safeguarding against combinatorial attacks. Theoretic analysis validates the security properties of the system. Performance and effectiveness are evaluated in the network simulator 2, integrating SCOTRES with the DSR routing protocol. Similar schemes are implemented using the same platform in order to provide a fair comparison. Moreover, SCOTRES is deployed on two typical embedded system platforms and applied on real CPSs for monitoring environmental parameters of a rural application on olive groves. As is evident from the above evaluations, the system provides the highest level of protection while retaining efficiency for real application deployments.

A Reasoning System for Composition Verification and Security Validation

The procedure to prove that a system-of-systems is composable and secure is a very difficult task. Formal methods are mathematically-based techniques used for the specification, development and verification of software and hardware systems. This paper presents a model-based framework for dynamic embedded system composition and security evaluation. Event Calculus is applied for modeling the security behavior of a dynamic system and calculating its security level with the progress in time. The framework includes two main functionalities: composition validation and derivation of security and performance metrics and properties. Starting from an initial system state and given a series of further composition events, the framework derives the final system state as well as its security and performance metrics and properties. We implement the proposed framework in an epistemic reasoner, the rule engine JESS with an extension of DECKT for the reasoning process and the JAVA programming language.

ModConTR: A modular and configurable trust and reputation-based system for secure routing in ad-hoc networks

Distributed wireless networks have become popular due to the evolution of the Internet-of-Things. These networks utilize ad-hoc routing protocols to interconnecting all nodes. Each peer forwards data for other nodes on the basis of network connectivity and a set of conventions that is determined by the routing protocol. Still, these protocols fail to protect legitimate nodes against several types of selfish and malicious activity. Thus, trust and reputation schemes are integrated with pure routing protocols to provide secure routing functionality. In this paper we propose ModConTR - a modular and adaptable trust and reputation-based system for secure routing. The system is composed of 11 different components which can be configured at runtime to adjust to each applications security and performance requirements. Presented work includes three possible configurations of ModConTR, considering ultra-lightweight, low-cost and lightweight implementations. Moreover, predefined configurations permit the implementation of the reasoning process for well-known secure routing protocols. Thus, we present a security and performance analysis for each of the components, including a comparative analysis of 10 complete trust and reputation schemes under identical attack scenarios. ModConTR is implemented using the NS2 simulator and is integrated with the DSR routing protocol.