Konstantinos Fysarakis

Lightweight Cryptography for Embedded Systems A Comparative Analysis

As computing becomes pervasive, embedded systems are deployed in a wide range of domains, including industrial systems, critical infrastructures, private and public spaces as well as portable and wearable applications. An integral part of the functionality of these systems is the storage, access and transmission of private, sensitive or even critical information. Therefore, the confidentiality and integrity of the resources and services of said devices constitutes a prominent issue that must be considered during their design. There is a variety of cryptographic mechanisms which can be used to safeguard the confidentiality and integrity of stored and transmitted information. In the context of embedded systems, however, the problem at hand is exacerbated by the resource-constrained nature of the devices, in conjunction with the persistent need for smaller size and lower production costs. This paper provides a comparative analysis of lightweight cryptographic algorithms applicable to such devices, presenting recent advances in the field for symmetric and asymmetric algorithms as well as hash functions. A classification and evaluation of the schemes is also provided, utilizing relevant metrics in order to assess their suitability for various types of embedded systems.

Insect Biometrics: Optoacoustic Signal Processing and Its Applications to Remote Monitoring of McPhail Type Traps

Monitoring traps are important components of integrated pest management applied against important fruit fly pests, including Bactrocera oleae (Gmelin) and Ceratitis capitata (Widemann), Diptera of the Tephritidae family, which effect a crop-loss/per year calculated in billions of euros worldwide. Pests can be controlled with ground pesticide sprays, the efficiency of which depends on knowing the time, location and extent of infestations as early as possible. Trap inspection is currently carried out manually, using the McPhail trap, and the mass spraying is decided based on a decision protocol. We introduce the term ‘insect biometrics’ in the context of entomology as a measure of a characteristic of the insect (in our case, the spectrum of its wingbeat) that allows us to identify its species and make devices to help face old enemies with modern means. We modify a McPhail type trap into becoming electronic by installing an array of photoreceptors coupled to an infrared emitter, guarding the entrance of the trap. The beating wings of insects flying in the trap intercept the light and the light fluctuation is turned to a recording. Custom-made electronics are developed that are placed as an external add-on kit, without altering the internal space of the trap. Counts from the trap are transmitted using a mobile communication network. This trap introduces a new automated remote-monitoring method different to audio and vision-based systems. We evaluate our trap in large number of insects in the laboratory by enclosing the electronic trap in insectary cages. Our experiments assess the potential of delivering reliable data that can be used to initialize reliably the spraying process at large scales but to also monitor the impact of the spraying process as it eliminates the time-lag between acquiring and delivering insect counts to a central agency.

A survey of lightweight stream ciphers for embedded systems

Pervasive computing constitutes a growing trend, aiming to embed smart devices into everyday objects. The limited resources of these devices and the ever-present need for lower production costs, lead to the research and development of lightweight cryptographic mechanisms. Block ciphers, the main symmetric key cryptosystems, perform well in this field. Nevertheless, stream ciphers are also relevant in ubiquitous computing applications, as they can be used to secure the communication in applications where the plaintext length is either unknown or continuous, like network streams. This paper provides the latest survey of stream ciphers for embedded systems. Lightweight implementations of stream ciphers in embedded hardware and software are examined as well as relevant authenticated encryption schemes. Their speed and simplicity enable compact and low-power implementations, allow them to excel in applications pertaining to resource-constrained devices. The outcomes of the International Organization for Standardization/International Electrotechnical Commission 29192-3 standard and the cryptographic competitions eSTREAM and Competition for Authenticated Encryption: Security, Applicability, and Robustness are summarized along with the latest results in the field. However, cryptanalysis has proven many of these schemes are actually insecure. From the 31 designs that are examined, only six of them have been found to be secure by independent cryptanalysis. A constrained benchmark analysis is performed on low-cost embedded hardware and software platforms. The most appropriate and secure solutions are then mapped in different types of applications. Copyright

The Electronic McPhail Trap

Certain insects affect cultivations in a detrimental way. A notable case is the olive fruit fly (Bactrocera oleae (Rossi)), that in Europe alone causes billions of euros in crop-loss/per year. Pests can be controlled with aerial and ground bait pesticide sprays, the efficiency of which depends on knowing the time and location of insect infestations as early as possible. The inspection of traps is currently carried out manually. Automatic monitoring traps can enhance efficient monitoring of flying pests by identifying and counting targeted pests as they enter the trap. This work deals with the hardware setup of an insect trap with an embedded optoelectronic sensor that automatically records insects as they fly in the trap. The sensor responsible for detecting the insect is an array of phototransistors receiving light from an infrared LED. The wing-beat recording is based on the interruption of the emitted light due to the partial occlusion from insects wings as they fly in the trap. We show that the recordings are of high quality paving the way for automatic recognition and transmission of insect detections from the field to a smartphone. This work emphasizes the hardware implementation of the sensor and the detection/counting module giving all necessary implementation details needed to construct it.

A review of lightweight block ciphers

Embedded systems are deployed in various domains, including industrial installations, critical and nomadic environments, private spaces and public infrastructures. Their operation typically involves access, storage and communication of sensitive and/or critical information that requires protection, making the security of their resources and services an imperative design concern. The demand for applicable cryptographic components is therefore strong and growing. However, the limited resources of these devices, in conjunction with the ever-present need for smaller size and lower production costs, hinder the deployment of secure algorithms typically found in other environments and necessitate the adoption of lightweight alternatives. This paper provides a survey of lightweight cryptographic algorithms, presenting recent advances in the field and identifying opportunities for future research. More specifically, we examine lightweight implementations of symmetric-key block ciphers in hardware and software architectures. We evaluate 52 block ciphers and 360 implementations based on their security, performance and cost, classifying them with regard to their applicability to different types of embedded devices and referring to the most important cryptanalysis pertaining to these ciphers.

Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources

Ubiquitous devices comprising several resource-constrained nodes with sensors, actuators, and networking capabilities are becoming part of many solutions that seek to enhance users environment smartness and quality of living, prominently including enhanced healthcare services. In such an environment, security issues are of primary concern as a potential resource misuse can severely impact users privacy or even become life threatening. Access to these resources should be appropriately controlled to ensure that eHealth nodes are adequately protected and the services are available to authorized entities. The intrinsic resource limitations of these nodes, however, make satisfying these requirements a great challenge. This paper proposes and analyzes a service-oriented architecture that provides a policy-based, unified, cross-platform, and flexible access control mechanism, allowing authorized entities to consume services provided by eHealth nodes while protecting their valuable resources. The scheme is XACML driven, although modifications to the related standardized architecture are proposed to satisfy the requirements imposed by nodes that comprise low-power and lossy networks (LLNs). A proof-of-concept implementation is presented, along with the associated performance evaluation, confirming the feasibility of the proposed approach.

Policy-based access control for DPWS-enabled ubiquitous devices

As computing becomes ubiquitous, researchers and engineers aim to exploit the potential of the pervasive systems in order to introduce new types of services and address inveterate and emerging problems. This process will, eventually, lead us to the era of urban computing and the Internet of Things; the ultimate goal being to improve our quality of life. But these concepts typically require direct and constant interaction of computing systems with the physical world in order to be realized, which inevitably leads to the introduction of a range of safety and privacy issues that must be addressed. One such important aspect is the fine-grained control of access to the resources of these pervasive embedded systems, in a secure and scalable manner. This paper presents an implementation of such a secure policy-based access control scheme, focusing on the use of well-established, standardized technologies and considering the potential resource-constraints of the target heterogeneous embedded devices. The proposed framework adopts a DPWS-compliant approach for smart devices and introduces XACML-based access control mechanisms. The proof-of-concept implementation is presented in detail, along with a performance evaluation on typical embedded platforms.

Secure policy-based management solutions in heterogeneous embedded systems networks

Managing a large number of heterogeneous nodes in a network of embedded systems is a challenging task, mainly due to differences in requirements and resources. Nano nodes with very limited capabilities, such as the nodes of a Wireless Sensor Network (WSN), may not be suitable for adopting solutions designed for power nodes that have no such constraints. Using these devices in dynamic, ad-hoc infrastructures that feature a plethora of characteristics, has brought up the need for appropriate management of participating nodes to satisfy the corresponding policy restrictions. Many schemes have been proposed for various types of devices in terms of resources, ranging from the well-studied policy-based management in computer networks to the more challenging management in sensor networks. This paper identifies these schemes and proposes a framework for the secure and interoperable policy-based management of heterogeneous, resource-constrained, embedded systems networks.

XSACd—Cross-domain resource sharing & access control for smart environments

Abstract Computing devices permeate working and living environments, affecting all aspects of modern everyday lives; a trend which is expected to intensify in the coming years. In the residential setting, the enhanced features and services provided by said computing devices constitute what is typically referred to as a “smart home”. However, the direct interaction smart devices often have with the physical world, along with the processing, storage and communication of data pertaining to users’ lives, i.e. private sensitive in nature, bring security concerns into the limelight. The resource-constraints of the platforms being integrated into a smart home environment, and their heterogeneity in hardware, network and overlaying technologies, only exacerbate the above issues. This paper presents XSACd, a cross-domain resource sharing & access control framework for smart environments, combining the well-studied fine-grained access control provided by the eXtensible Access Control Markup Language (XACML) with the benefits of Service Oriented Architectures, through the use of the Devices Profile for Web Services (DPWS). Based on standardized technologies, it enables seamless interactions and fine-grained policy-based management of heterogeneous smart devices, including support for communication between distributed networks, via the associated MQ Telemetry Transport protocol (MQTT)–based proxies. The framework is implemented in full, and its performance is evaluated on a test bed featuring relatively resource-constrained smart platforms and embedded devices, verifying the feasibility of the proposed approach.

Node.DPWS: Efficient Web Services for the Internet of Things

Node.DPWS is an implementation of the Devices Profile for Web Services (DPWS). It comprises the first set of DPWS libraries available to Node.js developers and can be used to deploy lightweight, efficient, and scalable Web services over heterogeneous nodes.Interconnected computing systems, in various forms, are expected to permeate our lives, realizing the vision of the Internet of Things (IoT) and allowing us to enjoy novel, enhanced services that promise to improve our everyday lives. Nevertheless, this new reality also introduces significant challenges in terms of performance, scaling, usability and interoperability. Leveraging the benefits of Service Oriented Architectures (SOAs) can help alleviate many of the issues that developers, implementers and end-users have to face in the context of the IoT. This work presents Node.DPWS, a novel implementation of the Devices Profile for Web Services (DPWS) based on the Node.js platform. Node.DPWS can be used to deploy lightweight, efficient and scalable Web Services over heterogeneous nodes, including devices with limited resources. The performance of the presented work is evaluated on typical embedded devices, including comparisons with implementations created using alternative DPWS toolkits.